The Wuauclt.exe in the%system% folder is the client that Windows automatically updates.
Today, however, that wuauclt.exe in the Wuauclt.exe%system% folder. This is located in the%windows% folder.
Today VirusTotal multi engine scan results, only 4 homes, of which 3 reported suspicious; AntiVir's heuristic "malicious program." None of the 4 families gave a specific name.
When you connect to the network, run this wuauclt.exe, which accesses 61.128.196.671 through port 80 to create the following files:
C:\windows\wuauclt.exe
C:\windows\bbyb.exe
C:\windows\bbybs.exe
C:\windows\bbyb.dll
C:\windows\ies.dll
C:\windows\noruns.reg (this file is automatically deleted when the contents are imported into the registry.) )
Create Sxs.exe and Autorun.inf in all partition roots and in the root directory of the U disk, outside the system partition.
Where C:\windows\bbyb.dll dynamically inserts the application process.
C:\windows\wuauclt.exe Delete the Startup items and service items of rising, KV, Kaspersky, and Yahoo Assistants in the registry. Interestingly, it also deletes a popular Trojan NTdhcp.exe startup item.
The registry startup entry that you added is:
Hklm\software\microsoft\windows\currentversion\run\
Microsoft
Killing:
Ends the C:\windows\wuauclt.exe process.
After the process is over, the Sxs.exe and Autorun.inf in the U disk can be deleted directly. Delete, the U disk pull out.
Then, delete the following files:
C:\windows\wuauclt.exe
C:\windows\bbyb.exe
C:\windows\bbybs.exe
C:\windows\bbyb.dll
C:\windows\ies.dll
Deletes its startup item.