Solved

Windows Update Won't Run

Posted on 2009-04-14
17
837 Views
Last Modified: 2013-11-15
Hello. I had a PC that had viruses on it, but I got them all removed. The only issue with the PC is that it will not do windows updates. After some research I found out that the Background Intelligent Transfer Service (BITS) will not start. I ran a program that will determine if files are missing. It did find 3 .dll files missing, so I ran a sfc /scannow. After that, the .dlls were still missing, so I manually downloaded them. Now my scan shows that all needed files are there, but it still wont start. I'm trying to figure out if there is anything else I can do before I reformat and reinstall this.

I have ran windows repair, chkdsk, sfc /scannow, nothing is working.

Thanks in advance.
0
Comment
Question by:cschutte21
  • 5
  • 5
  • 4
  • +3
17 Comments
 
LVL 34

Expert Comment

by:Michael-Best
ID: 24144632
0
 
LVL 66

Expert Comment

by:johnb6767
ID: 24144705
There is a few rootkits that uses restrictions in a hidden key in HKLM\Software

RootRepeal - RootRepeal - Rootkit Detector
http://rootrepeal.googlepages.com/

Under each tab, hit the Scan button, and see if you get any RED files/services/processes/drivers in the list, or just look for the summary, for any hidden files/services/processes/drivers in the lower left hand corner.....

Also.....

reg query "HKEY_LOCAL_MACHINE\SOFTWARE" >c:\reg.txt

Attach/paste the contents of c:\reg.txt please....
0
 
LVL 26

Expert Comment

by:souseran
ID: 24144795
You shouldn't have to download .dll files.

I'd recommend you download Dial-a-Fix.

http://djlizard.net.nyud.net:8080/software/Dial-a-fix-v0.60.0.24.zip

Check the boxes next to the following:

Fix Windows Installer
Fix Windows Update
Select everything in the Registration center

Click the GO button.

When that's finished, put your OS media in your drive, and in Dial-a-Fix, click the Hammer icon at the bottom. From the new menu, first, select SFC purge. After that has completed, select SFC scan. Once that completes, remove the OS media and reboot your system.

Report back.
0
 
LVL 1

Expert Comment

by:bigpadhakoo
ID: 24147879
it is possible your system is infected with thr latest worm conflicker also known as downadup or aprilfools virus. go to http://www.confickerworkinggroup.org/infection_test/cfeyechart.html to check if you are infected or not. removing instructions are here http://www.confickerworkinggroup.org/wiki/

if you are not infected Simply go to windows update site and check if your updating engine is perfect or not and also re installation of update engine. you may also get some patches from there to run windows update perfectly.
0
 
LVL 7

Expert Comment

by:tonyteri
ID: 24149160
have you tried doing a system restore backa  few weeks?  

/TT
0
 

Author Comment

by:cschutte21
ID: 24149378
Souseran, I tried yours first but I had no luck. I am now trying johnb6767's response. And bigpadhakoo's response came back clean.
0
 
LVL 1

Expert Comment

by:bigpadhakoo
ID: 24150710
allright, which tool you used for virus cleaning ? i recommend to run a scan from spyware doctor it's starter edition is free and can be downloaded from google at http://pack.google.com/intl/en/pack_installer.html
if it doesn't work then you are left with one solid option to repair your operating system with your windows CD. this will definately fix by replacing missing files and relinking registery entries. if issue doesn't fixed then we'll move to advanced level fixes. Just download Hijackthis by Trendmicro from http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe to create a indepth logfile of your system and post here. Good Luck !!
0
 

Author Comment

by:cschutte21
ID: 24151107
Here are a few logs...
hijackthis.log
report.txt
0
Free Gift Card with Acronis Backup Purchase!

Backup any data in any location: local and remote systems, physical and virtual servers, private and public clouds, Macs and PCs, tablets and mobile devices, & more! For limited time only, buy any Acronis backup products and get a FREE Amazon/Best Buy gift card worth up to $200!

 

Author Comment

by:cschutte21
ID: 24152648
bigpadhakoo, I have ran Malwarebytes, ComboFix, Hijack This,  and I currently have AVG installed.
0
 
LVL 66

Expert Comment

by:johnb6767
ID: 24153648
Hidden/Locked Files
-------------------
Path: C:\WINDOWS\system32\drivers\a1dca2b8.sys

Hidden Services
-------------------
Service Name: a1dca2b8
Image Path: C:\WINDOWS\System32\drivers\a1dca2b8.sys

Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\a1dca2b8 in the registry. Does it exist?

Can you give me the following output please?

reg query "HKEY_LOCAL_MACHINE\SOFTWARE" >c:\reg.txt

There is probably a hidden key called HKEY_LOCAL_MACHINE\SOFTWARE\a1dca2b8
or
HKEY_LOCAL_MACHINE\SOFTWARE\a1dca2b8.sys

I want to verify something before going any further....

Also, is this PC on a network with any others?




0
 
LVL 1

Expert Comment

by:bigpadhakoo
ID: 24154750
go to microsoft and download service pack 3, this is important coz sp2 is heavily vulnerable. service pack will install every single security patch till release and don't worry it's graduated a year before to assure you stability. there are suspected entries in your log files. sp3 upgrade will fix the issue instead you can use this also.
1. type msconfig in your run command dialog box
2. in startup tab select disable all, someantivirus or security softwares may still continue check their manual to disable them.
3. restart and update your pc.
4. if didn't work run your pc in safemode by pressing f8 after bootscreen prompt
5. update your pc
6. again run step 1 and this time enable all
7. check for updates, if fails disable suspected entries or check yourself by running or stopping services one by one.

if this didn't work thrn you have to upgrade to SP3 for further fix.

Good Luck !!
0
 
LVL 66

Accepted Solution

by:
johnb6767 earned 500 total points
ID: 24161174
You really dont want to have them install a service pack with the potential of virus/rootkit, do you? Even MS suggests to perform the install on a clean system.....
0
 
LVL 1

Expert Comment

by:bigpadhakoo
ID: 24165341
as according to technet information sp3 first checks with mailicious software removal tool and also replace all trusted system files in order to a successful install. with this the previous entries in registery becomes broken and remains as garbage which can be fixed by any general reg cleaner
0
 
LVL 66

Expert Comment

by:johnb6767
ID: 24174169
"sp3 first checks with mailicious software removal tool"

I can honestly say I have never found an  infection with the MRT...... And I have recently run a side by side comparison of about 4 major Spyware cleaners, and MRT/Windows defender reported systems were clean, and SuperAntiSpyware/Malware Bytes found Rootkits and Trojans.....

The MRT is not sufficient to determine if the PC is clean or not, as it only has a limited scope of what it is designed to detect. An yes, it will replace all trusted files, but even that is not 100%, as most of those files have modules loaded into memory that protect them from being renamed/replaced/deleted.

It just is not a wise decision to run an SP install, ESPECAILLY with the potential for a Rootkit to be on the machine, as it will definately not cure it......
0
 
LVL 66

Expert Comment

by:johnb6767
ID: 24174172
cschutte21, can you please respond to my last questions, so we can continue to assist?
0
 
LVL 1

Expert Comment

by:bigpadhakoo
ID: 24174325
I completely agree that MRT is useless for rootkits and based to detect and paralyze illegal copies of windows but sp3 contains most of the stable security patches that are helpful in detecting rootkit infections more easily than to mess with 100's of entries manually with older releases.  a single scan of spyware doctor starter edition is capable of doing this more easily and it is distributed free by google. btw we always have a open alternative to spend hours with the in depth structure which is not a healthy choice for fast running trends. consider it just a opinion rather than a suggestion.
0
 

Author Closing Comment

by:cschutte21
ID: 31570270
I ended up reinstalling the PC. Nothing was working, and the customer was getting a little impatient. After that, it worked great. Thanks for all your help
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

I annotated my article on ransomware somewhat extensively, but I keep adding new references and wanted to put a link to the reference library.  Despite all the reference tools I have on hand, it was not easy to find a way to do this easily. I finall…
Today companies are subjected to more-and-more data, and it won't stop any time soon.  But there are obvious opportunities for reducing data, particularly data duplicated among companies.
The viewer will learn common shortcuts with easy ways to remember them. The viewer will then learn where to find all of the keyboard shortcuts, how to create/change them, and how to speed up their workflow.
This video demonstrates how to use each tool, their shortcuts, where and when to use them, and how to use the keyboard to improve workflow.

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now