wuauclt.exe

The wuauclt.exe file is a natural part of the Windows operating system's update process structure. Some kinds of malware may try to hide under the file name of wuauclt.exe, but they can be discerned as threats due to differences in location or running behavior. The natural wuauclt.exe file is important to running Windows without errors or security vulnerabilities, so it's usually not recommended to attempt to delete a wuauclt.exe-disguised threat by hand. Instead, use appropriate automated software that will delete the malware without harming the true wuauclt.exe.

Getting to Know Your wuauclt.exe

The file wuauclt.exe is always found as a single file within the Windows/system32 subfolder and is typically from fifty-one to fifty-three kilobytes in size. If you see a  wuauclt.exe file that's in a different folder, multiple wuauclt.exe files in the system32 folder, or a  wuauclt.exe file with a very noticeable file size difference, you can consider wuauclt.exe a malware threat and commence scanning procedures.
 
It is important to be aware that the presence of a wuauclt1.exe file isn't necessarily indicative of infection, since there are many legitimate instances of a wuauclt1.exe file as the result of version changes to the host system's Windows Update software.
 
Your wuauclt.exe file should be digitally signed from Microsoft as proof of its benign origin. This signature can be seen by right-clicking on the file, clicking on Properties, and checking the Digital Signatures tab.

What wuauclt.exe Does for You (and What wuauclt.exe Doesn't Do!)

Your wuauclt.exe file keeps your Windows Update program operational. If you choose to shut off the automatic updating feature to have precise control over when you update Windows, wuauclt.exe should never be running unless you initiated the update yourself. You can see whether wuauclt.exe is running or not by looking at your Task Manager processes via the Ctrl+Alt+Del key combination (all three keys should be held down simultaneously).
 
On the other hand, if you've decided to leave the automatic update feature on, wuauclt.exe may run without your explicit permission whenever an update is detected. Nonetheless, regardless of your automatic or non-automatic settings, wuauclt.exe will never be running unless wuauclt.exe is actually in the process of downloading or installing an update.
 
Because of this last trait, it's relatively simple to catch malware in the act of hiding as wuauclt.exe, since they will inevitably be running even if you aren't interacting with updates. Malware pretending to be wuauclt.exe aren't necessarily trying to harm your update acquisition, but can be involved in many unrelated activities – recording your personal keyboard input and other file information, hijacking your browser to redirect it towards dangerous websites, or reducing your security settings to download harmful files without your permission.
 
The following are just some examples of recent malware infections that have been known to use wuauclt.exe as a disguise, even as recently as February 2011: Trojan-PWS.QQPass, Net-Worm.SillyFDC!rem, Backdoor.Win32.Hupigon.mrzd, Trojan.Win32.Swisyn.apzm and Backdoor:Win32/Likseput.A. Since there are no signs of this deceitful behavior stopping any time soon, you should be ready to stop any fake wuauclt.exe files you see.