Hi, all!
I decided this problem by very simpy way:

  1. change Security property for folder \ISWIZARD to ADMIN only (my account)
  2. delete ALL files from this folder
  3. create 2 empty files with property RO (Read only):
    iswizard.7z
    proxy.conf

Now virus wuaudit.exe can’t replace MY files his own body files :wink: