i did a search on this and it turns out to be some kind of worm. can anyone tell me how to get rid of it. i don't know software or programming so please talk to me like the noob i am. the few places i got on google didn't really explain it well. thanks for any help.

<a target=new class=ftalternatingbarlinklarge href="http://www.tek-tips.com/gviewthread.cfm/pid/83/qid/824092">These</a> guys seem to know a bit about it and how to go about removing the problem. Just follow their links to sophos.com for (IMO) easy to follow removal instructions:<BR>Recovery <BR>Please follow the instructions for removing worms.<BR><BR>Check your administrator passwords and review network security. <BR><BR>Change any data that may have become compromised. <BR><BR>Delete the log file debug.txt if it exists. <BR><BR>You will also need to edit the following registry entries, if they are present. Please read the warning about editing the registry. <BR><BR>At the taskbar, click Start|Run. Type 'Regedit' and press Return. The registry editor opens. <BR><BR>Before you edit the registry, you should make a backup. On the 'Registry' menu, click 'Export Registry File'. In the 'Export range' panel, click 'All', then save your registry as Backup. <BR><BR>Locate the HKEY_LOCAL_MACHINE entries: <BR><BR>HKLMSoftwareMicrosoftWindowsCurrentVersionRun<BR>Microsoft Update = wuamgrd.exe <BR><BR>HKLMSoftwareMicrosoftWindowsCurrentVersionRunOnce<BR>Microsoft Update = wuamgrd.exe <BR><BR>HKLMSoftwareMicrosoftWindowsCurrentVersionRunServi ces<BR>Microsoft Update = wuamgrd.exe <BR><BR>and delete them if they exist. <BR><BR>Each user has a registry area named HKEY_USERS[code number indicating user]. For each user locate the entries: <BR><BR>HKU[code number]SoftwareMicrosoftWindows<BR>CurrentVersionRunMicrosoft Update = wuamgrd.exe <BR><BR>HKU[code number]SoftwareMicrosoftWindows<BR>CurrentVersionRunRunOnceMicrosoft Update = wuamgrd.exe <BR><BR>and delete them if they exist. <BR><BR>Close the registry editor and reboot your computer.<BR> <BR>

I believe turning off the Win backup will stop it from keeping any instances of registry entries created by the worm. Hence their suggestion to do so.

thanks rithemking. your always lots of help. i checked the registry and there isn't anything there so i'm safe on that side. might be cause i just got back my rma'd hdd and this is a fresh load of XP Pro. i have zone alarm pro and it helped me keep it from accessing the internet so it hasn't had a chance to build. oh, just got back my other hdd today and was wondering if i should RAID 0 them in the xp software or wait till i get a PCI RAID card or just not do it at all. one's a 160g and the other a 120g. i know it'll show up as a raided 120. will i notice a significant difference in games and applications? they're not SATA drives.

Hi,

I followed these steps to delete the file:

"Recovery
Please follow the instructions for removing worms.

Check your administrator passwords and review network security.

Change any data that may have become compromised.

Delete the log file \debug.txt if it exists.

You will also need to edit the following registry entries, if they are present. Please read the warning about editing the registry.

At the taskbar, click Start|Run. Type 'Regedit' and press Return. The registry editor opens.

Before you edit the registry, you should make a backup. On the 'Registry' menu, click 'Export Registry File'. In the 'Export range' panel, click 'All', then save your registry as Backup.

Locate the HKEY_LOCAL_MACHINE entries:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run \
Microsoft Update = wuamgrd.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run Once\
Microsoft Update = wuamgrd.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run Services\
Microsoft Update = wuamgrd.exe

and delete them if they exist.

Each user has a registry area named HKEY_USERS\[code number indicating user]\. For each user locate the entries:

HKU\[code number]\Software\Microsoft\Windows\
CurrentVersion\Run\Microsoft Update = wuamgrd.exe

HKU\[code number]\Software\Microsoft\Windows\
CurrentVersion\RunRunOnce\Microsoft Update = wuamgrd.exe

and delete them if they exist.

Close the registry and reboot."

But the file wuamgrd.exe just keeps re-existing in some of the folders in the HKU and HKLM directory, after a few seconds I deleted them. Does anybody know to delete wuamgrd.exe permanently?

Thank you!