Wuauclt.exe In System32 Infected With Trojan?

Hi,

I turned on my computer this morning, noticed that windows update was working in the system tray and suddenly BitDefender pops up the following message:

"File c:\WINDOWS\system32\wuauclt.exe

infected with Trojan.Generic.1433905"

So, is this really a trojan, or just another false positive?

I think it is a false positive. I just got it two cases of wuauclt.exe deleted...second false positive in 3 or 4 days...not real impressed

Will this mess up my operating system?

OMG!! My sister and I just got this too. About 5 minutes apart. Really scared me there. I tried googling trojan.generic.1433905 but I couldn't find anything on it.

I tried going to windows update and the notice popped up again. Not only that, but it appears to have moved to system restore. I'm so scared that it's gonna mess up my OS.

HELP!!

OMG!! My sister and I just got this too. About 5 minutes apart. Really scared me there. I tried googling trojan.generic.1433905 but I couldn't find anything on it.

I tried going to windows update and the notice popped up again. Not only that, but it appears to have moved to system restore. I'm so scared that it's gonna mess up my OS.

HELP!!

I tried manually updating from the Microsoft website and it is blocking it there too. Fortunately wuauclt.exe is still running in my processes, so I don't think the OS is messed up.

csalgau

Dear users,

Thank you for reporting.

This signature was added on a heuristics basis but was checked, unfortunatelly, superficially.

It has been scheduled for immediate removal and should be on the update servers(I'm hoping) in about half an hour.

Sorry for the inconvenience.

Dear users,

Thank you for reporting.

This signature was added on a heuristics basis but was checked, unfortunatelly, superficially.

It has been scheduled for immediate removal and should be on the update servers(I'm hoping) in about half an hour.

Sorry for the inconvenience.

PHEW!! Good to know. Thanks.

@ gdobbs23: Thanks for posting a reply earlier.

Quick fix to recover that file:

1. insert original windows install CD into CD/DVD drive

2. in Start->Run type: "sfc /scannow" (without quotes)

If you have the right windows install CD the problem should be solved.

Quick fix to recover that file:

1. insert original windows install CD into CD/DVD drive

2. in Start->Run type: "sfc /scannow" (without quotes)

If you have the right windows install CD the problem should be solved.

Hi sorin,

I tried doing that earlier and thought I had solved the problem, but when I went to windows update to manually update, the virus pop up happened again.

So I guess this just gives us the file back until the problem is solved?

I shouldn't say that but please disable BitDefender for half an hour until next update.

tlynch

I got bit by this too. BD quarantined the file though. So I'm going to update and restore the file.

Dan A

Sheesh, it scared the crap out me as well. I had just finished putting in all my CC details for ebay!

I will try recover the file now.

It was quarantined on my system so I guess it should be safe to restore it.

tlynch

It's 1:21am GMT-5 (US Eastern Time Zone). No update yet. Guess I'm going to bed and will worry about it in when I get up.

Update is done.

Wait few minutes until all update servers sync.

After update if the file is in quarantine you can restore it or you can do that "Quick fix"

Update is done.

Wait few minutes until all update servers sync.

After update if the file is in quarantine you can restore it or you can do that "Quick fix"

What should we do if the file was deleted? Like I said earlier, it is currently running in the processes. I checked a few minutes ago and it wasn't. Should it always be there?

After update if the file is in quarantine you can restore it or if the file was deleted you can do that "Quick fix" (Post #7)

Kristofer

Thanks for fast response and quick fix.

After update if the file is in quarantine you can restore it or if the file was deleted you can do that "Quick fix" (Post #7)

Do you happen to know if the quick fix is necessary if the wuauclt.exe file still exists? I searched for it and it is currently in C:\Windows\system32.

p-39driver

Got the same this morning.

Using Bit Defender V10 for about a year now.

Check this out:

File replacement was attempted on the protected system file wuauclt.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.4.3790.5512.

Looks like Windows xp pro,service pack3 sorted it out on it's own.

The above was taken from the event viewer just after the event occured.

Cheers!

Chris

Hi,

I turned on my computer this morning, noticed that windows update was working in the system tray and suddenly BitDefender pops up the following message:

"File c:\WINDOWS\system32\wuauclt.exe

infected with Trojan.Generic.1433905"

So, is this really a trojan, or just another false positive?

Chef Atom

This is a false positive in Windows Vista. wuauclt.exe is the windows update agent and is needed for windows update to work properly. Bit Defender2009 placed this file in quarentine. It is safe to restore this file and add it to your exceptions list. Bit Defender is currently working on a fix for this issue.

I am new to this forum but I have been using Bit Defender since Version 7. It really is the best protection out there!

What should we do if the file was deleted? Like I said earlier, it is currently running in the processes. I checked a few minutes ago and it wasn't. Should it always be there?

That's what I had originally thought but after researching it on google, I found out that the process will run for a short while when the computer starts up, but should disappear after a while (it finishes checking for updates). Hope this helps.

That's what I had originally thought but after researching it on google, I found out that the process will run for a short while when the computer starts up, but should disappear after a while (it finishes checking for updates). Hope this helps.

Thanks for that. It isn't there now, but has been occasionally, so I guess everything is working fine. Even if it isn't, BD AV checks and makes sure Windows is updated.

redangus

I have been running BitDefender for about 3 years since I built this computer with Windows XP Media Center SP2 for an operating system. At the time I found your software on line, took a chance on it, purchased and installed it and found it to be very good keeping my computer protected and virus free. Not one virus infection. However on last Friday Feb 13, a virus alert appeared informing me that a virus infected a file in windows system (I can't remember the exact name of the file but it had the terms "winlogon , and 386"). This file was quarantined and deleted, prompting a message box telling me to re-install the said file from the Windows XP CD's. I tried this but the file could not be found here, likely because my computer was auto-updated to XP SP3 and I did not have backup files for this version. After unsuccessfully trying to get files from windows update, to correct this, some other updates were installed, requiring a reboot. That's when my problems started. Windows was unable to start, and I had to reinstall the operating system. Got things going the next day, and when tying to get windows updated,. another virus warning appeared infecting another critical file. This time the file was replaced successfully. I thought by using System Restore, the problem would be corrected, but the virus warning reappeared again offline, so I reversed it. Today, again the virus warning pops up so I decided to search the net for answers and came across this message board, and registered. Finally I found out what the problem was.

Please note that up until now , I thought my computer was being under attack from several different virus. Glad that it isn't, but dealing with situations like this where I am not sure what to do when it does happens, caused me a whole lot of grief. I now have to get all the updates back and reinstall taking up a lot of time. Your software should provide more visible instructions and warnings about what to do when critical operating files are infected and modified or deleted.

Copy and Paste from another thread below.

ronchicago

Thanks for that. It isn't there now, but has been occasionally, so I guess everything is working fine. Even if it isn't, BD AV checks and makes sure Windows is updated.

To avoid possible repeats I want to change all my First Actions to "Move to Quarantine". How do I do this? So far I have gone through all the scans, via the Advanced Vies in Anti-Virus and changed the first actions for infected files. Is there anywhere else? Or better still, could I have made the change globally for all scans?