MajorGeeks Problem

Discussion in 'Malware Help (A Specialist Will Reply)' started by reddog19, Dec 17, 2013.

  1. reddog19

    reddog19 Private E-2

    Hello and thanks for your attention,

    I had great success with you assistance several years ago.

    Recently, I have had issues with "100% CPU use".

    After investigation, I thought it might be due to "wuaudt.exe"

    This file and an associated svchost.exe file were hogging the memory. An image is attached

    I went through your latest "Malaware Read Me File" and downloaded and ran all the programs according to instructions.

    After I re-booted, it now takes 4 minutes to go from re-boot to login and another 5 minutes till I can use a program.

    I then re-did all your instructions and the logs are attached.

    Any help would be greatly appreciated.

    Kind Regards,

    Michael
     

    Attached Files:

    reddog19, Dec 17, 2013
    #1
  2. reddog19

    reddog19 Private E-2

    And by the way, I'm convinced that it is not a hardware problem as I put my hard drive into our other identical computer and the start up problems were the same.

    Michael
     
    reddog19, Dec 17, 2013
    #2
  3. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Hi.:)

    Spyware Cease v7.2 <<< uninstall this

    You did not delee ALL of the Potential Unwanted Programs according to the HitmanPro log. Please do so.

    If you do not use Windows Messenger Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

    Also, you forgot to attach the Malware Bytes log.

    Are you using the Windows Firewall?


    http://img805.imageshack.us/img805/9659/rktigzy.gif Fix items using RogueKiller.

    Double-click RogueKiller.exe to run. (Vista/7 right-click and select Run as Administrator)
    When it opens, press the Scan button
    Now click the Registry tab and locate this detection:
    • [V1][SUSP PATH] At1.job : C:\DOCUME~1\michael\APPLIC~1\Dealply\UPDATE~1\UPDATE~1.EXE - /Check [x] -> FOUND

    Place a checkmark next to each of these items, leave the others unchecked.
    Now press the Delete button.
    When it is finished, there will be a log on your desktop called: RKreport[2].txt
    Attach RKreport[2].txt to your next message. (How to attach)
    Reboot the machine.


    Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    • R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.muuler.com/
    • O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    • O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
    • O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
    • O3 - Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
    • O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file)
    • O4 - HKLM\..\Run: [SpywareCease.exe] C:\Program Files\Spyware Cease\SpywareCease.exe

    After clicking Fix exit HJT.




    Delete this if it shows:
    C:\DOCUME~1\michael\APPLIC~1\Dealply

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it. (Right click and run as admin if using Vista, Windows7 or Win8) Then attach the new C:\MGlogs.zip file that will be created by running this.

    Don't forget to attach the MBAM log and address my question regarding the firewall.
     
    Kestrel13!, Dec 17, 2013
    #3
  4. reddog19

    reddog19 Private E-2

    Hello Kestral,

    I've followed all your instructions and the logs are attached.

    I was (?) running Windows Firewall, but when I went to Control Panel to check
    I got the following message:

    "Windows firewall settings cannot be displayed because the associated service is not running. Do you want to start the Windows firewall/Internet connection sharing (ICS) service?"

    I just left it as was.

    Thanks for your help,

    Michael
     

    Attached Files:

    reddog19, Dec 17, 2013
    #4
  5. reddog19

    reddog19 Private E-2

    A few other things which may be relevant.

    I just re-booted my laptop (still takes ages) and the firewall warning bubble came up so I turned it on.

    The wuaudt.exe file now disappears from the taskmanager screen shortly after boot completion.
    I've done a file search for this file and it is not found. I have no idea where it comes from or disappears to.
    My Google investigations suggest that it is to do with Microsoft automatic updates, but I am suspect of it.

    I have a small program which restores the desktop icon layout to my preferred layout.
    I've used this for years simply for when I go between laptop and external monitor.
    It still works but after a while the icons will now revert to a grid pattern for no reason.

    Thanks,
    Michael
     
    reddog19, Dec 18, 2013
    #5
  6. reddog19

    reddog19 Private E-2

    An update.

    I haven't rebooted since my last post and haven't used any programs except explorer, chrome, firefox and snagit.

    All of a sudden wuaudt.exe & svchost appear back in the task manager and CPU use sparks up to about 90-100%

    I then did a global hard drive search for wuaudt and nothing was found.

    I've attached a screen shot

    Thanks,

    Michael
     

    Attached Files:

    reddog19, Dec 18, 2013
    #6
  7. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    It's wuauclt
    (note the spelling compared to yours)

    The logs look good. Ready for final steps? Anything non malware related will have to be further discussed in the software forum.
     
    Kestrel13!, Dec 18, 2013
    #7
  8. reddog19

    reddog19 Private E-2

    Thanks for all your help Kestrel,

    From my research it seems that wuauclt and wuaudt are somehow related.

    The process which shows up in the task manager is definitely "wuaudt.exe" as can be seen in the image I attached to my previous post.

    I'll take your advice that the problem is now not malaware and ask for some help in the software forum.

    Thanks,

    Michael
     
    reddog19, Dec 18, 2013
    #8
  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Nope! It show wuaclt.exe Time for new glasses ? ;) You are not seeing the separation between the c and the l and your eyes are telling you it is the letter d
     
    chaslang, Dec 18, 2013
    #9
  10. reddog19

    reddog19 Private E-2

    Point taken. I've booked with the optometrist tomorrow!!!
     
    reddog19, Dec 22, 2013
    #10
  11. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Hi reddog, how are things running? :)
     
    Kestrel13!, Dec 22, 2013
    #11

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds