"Application cannot be executed. The file wuauclt.exe is infected" on windows 7

[isaac5]

I've got the virus that seems to shut down nearly all applications and pops up with the "Application cannot be executed. The file _______ is infected." I've checked out other forums that suggest Superantispyware, malwarebytes, and other procedures for getting rid of this. The other forums are for vista, but i'm running windows 7. are the procedures the same?

i downloaded malwarebytes, after getting the virus, but cannot open it. i've tried changing the name and extension but to no avail.

what should i do??

[isaac5]

I ran exehelper and this is the log file:


[recovering disk space - old attachment deleted by admin]

[Dr Jay]

Hello, and welcome to Computer Hope.

Please note the following information about the malware forum:

• Only the Malware Specialist Team is allowed to give advice on removing malware from your computer.
  
• From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by the staff I noted above.
  
• Please do not attach logs or post them in Quote/Code boxes unless requested.
  
• Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
• If you have already asked for help somewhere, please post the link to the topic you were helped.
• We try our best to reply quickly, but for any reason we do not reply in two days, reply to this topic with the word BUMP
  
• Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

Please visit this webpage for a tutorial on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, post the log back here.

[isaac5]

Ran ComboFix. My programs are back! Thanks a ton!

Log is attached.

What's next?

[recovering disk space - old attachment deleted by admin]

[Dr Jay]

Hi

Re-running ComboFix to remove infections:

• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Open notepad and copy/paste the text in the codebox below into it:
  

Code: [Select]

KillAll::
File::
c:\users\Isaac\AppData\Local\ocihemile.dll
c:\users\Isaac\AppData\Local\evehalevetec.dll
c:\users\Isaac\AppData\Local\owuhewazucocalir.dll
c:\users\Isaac\AppData\Local\olusamav.dll
c:\users\Isaac\AppData\Local\ihucifalutihol.dll
c:\users\Isaac\AppData\Local\Ajanoqatuzar.bin
c:\users\Isaac\AppData\Local\Jcipisun.dat
c:\users\Isaac\AppData\Local\rrtpyovie
c:\users\Isaac\AppData\Local\derqyfixn

DDS::
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:6522

Firefox::
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mchInjDrv]

SysRst::

Reboot::


• Save this as CFScript.txt, in the same location as ComboFix.exe
  
  
  
  
• Referring to the picture above, drag CFScript into ComboFix.exe
• When finished, it shall produce a log for you at C:\ComboFix.txt
  
• Please post the contents of the log in your next reply.

Please go to: VirusTotal

• Click the Browse button and search for the following file: c:\windows\explorer.exe
  
• Click Open
  
• Then click Send File
  
• Please be patient while the file is scanned.
• Once the scan results appear, please provide them in your next reply.

Include the VirusTotal result and the ComboFix log in your next reply.
If it says already scanned -- click "reanalyze now"

Please post the results in your next reply.

[jo87]

For more general info I suggest you read this: *SNIP*, has several articles on that file..
Hope it'll help!

[harry 48]

For more general info I suggest you read this: wuauclt-exe.com, has several articles on that file..
Hope it'll help!

DragonMaster Jay is a malware expert   you should not be giving advice in these sections of the forum