Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Hijack.WindowsUpdate


  • Please log in to reply

#1
BigSi79

BigSi79

    New Member

  • Member
  • Pip
  • 4 posts
Afternoon All,

The aforementioned virus/malware/problem will not disappear. MBAM picks it up everytime, two copies of it to be precise. The information it lists is as follows:

Number 1.

Hijack.WindowsUpdate / Registry Data / HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Data: %fystemRoot%\system32\svchost.exe -k netsvcs) / Ref #40656

Number 2.

Hijack.WindowsUpdate / Registry Data / HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Data: %fystemRoot%\system32\svchost.exe -k netsvcs) / Ref #97196

I've tried SmitFraudFix in safe mode, MBAM in safe mode, I regularly run Ad-Aware, filehippo.com, SpywareGuard, Spyware Blaster...and err, that's about it! I work for a relatively large company and the HQ IT guys can't seem to get rid of it either!

Thanks guys, any help would be tip top; if I can give any more info do let me know.

Oh, running XP, laptop is a Bony Vaio VGN-SZ71WN.

Thanks,
Simon.
  • 0

Advertisements


#2
BigSi79

BigSi79

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
PROBLEM SOLVED! :)

A friendly IT guy went into 'regedit', changed permissions to allow changes on both 'BITS' & 'wuauserv'.

He did this after noticing the incorrect spelling in each path, '(Data: %fystemRoot%\system32\svchost.exe -k netsvcs)'. (Note the f, not S in 'System')

Used the Modify option to change the 'f' from within '%fystemRoot%' to an 'S' to become '&SystemRoot%' on both. Rescanned using MBAM again and all is well.

Thanks guys.
  • 1






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP