A dirty little bug is in my house
- Thread starter mnyyoungs
- Start date
- Status
jeffce
Emeritus
Hi mnyyoungs,
I need some information on some unidentified files. We will use Virustotal Please submit these files for analysis
To submit a file to virustotal, please click VirusTotal
copy and paste the following into the upload a file box (one at a time if more than one file is listed)
c:\windows\system32\wuauclt.exe
scroll down a bit and click "send file", wait for the results and post them in your next reply.
Please note that sometimes the scans take a few minutes. Please ensure that the scan has completed and the results are complete before submitting the next sample. Also please make sure each result is clearly identified as to which sample they belong to.
----------
I need some information on some unidentified files. We will use Virustotal Please submit these files for analysis
To submit a file to virustotal, please click VirusTotal
copy and paste the following into the upload a file box (one at a time if more than one file is listed)
c:\windows\system32\wuauclt.exe
scroll down a bit and click "send file", wait for the results and post them in your next reply.
Please note that sometimes the scans take a few minutes. Please ensure that the scan has completed and the results are complete before submitting the next sample. Also please make sure each result is clearly identified as to which sample they belong to.
----------
14 VT Community user(s) with a total of 43357 reputation credit(s) say(s) this sample is goodware. 4 VT Community user(s) with a total of 4 reputation credit(s) say(s) this sample is malware.
File name:
wuauclt.exe
Submission date:
2011-12-01 13:53:19 (UTC)
Current status:
finished
Result:
0 /43 (0.0%)
VT Community
goodware
Safety score: 100.0%
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2011.12.01.00 2011.12.01 -
AntiVir 7.11.18.164 2011.12.01 -
Antiy-AVL 2.0.3.7 2011.12.01 -
Avast 6.0.1289.0 2011.12.01 -
AVG 10.0.0.1190 2011.12.01 -
BitDefender 7.2 2011.12.01 -
ByteHero 1.0.0.1 2011.11.29 -
CAT-QuickHeal 12.00 2011.12.01 -
ClamAV 0.97.3.0 2011.12.01 -
Commtouch 5.3.2.6 2011.12.01 -
Comodo 10799 2011.12.01 -
DrWeb 5.0.2.03300 2011.12.01 -
Emsisoft 5.1.0.11 2011.12.01 -
eSafe 7.0.17.0 2011.11.30 -
eTrust-Vet 37.0.9597 2011.12.01 -
F-Prot 4.6.5.141 2011.11.29 -
F-Secure 9.0.16440.0 2011.12.01 -
Fortinet 4.3.388.0 2011.12.01 -
GData 22.292/22.544 2011.12.01 -
Ikarus T3.1.1.109.0 2011.12.01 -
Jiangmin 13.0.900 2011.11.30 -
K7AntiVirus 9.119.5570 2011.11.30 -
Kaspersky 9.0.0.837 2011.12.01 -
McAfee 5.400.0.1158 2011.12.01 -
McAfee-GW-Edition 2010.1D 2011.12.01 -
Microsoft 1.7903 2011.12.01 -
NOD32 6668 2011.12.01 -
Norman 6.07.13 2011.12.01 -
nProtect 2011-12-01.01 2011.12.01 -
Panda 10.0.3.5 2011.11.30 -
PCTools 8.0.0.5 2011.12.01 -
Prevx 3.0 2011.12.01 -
Rising 23.86.03.01 2011.12.01 -
Sophos 4.71.0 2011.12.01 -
SUPERAntiSpyware 4.40.0.1006 2011.12.01 -
Symantec 20111.2.0.82 2011.12.01 -
TheHacker 6.7.0.1.352 2011.11.30 -
TrendMicro 9.500.0.1008 2011.12.01 -
TrendMicro-HouseCall 9.500.0.1008 2011.12.01 -
VBA32 3.12.16.4 2011.12.01 -
VIPRE 11187 2011.12.01 -
ViRobot 2011.12.1.4803 2011.12.01 -
VirusBuster 14.1.93.0 2011.11.30 -
Additional information
Show all
MD5 : 62bb79160f86cd962f312c68c6239bfd
SHA1 : c2de8148e1a8e8f097e3a40232ddb04efd0a7cc6
SHA256: 2fa2506b5c8b4469d2b36c803cceac15e831c3f8a4af065aca72da8f385f24c0
File name:
wuauclt.exe
Submission date:
2011-12-01 13:53:19 (UTC)
Current status:
finished
Result:
0 /43 (0.0%)
VT Community
goodware
Safety score: 100.0%
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2011.12.01.00 2011.12.01 -
AntiVir 7.11.18.164 2011.12.01 -
Antiy-AVL 2.0.3.7 2011.12.01 -
Avast 6.0.1289.0 2011.12.01 -
AVG 10.0.0.1190 2011.12.01 -
BitDefender 7.2 2011.12.01 -
ByteHero 1.0.0.1 2011.11.29 -
CAT-QuickHeal 12.00 2011.12.01 -
ClamAV 0.97.3.0 2011.12.01 -
Commtouch 5.3.2.6 2011.12.01 -
Comodo 10799 2011.12.01 -
DrWeb 5.0.2.03300 2011.12.01 -
Emsisoft 5.1.0.11 2011.12.01 -
eSafe 7.0.17.0 2011.11.30 -
eTrust-Vet 37.0.9597 2011.12.01 -
F-Prot 4.6.5.141 2011.11.29 -
F-Secure 9.0.16440.0 2011.12.01 -
Fortinet 4.3.388.0 2011.12.01 -
GData 22.292/22.544 2011.12.01 -
Ikarus T3.1.1.109.0 2011.12.01 -
Jiangmin 13.0.900 2011.11.30 -
K7AntiVirus 9.119.5570 2011.11.30 -
Kaspersky 9.0.0.837 2011.12.01 -
McAfee 5.400.0.1158 2011.12.01 -
McAfee-GW-Edition 2010.1D 2011.12.01 -
Microsoft 1.7903 2011.12.01 -
NOD32 6668 2011.12.01 -
Norman 6.07.13 2011.12.01 -
nProtect 2011-12-01.01 2011.12.01 -
Panda 10.0.3.5 2011.11.30 -
PCTools 8.0.0.5 2011.12.01 -
Prevx 3.0 2011.12.01 -
Rising 23.86.03.01 2011.12.01 -
Sophos 4.71.0 2011.12.01 -
SUPERAntiSpyware 4.40.0.1006 2011.12.01 -
Symantec 20111.2.0.82 2011.12.01 -
TheHacker 6.7.0.1.352 2011.11.30 -
TrendMicro 9.500.0.1008 2011.12.01 -
TrendMicro-HouseCall 9.500.0.1008 2011.12.01 -
VBA32 3.12.16.4 2011.12.01 -
VIPRE 11187 2011.12.01 -
ViRobot 2011.12.1.4803 2011.12.01 -
VirusBuster 14.1.93.0 2011.11.30 -
Additional information
Show all
MD5 : 62bb79160f86cd962f312c68c6239bfd
SHA1 : c2de8148e1a8e8f097e3a40232ddb04efd0a7cc6
SHA256: 2fa2506b5c8b4469d2b36c803cceac15e831c3f8a4af065aca72da8f385f24c0
jeffce
Emeritus
Hi mnyyoungs,
Please download GetPartitions from the link below to your Desktop
getpartitions.exe
Double-Click (right-click and Run as Administrator Vista/7 users) the icon to run it.
When complete it will produce a log found at C:\DiskReport.txt
Please post the contents of that log into your next reply.
----------
Please download GetPartitions from the link below to your Desktop
getpartitions.exe
Double-Click (right-click and Run as Administrator Vista/7 users) the icon to run it.
When complete it will produce a log found at C:\DiskReport.txt
Please post the contents of that log into your next reply.
----------
as you requested...
Microsoft DiskPart version 6.0.6002
Copyright (C) 1999-2007 Microsoft Corporation.
On computer: FAMILY-PC
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 E US-Direct ( UDF DVD-ROM 176 MB Healthy
Volume 1 D RECOVERY NTFS Partition 10 GB Healthy
Volume 2 C OS NTFS Partition 99 GB Healthy System
Microsoft DiskPart version 6.0.6002
Copyright (C) 1999-2007 Microsoft Corporation.
On computer: FAMILY-PC
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 E US-Direct ( UDF DVD-ROM 176 MB Healthy
Volume 1 D RECOVERY NTFS Partition 10 GB Healthy
Volume 2 C OS NTFS Partition 99 GB Healthy System
jeffce
Emeritus
Hi mnyyoungs,
I would like for you to visit this page again here with the FixIt button.
Download and install the Windows Fix-It tool.
Run the tool and when asked if you want to Run in Aggressive Mode click on that box to do so.
Let it run and then when complete try to run Windows Update again.
Let me know if that fixed it up for you.
I would like for you to visit this page again here with the FixIt button.
Download and install the Windows Fix-It tool.
Run the tool and when asked if you want to Run in Aggressive Mode click on that box to do so.
Let it run and then when complete try to run Windows Update again.
Let me know if that fixed it up for you.
Ok, here's the new scoop...ran the link 3 times looking for the "aggressive" button. No button, but the WinFix said it had fixed the problem. Restarted, still getting the same error when I try to update. Did a search and found another WinFix with the aggressive button. Ran it in aggressive mode, restarted. Still won't update, same error. :-s Tried to run Disk Check. Restarted the computer and disk check did not run..... GULP...I tell ya, ghosts!
jeffce
Emeritus
Hi mnyyoungs,
I would like to review the log that is created when Windows updates itself.
I would like to review the log that is created when Windows updates itself.
- Click Start > in the Start Search box type Run.
- When Run populates above left-click on Run.
- In the Open box, type windowsupdate.log, and then click OK.
- Copy/Paste the information provided in the windowsupdate.log into your next reply.
jeffce
Emeritus
Hi mnyyoungs,
I need for you to try to update another way. Please be sure to disable all antivirus and/or antispyware programs.
Let me know if that did anything.
I need for you to try to update another way. Please be sure to disable all antivirus and/or antispyware programs.
- Please open Internet Explorer.
- Select Tools > Windows Update.
- Now go through and attempt to manually download and install all Windows updates.
- Once you are complete reboot your system.
Let me know if that did anything.
jeffce
Emeritus
Hi mnyyoungs,
I have to say that I don't believe that this is malware that is causing the problems at this time. I do believe however that it is a result of that awful ZeroAccess rootkit that was on your system and has damaged your system.
At this time I think that you would be better served visiting the Windows forum at What the Tech found here. The Tech Team there will be better suited for helping your with the problems that you are having now. You will be in great hands with any of the Tech Team members that help you and I know they will do what they can to get you on the right track.
Please go to the Windows forum using the link I provided (remember to register there...it's free) and post a new topic. In the topic explain your problems and be sure to post a link to the topic here so that they will be able to see what has been done.
I have to say that I don't believe that this is malware that is causing the problems at this time. I do believe however that it is a result of that awful ZeroAccess rootkit that was on your system and has damaged your system.
At this time I think that you would be better served visiting the Windows forum at What the Tech found here. The Tech Team there will be better suited for helping your with the problems that you are having now. You will be in great hands with any of the Tech Team members that help you and I know they will do what they can to get you on the right track.
Please go to the Windows forum using the link I provided (remember to register there...it's free) and post a new topic. In the topic explain your problems and be sure to post a link to the topic here so that they will be able to see what has been done.
- Status