W32.Downadup.B \ Win32/Conficker.B After cleaning WSUS is not working

Posted on 2009-02-16
Last Modified: 2013-11-22
My server was infected with W32.Downadup.B (Symantec) /  W32/Confick-D (Sophos). After cleaning, WSUS 3.1 is not working. I tried reinstalling .Net Framework 2.1 and reinstalling WSUS 3.1 keeping the old database, but without success.

I have this errors in Event Viewer


Event Source:      Service Control Manager
The SQL Server Integration Services service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Event Source:      Service Control Manager
The Update Services service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.


Event Source:      ASP.NET 2.0.50727.0
Failed to execute request because the App-Domain could not be created. Error: 0x80070005 Access is denied.

Event Source:      .NET Runtime 2.0 Error Reporting
Faulting application wsusservice.exe, version 3.1.6001.65, stamp 4797e925, faulting module kernel32.dll, version 5.2.3790.4062, stamp 46264680, debug? 0, fault address 0x0000bee7.
Question by:Znasev
    LVL 23

    Accepted Solution

    have you taken a look here ?
    also Some variants of Downadup will disable BITS service , can you check if the service is not disabled ?


    Author Comment

    This site helped me and now WSUS console works, but I am not sure if everything is OK because in process monitor,  wsusservice still has lots of access denied events.

    as advised, I gave full control to SYSTEM to pobpul1.dat :
    cacls.exe c:\windows\assembly\pobpul1.dat /E /G SYSTEM:F

    In Process monitor, this are the events where wsusservice has access denied, and I don't know the default permisions to this folders/files/keys in WIndows 2003 server with wsus.


    Featured Post

    Highfive Gives IT Their Time Back

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Join & Write a Comment

    I recently had to create a utility which aim is to update McAfee's Virusscan and that had to be launched from a command line. I thought I’d share my experience with you. Why is it useful to be able to update an Antivirus from the command line?…
    On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
    This video is in connection to the article "The case of a missing mobile phone (". It will help one to understand clearly the steps to track a lost android phone.
    Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

    734 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    21 Experts available now in Live!

    Get 1:1 Help Now