crabpeople30
Posts: 10 +0
i've got that wuauclt virus and i need help getting rid of it
help please...
Thank You
help please...
Thank You
i've got that wuauclt virus
- Thread starter crabpeople30
- Start date
- Status
Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.
Post fresh HJT and AVG Antispyware logs as ATTACHMENTS into this thread, only after doing the above.
This thread is for the use of crabpeople30 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Post fresh HJT and AVG Antispyware logs as ATTACHMENTS into this thread, only after doing the above.
This thread is for the use of crabpeople30 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
crabpeople30
Posts: 10 +0
hijackthis file attached
went through the process as listed, after running AVG, could not find out how to generate log, although scan came out clean.
FYI, prior to following instructions listed, ran AdAware, SpyBot S&D, Symatec, and a few others I could find in both regular windows and also safe mode.
went through the process as listed, after running AVG, could not find out how to generate log, although scan came out clean.
FYI, prior to following instructions listed, ran AdAware, SpyBot S&D, Symatec, and a few others I could find in both regular windows and also safe mode.
crabpeople30
Posts: 10 +0
avg results
here they are
here they are
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.
Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
MSNGMSNGR32.EXE
procmsg.exe
Close task manager.
Go to add remove programmes in your control panel and uninstall anything to do with(if there).
MSNGMSNGR32
procmsg
Click start/run and type services.msc into the run box and press the enter key.
When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.
MSNGMSNGR32
procmsg
Close the services window.
Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
O2 - BHO: (no name) - {58F07DD3-924D-4141-BC74-299F523A95F1} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [Microsoft Instant Messenger] MSNGMSNGR32.EXE
O4 - HKLM\..\Run: [Windows Generic Proc] procmsg.exe
O4 - HKLM\..\RunServices: [Windows Generic Proc] procmsg.exe
O4 - HKCU\..\Run: [Windows Generic Proc] procmsg.exe
O4 - HKCU\..\RunServices: [Windows Generic Proc] procmsg.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {D1ACD2D8-7312-4D06-BECD-90EB094D2277} - http://mediaplayer.walmart.com/installer/install.cab
Click on the fix checked button.
Close HJT.
Reboot your pc and post a fresh HJT in this thread.
This thread is for the use of crabpeople30 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
MSNGMSNGR32.EXE
procmsg.exe
Close task manager.
Go to add remove programmes in your control panel and uninstall anything to do with(if there).
MSNGMSNGR32
procmsg
Click start/run and type services.msc into the run box and press the enter key.
When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.
MSNGMSNGR32
procmsg
Close the services window.
Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
O2 - BHO: (no name) - {58F07DD3-924D-4141-BC74-299F523A95F1} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [Microsoft Instant Messenger] MSNGMSNGR32.EXE
O4 - HKLM\..\Run: [Windows Generic Proc] procmsg.exe
O4 - HKLM\..\RunServices: [Windows Generic Proc] procmsg.exe
O4 - HKCU\..\Run: [Windows Generic Proc] procmsg.exe
O4 - HKCU\..\RunServices: [Windows Generic Proc] procmsg.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {D1ACD2D8-7312-4D06-BECD-90EB094D2277} - http://mediaplayer.walmart.com/installer/install.cab
Click on the fix checked button.
Close HJT.
Reboot your pc and post a fresh HJT in this thread.
This thread is for the use of crabpeople30 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
crabpeople30
Posts: 10 +0
here's the results...
Is C:\Program Files\MyPoints Visual Search a piece of software that you recognise and trust or not??
This thread is for the use of crabpeople30 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
This thread is for the use of crabpeople30 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
crabpeople30
Posts: 10 +0
yes it is....i know what it is and trust the source
In that case your HJT log is clean.
If you should hsve ant spyware problems in the future then you can put them in this thread
This thread is for the use of crabpeople30 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
If you should hsve ant spyware problems in the future then you can put them in this thread
This thread is for the use of crabpeople30 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
crabpeople30
Posts: 10 +0
perhaps then spyware is not the issue. I have automatic updates turned off, and everytime I boot up, shortly after I log in, the wuauclt.exe appears in the list of processes and begins to absorb huge amounts of memory. We have a network set up, and my computer then brings our usual bandwidth speed of 2200 kbps down to that of perhaps less than 500 kbps. If I end the wuauclt.exe process, the internet speed of everyone else's computer on the network speeds up to 1200 or so, not near the usual (mine only attains speeds of 800 or so). When my computer is totally removed from the network, the speed is at what it should be [and also when I boot into safe mode with networking]. Also in the processes, my svchost.exe is about 7 - 8x that of every person in the network (in terms of memory usage). My computer is being bogged down by something, and I'm then not sure what it is.
If this doesn't provide any additional hints to what could be wrong, I'm thinking I'll just stick with plan B and wipe my hard drive. (the one with the OS)
If this doesn't provide any additional hints to what could be wrong, I'm thinking I'll just stick with plan B and wipe my hard drive. (the one with the OS)
crabpeople30
Posts: 10 +0
It's just a little home network, 5 computers (including mine). It was at first thought that the router might be the problem, but we just got a new one and the problem persists. We have three computers upstairs and two downstairs, all with the appropriate switches and network cables.
In that case you may be better off making a post in the Storage & Networking forum.
I'm afraid i know little about networking, sorry!!
This thread is for the use of crabpeople30 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
I'm afraid i know little about networking, sorry!!
This thread is for the use of crabpeople30 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
crabpeople30
Posts: 10 +0
thanks for your help
howard_hopkinso
Posts: 21,238 +17
When rik asked for an AVG log, he actually meant an AVG Antispyware log and not an AVG free antivirus log.
Instructions for downloading, installing and running AVG Antispyware, can be found in this thread HERE.
Once we have that, we`ll have a better idea if your system is clean or not.
Regards Howard
This thread is for the use of crabpeople30 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Instructions for downloading, installing and running AVG Antispyware, can be found in this thread HERE.
Once we have that, we`ll have a better idea if your system is clean or not.
Regards Howard
This thread is for the use of crabpeople30 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
- Status
Latest posts
-
Is there any way to get back my Flash drive data? Free of cost- miahenry replied
-
US TikTok ban could begin next year as Biden signs law, but legal battle looms- Daniel Sims replied