Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works

Upgrading W2k to SP4 and losing it back to SP3

  • Please log in to reply




  • Member
  • PipPip
  • 23 posts
Dear All,

Here is my problem: in 2006 I updated my w2k to sp4. this went smoothly. by early december 2008 (i was very careless i know) i catch a very bad virus (most probably Rootkit typ). First i got a blue screen, then after rebooting tcp/ip was disabled (tcp/ip transport is not installed). through researches on the net i started to clean my system with tools found such as: gmer, RunThis, CatchMe, SDFix. slowly i got my internet back and slowly stabilized the OS. But then I had to find out that my SP4 level was reset to SP3. I logged in to microsoft and run the upgrade to get SP4 back. but this failed. i tried several ways to achieve this (e.g. automatic, manual, online, offline) but to no avail.

Where is the hook? every time the update process reaches the point of closing the work, the process stops at a particular location. Let me try to describe this as good as possible (i must translat it from the german screen):
-1- window name: Service Pack 4 Setup - Error
msg content: when updating the system an error has occurred.
-2- window name: sp4iis
msg content: the event can not be registered (or something similar)
-3- window name: program error
msg content: sp4iis.exe has created an error and will be closed. stat the program new.

My Handicap: i have setup my system in germany but i work in jordan. all my original disks are at home in europe. i am not allowed to just go the simple way of reformatting the whole HD. this would be disastrous as i have all my data and many installed programs on it. so any solution must be in cleaning, search and destroy etc.

found malicious apps when i was cleaning: i have found a few things when i cleaned the system:
1 - in winnt\system32\drivers\ there was a folder "etc" with the following files in it (hosts / imhosts.sam / networks / protocol / services). i'm not sure if this is malicious.
2 - in winnt\system32\ i found (iifgEtqo.dll / oqtEgfii.ini / oqtEgfii.ini2 / rxxkcauw.dll / wuackxxr.ini)
3 - further Spybot reported that registry will be updated and found redirect for search pages.
4 - another report from Spybot was "NT startup - value deleted - load"

Solution: ok, so that is my most imminent problem i have to solve. my top most priority is to get SP4 back. there are various SW and HW i can't use e.g. acronis for mirroring, U3 usb memory etc.

Anyone here having experience getting my w2k back to SP4? Thank you in advance and read you later.

QUICK EDIT: i did make a search on the net for my problem. but unfortunately i could not find any solution to it - not even by microsoft. the youngest post on this issue is as old as 2 years.

Edited by crapelli, 03 May 2009 - 01:41 AM.

  • 0





  • Moderator
  • 34,114 posts
It appears you may have a malware problem.
Please go to the "Malware Forum" link in my signature below and follow the instructions at the top
Especially the "You Must Read This Before Posting A HijackThis Log".

That will give you several steps that will help you clean up 70 percent of all problems by yourself.
If at the end of the process you are still having difficulty start a topic and post the requested logs in THAT Forum.
Once the malware technicians have cleared out any infection and given you a clean bill of health, and if the problem continues then feel free to post back here and we can investigate the problem even more.

Add a link to this topic so that malware tech can see what steps have been taken here
  • 0




  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Good day rshaffer61,

Thank you for your response. I did before run all those scanners (that was back in December 2008) when the virus struck. But I did run all of them again just to make sure all is fine. The main issue "not being able in upgrading to SP4" is making me believe that something, somewhere is left over.

That leaves the question if I still have to submit reports to the Malware Forum?

Your view is appreciated. Thank you.
  • 0




  • Retired Staff
  • 47,710 posts
You should go and visit the Malware Forum anyway, there is bound to be some malware still there.
  • 0

Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP