Warning:  A virus, trojan, or any malicious software program can be named anything the creator wishes.  This means you cannot completely identify a process by its name only.  We recommend using anti-virus and anti-spyware software solutions to protect yourself.

Avoid The Confusion:

The processes wuaudt.exe and wuauclt.exe are the same.  The lowercase "c" and "l" sometimes look like a "d" with Windows Task Manager's small font, especially with anti-aliasing enabled.  Sometimes aliased text is better for the job, when clarity is at stake:

("wuauclt.exe" looks like "wuaudt.exe" with anti-aliased text!)

My Research on "wuauclt.exe":

It turns out that wuauclt.exe can be a trojan and a legitimate Windows system file.  Which you have is questionable.

The legitimate file is a Windows Update process that should only run upon reboot and visits to Windows Update.  I would advise checking out the threads I participated in below.  Pay attention to when the process runs, as I did and as explained in the threads, to figure out if it is running when it should be running.  Here are the threads:

http://forums.devshed.com/showthread.php?p=771274

http://www.windowsbbs.com/showthread.php?t=34098

Legitimate process information

Here is the process information for the legitimate wuauclt.exe process:

http://www.liutilities.com/products/wintaskspro/processlibrary/wuauclt/

wuauclt - wuauclt.exe - Process Information

Process File: wuauclt or wuauclt.exe
Process Name: AutoUpdate for WindowsME
Description: Background process responsible for updates to Windows ME. Whenever you connect to the Internet, Wuauclt checks the Microsoft web site for updates to Windows ME.
Company: Microsoft Corp.
System Process: Yes
Security Risk ( Virus/Trojan/Worm/Adware/Spyware ): No
Common Errors: N/A

So it is the process, for Windows ME... but this has proven to be outdated information...

I have Windows XP, not Windows ME, so I researched to see if not having Windows ME automatically meant that this file is a trojan.  It turns out that this is not the case.  The file I have is not a virus, but a legitmate Windows file that takes care of updating my Windows XP operating system.

The threads I participated in, further above, show that other Windows XP users also have this process.  At first I thought it was only for Service Pack 2 users, but even that was incorrect.  One user found the file (working properly) on his non-SP2 Windows XP.

Trojan process information

As for the trojan, in case you have it, Sophos and Symantec have more information on it:

http://www.sophos.com/virusinfo/analyses/trojcultb.html

http://securityresponse.symantec.com/avcenter/venc/data/backdoor.clt.html

The trojan is called, "Cult-B" or "Backdoor.Clt" and is also known as "W32.Cult".  It can infect the following systems:  Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, and Windows XP.

So is My "wuauclt.exe" a Trojan?

It is hard to answer this question as my file was not a trojan.  This means that I do not have experience in catching the virus.

However, I am assuming, and please note that it is an assumption, that this is two ways to catch the virus:

1) Anti-virus

Anti-virus software should catch the virus.  This assumption is made due to the fact that Symantec, the creators of Norton AntiVirus, have the trojan listed on their website (same link posted above): 

http://securityresponse.symantec.com/avcenter/venc/data/backdoor.clt.html

2) Turning off Automatic Updates

Turn off Automatic Updates using services.msc (Start, Run, Type "services.msc", Press Enter.  Right Click "Automatic Updates", go to Properties,  Select "Disable" Startup type.)  It has been suggested that turning off Automatic Updates in the Control Panel does not actually shut down the process.  So, with Automatic Updates actually shut off, the process should not run.  It should not run even if you elect to manual update your Windows operating system by visiting Windows Update.  (If it does run, you have not shut down the service properly.)  The message I receive from Window Updates, with Automatic Updates shut down, reads like this:  "Windows Update cannot continue because a required service application is disabled. Windows Update requires the following services:  Automatic Updates enables detection, downloading, and installation of critical updates for your computer."

If the process shows up with Automatic Updates shut off (via services.msc) then the process is probably the trojan.  Please contact me if this happens to you.  I wish to confirm this with an actual case.

Share Your Experiences:

Please share your experiences with wuauclt.exe in our forums, especially if you have/had a version that was a trojan!

Also See:

• Investigate Windows Processes
• Windows XP Setup Tweaks & Tips

External Links:

• Windows Update (Microsoft)

About the Author:  I am Matthew Doucette of Xona Games, an award-winning, team-of-two indie studio concentrating on "intense retro" games (Xbox LIVE, PSN, WiiWare, and Windows PC). We've released Decimation X (XBLIG), a 1-4 player shmup, #1 best selling and #1 top rated XBLIG in Japan. We're working on Duality ZF (XBLA), a groundbreaking 1-4 player shmup, which placed #1 in Canada and #5 in the world in Microsoft's Dream Build Play 2010 contest. It features dual play, the ability to control two fighters at once, and a massively upgradable 32-stage spread/laser weapon system. 4 player dual play allows up to eight fighters at once.  Many of these features are never before seen shoot'em up firsts. Both games feature beautiful electronic Imphenzia soundtracks.  Help spread the word with our official dualityzf.com and decimationx.com websites.

P.S. Watch out for Score Rush (official website scorerush.com), another 1-4 player shmup. Coming soon to XBLIG.

*Shmup also known as: shoot'em up, 2D shooter, scrolling shooter, space shooter, spaceship shooter, retro shooter, etc.