Please help me. My computer has a virus. File Wuauclt.exe is infected!

View previous topic View next topic Go down

Please help me. My computer has a virus. File Wuauclt.exe is infected!

Post by lgtron on Sat Apr 03, 2010 5:53 am

Ok so my computer unfortunately has a virus. IE doesn't work only Mozilla. I thought that by downloading norton internet protection 2010 i would help my situation but it i worst than i thought. I can download aything is just that the virus wont allow me to run anything so i couldt really install norton. All programs i download are sitting in my desktop becausE the infected files prevent them from being executed. Please help me! Thanks. I DONT KNOW WHAT TO DO!!!:sad:



i have windows vista

lgtron
Beginner
Beginner

Posts Posts : 3
Joined Joined : 2010-04-03
OS OS : windows Vista
Points Points : 24403
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Please help me. My computer has a virus. File Wuauclt.exe is infected!

Post by Net_Surfer on Sat Apr 03, 2010 7:28 am

Hello Igtron and Welcome to GeekPolice Malware removal forum.

My nick is Net_Surfer and I will be helping you with your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing "your computer problems only" and by no means should be used on another computer.

I would also like to inform you that most of us here at GeekPolice offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!


Please be patient and I'd be grateful if you would note the following:

The cleaning process is not instant. Gmer, DDS, ComboFix, RSIT and hijackthis logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.[/b]


  1. Please Read All Instructions Carefully and perform the steps fully and in the order they are written.

  2. If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.

  3. Do not attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process.

  4. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.

  5. Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  6. Please continue to review my answers until I tell you that your machine is clean and free of malware. (Absence of symptoms does not mean that everything is clear.
Just because you can't see a problem doesn't mean it isn't there.

If you can do these things, everything should go smoothly. Right On!

OK. Igtron......If you have a Vista computer ensure that you right click on the tools and run them as an Admin. IF XP double click on the program to run them.

Before we begin, you should save these instructions in Notepad to your Desktop, or print them, for easy reference and to make sure you don't get lost.
Make sure to work through the fixes in the exact order in which they are mentioned below and do not miss any steps out. If at any point you have questions, or are unsure of the instructions, do not hesitate to post here and ask for clarification before proceeding with the fixes.

Please carefully follow the next set of steps:


If you can not download and run the following tools, then I would like for you to try another approach:

If you have the use of another computer please either use a Flash Drive or a CD to download the following and transfer them for use on the infected machine.
Be sure you put them on the desktop of the infected computer.


* exeHelper by Raktor.

step1. Please download: [You must be registered and logged in to see this link.] to your desktop.
Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

step2.* After running exeHelper ("without rebooting") download and run Rkill and Malwarebyte's and run them using this instructions:

We need to use the RKill Tool by Grinler

[You must be registered and logged in to see this link.]

  • Please Download Rkill.com. Save it to your Desktop.
  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this [You must be registered and logged in to see this link.] if you are not sure how.

  • NOTE: If you are unable to connect to the site to download rkill, then you should download it to a clean computer and copy it to the infected one via a USB flash drive or CDROM.

  • Once it is downloaded, double-click on the rkill.com in order to automatically attempt to stop any processes associated with Rogue programs.
  • Please be patient while the program looks for various malware programs and ends them.
  • When it has finished, the black window will automatically close and you can continue with the next step.

NOTE: If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by Antivirus Suite when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate the rogue program. So, please try running Rkill until the malware is no longer running. You will then be able to proceed with the rest of the steps.

If you continue having problems running rkill.com, you can download:
[You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.]
which are renamed copies of rkill.com, and try them instead.

*If the tool does not run from any of the links, Please tell me about it.

Malwarebytes' Anti-Malware

step3.* Please download:[You must be registered and logged in to see this link.]
Note: If you already have Malwarebytes' Anti-Malware, just update first then run it.

  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform a Full system Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

step4.* We need to see some additional information about what is happening in your machine.
Please perform the following scan:



  • Download DDS by sUBs from one of the following links. Save it to your desktop.
    o [You must be registered and logged in to see this link.]
    o [You must be registered and logged in to see this link.]
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • When done, DDS will open two (2) logs
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop.
  • The instructions here ask you to attach the Attach.txt.

  • Instead of attaching, please copy/paste both logs into your next reply.
  • Close the program window, and delete the program from your desktop.
[indent]Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all anti-virus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control [You must be registered and logged in to see this link.]


Summary of the logs I will need in your next reply:

  • ExeHelper log.
  • Rkill log.
  • MBAM log.
  • The two logs of DDS.

How are things your end Igtron?


The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day then I will close the topic.

Kind regards
Net_Surfer


Obstacles are what you see when you take you eyes off your GOALS
Net_Surfer is a Graduate of BleepingComputer: Malware Removal Training Program You too could train to help others!

Net_Surfer
Intermediate
Intermediate

Posts Posts : 57
Joined Joined : 2010-03-28
Gender Gender : Male
OS OS : xp sp3, Vista, Win7
Points Points : 25175
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Please help me. My computer has a virus. File Wuauclt.exe is infected!

Post by lgtron on Sat Apr 03, 2010 7:59 am

I downloaded everything and is not working because the computer wont allow me to open the programs, i cant run any. it says that application cannot be executed. the file wuauclt.exe is infected. i cant do anything.

what can i possibly do?

is my only alternative to buy the windows vista software and reinstall it?
Do you know how to do that?

lgtron
Beginner
Beginner

Posts Posts : 3
Joined Joined : 2010-04-03
OS OS : windows Vista
Points Points : 24403
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Please help me. My computer has a virus. File Wuauclt.exe is infected!

Post by Net_Surfer on Sat Apr 03, 2010 8:56 am

Hello again Igtron. Honored

Can you try running the tools while in safe mode, see this tutorial to help you with the instructions:


[You must be registered and logged in to see this link.]

Please let me know if that help.

Kind regards
Net_Surfer
(Gunsmoke)


Obstacles are what you see when you take you eyes off your GOALS
Net_Surfer is a Graduate of BleepingComputer: Malware Removal Training Program You too could train to help others!

Net_Surfer
Intermediate
Intermediate

Posts Posts : 57
Joined Joined : 2010-03-28
Gender Gender : Male
OS OS : xp sp3, Vista, Win7
Points Points : 25175
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Please help me. My computer has a virus. File Wuauclt.exe is infected!

Post by lgtron on Sat Apr 03, 2010 6:42 pm

unfortunately. i cant even put my computer on safe mode not by f8 method or by trying the other method(msconfig). However what i can acces f9 which is a system restore option in which i dont have to log in or anything so maybe that will work for me. Do you think that is a good idea? It says it will restore it to factory settings.

lgtron
Beginner
Beginner

Posts Posts : 3
Joined Joined : 2010-04-03
OS OS : windows Vista
Points Points : 24403
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Please help me. My computer has a virus. File Wuauclt.exe is infected!

Post by Net_Surfer on Sun Apr 04, 2010 10:57 am

Hello again Igtron,

Sorry for the delay.....

Alright. Don't give up yet. Let's try a different tool this time.


Carefully follow my next set of steps:


Step 1. Before we begin, you should save these instructions in Notepad to your Desktop, or print them, for easy reference and to make sure you don't get lost.

Make sure to work through the fixes in the exact order in which they are mentioned below and do not miss any steps out. If at any point you have questions, or are unsure of the instructions, do not hesitate to post here and ask for clarification before proceeding with the fixes.

Download Tool by sUBs


**Note: In the event you already have old versions of Combofix I need you to delete them, right click on the combofix icon on your desktop and delete it. This is a new version that I need you to download. It is important that it is saved directly to your desktop**


  • If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

  • For Internet Explorer:
    o Choose to save, not open the file
    o When prompted - save the file to your desktop, and rename it to CFscan with .exe extension on the end.


Please download Combofix from any of the links below but rename it to CFscan before saving it to your desktop. Do NOT run it just yet!
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

  • Click on [You must be registered and logged in to see this link.] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Step 2. Please insert your flash drive and all usb-drives before running Combofix

    Important notes regarding ComboFix:

    ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

    ComboFix also prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished. Read [You must be registered and logged in to see this link.] for an article written by dvk01 on why we disable autoruns.
  • Close any open browsers.
    WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.
  • Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

-----------------------------------------------------------
Step 3.Now please run ComboFix using these instructions:

  • Close all applications and windows (including this one) so that you have nothing open and are at your Desktop.
  • Go to Start -> Run...
  • Copy the entire contents inside the CODE box below (do NOT copy the word "CODE" from the CODE box!), and paste them into the empty "Open:" box provided:
Code:
"%userprofile%\Desktop\CFscan.exe" /killall

  • Click OK and follow the on-screen prompts.

  • When finished, ComboFix shall produce a log for you (located at C:\ComboFix.txt). Post the entire contents of that report in your next reply for further review, and so we may continue cleansing the system.
How are things your end Igtron???

The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day then I will close the topic.

Upon completing the above steps I will review your logs again and take the steps necessary with you to get your machine back in working order clean and free of malware.

Again, Please DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean and free of malware!!!

Kind regards
Net_Surfer



Obstacles are what you see when you take you eyes off your GOALS
Net_Surfer is a Graduate of BleepingComputer: Malware Removal Training Program You too could train to help others!

Net_Surfer
Intermediate
Intermediate

Posts Posts : 57
Joined Joined : 2010-03-28
Gender Gender : Male
OS OS : xp sp3, Vista, Win7
Points Points : 25175
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum