wuamgrd.exe

HI again: another problem.

I am using sygate firewall, and it tells me that a program called
wuamgrd.exe is trying to call home. I told the firewall to never let it do that.

Meanwhile I am having a heck of a time finding it to get rid of it.

I am using XP with all the updates.

Any suggestions would be appreciated

John

Hi,

follow the links to sophos and trendmicro in this topic

http://www.emuleforum.net/archive/topic/61214-1.html

or
http://www.trendmicro.com/search/google/en-us/results.asp?lr=lang_en&q=wuamgrd.exe

http://www.sophos.com/search/index.cgi?search=wuamgrd.exe&action=search&submit=Search

Ain’t it fun!

I’ve done the registry clean from safe mode (windows xp)
I cannot find anything else to get rid of, I followed the Trend
micro instructions, & even scanned on their site, no thing shows up.
yet wuamgrd.exe is still there running.

Format c: & re-install?

No! First, make a Google search for wuamgrd.exe
You will find a lot of information :wink:

I tried & tried & tried & was giong nutso, couldn’t get rid of this thing.

Finally, from safe mode, I loaded up an old DOS utility from my 286 days, this was written in 1993. That utility actually let me see the file, then I could change the attributes so I could see it at the command line. Probably an ol Norton Commander would do the same thing.

I rebooted to safe mode command line, went back to windows\system32 & manually deleted the file.

I then ran the regedit, got rid of the entries that loaded the ugly beast,
rebooted XP in all its glory, checked the running pocesses, & no more wuamgrd.exe, gone, done, finished.

Ye haaa!

You didn’t tell us the name of the program you used??? ::slight_smile:
I still have an old one left over fron win3.1 called ElfTree.
It’s like explorer.

the old program, something called QDIR. Lets you see everything.
Nothing can hide, makes changing attributes easy.

Never throw out old program archives.

one last comment, while perusing my firewall logs, I came across lots of references to svchost, & svchost64.

While looking for the wuamgrd.exe file,

Here is one I deleted SVCHOST64.EXE.POLY

No idea what it was, or what it did. Right now it’s gone to that special corner of hell reserved for amlicious code & coders.

John