[monkfish]

This computer recently had a major problem with malware, causing all sorts of issues (crashes, hijack of Google, locking up, horrendous amounts of data going up and down the phoneline, and so on). Thanks to someone wonderful at www.malwareremoval.com who gave loads of advice and instructions, we've managed to clear the computer of all the nasty bits of malware. (Probably!)

However one of the effects remains as Windows automatic update will not function. In addition I couldn't get anything to download from the microsoft site.

Any help at all would be gratefully received.

Here's what has happened so far, following instructions from malwareremoval.com:

Using services.msc to look at the two processes gave these results:

Automatic Updates: Program name - wuauserv

Set to automatic but is not currently running.

Path to executable - %fystemroot%\system32\svchost.exe -k netsvcs

The automatic updates could not be started, giving this error message:

'Could not start the Automatic Updates service on local computer.

Error 2: The system cannot find the file specified.'

Background Intelligent Transfer Service Program name - BITS

This is set to manual and is currently stopped.

Path to executable - %fystemroot%\system32\svchost.exe -k netsvcs

Again, it could not be started, giving the same error message:

'Could not start the Background Intelligent Transfer service on local computer.

Error 2: The system cannot find the file specified.'




The idea was to try to get BITS working first and I was asked to run the following command:
cmd /c dir C:\*.* /L /A /B /S|Find "qmgr" >> "%userprofile%\desktop\BITSlook.txt"
The resulting file looked like this:

BITSlook.txt file:

c:\documents and settings\all users\application data\microsoft\network\downloader\qmgr0.dat
c:\documents and settings\all users\application data\microsoft\network\downloader\qmgr1.dat
c:\windows\$ntservicepackuninstall$\qmgr.dll
c:\windows\$ntservicepackuninstall$\qmgr.inf
c:\windows\$ntservicepackuninstall$\qmgrprxy.dll
c:\windows\i386\qmgr.dl_
c:\windows\i386\qmgr.in_
c:\windows\i386\qmgrprxy.dl_
c:\windows\inf\qmgr.inf
c:\windows\inf\qmgr.pnf
c:\windows\servicepackfiles\i386\qmgr.dll
c:\windows\servicepackfiles\i386\qmgr.inf
c:\windows\servicepackfiles\i386\qmgrprxy.dll
c:\windows\system32\qmgr.dll
c:\windows\system32\qmgrprxy.dll
c:\windows\system32\bits\qmgr.dll


I was then asked to try to reinstall BITS from the Microsoft site at
http://www.microsoft...;displaylang=en

Unfortunately this didn't work. When trying to download BITS I get this message:

'Setup has detected that the Service Pack version of this system is newer than the update you are applying. There is no need to install this update.'


I've also tried to download updates manually from microsoft (using Internet Explorer) but got this message:

'The website has encountered a problem and cannot display the page you are trying to view.'
It gives an error number 0x80070002

The Microsoft site gives a couple of solutions for the latter problem but neither of them work.


The wonderful person at malwareremoval.com says it looks like the right files are there for BITS to work but probably registry issues are stopping it from working. He she has referred me here.

Help! Thank you.

[Advertisements]

OK so nowhere in your post did you mention they ran logs or attempted to clean your system.
If thye did what pograms did they use and what logs did they ask for?
If they did none of this then:



I suggest you go to the Malware Forum and run all the steps located in the START HERE. These self-help tools will help you clean up 70% of problems on your own. If you are still having problems after doing the steps, then please post the reguested logs in THAT forum. If you are unable to run any of the tools then start a new topic in the malware forum and put this in the subject line...I am unable to run any malware tools

If you are still having problems after being given a clean bill of health from the malware expert, then please return to THIS thread and we will pursue other options to help you solve your current problem(s).

Add a link to this topic so that malware tech can see what steps have been taken here

Edited by rshaffer61, 02 July 2009 - 07:07 AM.

[rshaffer61]

OK so nowhere in your post did you mention they ran logs or attempted to clean your system.
If thye did what pograms did they use and what logs did they ask for?
If they did none of this then:



I suggest you go to the Malware Forum and run all the steps located in the START HERE. These self-help tools will help you clean up 70% of problems on your own. If you are still having problems after doing the steps, then please post the reguested logs in THAT forum. If you are unable to run any of the tools then start a new topic in the malware forum and put this in the subject line...I am unable to run any malware tools

If you are still having problems after being given a clean bill of health from the malware expert, then please return to THIS thread and we will pursue other options to help you solve your current problem(s).

Add a link to this topic so that malware tech can see what steps have been taken here

Edited by rshaffer61, 02 July 2009 - 07:07 AM.

[monkfish]

Hello,

Thank you. Sorry for not including information about the process used to clean the computer.

Tools used, after I'd used Malwarebytes Antimalware myself, were Hijack This, ComboFix, and the RSIT scanner, on the way replacing Adobe Acrobat Reader and using services.msc a few times.

The original thread from www.malwareremoval.com, including all the steps and various logfiles can be found at
http://www.malwarere...=450011#p450011
(I'm signed up as asteroid there but this forum already has an asteroid so I had to be monkfish!)

If I still need to get a clean bill of health through this forum let me know and I'll gladly do so - and have already saved a new mbam log (with nothing found) and logs from rooter and OTL so it's no trouble uploading them. No problem at all.

By the way, and this may not be relevant to finding solutions, I noticed that the 'extras' log from OTL contains the following under [System Events]

Error - 02/07/2009 06:01:07 | Computer Name = ASTEROIDMACHINE | Source = DCOM | ID = 10005
Description = DCOM got error "%2" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 02/07/2009 06:01:07 | Computer Name = ASTEROIDMACHINE | Source = Service Control Manager | ID = 7000
Description = The Automatic Updates service failed to start due to the following
error: %%2


Of course, I'm pretty ignorant about these things and that data might be of no use to anyone.
I also forgot to state that I am currently running Avira AntiVir and Outpost Firewall and using Operating system Windows XP Home Edition Service Pack 3 (Version = 5.1.2600)
A system restore point was made this morning and all previous restore points deleted/cleaned.

Thankyou very much.

[monkfish]

I'd better write this quickly before you start to try to find the problem on this machine. Hopefully I've beaten you to it.

I've just solved the issue and am actually really pleased with myself - BITS and Automatic Updates are now working.

One of the bits of grot software that was on the machine had changed entries relating to these services in the registry from "systemroot" to "fystemroot".

I've now changed them back (after two attempts and having to learn about permissions when using regedit) and rebooted the computer. Automatic Updates came on just as it should and BITS can now be started manually as it should be able to be started.

Thank you for being there and offering to help, and presumably helping lots of other people. Just for once I've solved something on my own.

Ashley (monkfish)