[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 623
  • Last Modified:

Windows Update Service gone from Vista laptop

I find that a machine i've been given has apparently no Windows Update service at all. There was recent malware, now removed, and an sfc /scannow produced quite a bit of activity, some apparently unsuccessful. Ive attached today's part of the log file below.

The Vista laptop is Service Pack 1. I suppose it's too much to hope that installing Service Pack 2 manually is going to right these problems? If so, what's the best way to restore Windows Update functionality?
cbs-today.log
0
CEHJ
Asked:
CEHJ
  • 8
  • 5
  • 2
  • +3
5 Solutions
 
xDUCKxCommented:
You can run with Windows Update Repair Tool:

http://support.microsoft.com/kb/971058

But yes, SP2 should fix it also.
0
 
CEHJAuthor Commented:
I'll have a go with that repairer later thanks. I must say i'm not hugely optimistic as i tried that with another Vista box once with a similar problem, to no effect.
0
 
☠ MASQ ☠Commented:
If this is as a result of something like the zeroaccess infection are you certain the system is now clean?

There are probably both registry permission changes and re-registration of the WU (and maybe also BITS) services that will need correction. The Windows Fix-It really is designed to restore corrupted files not malicious changes to the registry.

I'm currently using this tool to help fix the damage caused by rootkits on Windows Services
http://www.tweaking.com/content/page/windows_repair_all_in_one.html

However it may be worth getting a view from one of the AV experts here to confirm that everything is clean otherwise you'll just be chasing your tail.
0
Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

 
CEHJAuthor Commented:
Good question MASQUERAID. I did the first part of the treatment with Kaspersky rescue disk 10, and followed that with a MalwareBytes quick scan, followed by a full scan.
I'll take a look at the all-in-one thanks.

Of course, the lower the level of operation of tools, the more history and peer-reviewing they should have behind them. I'd be quite scared running a newish tool in anything other than reporting mode.
0
 
☠ MASQ ☠Commented:
Agreed, it's quite new to me too but has so far reliably done "just what it says on the tin".
I'll see if I can flag down a passing malware expert ;)
0
 
CEHJAuthor Commented:
Can it run just in reporting mode btw?
0
 
☠ MASQ ☠Commented:
No, it's not particularly helpful as a diagnostic, nor does it tell you much about what it has done as a fix (or intends to do) other than a generalisation in a descriptor window for each of the repair tools currently included.  It is a work in progress.
0
 
younghvCommented:
Hello from the Colonies!

I would follow-on with the comments from MASQ about checking/eliminating malware as the source of this problem.

There are a huge variety of tools out there to use, but if you're going to do any work during the Normal Boot of the OS, use one of the 'rogue process stoppers' first.

I discuss them in the following EE Articles. The first (by EE Expert "Tigzy") is a tool I've been using for about two years and has done a great job for me. The additional Menu Choices can auto-correct a lot of problems that come with malware and he is great at identifying further problems by reviewing the logs generated (post them when done).

In the second article I mention "TheKiller" which is also great - and  has some 'auto-correct' features.

Both tools are well vetted and in use all over the world.

Use either one of those, then run a new "Quick Scan" of Malwarebytes.

http://www.experts-exchange.com/A_4922.html Rogue-Killer-What-a-great-name
http://www.experts-exchange.com/A_5124.html Stop-the-Bleeding-First-Aid-for-Malware

(Post the logs from anything you run and we can take a look at it.)

Vic

I forgot to mention "Boot Scanners" if you want to go that route.
From MS: http://windows.microsoft.com/en-US/windows/what-is-windows-defender-offline

or -
Emsisoft Emergency Kit 2.0
http://www.emsisoft.com/en/software/download/
0
 
Donald StewartNetwork AdministratorCommented:
Run the System Update Readiness Tool that fixes Windows Update problems is available for Windows 7, Windows Vista, Windows Server 2008 R2, and Windows Server 2008


http://support.microsoft.com/kb/947821
0
 
CEHJAuthor Commented:
There are probably both registry permission changes and re-registration of the WU (and maybe also BITS) services that will need correction

Actually the BITS service is (apparently) completely absent so it's looking like Update is therefore completely broken
0
 
Donald StewartNetwork AdministratorCommented:
Did you run the System update readiness tool???
0
 
younghvCommented:
...Kaspersky rescue disk 10, and followed that with a MalwareBytes quick scan...

I wish you well with this, but you are making a mistake to ignore the comments about malware. The steps you describe as having taken are truly inadequate and incomplete.

All the OS repairs in the world will come to naught if the real problem is being caused by a chunk of malware residing somewhere you haven't checked.

If you decide to try a different approach, post a new question in the Virus & Spyware Zones.

I'll unsubsribe from this and let you continue to work with the OS Experts.
0
 
CEHJAuthor Commented:
Did you run the System update readiness tool???

To be perfectly honest, i can't remember now, sorry. I think so. I restored BITS manually with a registry edit. Update is now running again

I wish you well with this, but you are making a mistake to ignore the comments about malware.
Sorry, i'm not sure how running three anti-malware scans from two different apps prior to doing any work on rebuilding the machine is ignoring the intent of any comments above ...
0
 
☠ MASQ ☠Commented:
Sounds like job done ;)

The logic behind Vic's post and my comment about clean-up is zeroaccess is a particularly sneaky rootkit and often travels in a pack so it might be worth a scan launched from a bootable tool like Emsisoft. Yes it's a little malware paranoia but if there's something else lurking hidden it's just coming back to get you later.
0
 
CEHJAuthor Commented:
so it might be worth a scan launched from a bootable tool like Emsisoft.
Kaspersky Rescue Disk is a bootable tool though ;) I even went to the trouble of running it against the other two partitions.
0
 
☠ MASQ ☠Commented:
My mistake! Word blind! All should be well then.  I guess SP2 through Windows Update is your next challenge.
0
 
CEHJAuthor Commented:
I guess SP2 through Windows Update is your next challenge.
Piece of proverbial - already installed ;)
The only thing remaining is to sort out why there are 2 MacAfee icons in the systray, one of which is showing as 'unprotected'
0
 
joinaunionCommented:
Have you checked to see if the service is running? Click start then run type in services.msc
On the right scroll down to windows update and double click it should be set to automatic.
Then click stop then start.
Reboot.

Or go here http://support.microsoft.com/kb/971058 expand let me fix it myself if you want to or run the fix it for me.
0
 
CEHJAuthor Commented:
Thanks guys.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 8
  • 5
  • 2
  • +3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now