Hi Bobby
Hi Bobby
As you have not given us all the error messges for either error, it is a bit
hard to tell exactly what may be causing the problem.
However, wuauclt.exe is a legitimate Microsoft file. This file is the
Windows Update AutoUpdate Client. But it could be a virus. The Backdoor.Clt
Trojan copies itself as %System%\WUAUCLT.EXE and puts entries in the
registry to run at startup.
First do a search for it. The legitimate file is in system32/i386; &
dllcache. Right clicking and going to Properties should reveal version
5.8.0.2469 and a size of 124,184 for a completely up-to-date SP2 OS. Any
files of this name that are found that DO NOT have those properties is a
Trojan.
What if you archived the SP2 files. Won't there be another file present?
Also there is a prefetch file.
Log on as Admin>go to Start>Run and type in "msconfig" from the run command.
Windows Update runs as a service under XP; there are no “start up” entries.
Here is a very good discussion on this that you should check out. It covers
all aspects of this very issue. I think it will answer a lot of your
questions and offer good information for troubleshooting the problem.
http://help.lockergnome.com/index.php?act=ST&f=65&t=23631
Hope this helps.
Jan
MS MVP - IE [DTS/AumHa]
Smiles are meant to be shared,
that's why they're so contagious.
Replies are posted only to the newsgroup for the benefit or other readers.
How to make a good newsgroup post:
http://www.dts-l.org/goodpost.htm
The information here which will provide more information on this aspect.
What is wscntfy.exe? Is wscntfy.exe spyware or a virus?
http://www.neuber.com/taskmanager/process/wscntfy.exe.html
Now...if there is only one file, then continue here, but, if more than one,
see the "Trojan" steps below:
Try turning off the Autoupdate feature and see if that helps:
In Control Panel> System> Automatic Updates tab. Turn it off there. You can
also configure how you want to handle automatic updates here if you prefer.
With the Service disabled, reboot to see if there's any performance
difference. At least this will eliminate it as a potential cause.
Windows Update AutoUpdate Client is a background process which checks with
Microsoft website for updates to the operating system. It shows up on the
Task Manager's processes list when it is waiting for a response to confirm
permission to download an update
It is also possible that your file could have been corrupted, so you might
try renaming the file to something like wuauclt.exe_Old and the extract a
new copy from your OS CD.
How to extract a file in Windows 95/98/Me/2000/XP
http://service1.symantec.com/support/tsgeninfo.nsf/docid/2001011114021106
KB129605 - "HOW TO: Extract Original Compressed Windows Files"
(
http://support.microsoft.com?kbid=129605).
"Trojan"
Here are some sites that will help if you find more than one:
Help with Hijackware
All MS - MVP Sites.
Here are the recommended programs and the instructions for how to use them
to ensure that your system is totally clean.
Dealing with Unwanted Spyware and Parasites:
http://mvps.org/winhelp2002/unwanted.htm
Also be sure to use the HijackThis. Please DO NO post your log to this
newsgroup, but to one of the HiJackThis Support Forums below:
http://www.hijackthis.de/forum/forumdisplay.php?f=10&guestlanguageid=4
the Aumha HiJackThis forums
http://forum.aumha.org/viewforum.php?f=30
or CastleCops
http://castlecops.com/forums.html
to allow the experts there to evaluate your log and advise you of the
necessary steps to clean your system.
(
http://aumha.org/a/parasite.htm)
(
http://aumha.org/a/quickfix.htm)
(
http://mvps.org/winhelp2002/unwanted.htm)
(
http://inetexplorer.mvps.org/Darnit.htm)
(
http://www.mvps.org/sramesh2k/Malware_Defence.htm)
Malware Removal and Prevention: Overview
http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Overview
Hope this helps.
Jan
MS MVP - IE [DTS/AumHa]
Smiles are meant to be shared,
that's why they're so contagious.
Replies are posted only to the newsgroup for the benefit or other readers.
How to make a good newsgroup post:
http://www.dts-l.org/goodpost.htm