What is wuaudt.exe?

What is wuaudt.exe?

[EDIT]

To cut to the chase, wuaudt.exe is wuauclt.exe, and I have an up-to-date documentation of what that process is here:

"wuauclt.exe & wuaudt.exe?"
http://xona.com/2004/08/26.html

[CUT description of running process...]

Since the font size in Task Manager is small you might be confusing wuaudt.exe with wuauclt.exe. If you take a close look at your screen you can see that the 'c' and the 'l' are very close together and might look like a 'd'.

Here's an explanation of wuauclt.exe:

http://computercops.biz/postp282658.html

I think you are correct. I have anti-aliasing enabled, which blurs the letters together an extra bit more. I just created my own application called wuauclt.exe to see what it looks like is Task Manager and it does look like wuaudt.exe! Not only that, but I found five results for wuauclt.exe on my computer (and none for wuaudt.exe). Thanks for solving this "bug"!

Here is the process information on non-virus wuauclt.exe:
- http://www.liutilities.com/products...ibrary/wuauclt/
- says it is a Windows ME Windows update process

Here is more information on the trojan:
- http://www.sophos.com/virusinfo/analyses/trojcultb.html
- http://securityresponse.symantec.co...ckdoor.clt.html

Norton Anti-virus does not detect my files as viruses.

Also, if I delete them all, Windows immediately asks me for my Windows XP Service Pack 2 CD (which I don't have as I installed it off the Internet.) Same as the second poster in this thread: http://www.windowsbbs.com/showthread.php?t=34098

So, maybe liutilities.com is out-of-date, and these files are now update processes for Windows XP too???

From studying the nature of the process (when it runs, etc.), I determined that the process is a legitimate process for Windows XP users. This means that this website is out-of-date (as it only mentions the process as a Windows ME process):

http://www.liutilities.com/products...ibrary/wuauclt/

I wrote up my research information here, for those interested:

"wuauclt.exe & wuaudt.exe?"
http://xona.com/2004/08/26.html

Start/Run/services.msc

Disable Automatic Updates. I have mine turned off in System Properties, but wuauclt.exe still ran on start up. When I disabled the Automatic Updates service itself, wuauclt.exe no longer ran on start up. However, when I perform a manual Windows Update I cannot do it without enabling the Automatic Updates service. This leads me to believe that wuauclt.exe is a valid process, or at least on my system it is. Trend Micro Internet Security does not detect it as a virus either. Also, try opening a command prompt and typing 'netstat' this will show you TCP/IP connections.

Here's more about Windows Update and XP:

http://www.dslreports.com/forum/remark,11199217~mode=flat

Good Point. The process is a known trojan, so it could be a trojan... but the method you described is the perfect way to figure out if you have a trojan or if you have a legitmate Windows process. If you disable Automatic Updates using services.msc, and then the process still shows up, then you know something is fishy. However, if the process reacts precisely the way it is suppose to react (i.e. not showing up with Automatic Updates turned off in services.msn, showing up upon start-up with Automatic Updates enabled, showing up when you visit Windows Update website, etc.), then you know the process is legitmate.

Another point, is that disabling Automatic Updates in Control Panel does not shut down the process, according to this thread (page 4) below.
Instead, you must use services.msc to 'actually' shut it down
- http://www.windowsbbs.com/showthread.php?t=34098

......

Also, I wrote up my research information here, for those interested:

"wuauclt.exe & wuaudt.exe?"
http://xona.com/2004/08/26.html