GeekPolice
Would you like to react to this message? Create an account in a few clicks or log in to continue.

GeekPoliceLog in

 


wuauclt.exe is infected. Do you want to activate your antivirus software now?

2 posters

descriptionwuauclt.exe is infected. Do you want to activate your antivirus software now? Emptywuauclt.exe is infected. Do you want to activate your antivirus software now?22nd April 2010, 10:27 am

more_horiz
Hi, i am having the problem with wuauclt.exe is infected problem. It says Application cannot be executed. The file wuauclt.exe is infected. Do you want to activate your antivirus software now?" I cant open any applications pretty much other than firefox.

I manage to go into safe mode with networking and get the OTL scan. I have attached them in this post.

Really need your help thanks.
Roland

descriptionwuauclt.exe is infected. Do you want to activate your antivirus software now? EmptyRe: wuauclt.exe is infected. Do you want to activate your antivirus software now?22nd April 2010, 6:30 pm

more_horiz
Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    FF - prefs.js..browser.search.defaultengine: "Ask.com"
    FF - prefs.js..browser.search.order.1: "Ask.com"
    FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.4.4.113
    O4 - HKLM..\Run: [subkkxdw] C:\Documents and Settings\alan\Local Settings\Application Data\qeqkqoekh\wvkootatssd.exe ()
    O4 - HKCU..\Run: [asam] C:\WINDOWS\asam.exe ()
    O4 - HKCU..\Run: [subkkxdw] C:\Documents and Settings\alan\Local Settings\Application Data\qeqkqoekh\wvkootatssd.exe ()
    O33 - MountPoints2\{1d5a5022-dc64-11dd-bd93-0022150e4cd5}\Shell\AutoRun\command - "" = G:\j.bat -- File not found
    O33 - MountPoints2\{1d5a5022-dc64-11dd-bd93-0022150e4cd5}\Shell\open\Command - "" = G:\j.bat -- File not found
    O33 - MountPoints2\{a7f5e10c-8c40-11dd-bcfc-806d6172696f}\Shell - "" = AutoRun
    O33 - MountPoints2\{a7f5e10c-8c40-11dd-bcfc-806d6172696f}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{a7f5e10c-8c40-11dd-bcfc-806d6172696f}\Shell\AutoRun\command - "" = F:\LGInstaller.exe -- [2007-09-12 22:22:18 | 001,662,976 | R--- | M] ()
    O33 - MountPoints2\{b1183d1c-93dc-11de-bf21-0022150e4cd5}\Shell\AutoRun\command - "" = G:\StartPortableApps.exe -- File not found
    O33 - MountPoints2\{d4158750-9b3b-11de-bf45-0022150e4cd5}\Shell\AUTOplay\comMaNd - "" = H:\bxnjc.pif -- File not found
    O33 - MountPoints2\{d4158750-9b3b-11de-bf45-0022150e4cd5}\Shell\AutoRun\command - "" = H:\bxnjc.pif -- File not found
    O33 - MountPoints2\{d4158750-9b3b-11de-bf45-0022150e4cd5}\Shell\expLore\coMMAnd - "" = H:\bxnjc.pif -- File not found
    O33 - MountPoints2\{d4158750-9b3b-11de-bf45-0022150e4cd5}\Shell\oPeN\commANd - "" = H:\bxnjc.pif -- File not found
    [2010-04-22 12:28:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\alan\Local Settings\Application Data\qeqkqoekh
    [2010-04-22 18:45:30 | 000,061,184 | ---- | C] () -- C:\WINDOWS\asam.exe
    [2010-04-22 18:44:24 | 000,061,184 | ---- | C] () -- C:\Documents and Settings\alan\Local Settings\Application Data\syssvc.exe


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

descriptionwuauclt.exe is infected. Do you want to activate your antivirus software now? EmptyRe: wuauclt.exe is infected. Do you want to activate your antivirus software now?22nd April 2010, 9:20 pm

more_horiz
Hey thanks for your fast reply, i have done according to what you said and the following is what i got.

========== OTL ==========
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: toolbar@ask.com:3.4.4.113 removed from extensions.enabledItems
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\subkkxdw deleted successfully.
C:\Documents and Settings\alan\Local Settings\Application Data\qeqkqoekh\wvkootatssd.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\asam deleted successfully.
C:\WINDOWS\asam.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\subkkxdw deleted successfully.
File C:\Documents and Settings\alan\Local Settings\Application Data\qeqkqoekh\wvkootatssd.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d5a5022-dc64-11dd-bd93-0022150e4cd5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1d5a5022-dc64-11dd-bd93-0022150e4cd5}\ not found.
File G:\j.bat not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d5a5022-dc64-11dd-bd93-0022150e4cd5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1d5a5022-dc64-11dd-bd93-0022150e4cd5}\ not found.
File G:\j.bat not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a7f5e10c-8c40-11dd-bcfc-806d6172696f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a7f5e10c-8c40-11dd-bcfc-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a7f5e10c-8c40-11dd-bcfc-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a7f5e10c-8c40-11dd-bcfc-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a7f5e10c-8c40-11dd-bcfc-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a7f5e10c-8c40-11dd-bcfc-806d6172696f}\ not found.
File move failed. F:\LGInstaller.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b1183d1c-93dc-11de-bf21-0022150e4cd5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b1183d1c-93dc-11de-bf21-0022150e4cd5}\ not found.
File G:\StartPortableApps.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d4158750-9b3b-11de-bf45-0022150e4cd5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d4158750-9b3b-11de-bf45-0022150e4cd5}\ not found.
File H:\bxnjc.pif not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d4158750-9b3b-11de-bf45-0022150e4cd5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d4158750-9b3b-11de-bf45-0022150e4cd5}\ not found.
File H:\bxnjc.pif not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d4158750-9b3b-11de-bf45-0022150e4cd5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d4158750-9b3b-11de-bf45-0022150e4cd5}\ not found.
File H:\bxnjc.pif not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d4158750-9b3b-11de-bf45-0022150e4cd5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d4158750-9b3b-11de-bf45-0022150e4cd5}\ not found.
File H:\bxnjc.pif not found.
C:\Documents and Settings\alan\Local Settings\Application Data\qeqkqoekh folder moved successfully.
File C:\WINDOWS\asam.exe not found.
C:\Documents and Settings\alan\Local Settings\Application Data\syssvc.exe moved successfully.

OTL by OldTimer - Version 3.2.2.0 log created on 04232010_071456

Files\Folders moved on Reboot...
File move failed. F:\LGInstaller.exe scheduled to be moved on reboot.

Registry entries deleted on Reboot...


Thanks
Roland

descriptionwuauclt.exe is infected. Do you want to activate your antivirus software now? EmptyRe: wuauclt.exe is infected. Do you want to activate your antivirus software now?22nd April 2010, 9:29 pm

more_horiz
Hey i just used the window under normal mode, the problem is gone. Thanks heaps for your help, really appreciate it.

Roland

descriptionwuauclt.exe is infected. Do you want to activate your antivirus software now? EmptyRe: wuauclt.exe is infected. Do you want to activate your antivirus software now?23rd April 2010, 12:24 am

more_horiz
Hello.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

descriptionwuauclt.exe is infected. Do you want to activate your antivirus software now? EmptyRe: wuauclt.exe is infected. Do you want to activate your antivirus software now?

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum