|
okay, well the wauclt.exe was in a Microsoft Video Capture Controls for a worm called " Win32/Slinbot.ALJ ".
Win32/Slinbot.ALJ is IRC controlled backdoor that can be used to gain unauthorized access to a victim's machine. It can also spread by exploiting weak passwords on administrative shares, by exploiting several vulnerabilities, and by using backdoors created by other malware, so bad maxx when this Win32/Slinbot.ALJ is executed this variant copies itself to the %System% directory as WAUCLT.EXE and makes the following modifications to the registry to ensure that this file is executed at each Windows system start:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft Video Capture Controls = "wauclt.exe"
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft Video Capture Controls = "wauclt.exe"
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\Microsoft Video Capture Controls = "wauclt.exe".
But anyways this process is most likely a virus or trojan, and runs as a .ajd worm.
But I'm sure you know this already, XD.
So as of what you're doing please do so to upload the HJT log, and sure a TSF security member will guide you through.
P.S. sorry, I didn't provide really decent information, just pretty much gave you more info on it.
__________________
- Dylan O.
|