Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malware on old Windows XP SP2 inhibts automatic upgrade to SP3?


  • Please log in to reply

#16
Phom

Phom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Now we are in trouble. After trying combofix again, it hung, but rebootin gthe computer only ends in a black screen, directly after starting the PC.
  • 0

Advertisements


#17
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
Black screen after a restart doesn't sound like a software problem. More like hardware. Are you seeing the PC maker's logo? Can you get into the BIOS/CMOS setup?
  • 0

#18
Phom

Phom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
I solved this. After unplugging the Laptop power supply chord the laptop restarted normally. I use safe mode now and did start combofix. It runs for some hours now. I will see tomorrow how combofix comes out, because I will leave my office in about 1h. I do not think that a hardware problem exists. It is an old IBM T40 that is quite robust and now it runs again ok.
  • 0

#19
Phom

Phom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Over night the laptop stopped combofix with this message: Not enough virtual memory ... But I could not click ok, because the cursor did not react. So I had to turn off the computer. Automatic update is still not working.

Edited by Phom, 12 February 2013 - 02:39 AM.

  • 0

#20
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
You might look in C:\Combofix\ and C:\qoobox.

See if there are any combofix.txt files. If you find any then copy and paste them.

Does DDS hang in safe Mode?

Try the Dial-a-fix again and see if it will fix the auto updates for you.


Download, Save and Run (win 7 or Vista => Right click and Run as Admin.) farbar service scanner

Posted Image

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.
  • 0

#21
Phom

Phom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
combofix.txt not found anywhere.

DDS froze even in safe mode

Dialfix did not solve the problem with windows update.

Farbar Service Scanner Version: 10-02-2013
Ran by Stefan (administrator) on 13-02-2013 at 10:05:17
Running from "C:\Dokumente und Einstellungen\Stefan\Eigene Dateien\Downloads"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll
[2013-02-06 11:15] - [2008-04-14 07:52] - 0127488 ____A (Microsoft Corporation) C29A1C9B75BA38FA37F8C44405DEC360

C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll
[2004-08-04 13:00] - [2008-04-14 07:52] - 0045568 ____A (Microsoft Corporation) 8C9ED3B2834AAE63081AB2DA831C6FE9

C:\WINDOWS\system32\ipnathlp.dll
[2004-08-04 13:00] - [2008-04-14 07:52] - 0334336 ____A (Microsoft Corporation) CAD058D5F8B889A87CA3EB3CF624DCEF

C:\WINDOWS\system32\netman.dll
[2004-08-04 13:00] - [2008-04-14 07:52] - 0198144 ____A (Microsoft Corporation) E6D88F1F6745BF00B57E7855A2AB696C

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2002-10-01 09:48] - [2008-04-14 07:52] - 0145408 ____A (Microsoft Corporation) 6F3F3973D97714CC5F906A19FE883729

C:\WINDOWS\system32\srsvc.dll
[2002-10-01 09:50] - [2008-04-14 07:52] - 0171520 ____A (Microsoft Corporation) FE77A85495065F3AD59C5C65B6C54182

C:\WINDOWS\system32\Drivers\sr.sys
[2013-02-06 11:15] - [2008-04-14 07:32] - 0073472 ____A (Microsoft Corporation) 50FA898F8C032796D3B1B9951BB5A90F

C:\WINDOWS\system32\wscsvc.dll
[2004-08-04 13:00] - [2008-04-14 07:52] - 0080896 ____A (Microsoft Corporation) 300B3E84FAF1A5C1F791C159BA28035D

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2002-10-01 09:48] - [2008-04-14 07:52] - 0145408 ____A (Microsoft Corporation) 6F3F3973D97714CC5F906A19FE883729

C:\WINDOWS\system32\wuauserv.dll
[2002-10-01 09:48] - [2008-04-14 07:52] - 0006656 ____A (Microsoft Corporation) 7B4FE05202AA6BF9F4DFD0E6A0D8A085

C:\WINDOWS\system32\qmgr.dll
[2013-02-06 11:19] - [2008-04-14 07:52] - 0409088 ____A (Microsoft Corporation) D6F603772A789BB3228F310D650B8BD1

C:\WINDOWS\system32\es.dll
[2004-08-04 13:00] - [2008-04-14 07:52] - 0246272 ____A (Microsoft Corporation) 0F3EDAEE1EF97CF3DB2BE23A7289B78C

C:\WINDOWS\system32\cryptsvc.dll
[2004-08-04 13:00] - [2008-04-14 07:52] - 0062464 ____A (Microsoft Corporation) 611F824E5C703A5A899F84C5F1699E4D

C:\WINDOWS\system32\svchost.exe
[2004-08-04 13:00] - [2008-04-14 07:53] - 0014336 ____A (Microsoft Corporation) 4FBC75B74479C7A6F829E0CA19DF3366

C:\WINDOWS\system32\rpcss.dll
[2004-08-04 13:00] - [2008-04-14 07:52] - 0399360 ____A (Microsoft Corporation) E970C2296916BF4A2F958680016FE312

C:\WINDOWS\system32\services.exe
[2013-02-06 11:15] - [2008-04-14 07:53] - 0109056 ____A (Microsoft Corporation) 4BB6A83640F1D1792AD21CE767B621C6


Extra List:
=======
aswTdi(14) DNE(13) Gpc(7) IPSec(5) irda(9) NetBT(6) NwlnkIpx(11) NwlnkNb(12) PSched(8) s24trans(10) Tcpip(4)
0x0E00000005000000010000000200000003000000040000000E000000060000000700000008000000090000000A0000000B0000000C0000000D000000
IpSec Tag value is correct.

**** End of log ****
  • 0

#22
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
Copy the next two line:

net start > \junk.txt
notepad \junk.txt

Start, Run, cmd, OK

right click and Paste or Edit then Paste and the copied lines should appear.
Hit Enter and notepad should open. Copy and paste the text into a Reply.
  • 0

#23
Phom

Phom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Folgende Windows-Dienste sind gestartet:

Arbeitsstationsdienst
Ati HotKey Poller
Automatische Updates
avast! Antivirus
BITS
Cisco Systems, Inc. VPN Service
Client Service fr NetWare
COM+-Ereignissystem
Computerbrowser
CryptSvc
DCOM-Server-Prozessstart
Designs
DHCP-Client
DNS-Client
Druckwarteschlange
Ereignisprotokoll
Fehlerberichterstattungsdienst
Gatewaydienst auf Anwendungsebene
Geschtzter Speicher
HID Input Service
Hilfe und Support
IBM PM Service
Infrarotberwachung
IPSEC-Dienste
Kompatibilit„t fr schnelle Benutzerumschaltung
Konfigurationsfreie drahtlose Verbindung
Netzwerkverbindungen
NLA (Network Location Awareness)
NMSAccess
Plug & Play
QCONSVC
RAS-Verbindungsverwaltung
RegSrvc
Remote-Registrierung
Remoteprozeduraufruf (RPC)
Secondary Logon
Server
Shellhardwareerkennung
Sicherheitscenter
Sicherheitskontenverwaltung
Systemereignisbenachrichtigung
Systemwiederherstellungsdienst
Taskplaner
TCP/IP-NetBIOS-Hilfsprogramm
Telefonie
Terminaldienste
Verwaltung logischer Datentr„ger
Windows Audio
Windows-Bilderfassung (WIA)
Windows-Firewall/Gemeinsame Nutzung der Internetverbindung
Windows-Verwaltungsinstrumentation
Windows-Zeitgeber
Xpoint Admin Server
šberwachung verteilter Verknpfungen (Client)

Der Befehl wurde erfolgreich ausgefhrt.
  • 0

#24
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
It looks like it should work. How do you know it's not working? Do you have a firewall that could be blocking it?

Can you use IE and go to windowsupdate.microsoft.com ?
  • 0

#25
Phom

Phom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
That is what I have done: Go to systsm - security - windows update
Used: look for new updates
IE opens
First checks for recent download software- ok
Opened nes window with two options- automatic scan or maual section
I used scan, but the same occurs with manual selection.
The system starts, a running scanning bar occurs.
After 1 -2 minutes a error page opens saying something like: An error occurred.

That is all. So automatic updates and firewall are enabled. In the firewall I added an exemption for windows update, but the behavior is the same.
  • 0

Advertisements


#26
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
Sometimes it helps to put *.microsoft.com in the Trusted Sites (uncheck the HTTPS box when you do)

What exactly does the error say?
  • 0

#27
Phom

Phom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
The error occurs also with the firewall turned off and also with the exception you mentioned

IT says (in german!) First a white cross in red circle, then:

Die gewünschte Seite kann nicht angezeigt werden, da auf der Website ein Problem aufgetreten ist. Mit den folgenden Optionen kann das Problem möglicherweise behoben werden.
Optionen zur Selbsthilfe:

Häufig gestellte Fragen

Lösungen suchen

Windows Update-Newsgroup
Optionen für technischen Support:

Microsoft-Onlinesupportunterstützung (für Windows Update-Probleme kostenlos)


Ca. translation. The selected website cannot be displayed, because there are problems on the website. With the following options the problems might be solved: Then different support options follow.

The website says, the problem is on the website, not the computer.
  • 0

#28
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
No need to translate. I lived in Germany for 11 years and was married to a German lady for 20.

Have we tried resetting the permissions yet?

http://www.tweaking....ermissions.html
  • 0

#29
Phom

Phom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
I did run tweaking software, but this resulted in no change of the windows update behavior.
  • 0

#30
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
Start, Run, proxycfg -d , OK

(SPACE before =d )

If that doesn't help then:

Open IE, Tools, Internet Options Advanced and hit the Reset, OK. Then close IE and reopen and try it again.



Can you find a c:\windows\windowsupdate.log ?

Attach it to a Reply.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP