|
|
| Xona.com is the collaborative spyware-free web presence of Matthew Doucette & Jason Doucette. |
|
Thursday, August 26, 2004 By: Matthew Doucette Printer Friendly Version Warning: A virus, trojan, or any malicious software program can be named anything the creator wishes. This means you cannot completely identify a process by its name only. We recommend using anti-virus and anti-spyware software solutions to protect yourself.
Avoid The Confusion: The processes wuaudt.exe and wuauclt.exe are the same. The lowercase "c" and "l" sometimes look like a "d" with Windows Task Manager's small font, especially with anti-aliasing enabled. Sometimes aliased text is better for the job, when clarity is at stake:
("wuauclt.exe" looks like "wuaudt.exe" with anti-aliased text!)
My Research on "wuauclt.exe": It turns out that wuauclt.exe can be a trojan and a legitimate Windows system file. Which you have is questionable. The legitimate file is a Windows Update process that should only run upon reboot and visits to Windows Update. I would advise checking out the threads I participated in below. Pay attention to when the process runs, as I did and as explained in the threads, to figure out if it is running when it should be running. Here are the threads:
Legitimate process information Here is the process information for the legitimate wuauclt.exe process:
wuauclt - wuauclt.exe - Process Information So it is the process, for Windows ME... but this has proven to be outdated information... I have Windows XP, not Windows ME, so I researched to see if not having Windows ME automatically meant that this file is a trojan. It turns out that this is not the case. The file I have is not a virus, but a legitmate Windows file that takes care of updating my Windows XP operating system. The threads I participated in, further above, show that other Windows XP users also have this process. At first I thought it was only for Service Pack 2 users, but even that was incorrect. One user found the file (working properly) on his non-SP2 Windows XP.
Trojan process information As for the trojan, in case you have it, Sophos and Symantec have more information on it:
The trojan is called, "Cult-B" or "Backdoor.Clt" and is also known as "W32.Cult". It can infect the following systems: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, and Windows XP.
So is My "wuauclt.exe" a Trojan? It is hard to answer this question as my file was not a trojan. This means that I do not have experience in catching the virus. However, I am assuming, and please note that it is an assumption, that this is two ways to catch the virus: 1) Anti-virus Anti-virus software should catch the virus. This assumption is made due to the fact that Symantec, the creators of Norton AntiVirus, have the trojan listed on their website (same link posted above):
2) Turning off Automatic Updates Turn off Automatic Updates using services.msc (Start, Run, Type "services.msc", Press Enter. Right Click "Automatic Updates", go to Properties, Select "Disable" Startup type.) It has been suggested that turning off Automatic Updates in the Control Panel does not actually shut down the process. So, with Automatic Updates actually shut off, the process should not run. It should not run even if you elect to manual update your Windows operating system by visiting Windows Update. (If it does run, you have not shut down the service properly.) The message I receive from Window Updates, with Automatic Updates shut down, reads like this: "Windows Update cannot continue because a required service application is disabled. Windows Update requires the following services: Automatic Updates enables detection, downloading, and installation of critical updates for your computer." If the process shows up with Automatic Updates shut off (via services.msc) then the process is probably the trojan. Please contact me if this happens to you. I wish to confirm this with an actual case.
Share Your Experiences: Please share your experiences with wuauclt.exe in our forums, especially if you have/had a version that was a trojan!
Also See:
External Links:
By: Matthew Doucette
|
|
Xona.com™ (formerly Xonatech™ & Saw Tooth Distortion™) 2,157,182 page views (since 2004-Jul-27) |
