Solved

Windows Update Won't Run

Posted on 2009-04-14
17
852 Views
Last Modified: 2013-11-15
Hello. I had a PC that had viruses on it, but I got them all removed. The only issue with the PC is that it will not do windows updates. After some research I found out that the Background Intelligent Transfer Service (BITS) will not start. I ran a program that will determine if files are missing. It did find 3 .dll files missing, so I ran a sfc /scannow. After that, the .dlls were still missing, so I manually downloaded them. Now my scan shows that all needed files are there, but it still wont start. I'm trying to figure out if there is anything else I can do before I reformat and reinstall this.

I have ran windows repair, chkdsk, sfc /scannow, nothing is working.

Thanks in advance.
0
Comment
Question by:cschutte21
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 5
  • 4
  • +3
17 Comments
 
LVL 34

Expert Comment

by:Michael-Best
ID: 24144632
0
 
LVL 66

Expert Comment

by:johnb6767
ID: 24144705
There is a few rootkits that uses restrictions in a hidden key in HKLM\Software

RootRepeal - RootRepeal - Rootkit Detector
http://rootrepeal.googlepages.com/

Under each tab, hit the Scan button, and see if you get any RED files/services/processes/drivers in the list, or just look for the summary, for any hidden files/services/processes/drivers in the lower left hand corner.....

Also.....

reg query "HKEY_LOCAL_MACHINE\SOFTWARE" >c:\reg.txt

Attach/paste the contents of c:\reg.txt please....
0
 
LVL 26

Expert Comment

by:souseran
ID: 24144795
You shouldn't have to download .dll files.

I'd recommend you download Dial-a-Fix.

http://djlizard.net.nyud.net:8080/software/Dial-a-fix-v0.60.0.24.zip

Check the boxes next to the following:

Fix Windows Installer
Fix Windows Update
Select everything in the Registration center

Click the GO button.

When that's finished, put your OS media in your drive, and in Dial-a-Fix, click the Hammer icon at the bottom. From the new menu, first, select SFC purge. After that has completed, select SFC scan. Once that completes, remove the OS media and reboot your system.

Report back.
0
Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

 
LVL 1

Expert Comment

by:bigpadhakoo
ID: 24147879
it is possible your system is infected with thr latest worm conflicker also known as downadup or aprilfools virus. go to http://www.confickerworkinggroup.org/infection_test/cfeyechart.html to check if you are infected or not. removing instructions are here http://www.confickerworkinggroup.org/wiki/ 

if you are not infected Simply go to windows update site and check if your updating engine is perfect or not and also re installation of update engine. you may also get some patches from there to run windows update perfectly.
0
 
LVL 7

Expert Comment

by:tonyteri
ID: 24149160
have you tried doing a system restore backa  few weeks?  

/TT
0
 

Author Comment

by:cschutte21
ID: 24149378
Souseran, I tried yours first but I had no luck. I am now trying johnb6767's response. And bigpadhakoo's response came back clean.
0
 
LVL 1

Expert Comment

by:bigpadhakoo
ID: 24150710
allright, which tool you used for virus cleaning ? i recommend to run a scan from spyware doctor it's starter edition is free and can be downloaded from google at http://pack.google.com/intl/en/pack_installer.html
if it doesn't work then you are left with one solid option to repair your operating system with your windows CD. this will definately fix by replacing missing files and relinking registery entries. if issue doesn't fixed then we'll move to advanced level fixes. Just download Hijackthis by Trendmicro from http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe to create a indepth logfile of your system and post here. Good Luck !!
0
 

Author Comment

by:cschutte21
ID: 24151107
Here are a few logs...
hijackthis.log
report.txt
0
 

Author Comment

by:cschutte21
ID: 24152648
bigpadhakoo, I have ran Malwarebytes, ComboFix, Hijack This,  and I currently have AVG installed.
0
 
LVL 66

Expert Comment

by:johnb6767
ID: 24153648
Hidden/Locked Files
-------------------
Path: C:\WINDOWS\system32\drivers\a1dca2b8.sys

Hidden Services
-------------------
Service Name: a1dca2b8
Image Path: C:\WINDOWS\System32\drivers\a1dca2b8.sys

Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\a1dca2b8 in the registry. Does it exist?

Can you give me the following output please?

reg query "HKEY_LOCAL_MACHINE\SOFTWARE" >c:\reg.txt

There is probably a hidden key called HKEY_LOCAL_MACHINE\SOFTWARE\a1dca2b8
or
HKEY_LOCAL_MACHINE\SOFTWARE\a1dca2b8.sys

I want to verify something before going any further....

Also, is this PC on a network with any others?




0
 
LVL 1

Expert Comment

by:bigpadhakoo
ID: 24154750
go to microsoft and download service pack 3, this is important coz sp2 is heavily vulnerable. service pack will install every single security patch till release and don't worry it's graduated a year before to assure you stability. there are suspected entries in your log files. sp3 upgrade will fix the issue instead you can use this also.
1. type msconfig in your run command dialog box
2. in startup tab select disable all, someantivirus or security softwares may still continue check their manual to disable them.
3. restart and update your pc.
4. if didn't work run your pc in safemode by pressing f8 after bootscreen prompt
5. update your pc
6. again run step 1 and this time enable all
7. check for updates, if fails disable suspected entries or check yourself by running or stopping services one by one.

if this didn't work thrn you have to upgrade to SP3 for further fix.

Good Luck !!
0
 
LVL 66

Accepted Solution

by:
johnb6767 earned 500 total points
ID: 24161174
You really dont want to have them install a service pack with the potential of virus/rootkit, do you? Even MS suggests to perform the install on a clean system.....
0
 
LVL 1

Expert Comment

by:bigpadhakoo
ID: 24165341
as according to technet information sp3 first checks with mailicious software removal tool and also replace all trusted system files in order to a successful install. with this the previous entries in registery becomes broken and remains as garbage which can be fixed by any general reg cleaner
0
 
LVL 66

Expert Comment

by:johnb6767
ID: 24174169
"sp3 first checks with mailicious software removal tool"

I can honestly say I have never found an  infection with the MRT...... And I have recently run a side by side comparison of about 4 major Spyware cleaners, and MRT/Windows defender reported systems were clean, and SuperAntiSpyware/Malware Bytes found Rootkits and Trojans.....

The MRT is not sufficient to determine if the PC is clean or not, as it only has a limited scope of what it is designed to detect. An yes, it will replace all trusted files, but even that is not 100%, as most of those files have modules loaded into memory that protect them from being renamed/replaced/deleted.

It just is not a wise decision to run an SP install, ESPECAILLY with the potential for a Rootkit to be on the machine, as it will definately not cure it......
0
 
LVL 66

Expert Comment

by:johnb6767
ID: 24174172
cschutte21, can you please respond to my last questions, so we can continue to assist?
0
 
LVL 1

Expert Comment

by:bigpadhakoo
ID: 24174325
I completely agree that MRT is useless for rootkits and based to detect and paralyze illegal copies of windows but sp3 contains most of the stable security patches that are helpful in detecting rootkit infections more easily than to mess with 100's of entries manually with older releases.  a single scan of spyware doctor starter edition is capable of doing this more easily and it is distributed free by google. btw we always have a open alternative to spend hours with the in depth structure which is not a healthy choice for fast running trends. consider it just a opinion rather than a suggestion.
0
 

Author Closing Comment

by:cschutte21
ID: 31570270
I ended up reinstalling the PC. Nothing was working, and the customer was getting a little impatient. After that, it worked great. Thanks for all your help
0

Featured Post

Transaction Monitoring Vs. Real User Monitoring

Synthetic Transaction Monitoring Vs. Real User Monitoring: When To Use Each Approach? In this article, we will discuss two major monitoring approaches: Synthetic Transaction and Real User Monitoring.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

All of the resources available today make learning a new digital media easier than ever-- if you know where to begin. This is a clear, simple guide to a few of the basic digital art mediums and how to begin learning them on your own.
Developer portfolios can be a bit of an enigma—how do you present yourself to employers without burying them in lines of code?  A modern portfolio is more than just work samples, it’s also a statement of how you work.
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…
Finding and deleting duplicate (picture) files can be a time consuming task. My wife and I, our three kids and their families all share one dilemma: Managing our pictures. Between desktops, laptops, phones, tablets, and cameras; over the last decade…

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question