http://net-studio.org >> Patch>

Wuauc1t Remover (wuauc1t.exe and iexplorer.exe)


	Patchs for virus
	Tutorials
	Tips
	Forum
	Windows Optimum
	USB FireWall
	Boost Google Search

	Virus Information
	A virus that downloads files that can pose risks to the infected computer. Variants: W32/Autorun.worm.g [McAfee] New Malware.hr [McAfee] New Malware.u [McAfee] New Malware.aj [McAfee] W32/Areses [McAfee] Downloader.gen.a [McAfee] Generic.dx [McAfee] Trojan-Downloader.Agent!sd5 [PCTools] Packed/NSPack [PCTools] TROJ_SMALL.CBU [Trend Micro] TROJ_SMALL.AZH [Trend Micro] TROJ_UPACK.CA [Trend Micro] Infostealer [Symantec]
	File
	Creates the files in you system directory <System>\wuauc1t.exe <System>\iexplorer.exe <System>\urlurl.dll <System>\syurl.dll <System>\sssurl.dll And tow files ini all removable drive : WinX.pif where X is a number betwen 1 and 30 (example Win3.pif, Win6.pif) autorun.inf explorer.exe system.pif sys.pif pagefile.pif
	Registry
	Creates the registry entry HKLM\Software\Microsoft\Windows\CurrentVersion\Run wuauc1t.exe=<system>\wuauc1t.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] IEXPLORER = <System>\iexplorer.exe Registry key created HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rpt.EXE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360safe.EXE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.EXE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ANTIARP.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ast.EXE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AutoRunKiller.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvMonitor.EXE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVP.EXE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.EXE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Frameworkservice.EXE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IceSword.EXE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Iparmor.EXE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASARP.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KRegEx.EXE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonxp.kxp HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVSrvXP.EXE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVWSC.EXE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Mmsk.EXE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapsvc.EXE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Nod32kui.EXE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQDOCTOR.EXE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Regedit.EXE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VPC32.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VPTRAY.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WOPTILITIES.EXE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Wuauclt.EXE And creates the value Debugger=<System>\wuauc1t.exe in each key that makes wuauc1t.exe the default dubugger of all its programs, which in other words because of a virus wuauc1t.exe companion programs already listed above. Delete the key: HKEY_LOCAL_MACHINE\ SYSTEM\ControlSet001\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318} HKEY_LOCAL_MACHINE\ SYSTEM\ControlSet001\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318} HKEY_LOCAL_MACHINE\ SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318} HKEY_LOCAL_MACHINE\ SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318} Change the value of: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue = 0x000006B8
	WARNING

	Link

Latest fixs:

Brastk (Win32/Wantvi.I, Brastk.exe)
Braviax (Win32/Wantvi.I, Braviax.exe)
XP AntiSpyware 2009 (XP_AntiSpyware.exeL, Downloader.Win32.Agent.bs,New Malware.aj)
FlashGuard.exe (DriveGuard.exe,Win32.Worm.Autoit.AL, AUTORUN.TZ)
cradle of filth (cradle_of_filth.vbe, Notre Gates qui est à Seattle)

COPYRIGHT (C) 2008 NET STUDIO, ALL RIGHT RESERVED