crash Posted May 17, 2004 Posted May 17, 2004 I have been having a problem with a file called wuxat.exe on my computer. It appeared around the same time i got sasser and avgserve. I've tried adaware, spybot, AVG, Pccilin, Mcaffee, stinger, norton and none of these find it. If wuxat is running I can't open msconfig or regedit. So I shut wuxat down, de-select it in msconfig, edit my registry and remove all references to it. Something wierd though, I was snooping around in one of the wuxat reg entries and on the right-hand side of the binary(Hex) code window it says "wuxat - we own you" Every time I remove this, (and searching my computer doesn't find any wuxat.exe file) within on or two more boot-ups it returns. I know that this is a malicious file because a)I can't get rid of it and b)when it is running my LAN connection and HDD's are firing up or running for no reason. I don't ever use any auto-update stuff and everything that wants internet access is supposed to ask zonelalarm for permission - -this wuxat doesn't. by the way, there are basicly NO references to this file on the internet. The only reference I've found is another un-lucky guy who found a link on a french forum with the word wuxat.exe in it. I translated that page but everyone was like "use hijack this" or use msconfig" But no one knows what this file is or does or how to remove it. Please help!! Share this post Link to post Share on other sites More sharing options...
broooooooce Posted May 17, 2004 Posted May 17, 2004 I suggest you visit spywareinfo.com, they have a forum there and may be able to help you. It sounds like you may have a .tmp or .js file that is being invoked to reload that file upon reboot--hijack this may work, but I doubt it... you'll probably have to go through and delete certain java script files on your computer... seriously, read spywareinfo.com is the place. Bruce [edit: btw, RUN to your nearest store and get a linksys firewall router if you have the spare cash--I can't recommend this product enough] Share this post Link to post Share on other sites More sharing options...
Eigtball Posted May 17, 2004 Posted May 17, 2004 Check for Sasser. Go here http://www.microsoft.com/security/incident/sasser.asp and check to see if your system is infected. I searched the knowledgebase and it came up with this. Its behaviour is also worm like, in its reproduction. Cheers, Share this post Link to post Share on other sites More sharing options...
crash Posted May 17, 2004 Posted May 17, 2004 Check for Sasser. Go here http://www.microsoft.com/security/incident/sasser.asp and check to see if your system is infected. I searched the knowledgebase and it came up with this. Its behaviour is also worm like, in its reproduction. Cheers, Yeah, I did have sasser when it first came out, I started noticing it's effects even before AVG had a fix for it. The third day AVG updated and found it. Since then I've used Stinger and updated windows to get rid of it. I think that this wuxat may be a leftover or something Share this post Link to post Share on other sites More sharing options...
ELcaro Posted May 17, 2004 Posted May 17, 2004 Not sure if this will help but I found a bunch of references to the W32.Spybot.Worm when I searched for this. Also, found a thread with exactly the same problem you are having. http://forums.speedguide.net/showthread.ph...988#post1305988 Hope this helps some. Share this post Link to post Share on other sites More sharing options...
crash Posted May 17, 2004 Posted May 17, 2004 Not sure if this will help but I found a bunch of references to the W32.Spybot.Worm when I searched for this. Hope this helps some. Sweet! I was looking at the guts of that wuxats hex and there was the word SPYBOT in there! I think you may have solved my problem but none of my AV progs can find it! Share this post Link to post Share on other sites More sharing options...
Eigtball Posted May 17, 2004 Posted May 17, 2004 Go here for some help in removing it. http://securityresponse.symantec.com/avcen...pybot.worm.html Share this post Link to post Share on other sites More sharing options...
Shadowfactor Posted May 17, 2004 Posted May 17, 2004 if all else falis , reformat! Share this post Link to post Share on other sites More sharing options...
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now