XP Pro SP3. Can’t access Windows Update or Microsoft Update, apparently due to wuauclt.exe being replaced by some trojan or other malware.
It has Avast 5 on it, it’s been fully scanned with that, latest Malware Bytes and Spybot S&D and Avira and AVG offline CDs. Comes up 100% clean on everything I’ve tried. Same story with yanking the power cord then booting with an offline scan CD, still 100% “clean”. That usually works to kill critical parts of stealth malware, stopping it from launching and hiding so the rest can be cleaned after a normal boot.
I also tried booting with a CD and replacing the wuauclt.exe with a known good copy from another PC. Soon as I tried going to the Microsoft Update site it started the wuauclt.exe error popup again. Apparently the malware replaced the executable again but Windows’ security functions aren’t allowing the trojan to access the net.
System File Checker finds nothing wrong. The latest Windows Update Agent refuses to install because it’s already installed. Is there a way to force it to reinstall?
Stopping the automatic updates service from a command prompt stops the error popup. Restarting the service gets the popup going again. Looks like this malware successfully masquerades as a valid service, until it tries to access the net.
I do not want to have to wipe and reinstall just to kill one stinking malware process.
Searches of the web show many other people having the same problem, and nobody seems to know how to fix it.