WiredWX Hobby Weather ToolsLog in

 


description"Application cannot be executed. The file wuauclt.exe is infected" Empty"Application cannot be executed. The file wuauclt.exe is infected"

more_horiz
I don't really know what happened but one day this message came up in windows security alert and now its constantly coming up over and over again. Ive done some research and by the sounds of it its just a spyware thing trying to sucker me into buying an anti spyware program; always so ironic. Im somewhat tech saavy but i dont really know where to begin to erase it. It won't let me into system restore or even the better half of my programs. Help would be much appreciated.

description"Application cannot be executed. The file wuauclt.exe is infected" EmptyRe: "Application cannot be executed. The file wuauclt.exe is infected"

more_horiz
Hello Napalmtom9 and Welcome to GeekPolice Malware removal forum.

My nick is Net_Surfer and I will be helping you with your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing "your computer problems only" and by no means should be used on another computer.

I would also like to inform you that most of us here at GeekPolice offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!


Please be patient and I'd be grateful if you would note the following:

The cleaning process is not instant. Gmer, DDS, ComboFix, RSIT and hijackthis logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.[/b]


  1. Please Read All Instructions Carefully and perform the steps fully and in the order they are written.

  2. If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.

  3. Do not attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process.

  4. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.

  5. Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  6. Please continue to review my answers until I tell you that your machine is clean and free of malware. (Absence of symptoms does not mean that everything is clear.
Just because you can't see a problem doesn't mean it isn't there.

If you can do these things, everything should go smoothly. Right On!

OK. Napalmtom9.......If you have a Vista computer ensure that you right click on the tools and run them as an Admin. IF XP double click on the program to run them.

Before we begin, you should save these instructions in Notepad to your Desktop, or print them, for easy reference and to make sure you don't get lost.
Make sure to work through the fixes in the exact order in which they are mentioned below and do not miss any steps out. If at any point you have questions, or are unsure of the instructions, do not hesitate to post here and ask for clarification before proceeding with the fixes.

Please carefully follow the next set of steps:


If you can not download and run the following tools, then I would like for you to try another approach:

If you have the use of another computer please either use a Flash Drive or a CD to download the following and transfer them for use on the infected machine.
Be sure you put them on the desktop of the infected computer.


* exeHelper by Raktor.

step1. Please download: exeHelper to your desktop.
Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

step2.* After running exeHelper ("without rebooting") download and run Rkill and Malwarebyte's and run them using this instructions:

We need to use the RKill Tool by Grinler

Rkill.com <--- Download site

  • Please Download Rkill.com. Save it to your Desktop.
  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.

  • NOTE: If you are unable to connect to the site to download rkill, then you should download it to a clean computer and copy it to the infected one via a USB flash drive or CDROM.

  • Once it is downloaded, double-click on the rkill.com in order to automatically attempt to stop any processes associated with Rogue programs.
  • Please be patient while the program looks for various malware programs and ends them.
  • When it has finished, the black window will automatically close and you can continue with the next step.

NOTE: If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by Antivirus Suite when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate the rogue program. So, please try running Rkill until the malware is no longer running. You will then be able to proceed with the rest of the steps.

If you continue having problems running rkill.com, you can download:
iExplore.exe or eXplorer.exe
which are renamed copies of rkill.com, and try them instead.

*If the tool does not run from any of the links, Please tell me about it.

"Application cannot be executed. The file wuauclt.exe is infected" Mbamicontw5Malwarebytes' Anti-Malware

step3.* Please download: Malwarebytes' Anti-Malware
Note: If you already have Malwarebytes' Anti-Malware, just update first then run it.

  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform a Full system Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

step4.* We need to see some additional information about what is happening in your machine.
Please perform the following scan:

"Application cannot be executed. The file wuauclt.exe is infected" Dds_scr


  • Download DDS by sUBs from one of the following links. Save it to your desktop.
    o DDS.scr
    o DDS.pif
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • When done, DDS will open two (2) logs
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop.
  • The instructions here ask you to attach the Attach.txt.
    "Application cannot be executed. The file wuauclt.exe is infected" DDS
  • Instead of attaching, please copy/paste both logs into your next reply.
  • Close the program window, and delete the program from your desktop.
[indent]Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all anti-virus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


Summary of the logs I will need in your next reply:

  • ExeHelper log.
  • Rkill log.
  • MBAM log.
  • The two logs of DDS.

How are things your end Napalmtom9?


The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day then I will close the topic.

Kind regards
Net_Surfer

(Gunsmoke)

description"Application cannot be executed. The file wuauclt.exe is infected" EmptyRe: "Application cannot be executed. The file wuauclt.exe is infected"

more_horiz
Ive come across a problem, everytime i try to run the program, or any program other than mozilla firefox/internet explorer it shuts the program off after a few seconds

..PS. i downloaded the tools and are on my desktop

description"Application cannot be executed. The file wuauclt.exe is infected" EmptyRe: "Application cannot be executed. The file wuauclt.exe is infected"

more_horiz
Hello again Napalmtom9, Honored

Please try ComboFix tool, if you can not run it use exehelper and Rkill and without rebooting try ComboFix again.....


Please download ComboFix "Application cannot be executed. The file wuauclt.exe is infected" Combofix from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

"Application cannot be executed. The file wuauclt.exe is infected" Query_RC
Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
"Application cannot be executed. The file wuauclt.exe is infected" RC_successful

  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

A word of advise if you are a lurker: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix.
It is intended by its creator to be used under the guidance and supervision of a Malware Removal Expert.

Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.
Please read the: Combofix's "Disclaimer".


The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day then I will close the topic.

Upon completing the above steps I will review your logs again and take the steps necessary with you to get your machine back in working order clean and free of malware.

Again, Please DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean and free of malware!!!

Kind regards
Net_Surfer

"Application cannot be executed. The file wuauclt.exe is infected" Smiley_Wizard_by_Momma__G

description"Application cannot be executed. The file wuauclt.exe is infected" EmptyRe: "Application cannot be executed. The file wuauclt.exe is infected"

more_horiz
My dad somehow got into system restore and went back a month. The computer seems to be back at its old state now but u said that it may seem to be ok but not neccessarily is? I dunno, I know you told me to follow ur instructions but he wanted to do it his way? Sorry if i screwed up the process

description"Application cannot be executed. The file wuauclt.exe is infected" EmptyRe: "Application cannot be executed. The file wuauclt.exe is infected"

more_horiz
If you want to be sure that all is oK.......then do the step with Malwarebyte's

Ensure that you update the program first and do a full system scan and post the log back here for my review.

Let me know what you will decide so we can close this thread.

Regards
Net_Surfer

description"Application cannot be executed. The file wuauclt.exe is infected" EmptyRe: "Application cannot be executed. The file wuauclt.exe is infected"

more_horiz
alwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3947

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

02/04/2010 7:10:37 PM
mbam-log-2010-04-02 (19-10-37).txt

Scan type: Full scan (A:\|C:\|E:\|)
Objects scanned: 223813
Time elapsed: 1 hour(s), 46 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe (Rogue.SystemSecurity) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Kirsten\Desktop\install.exe (Rogue.SystemSecurity) -> No action taken.
C:\Documents and Settings\Tom\Local Settings\Temp\llnB.exe (Rogue.AntivirusSoft.Gen) -> No action taken.
C:\Documents and Settings\Tom\Local Settings\Temporary Internet Files\Content.IE5\AHVS94BI\eHcaeb6eeaV03f01830002Rb08dc247102T815a3535Q0000004c901805F0016000aJ0b000601l0409K1cfff1fd3180[1] (Rogue.AntivirusSoft.Gen) -> No action taken.
C:\System Volume Information\_restore{9653CCD3-3D00-4722-8C74-19D37171A853}\RP335\A0057506.exe (Rogue.AntivirusSoft.Gen) -> No action taken.

description"Application cannot be executed. The file wuauclt.exe is infected" EmptyRe: "Application cannot be executed. The file wuauclt.exe is infected"

more_horiz
do i just remove the infected files?

description"Application cannot be executed. The file wuauclt.exe is infected" EmptyRe: "Application cannot be executed. The file wuauclt.exe is infected"

more_horiz
Hello again Napalmtom9, Honored


There is no sense in running it if you are going to ignore everything it found. :sad:

Your MBAM log shows:
"No action taken"
.

This usually occurs if you forget to click "Remove Selected" and instead only clicked "Save Logfile. Let me think

Please read this thread and rescan again only using the (Quick Scan) in normal mode and check all items found for removal.

Don't forgot to reboot afterwards. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

After performing the new scan, click the Logs tab and copy/paste the contents of the new report in your next reply along with the logs of DDS, check for the instructions on my prior post so you can run DDS.

Do not run ComboFix tool, after you post the logs of MBAM and DDS I will see if still needed
Let me think

Kind regards
Net_Surfer
(Gunsmoke)

description"Application cannot be executed. The file wuauclt.exe is infected" EmptyRe: "Application cannot be executed. The file wuauclt.exe is infected"

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum