wuamagr32.exe is related to the Spybot .CG worm, it shouldn’t be hard to remove it. I wonder why it is for you. Anyway, click on the link in my signature and follow the instructions on that page. That should work.
Since your system is infected, I would apreciate it if you also run HijackThis and the HijackThis log file analyzer and send me both logs as explained in the read.me
That will help me develop the HijackThis log file analyzer. (Yes I wrote that one) It ain’t a must, just a request.
i pressed ctrl-alt-del to bring up task manager, but there is no option in my task manager that says “processes” so i can`t end the task.
Here is my log file, for some reason the R0s wont show!
StartupList report, 16/07/2004, 00:40:07
StartupList version: 1.52.2
Started from : C:\Documents and Settings\james\Local Settings\Temp\Temporary Directory 3 for hijackthis[1].zip\HijackThis.EXE
Detected: Windows XP SP1 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
Ok, here are the things that are definatly harm your system. Remove them all.
I suspect that there are more things that need to be removed, so please post the entire HijackThis log here, or send it to the email address in the read.me which comes with the HijackThis logfile analyzer program.
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\qwerty.exe
C:\windows\system32\tasker32.exe
C:\documents and settings\colin\local settings\temp\Dq.exe
C:\documents and settings\colin\local settings\temp\A.exe
C:\WINDOWS\System32\svvhost.exe
C:\WINDOWS\System32\wuamagr32.exe
C:\WINDOWS\System32\wapisvsu.exe
Logfile of HijackThis v1.98.0
Scan saved at 21:22:38, on 21/07/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
otherwise install & update SPYBOT & Ad-Aware, then reboot to safeMode and scan & fix with them several times, until nothing more is found/removed…
reboot again to safeMode, and post a new Hijackthis-Log here then, please
*
Read “VirusRemoval” below for details… also secure your system as described there: passwords, Browser, shares etc etc…
Is avast Uptodate ? which version for prog & VPS ?
Are all Windowsupdates
I`m using avast Home Edition, it is all up to date.I have all windows critical updates up to date.
I ran hijackthis yesterday, and chose the process manger option, this showed me all the processes that are running on the computer. I found Wuamagr 32, i highlighted it, and pressed “kill” to end the process.
I scanned with avast but again when i tried deleting the virus or moving it to chest it said “access denied”.
In safe mode, all my programmes are there except adaware-it seems to be missing. i cant see adaware anywhere in safe mode. I have tried searching for it, So i cant use. Adaware is there when i run the computer normally.
I aint the expert, but i`m sure you will agree I need to end the wuamagr process.
what about running hijack this, and fixing the following-should it be done in safe mode.
@1) empty avast’s chest, than do a boot timescan with avast
@2) in normal-Boot, right-click on the icon/link to ad-aware, select properties → Program. Note the path/filename of the EXE
in SafeMode, browse to the EXE-file and doubleclick to run ad-aware
what about SPYBOT ?
@3) reread the above advice and follow the links & instructions to secure your system:
check all (Startup-)entries in HJT-Log if they are malicious or useless,
and fix them if so…
→ with Log-file from Hijackthis http://www.spywareinfo.com/~merijn/htlogtutorial.html (english tutorial) in combination with: