Jump to content

Wuxat.exe - What Is This?

crash

By crash
in Software

 Share

Recommended Posts

crash Newbie

crash

Posted
Posted

I have been having a problem with a file called wuxat.exe on my computer. It appeared around the same time i got sasser and avgserve. I've tried adaware, spybot, AVG, Pccilin, Mcaffee, stinger, norton and none of these find it.

 

If wuxat is running I can't open msconfig or regedit. So I shut wuxat down, de-select it in msconfig, edit my registry and remove all references to it. Something wierd though, I was snooping around in one of the wuxat reg entries and on the right-hand side of the binary(Hex) code window it says "wuxat - we own you"

 

Every time I remove this, (and searching my computer doesn't find any wuxat.exe file) within on or two more boot-ups it returns. I know that this is a malicious file because a)I can't get rid of it and b)when it is running my LAN connection and HDD's are firing up or running for no reason. I don't ever use any auto-update stuff and everything that wants internet access is supposed to ask zonelalarm for permission - -this wuxat doesn't. :angry:

 

by the way, there are basicly NO references to this file on the internet. The only reference I've found is another un-lucky guy who found a link on a french forum with the word wuxat.exe in it. I translated that page but everyone was like "use hijack this" or use msconfig" But no one knows what this file is or does or how to remove it.

 

Please help!!

Share this post

Link to post
Share on other sites
broooooooce Newbie

broooooooce

Posted
Posted

I suggest you visit spywareinfo.com, they have a forum there and may be able to help you. It sounds like you may have a .tmp or .js file that is being invoked to reload that file upon reboot--hijack this may work, but I doubt it... you'll probably have to go through and delete certain java script files on your computer... seriously, read spywareinfo.com is the place.

 

Bruce

[edit: btw, RUN to your nearest store and get a linksys firewall router if you have the spare cash--I can't recommend this product enough]

Share this post

Link to post
Share on other sites
crash Newbie

crash

Posted
Posted
Check for Sasser. Go here http://www.microsoft.com/security/incident/sasser.asp and check to see if your system is infected. I searched the knowledgebase and it came up with this.

 

Its behaviour is also worm like, in its reproduction.

 

Cheers,

Yeah, I did have sasser when it first came out, I started noticing it's effects even before AVG had a fix for it. The third day AVG updated and found it. Since then I've used Stinger and updated windows to get rid of it. I think that this wuxat may be a leftover or something

Share this post

Link to post
Share on other sites
crash Newbie

crash

Posted
Posted
Not sure if this will help but I found a bunch of references to the W32.Spybot.Worm when I searched for this.

 

 

 

Hope this helps some.

Sweet! I was looking at the guts of that wuxats hex and there was the word SPYBOT in there! I think you may have solved my problem but none of my AV progs can find it!

Share this post

Link to post
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to topic listing
×
×
  • Create New...