Right, I was just wondering if anyone knows what this wuraclt.exe is?

It appears in processes as wuraclt.exe. It trys to access the internet periodically but my firewall blocks it (at least I hope it does) I think it is a worm.

This is what information I have found (this info is also posted in the Virus thread):

Name: W32/Rbot-PO

Affected OS: Windows

Effects:

All or a combination of the following:

* Logs keystrokes
* Turns off anti-virus applications
* Steals information
* Creates back door
* Downloads from internet
* Reduces system security.


Fix: For Windows without SPs there is a patch: Windows update site

Additional info: Appears in processes in Windows Task Manager as wuraclt.exe.

All the traces I have found in my system are as follows:

Runs in processes as Wuraclt.exe
C:\WINDOWS\Prefetch WURACLT.EXE-10B9FD6B.pf
The following Registry values:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run [*windows update] wuraclt.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\
RunServices [*windows update] wuraclt.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run [*windows update] wuraclt.exe

I have SP2 which there is no patch for because it should have already been patched as SP1a but for some reason did not. AVG does not detect this virus with the most upto date definitions. As a result I will need to try and delete this manually if indeed it is a worm. I tryed already deleting the registry values but it created them again as its being run as windows starts through prefetch.

Has anyone any ideas?

Sophos (sophos.com) has definitions for it.

Remember to turn off System Restore before
manually cleaning; copies can be stored there.

:m: Peace.

I suggest you just do what I and Stryder adviced in the other thread.

Found an even better solution, went to here (http://www.pandasoftware.com/activescan/com/activescan_principal.htm) and my problems vanished! woohoo!

Need a few recommendations for anti-virus software. I am willing to pay for one, so what one should I get, AVG is no use as it doesnt get updated as frequently as I would like.

Recommendations? I've only heard good things of Panda.

Cheers

I received an email notification of this from Crunch, but was concerned that it was in itself a hoax as it directed me to a site I had never heard of, Microsoft Technet. I have SP1 and SP2 downloaded and installed. I will do a search first for that exe file.

nothing found.

I never sent you an email, thats weird.

I received a "mass" email ( I presume it was mass) that told me to go to a url and download a "fix" from Microsoft Technet and the url bgan with www.microsoft etc etc but I didn't do it instead did a search in the pc for that file, which it did not find. Unfortunately I did not keep it, I delete all emails after use/read. The sender was sci forums (australia) and it was from "Captain Crunch".