Specs: Compaq Presario - Celeron M processor - 2.66 GHz - RAM unknown - Windows XP - Certainly SP2 - maybe SP3.

Error: - "Application cannot be executed - the file wuauclt.exe is infected" - when this pops up, it asks to start AV SW. also opens Windows Security settings window - will not ALLOW any SW to be run. As a result of this attack, it is impossible to get to the Internet (at this time)

General info: 1) This is a friend's computer. 2) I have a fully functional computer that I can use to download any necessary apps. 3) I have backed up all of the data onto a separate HD by using a DOS window and XCOPY. Interestingly, I have scanned that data using the latest version of Avast Internet Security and it showed no malware, viruses, etc. Obviously that is insufficient, but it seems as though the data is at least backed up... (I did not use the XCOPY /h to copy hidden folders and files.) 4) I know that she had Avast Antivirus on her computer - but it had expired. further - from poking through the data, it looks as though she has added Kaspersky, McAfee, and maybe even AVG antivirus.

Question: Given the fact that UNDOING this malware attack could be time consuming, would it be better to just re-build the computer, that is, do a re-install of the OS? Or... if that is not the wisest course of action - how do I start to undo the damage?

also - I have run a boot scan disk of Alvira antivir...

I have looked at other posts that had similar attacks. Each of those posts MADE it clear that I should not try to use the advice contained there - but to start my own thread.

Thanks for your help - scfoxsdgIt can probably be cleaned.

Transfer this download from another computer and on to the infected one via flash drive or CD.

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  
• Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware REMOVAL. It will allow you to boot up into a special recovery/repair mode that will allow us to more EASILY help you should your computer have a problem after an attempted removal of malware.
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

• Click on Yes, to continue scanning for malware.
• When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.