Hi mates, its quiet obvious that you are reading this article because you are frustrated of this small mischievous process “Wuauclt.exe”, running on your machine and consuming high system resources. Generally, many people face the problem that wuauclt.exe process is consuming high system resources and that’s why people may think of it as some kind of malicious executable process.
Actually wuauclt.exe is legitimate windows process. The name wuauclt stands for Windows Update AutoUpdate Client, and it’s a process that runs periodically and helps to keep your operating system updated by downloading the latest updates and security patches from the Microsoft servers. This is a background process and it is only visible in task manager when it is waiting for a response from the Microsoft Websites.
The process executable file resides at: %SystemRoot%\System32
Why this process consumes high system resources?
Sometimes the process uses 100% CPU time and this can be due to the reason that wuauclt.exe is stuck while downloading update, or may be the file that it is downloading is large in size.
A possible way to fix this can be disabling the automatic updates in windows and rebooting the system. After rebooting, enable the automatic updates again and then wait for the process to start again.
If the memory leak issues associated with Windows Update AutoUpdate Client happen too often then there is a strong possibility that your system is infected.
Is there some virus with the same name “wuauclt.exe”?
Hackers, crackers and all the bad coders of the word are smart enough; they create viruses with the same name as some legitimate windows process. This helps them to disguise their malware as a genuine windows component. And similarly, the name wuauclt.exe is used by a virus named Backdoor.Clt (Actual name).
When this malware infects your system, first of all it replaces itself with the genuine Windows Update AutoUpdate Client. After this it modifies your registry settings such that it gets executed automatically each time you log on to Windows.
The actual purpose of this malware is to give the hacker complete control of a system by opening the port 6667 and connecting to the specific IRC server to receive any commands that hacker wants to execute.
More details here.
How to identify if your pc has been infected or not
It’s a tough job to identify if your system is really infected by the Backdoor.Clt or WUAUCLT (Virus).
As I have foretold that the genuine WUAUCLT.EXE files contains Microsoft digital signatures, and to verify the same navigate to the folder [%SystemRoot%\System32].
Right click the WUAUCLT.EXE file and check the digital signatures tab as shown in the image.
If it does not have digital signature then it simply means that it has been replaced by the virus.
- First of all disable the Windows automatic updates from the control panel.
- Now after disabling the updates the process WUAUCLT.EXE won’t start, if it’s a genuine one otherwise if it’s a virus it will start on every log on.
- After this restart your system and open the task manger to check if there is again an instance of WUAUCLT.EXE or not.
- If you find an instance of WUAUCLT.EXE running again, then simply follow the below process to get rid of the virus.
How to Remove this Backdoor.Clt or WUAUCLT.EXE (Virus):
To remove this virus I would recommend you to go with the safe way. Do not attempt to delete it directly from System32 files because even if you delete it from there, then also it is a strong possibility that it has infected other system files too.
The Safe Way:
- The first step is to get disconnected from the network, to prevent further spread of the malware.
- Secondly, kill the process WUAUCLT.EXE process from task manger.
- Update your antivirus; by downloading offline updates from some other pc.
- Scan your computer with the updated antivirus and let it do the rest.
If your existing antivirus is not capable to remove this malware then I would suggest you to go with Norton Antivirus. You don’t need to buy it, you can even use the trial version.
Note: Before installing a new antivirus make sure that you uninstall your existing one.
How to reduce the memory leaks if the process is a genuine one:
If you are fed up of the memory leak issues caused by this Windows Update AutoUpdate Client then I would suggest you to disable automatic updates in windows. Although, this is not a Microsoft recommended approach but it will help you to get quick relief from the memory leak issues.
If you are worrying about updating your OS, then I will tell you that there are other methods to update your OS offline. You can download offline updates and install them.
To turn off windows updates in Vista and windows 7, follow these steps:
- Press “Windows Key+R” keys to open “Run”.
- In the Run windows type “wuapp.exe” (without quotes), it will open windows update window.
- Navigate to the change settings links and from the dropdown select the option that says “Never check updates” and click ok.
- Restart the system and you are done.
To turn off updates in Windows Xp, follow these steps:
- Press “Windows Key+R” from keyboard
- Type “sysdm.cpl” (without quotes) in the Run window and hit Enter.
- Click the “Automatic Updates” tab and then select “Turn off Automatic Updates” option.
- Finally Click OK.
How to fix Windows Update AutoUpdate Client if it gets corrupted:
Many times the Windows Update AutoUpdate Client gets corrupted, and because of this reason it is using high system resources. No need to worry about it because you can easily fix this issue by following below steps :
- Open Command Prompt as Administrator.
- In the command prompt type “sfc /scannow” (without quotes) and hit enter.
- The system file checker will check the integrity of each system file and if it finds any corrupted files it will guide you through the process to recover it.
- After the check is complete restart the system and your corrupted WUAUCLT.exe will get repaired.
That’s all about it! If you want to share any further details or have any queries related to the topic then do tell us in the comments section.