|
|
Joined: Sep 2006
Posts: 5,642
Hall of Famer
|
OP
Hall of Famer
Joined: Sep 2006
Posts: 5,642 |
Hey all!
Help me, please! I have run Malware Bytes and AVG several times in Safe Mode without a detection of a virus, but I know I have one. When I load my laptop in regular mode, I get error after error popping up. The pop says something like "wuauclt.exe" is infected, do you want to open your antivirus software. When I try to get online to download another antivirus/malware software, my browser automattically takes me to some site called "info-protect"
How the HELL am I supposed to get rid of this virus? And if the response is to download some other software, I have to be able to save it to a cd and take it to my laptop...I'm using the hubby's pc to type this.
![[Linked Image from i75.photobucket.com]](http://i75.photobucket.com/albums/i302/lrhinkle/d5eaf0b9-e429-4211-b53f-b843bfcf6aa9_zps2ac17420.jpg) #gmstrong
|
|
|
|
|
Joined: Dec 2006
Posts: 13,842
Legend
|
|
Legend
Joined: Dec 2006
Posts: 13,842 |
brownsbabe...I did a quick search of "wuauclt.exe" virus and there are several hits that might help..
[url=http://search.aol.com/aol/search?s_it=topsearchbox.search&q="wuauclt.exe"+virus]web page[/url]
Last edited by mac; 03/16/10 11:33 AM.
|
|
|
|
|
Joined: Sep 2006
Posts: 5,642
Hall of Famer
|
|
OP
Hall of Famer
Joined: Sep 2006
Posts: 5,642 |
Thanks mac, saw that one too and I had never heard of SpyHunter before.
Also, just did another reboot and got the wuauclt error plus an error that said mbam and on that said rundll
Stupid free wifi at the hospital. (99.99999% sure that's where this came form)
#gmstrong
|
|
|
|
|
Joined: Sep 2006
Posts: 28,201
Legend
|
|
Legend
Joined: Sep 2006
Posts: 28,201 |
Step 1: Go into Safe Mode
Step 2: Check your Internet Settings. (Control Panel ->Internet Options). Go to the Connections tab, click LAN Settings and unless you specifically KNOW that you are supposed to be connecting through a proxy server, ensure that no proxy is specified and all boxes are unchecked. This is one of the most common methods for a DNS hijack.
Step 3: Update the definitions for *EVERYTHING* -- Malwarebytes, Antivirus, AdAware, Windows Defender, SpywareBlaster, etc...
Step 4: Scan with everything, one at a time.
If you have the comfort level with doing so, I might also recommend downloading an ISO image of "Ultimate Boot CD", booting off of it and using its built-in copy of Avira Antivirus, configured to rename offending files. It allows you to boot into a known-clean environment, update the AV software and perform a full system scan.
Browns is the Browns
... there goes Joe Thomas, the best there ever was in this game.
|
|
|
|
|
Joined: Sep 2006
Posts: 28,201
Legend
|
|
Legend
Joined: Sep 2006
Posts: 28,201 |
p.s. wuauclt.exe is Windows Automatic Updates.
You will probably want to go into Services (Right-click My Computer, select Manage. In the box that pops up, expand the Applications and Services section, select Services) and ensure that Automatic Updates is Enabled with its startup type set to Automatic and also ensure that it is Running. Start it if it is not.
Browns is the Browns
... there goes Joe Thomas, the best there ever was in this game.
|
|
|
|
|
Joined: Sep 2006
Posts: 15,015
Legend
|
|
Legend
Joined: Sep 2006
Posts: 15,015 |
I had a co-worker bring their home PC in 2 days ago because of something just like this. Turned out to be the "Windows Antivirus" scam program, but going under the name "Clean AntiVirus"(or similar).
it was rooted deep enough that trying to scan in safe mode failed, and it didn't appear in the processes running.
But It loaded an icon on the desktop, which I did a property check for and got where it was installed. I then went to run and copied that info in, but removed the executable part of the command line, and got to the hidden directory it was installed in. Deleted everything, and renamed the main file(wouldn't let me delete since it was running)
Rebooted the PC, and repeated the process to remove that main file and the empty folder. Then rebooted again, and ran a MalwareBytes scan and Avast scans.
We don't have to agree with each other, to respect each others opinion.
|
|
|
|
|
Joined: Sep 2006
Posts: 5,642
Hall of Famer
|
|
OP
Hall of Famer
Joined: Sep 2006
Posts: 5,642 |
I have thrown everything I have at this (including my employer's install of Norton - which I despise) and nothing's coming up. I've done this in Safe Mode 3 or 4 times, to no avail. I may have to breakdown and call the help desk and talk to the guys in India who will then refer me to the guys in Michigan who will then tell me to ship my laptop to them to work on it. Grrrrrrrrrrrrrrrrrrrrr! 
#gmstrong
|
|
|
|
|
Joined: Jan 2007
Posts: 2,086
Dawg Talker
|
|
Dawg Talker
Joined: Jan 2007
Posts: 2,086 |
A clean reformat will do the trick. And then you get a nice clean computer once again.
Of course, make sure you know what you're doing and backup files. A reformat 1-2 times a year is a great way to get your machine running in top shape.
|
|
|
|
|
Joined: Sep 2006
Posts: 28,201
Legend
|
|
Legend
Joined: Sep 2006
Posts: 28,201 |
I wish I had some free time, I'd take a look at it for ya.
Browns is the Browns
... there goes Joe Thomas, the best there ever was in this game.
|
|
|
|
|
Joined: Sep 2006
Posts: 530
All Pro
|
|
All Pro
Joined: Sep 2006
Posts: 530 |
I know its a pain in the butt, but try a program called combofix. (upon installation of combo fix it will try to download microsoft recovery console if your PC doesnt have it. allow it to do so.) Also download spybt S & D
I have just battled the same virus. It is a Root kit. the times Ive seen it, it has attached itself to a Registry Key that runs upon NIC activation. So scanning it in Basic Safe mode is the only way to kill it
It is NASTY!
I actually was able to remove it from 2 PC's but on mine it destoyed the NIC reg keys...
I used combo fix, then ran Malware Anti-bytes and spy bot S & D in safe mode. it took about 2 1/2 hours but it cleaned it up
let us know what becomes of it
Last edited by RABIDAWG07; 03/16/10 01:52 PM.
|
|
|
|
|
Joined: Sep 2006
Posts: 5,642
Hall of Famer
|
|
OP
Hall of Famer
Joined: Sep 2006
Posts: 5,642 |
Am I able to reformat if I don't have the disks? (work laptop)
Right now, I'm in the process of backing up all my important stuff to my external HD so if I have to send in my laptop for a reformat I won't loose too much.
I have NEVER had a virus (etc) so bad that I couldn't get rid of it. This is ridiculous! That'll teach me to use the free wifi at the hospital. I'll stick to using my cell phone instead.
#gmstrong
|
|
|
|
|
Joined: Sep 2006
Posts: 3,044
Hall of Famer
|
|
Hall of Famer
Joined: Sep 2006
Posts: 3,044 |
There is no need to reformat Step 1: Download HiJack this from here http://free.antivirus.com/hijackthis/Step 2: Run Hijack this and Generate a report. Step 3: go to DSL Reports Security Cleanup forum, http://www.dslreports.com/forum/cleanupand start a new thread there and post your Hijack this log in the thread. one of us will get to you shortly and get you fixed up.
|
|
|
|
|
Joined: Jan 2007
Posts: 2,086
Dawg Talker
|
|
Dawg Talker
Joined: Jan 2007
Posts: 2,086 |
Quote:
Am I able to reformat if I don't have the disks? (work laptop)
Right now, I'm in the process of backing up all my important stuff to my external HD so if I have to send in my laptop for a reformat I won't loose too much.
I have NEVER had a virus (etc) so bad that I couldn't get rid of it. This is ridiculous! That'll teach me to use the free wifi at the hospital. I'll stick to using my cell phone instead.
What you need is a windows OS disc - it doesn't have to be the original that came with the computer, you just need the OS discs to do a clean reformat. From there you will need drivers, which you can get online if you don't have the discs.
|
|
|
|
|
Joined: Sep 2006
Posts: 28,201
Legend
|
|
Legend
Joined: Sep 2006
Posts: 28,201 |
Quote:
Quote:
Am I able to reformat if I don't have the disks? (work laptop)
Right now, I'm in the process of backing up all my important stuff to my external HD so if I have to send in my laptop for a reformat I won't loose too much.
I have NEVER had a virus (etc) so bad that I couldn't get rid of it. This is ridiculous! That'll teach me to use the free wifi at the hospital. I'll stick to using my cell phone instead.
What you need is a windows OS disc - it doesn't have to be the original that came with the computer, you just need the OS discs to do a clean reformat. From there you will need drivers, which you can get online if you don't have the discs.
And you'll need a valid Product Key, which may - or may not - be on a sticker on the machine... and may or may not match whatever version of the OS you grab. A 'Volume License' key will not work on a Retail CD, and vice versa... and an SP3 key may not be valid for a RTM copy.
Browns is the Browns
... there goes Joe Thomas, the best there ever was in this game.
|
|
|
|
|
Joined: Sep 2006
Posts: 15,015
Legend
|
|
Legend
Joined: Sep 2006
Posts: 15,015 |
Quote:
What you need is a windows OS disc - it doesn't have to be the original that came with the computer, you just need the OS discs to do a clean reformat. From there you will need drivers, which you can get online if you don't have the discs.
And there is the start of the viscous cycle. You need a Network driver to access the online drivers, unless your lucky enough to have another computer to retrieve them with. 
We don't have to agree with each other, to respect each others opinion.
|
|
|
|
|
Joined: Sep 2006
Posts: 1,346
Dawg Talker
|
|
Dawg Talker
Joined: Sep 2006
Posts: 1,346 |
I know it sucks BB.
It would seem that Rabid's advice is the way to go since he already has experienced this. If this is keeping you from navigating to any of the recommended software, you can use a USB drive and another computer. Purp's advice of using the Ultimate Boot CD may very well help and you could put it's .iso on a USB drive and boot from there if your BIOS (boot menu) has that option.
Then again, since you mentioned that this is a work laptop you would need admin rights to do so. Frankly your best option may be to continue to back up all the files you wish to keep and have your employer either clean this for you or do a clean install of the OS. Again, as purp mentioned you cannot do a clean install of Windows without the valid product key. A reformat would only leave you with a wiped primary hard drive.
|
|
|
|
|
Joined: Sep 2006
Posts: 15,015
Legend
|
|
Legend
Joined: Sep 2006
Posts: 15,015 |
Quote:
Again, as purp mentioned you cannot do a clean install of Windows without the valid product key. A reformat would only leave you with a wiped primary hard drive.
Product key should be on a sticker on the bottom of the laptop, unless it's a large corp that has multi-user licensing.
We don't have to agree with each other, to respect each others opinion.
|
|
|
|
|
Joined: Sep 2006
Posts: 5,642
Hall of Famer
|
|
OP
Hall of Famer
Joined: Sep 2006
Posts: 5,642 |
Quote:
Quote:
Again, as purp mentioned you cannot do a clean install of Windows without the valid product key. A reformat would only leave you with a wiped primary hard drive.
Product key should be on a sticker on the bottom of the laptop, unless it's a large corp that has multi-user licensing.
And that would be my company (100's of thousands of employees worldwide).
And I can't access the internet on my laptop to update any of my antivirus/malware software. I tried saving one program to cd on the hubby's pc and taking it over to my laptop and it said the program needed access to the internet. So frustrating
#gmstrong
|
|
|
|
|
Joined: Jan 2007
Posts: 1,986
Dawg Talker
|
|
Dawg Talker
Joined: Jan 2007
Posts: 1,986 |
Quote:
Quote:
Quote:
Am I able to reformat if I don't have the disks? (work laptop)
Right now, I'm in the process of backing up all my important stuff to my external HD so if I have to send in my laptop for a reformat I won't loose too much.
I have NEVER had a virus (etc) so bad that I couldn't get rid of it. This is ridiculous! That'll teach me to use the free wifi at the hospital. I'll stick to using my cell phone instead.
What you need is a windows OS disc - it doesn't have to be the original that came with the computer, you just need the OS discs to do a clean reformat. From there you will need drivers, which you can get online if you don't have the discs.
And you'll need a valid Product Key, which may - or may not - be on a sticker on the machine... and may or may not match whatever version of the OS you grab. A 'Volume License' key will not work on a Retail CD, and vice versa... and an SP3 key may not be valid for a RTM copy.
Ther eis actually a way to boot your computer with the discs in the drive already, and load them without a product key. I wish I could remember exactly how to do it, but Dell informed me how to do it when I got a similar virus on my laptop, and Dell had never sent me discs with my laptop. They sent me new ones, but couldn't sent to product key for whatever reason.
I wish I could be more help, but you can reinstall a OS without the product key, it is just a bit tricky.
|
|
|
|
|
Joined: Sep 2006
Posts: 28,201
Legend
|
|
Legend
Joined: Sep 2006
Posts: 28,201 |
To my knowledge, and I've done this a LOT, you cannot do a reinstall without the key -- UNLESS -- the copy of the OS that you use is an Unattended install or a System Restore image.
Your standard OS CD will be neither of those.
Browns is the Browns
... there goes Joe Thomas, the best there ever was in this game.
|
|
|
|
|
Joined: Feb 2007
Posts: 3,405
Hall of Famer
|
|
Hall of Famer
Joined: Feb 2007
Posts: 3,405 |
Quote:
I know its a pain in the butt, but try a program called combofix. (upon installation of combo fix it will try to download microsoft recovery console if your PC doesnt have it. allow it to do so.) Also download spybt S & D
I have just battled the same virus. It is a Root kit. the times Ive seen it, it has attached itself to a Registry Key that runs upon NIC activation. So scanning it in Basic Safe mode is the only way to kill it
I used combo fix, then ran Malware Anti-bytes and spy bot S & D in safe mode. it took about 2 1/2 hours but it cleaned it up
let us know what becomes of it
This is my recommended approach. I would add running SuperAntiSpyware also.
Combo Fix has done a good job on root kits.
"My signature line goes here."
|
|
|
|
|
Joined: Sep 2006
Posts: 15
Rookie
|
|
Rookie
Joined: Sep 2006
Posts: 15 |
j/c If it is a rootkit, this may do the trick. http://download.cnet.com/McAfee-Rootkit-Detective/3000-8022_4-10720121.htmlIt's McAfee Rootkit Detective. It doesn't install onto your machine. It will rename the rootkits. I had a salesperson's laptop with a nasty virus that had a rootkit on it. I used it and then was able to run Malwarebytes on it afterward. Got rid of the rootkit and the virus.
|
|
|
|
|
Joined: Sep 2006
Posts: 2,523
Dawg Talker
|
|
Dawg Talker
Joined: Sep 2006
Posts: 2,523 |
I'm not a computer wizard,and I have no idea what these guys are talking about,most of the time.
My woman's computer got something similiar to what you seem to be experiencing.
All anti-anything got redirected to this perticular antivirus product,which wanted credit card info to clean up the mess it had created.
I recovered the OS from the D drive and quickly installed a good anti-virus,been woking fine ever since.
I told her to stay off those really bizarre porn sites,but she's such a perv.
Indecision may,or maynot,be my problem
|
|
|
|
|
Joined: Sep 2009
Posts: 798
All Pro
|
|
All Pro
Joined: Sep 2009
Posts: 798 |
Not a computer wiz, but I just finished fixing my father in law's laptop that wouldn't even boot into regular mode. http://forums.majorgeeks.com/showthread.php?t=35407I followed every step in this link, which ends up being a combination of most of the suggestions above and he hasn't had any problems since. You will have to copy all the programs from a cd or usb drive (I did on his b/c his computer was doing similar stuff; internet explorer always went to bogus sites so I couldn't download).
|
|
|
|
|
Joined: Jan 2007
Posts: 5,620
Hall of Famer
|
|
Hall of Famer
Joined: Jan 2007
Posts: 5,620 |
I just now got my computer cleaned from this crap.
The XP Protect thing actually uninstalled my AdAware and turned off my firewall and anti virus. So I had to downloaded AdAware, installed it and did a full scan. After it cleaned out a few items my antivirus started running and between the two they found and cleansed several items. I rebooted and did not have the XP Protect crap.
But, I could not run exe files as Windows did not know what program was used to run them. The file association for exe files was removed from the registry. Doug Knox's web site has reg files to fix these. Did that, and all seems well.
Nasty bugger, this was.
|
|
|
|
|
Joined: Sep 2006
Posts: 5,642
Hall of Famer
|
|
OP
Hall of Famer
Joined: Sep 2006
Posts: 5,642 |
Oh hooray! [/sarcasm] LOL
Well, since I'm getting ready to go on vacation, I suppose that now's the time to send my laptop to Corp and let them do the work on it. That way I have a working laptop back when I come back from vacation.
Next question: if I'm backing up my files on my external harddrive with this virus on my laptop, but I'm in safe mode, will the virus infect my external?
#gmstrong
|
|
|
|
|
Joined: Sep 2006
Posts: 28,201
Legend
|
|
Legend
Joined: Sep 2006
Posts: 28,201 |
Quote:
if I'm backing up my files on my external harddrive with this virus on my laptop, but I'm in safe mode, will the virus infect my external?
It should not, unless the files you are backing up are already infected.
Browns is the Browns
... there goes Joe Thomas, the best there ever was in this game.
|
|
|
|
|
Joined: Sep 2006
Posts: 5,642
Hall of Famer
|
|
OP
Hall of Famer
Joined: Sep 2006
Posts: 5,642 |
Thanks Purp~Seems, for the moment at least, the virus is only affecting my ability to get online, so I think my files are ok, but what do I know. LOL
#gmstrong
|
|
|
|
|
Joined: Sep 2006
Posts: 2,089
Dawg Talker
|
|
Dawg Talker
Joined: Sep 2006
Posts: 2,089 |
When you get your computer back, dump AVG.... Seems their stuff hasn;t been keeping up well. Go Avira or Avast.
|
|
|
|
|
Joined: Sep 2006
Posts: 28,201
Legend
|
|
Legend
Joined: Sep 2006
Posts: 28,201 |
I just went with Avira for a machine I'm working on because of AVG's constant conflicts with Windows Defender (prevents it from starting).
Tried Avast, but couldn't get it to install properly in Vista. Avira works and doesn't hamper WD, but it updates rather slowly... but it seems to do a very solid job of catching things and scanning.
Browns is the Browns
... there goes Joe Thomas, the best there ever was in this game.
|
|
|
|
|
Joined: Sep 2006
Posts: 5,642
Hall of Famer
|
|
OP
Hall of Famer
Joined: Sep 2006
Posts: 5,642 |
I'll download one of those when I get my laptop back. Probably Avast since I don't have to worry about conflicts with Vista (XP machine here)
#gmstrong
|
|
|
|
|
Joined: Sep 2006
Posts: 5,642
Hall of Famer
|
|
OP
Hall of Famer
Joined: Sep 2006
Posts: 5,642 |
I *heart* my IT Dept. I called to get shipping info to send my laptop in and the guy was able to walk me through removal over the phone.
Took me through the [pograms on start up and removed the ones that didn't belong. I was so happy, I told him that I'd have his babies for him. LOL
#gmstrong
|
|
|
DawgTalkers.net
Forums DawgTalk Tailgate Forum Help! Computer issue - virus,
malware, trojan, worm something
|
|
![[Linked Image from i45.tinypic.com]](http://i45.tinypic.com/adhq2o.gif)
![[Linked Image]](http://www.dawgtalkers.net/uploads/Maddog/PDVD_000Z.jpg)
