GeekPolice
Welcome to GeekPolice.net!

From "wow" to "whoa" - we're teaching practical technology and helping others with tech support. Join our family here!

You are viewing the forum as a "Guest" which doesn't give you member privileges to ask questions or post comments.

Take 30 seconds to register or log in below and unlock the limitations of this website to discover new computer knowledge!

wuauclt.exe is infected. Do you want to activate your antivirus software now?

View previous topic View next topic Go down

wuauclt.exe is infected. Do you want to activate your antivirus software now?

Post by roland_wkt on Thu Apr 22, 2010 10:27 am

Hi, i am having the problem with wuauclt.exe is infected problem. It says Application cannot be executed. The file wuauclt.exe is infected. Do you want to activate your antivirus software now?" I cant open any applications pretty much other than firefox.

I manage to go into safe mode with networking and get the OTL scan. I have attached them in this post.

Really need your help thanks.
Roland

roland_wkt
Beginner
Beginner

Status :
Online
Offline

Posts : 3
Joined : 2010-04-22
OS : Window xp
Points : 24206
# Likes : 0

View user profile

Back to top Go down

Re: wuauclt.exe is infected. Do you want to activate your antivirus software now?

Post by Belahzur on Thu Apr 22, 2010 6:30 pm

Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :OTL
    FF - prefs.js..browser.search.defaultengine: "Ask.com"
    FF - prefs.js..browser.search.order.1: "Ask.com"
    FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:3.4.4.113
    O4 - HKLM..\Run: [subkkxdw] C:\Documents and Settings\alan\Local Settings\Application Data\qeqkqoekh\wvkootatssd.exe ()
    O4 - HKCU..\Run: [asam] C:\WINDOWS\asam.exe ()
    O4 - HKCU..\Run: [subkkxdw] C:\Documents and Settings\alan\Local Settings\Application Data\qeqkqoekh\wvkootatssd.exe ()
    O33 - MountPoints2\{1d5a5022-dc64-11dd-bd93-0022150e4cd5}\Shell\AutoRun\command - "" = G:\j.bat -- File not found
    O33 - MountPoints2\{1d5a5022-dc64-11dd-bd93-0022150e4cd5}\Shell\open\Command - "" = G:\j.bat -- File not found
    O33 - MountPoints2\{a7f5e10c-8c40-11dd-bcfc-806d6172696f}\Shell - "" = AutoRun
    O33 - MountPoints2\{a7f5e10c-8c40-11dd-bcfc-806d6172696f}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{a7f5e10c-8c40-11dd-bcfc-806d6172696f}\Shell\AutoRun\command - "" = F:\LGInstaller.exe -- [2007-09-12 22:22:18 | 001,662,976 | R--- | M] ()
    O33 - MountPoints2\{b1183d1c-93dc-11de-bf21-0022150e4cd5}\Shell\AutoRun\command - "" = G:\StartPortableApps.exe -- File not found
    O33 - MountPoints2\{d4158750-9b3b-11de-bf45-0022150e4cd5}\Shell\AUTOplay\comMaNd - "" = H:\bxnjc.pif -- File not found
    O33 - MountPoints2\{d4158750-9b3b-11de-bf45-0022150e4cd5}\Shell\AutoRun\command - "" = H:\bxnjc.pif -- File not found
    O33 - MountPoints2\{d4158750-9b3b-11de-bf45-0022150e4cd5}\Shell\expLore\coMMAnd - "" = H:\bxnjc.pif -- File not found
    O33 - MountPoints2\{d4158750-9b3b-11de-bf45-0022150e4cd5}\Shell\oPeN\commANd - "" = H:\bxnjc.pif -- File not found
    [2010-04-22 12:28:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\alan\Local Settings\Application Data\qeqkqoekh
    [2010-04-22 18:45:30 | 000,061,184 | ---- | C] () -- C:\WINDOWS\asam.exe
    [2010-04-22 18:44:24 | 000,061,184 | ---- | C] () -- C:\Documents and Settings\alan\Local Settings\Application Data\syssvc.exe


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: wuauclt.exe is infected. Do you want to activate your antivirus software now?

Post by roland_wkt on Thu Apr 22, 2010 9:20 pm

Hey thanks for your fast reply, i have done according to what you said and the following is what i got.

========== OTL ==========
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: [You must be registered and logged in to see this link.]:3.4.4.113 removed from extensions.enabledItems
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\subkkxdw deleted successfully.
C:\Documents and Settings\alan\Local Settings\Application Data\qeqkqoekh\wvkootatssd.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\asam deleted successfully.
C:\WINDOWS\asam.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\subkkxdw deleted successfully.
File C:\Documents and Settings\alan\Local Settings\Application Data\qeqkqoekh\wvkootatssd.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d5a5022-dc64-11dd-bd93-0022150e4cd5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1d5a5022-dc64-11dd-bd93-0022150e4cd5}\ not found.
File G:\j.bat not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d5a5022-dc64-11dd-bd93-0022150e4cd5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1d5a5022-dc64-11dd-bd93-0022150e4cd5}\ not found.
File G:\j.bat not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a7f5e10c-8c40-11dd-bcfc-806d6172696f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a7f5e10c-8c40-11dd-bcfc-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a7f5e10c-8c40-11dd-bcfc-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a7f5e10c-8c40-11dd-bcfc-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a7f5e10c-8c40-11dd-bcfc-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a7f5e10c-8c40-11dd-bcfc-806d6172696f}\ not found.
File move failed. F:\LGInstaller.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b1183d1c-93dc-11de-bf21-0022150e4cd5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b1183d1c-93dc-11de-bf21-0022150e4cd5}\ not found.
File G:\StartPortableApps.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d4158750-9b3b-11de-bf45-0022150e4cd5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d4158750-9b3b-11de-bf45-0022150e4cd5}\ not found.
File H:\bxnjc.pif not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d4158750-9b3b-11de-bf45-0022150e4cd5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d4158750-9b3b-11de-bf45-0022150e4cd5}\ not found.
File H:\bxnjc.pif not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d4158750-9b3b-11de-bf45-0022150e4cd5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d4158750-9b3b-11de-bf45-0022150e4cd5}\ not found.
File H:\bxnjc.pif not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d4158750-9b3b-11de-bf45-0022150e4cd5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d4158750-9b3b-11de-bf45-0022150e4cd5}\ not found.
File H:\bxnjc.pif not found.
C:\Documents and Settings\alan\Local Settings\Application Data\qeqkqoekh folder moved successfully.
File C:\WINDOWS\asam.exe not found.
C:\Documents and Settings\alan\Local Settings\Application Data\syssvc.exe moved successfully.

OTL by OldTimer - Version 3.2.2.0 log created on 04232010_071456

Files\Folders moved on Reboot...
File move failed. F:\LGInstaller.exe scheduled to be moved on reboot.

Registry entries deleted on Reboot...


Thanks
Roland

roland_wkt
Beginner
Beginner

Status :
Online
Offline

Posts : 3
Joined : 2010-04-22
OS : Window xp
Points : 24206
# Likes : 0

View user profile

Back to top Go down

Re: wuauclt.exe is infected. Do you want to activate your antivirus software now?

Post by roland_wkt on Thu Apr 22, 2010 9:29 pm

Hey i just used the window under normal mode, the problem is gone. Thanks heaps for your help, really appreciate it.

Roland

roland_wkt
Beginner
Beginner

Status :
Online
Offline

Posts : 3
Joined : 2010-04-22
OS : Window xp
Points : 24206
# Likes : 0

View user profile

Back to top Go down

Re: wuauclt.exe is infected. Do you want to activate your antivirus software now?

Post by Belahzur on Fri Apr 23, 2010 12:24 am

Hello.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum