cschutte21
asked on
Windows Update Won't Run
Hello. I had a PC that had viruses on it, but I got them all removed. The only issue with the PC is that it will not do windows updates. After some research I found out that the Background Intelligent Transfer Service (BITS) will not start. I ran a program that will determine if files are missing. It did find 3 .dll files missing, so I ran a sfc /scannow. After that, the .dlls were still missing, so I manually downloaded them. Now my scan shows that all needed files are there, but it still wont start. I'm trying to figure out if there is anything else I can do before I reformat and reinstall this.
I have ran windows repair, chkdsk, sfc /scannow, nothing is working.
Thanks in advance.
I have ran windows repair, chkdsk, sfc /scannow, nothing is working.
Thanks in advance.
There is a few rootkits that uses restrictions in a hidden key in HKLM\Software
RootRepeal - RootRepeal - Rootkit Detector
http://rootrepeal.googlepages.com/
Under each tab, hit the Scan button, and see if you get any RED files/services/processes/d
Also.....
reg query "HKEY_LOCAL_MACHINE\SOFTWA
Attach/paste the contents of c:\reg.txt please....
RootRepeal - RootRepeal - Rootkit Detector
http://rootrepeal.googlepages.com/
Under each tab, hit the Scan button, and see if you get any RED files/services/processes/d
Also.....
reg query "HKEY_LOCAL_MACHINE\SOFTWA
Attach/paste the contents of c:\reg.txt please....
You shouldn't have to download .dll files.
I'd recommend you download Dial-a-Fix.
http://djlizard.net.nyud.net:8080/software/Dial-a-fix-v0.60.0.24.zip
Check the boxes next to the following:
Fix Windows Installer
Fix Windows Update
Select everything in the Registration center
Click the GO button.
When that's finished, put your OS media in your drive, and in Dial-a-Fix, click the Hammer icon at the bottom. From the new menu, first, select SFC purge. After that has completed, select SFC scan. Once that completes, remove the OS media and reboot your system.
Report back.
I'd recommend you download Dial-a-Fix.
http://djlizard.net.nyud.net:8080/software/Dial-a-fix-v0.60.0.24.zip
Check the boxes next to the following:
Fix Windows Installer
Fix Windows Update
Select everything in the Registration center
Click the GO button.
When that's finished, put your OS media in your drive, and in Dial-a-Fix, click the Hammer icon at the bottom. From the new menu, first, select SFC purge. After that has completed, select SFC scan. Once that completes, remove the OS media and reboot your system.
Report back.
it is possible your system is infected with thr latest worm conflicker also known as downadup or aprilfools virus. go to http://www.confickerworkinggroup.org/infection_test/cfeyechart.html to check if you are infected or not. removing instructions are here http://www.confickerworkinggroup.org/wiki/
if you are not infected Simply go to windows update site and check if your updating engine is perfect or not and also re installation of update engine. you may also get some patches from there to run windows update perfectly.
if you are not infected Simply go to windows update site and check if your updating engine is perfect or not and also re installation of update engine. you may also get some patches from there to run windows update perfectly.
have you tried doing a system restore backa few weeks?
/TT
/TT
ASKER
Souseran, I tried yours first but I had no luck. I am now trying johnb6767's response. And bigpadhakoo's response came back clean.
allright, which tool you used for virus cleaning ? i recommend to run a scan from spyware doctor it's starter edition is free and can be downloaded from google at http://pack.google.com/intl/en/pack_installer.html
if it doesn't work then you are left with one solid option to repair your operating system with your windows CD. this will definately fix by replacing missing files and relinking registery entries. if issue doesn't fixed then we'll move to advanced level fixes. Just download Hijackthis by Trendmicro from http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe to create a indepth logfile of your system and post here. Good Luck !!
if it doesn't work then you are left with one solid option to repair your operating system with your windows CD. this will definately fix by replacing missing files and relinking registery entries. if issue doesn't fixed then we'll move to advanced level fixes. Just download Hijackthis by Trendmicro from http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe to create a indepth logfile of your system and post here. Good Luck !!
ASKER
ASKER
bigpadhakoo, I have ran Malwarebytes, ComboFix, Hijack This, and I currently have AVG installed.
Hidden/Locked Files
-------------------
Path: C:\WINDOWS\system32\driver
Hidden Services
-------------------
Service Name: a1dca2b8
Image Path: C:\WINDOWS\System32\driver
Navigate to HKEY_LOCAL_MACHINE\SYSTEM\
Can you give me the following output please?
reg query "HKEY_LOCAL_MACHINE\SOFTWA
There is probably a hidden key called HKEY_LOCAL_MACHINE\SOFTWAR
or
HKEY_LOCAL_MACHINE\SOFTWAR
I want to verify something before going any further....
Also, is this PC on a network with any others?
-------------------
Path: C:\WINDOWS\system32\driver
Hidden Services
-------------------
Service Name: a1dca2b8
Image Path: C:\WINDOWS\System32\driver
Navigate to HKEY_LOCAL_MACHINE\SYSTEM\
Can you give me the following output please?
reg query "HKEY_LOCAL_MACHINE\SOFTWA
There is probably a hidden key called HKEY_LOCAL_MACHINE\SOFTWAR
or
HKEY_LOCAL_MACHINE\SOFTWAR
I want to verify something before going any further....
Also, is this PC on a network with any others?
go to microsoft and download service pack 3, this is important coz sp2 is heavily vulnerable. service pack will install every single security patch till release and don't worry it's graduated a year before to assure you stability. there are suspected entries in your log files. sp3 upgrade will fix the issue instead you can use this also.
1. type msconfig in your run command dialog box
2. in startup tab select disable all, someantivirus or security softwares may still continue check their manual to disable them.
3. restart and update your pc.
4. if didn't work run your pc in safemode by pressing f8 after bootscreen prompt
5. update your pc
6. again run step 1 and this time enable all
7. check for updates, if fails disable suspected entries or check yourself by running or stopping services one by one.
if this didn't work thrn you have to upgrade to SP3 for further fix.
Good Luck !!
1. type msconfig in your run command dialog box
2. in startup tab select disable all, someantivirus or security softwares may still continue check their manual to disable them.
3. restart and update your pc.
4. if didn't work run your pc in safemode by pressing f8 after bootscreen prompt
5. update your pc
6. again run step 1 and this time enable all
7. check for updates, if fails disable suspected entries or check yourself by running or stopping services one by one.
if this didn't work thrn you have to upgrade to SP3 for further fix.
Good Luck !!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
as according to technet information sp3 first checks with mailicious software removal tool and also replace all trusted system files in order to a successful install. with this the previous entries in registery becomes broken and remains as garbage which can be fixed by any general reg cleaner
"sp3 first checks with mailicious software removal tool"
I can honestly say I have never found an infection with the MRT...... And I have recently run a side by side comparison of about 4 major Spyware cleaners, and MRT/Windows defender reported systems were clean, and SuperAntiSpyware/Malware Bytes found Rootkits and Trojans.....
The MRT is not sufficient to determine if the PC is clean or not, as it only has a limited scope of what it is designed to detect. An yes, it will replace all trusted files, but even that is not 100%, as most of those files have modules loaded into memory that protect them from being renamed/replaced/deleted.
It just is not a wise decision to run an SP install, ESPECAILLY with the potential for a Rootkit to be on the machine, as it will definately not cure it......
I can honestly say I have never found an infection with the MRT...... And I have recently run a side by side comparison of about 4 major Spyware cleaners, and MRT/Windows defender reported systems were clean, and SuperAntiSpyware/Malware Bytes found Rootkits and Trojans.....
The MRT is not sufficient to determine if the PC is clean or not, as it only has a limited scope of what it is designed to detect. An yes, it will replace all trusted files, but even that is not 100%, as most of those files have modules loaded into memory that protect them from being renamed/replaced/deleted.
It just is not a wise decision to run an SP install, ESPECAILLY with the potential for a Rootkit to be on the machine, as it will definately not cure it......
cschutte21, can you please respond to my last questions, so we can continue to assist?
I completely agree that MRT is useless for rootkits and based to detect and paralyze illegal copies of windows but sp3 contains most of the stable security patches that are helpful in detecting rootkit infections more easily than to mess with 100's of entries manually with older releases. a single scan of spyware doctor starter edition is capable of doing this more easily and it is distributed free by google. btw we always have a open alternative to spend hours with the in depth structure which is not a healthy choice for fast running trends. consider it just a opinion rather than a suggestion.
ASKER
I ended up reinstalling the PC. Nothing was working, and the customer was getting a little impatient. After that, it worked great. Thanks for all your help
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/doug92.mspx