Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

microsoft update blocked and redirected


  • This topic is locked This topic is locked
21 replies to this topic

#1 July301955

July301955

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:21 PM

Posted 25 June 2011 - 10:25 PM

My ESET Nod program alerts me that MS update is not working. I try to activate it manually, as I have it set to automatically update, and it is blocked and Google searches to reach the MS site are redirected. EST nod is flashing that it has blocked analytics evasion.com. It seems stuck too. So it seems I have some virus that had taken hold. I am a novice but interesting in looking deeper into this so appreciative of any help anyone might offer. Thanks, Rich in Indianapolis DDS.txt follows per instructions

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Owner at 22:48:35 on 2011-06-25
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2031.1222 [GMT -4:00]
.
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICFA.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.cnn.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [EPSON Stylus CX9400Fax Series] c:\windows\system32\spool\drivers\w32x86\3\e_faticfa.exe /fu "c:\windows\temp\E_S5ED.tmp" /EF "HKCU"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: icemiller.com\citrix
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1309052308093
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: DhcpNameServer = 68.87.72.134 68.87.77.134
TCP: Interfaces\{F1272094-3B89-4685-9743-4DB503E02432} : DhcpNameServer = 68.87.72.134 68.87.77.134
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\v8nemxzf.default\
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-5-31 13496]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-3-29 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2010-3-29 95872]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2010-3-29 810120]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2008-7-23 44800]
.
=============== Created Last 30 ================
.
2011-06-16 20:02:55 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-06-07 16:35:34 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2011-06-07 16:35:34 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2011-05-31 05:24:54 -------- d-----w- c:\program files\RegZooka
2011-05-31 04:50:58 29520 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2011-05-31 04:50:58 13496 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2011-05-31 04:50:58 -------- d-----w- c:\documents and settings\owner\application data\IObit
2011-05-31 04:50:54 -------- d-----w- c:\program files\IObit
2011-05-31 04:39:48 -------- d-----w- c:\documents and settings\owner\application data\Sammsoft
2011-05-31 04:39:37 -------- d-----w- c:\program files\ARO 2011
2011-05-31 03:26:48 -------- d-----w- c:\program files\CCleaner
2011-05-31 03:01:51 -------- d-----w- c:\documents and settings\owner\application data\SUPERAntiSpyware.com
2011-05-31 03:01:51 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-05-31 03:01:44 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-05-31 02:46:02 -------- d-----w- c:\documents and settings\owner\application data\Malwarebytes
2011-05-31 02:45:56 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-05-31 02:09:25 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-05-31 02:09:25 -------- d-----w- c:\windows\system32\wbem\Repository
2011-05-31 01:54:42 -------- d--h--w- c:\windows\system32\GroupPolicy
.
==================== Find3M ====================
.
2011-06-16 01:18:41 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11:11 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11:11 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01:22 385024 ---ha-w- c:\windows\system32\html.iec
2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-04-06 20:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 20:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD2500JS-60MHB5 rev.10.02E04 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-13
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89D586D0]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x89d5e9d0]; MOV EAX, [0x89d5ea4c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x89DC9AB8]
3 CLASSPNP[0xBA0E8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000061[0x89DCD9E8]
5 ACPI[0xB9F7F620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x89DED940]
\Driver\atapi[0x89DB3B08] -> IRP_MJ_CREATE -> 0x89D586D0
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x89D5851B
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 22:49:44.39 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:21 PM

Posted 26 June 2011 - 10:52 AM

Hello and welcome. Please follow these guidelines while we work on your PC:
  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until Iíve given you the ďAll clear.Ē Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.
Posted Image Download TDSSKiller.zip and extract TDSSKiller.exe to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found then ensure Cure is selected. Important - If there is no option to "Cure" it is critical that you select "Skip"
  • Then click Continue > Reboot now
  • Once complete, a log will be produced in c:\. It will be named for example, TDSSKiller.2.4.0.0_24.07.2010_13.10.52_log.txt
  • Post that log, please.
Posted Image Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please include the following in your next post:
  • TDSSKiller log
  • ComboFix log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#3 July301955

July301955
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:21 PM

Posted 26 June 2011 - 07:41 PM

Thanks. I ran TDSSkiller as directed. It did not give me the "cure-skip" choice. Instead it showed "cured" and directed me to finish and reboot. I did. I then tested whwther MS updater would now open it did. Yipee! Still in light of your instructions I am attaching a combofix log file too. However, I ran it late last night and it was not curative. I recognize it will not show the current configuartion do you want me to run it again now?

Attached Files



#4 July301955

July301955
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:21 PM

Posted 26 June 2011 - 07:44 PM

Attached File  TDSSKiller.2.5.5.0_26.06.2011_20.11.55_log.txt   34.91KB   1 downloadsAttached File  Combofix_log_file.txt   10KB   1 downloads

Sorry i failed to properly attach the files in the first post but here they are.

#5 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:21 PM

Posted 26 June 2011 - 09:10 PM

Hi,

Posted Image You have IObit Smart Defrag installed. IObit has been accused of stealing and incorporating Malwarebytes AntiMalware's proprietary database and intellectual property into their software. More information is available HERE and HERE. I recommend that you unistall it.

Posted Image Please run ComboFix again so I can see a current log.

Posted Image Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Uncheck any entries from C:\System Volume Information or C:\Qoobox
  • Be sure that everything else is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please post the results.
Please include the following in your next post:
  • ComboFix log
  • MBAM log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#6 July301955

July301955
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:21 PM

Posted 26 June 2011 - 10:06 PM

Ok thanks. Working harder at following directions. I uninstalled and removed Smart defrag from the control panel. Ran combofix after my last post. File attached. Let me report on what the system does. I turned back on Eset Nod 32 and it displayed a list of updates that had been blocked. It then allowed me to try to install. It linked to the MS update site. However, it would not download because it said I could not install updates unless I was the system administrator. I checke to see that I am still showing as the system administrator and I am so that is some how tampered with. It gave MS error message # 0X8DDD002.

Attached File  log.txt   9.06KB   1 downloads

MBAm is running now, Will post results as soon as it finishes. Thanks

#7 July301955

July301955
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:21 PM

Posted 26 June 2011 - 10:18 PM

MBAM log attached. It found nothing. Went straight to printing a log.Attached File  mbam-log-2011-06-26 (23-15-57).txt   913bytes   2 downloadsAttached File  mbam-log-2011-06-26 (23-15-57).txt   913bytes   2 downloads

#8 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:21 PM

Posted 27 June 2011 - 09:42 AM

Hi,

Try accessing Windows Update directly through [b][i]Start > Programs > Windows Update (or Microsoft Update). Let me know if that works or not.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#9 July301955

July301955
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:21 PM

Posted 27 June 2011 - 06:11 PM

It does not work. On closer inspection I maybe able to deduce and report more on what is happening. That path through the start memu is now routed somehow to the MS Windows Update site for system administrators and networks. And in addition to that being the wrong site for a home office installation on XP it also tells me I am not the network administrator. Perhaps that is a function of me being at the wrong site. On my old laptop which is good enough for this test I wenet to the correct site and can resport that that the correct site is http://www.update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us . WHen I type in this site which is the standard one I recognise from my other machine it says the site is not available. So I am still blocked from this site somewhere. In fact here is the message I am getting at the MS site even after I cut and pasted this address it it still says not available and then when I try to go around it gives this message.

"To install updates from this website, you must be logged on as an administrator or a member of the Administrators group on your computer. If you use Windows XP, you can see if you are an administrator by going to User Accounts in Control Panel.

Note: If your computer is connected to a network, network policy settings might also prevent you using this website. Contact your system administrator for help with updates. "

SO it strikes me there are still two spots where my system is misdirected. A block on this correct update site, misdirecting it to the wrong site and somehow misdirection as to the system administrator setting.? Sorry to report. I appreiate this very much and am learning a lot. Thanks

#10 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:21 PM

Posted 27 June 2011 - 09:41 PM

July301955:

Thanks for the information - it was helpful. Please do this:

Posted Image Please download MiniToolBox and run it.

Check the following items:
  • Flush DNS
  • Report IE Proxy Settings
  • List content of Hosts
  • List IP configuration
  • Click Go and copy/paste the log (Result.txt) into your next post.
Please include the following in your next post:
  • MiniToolBox log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#11 July301955

July301955
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:21 PM

Posted 27 June 2011 - 09:55 PM

Ok here you go. Attached File  Result.txt   5.24KB   4 downloadsLead on.

#12 July301955

July301955
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:21 PM

Posted 27 June 2011 - 10:02 PM

Also, if it is of any help on my desktop is a copy of my desktop file settings labeled "root" from 6/16/10 when a tech came to help me with a problem with this machine. If that would be any help I can send it but I assume it has been scanned.

#13 July301955

July301955
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:21 PM

Posted 27 June 2011 - 10:15 PM

Also the way I was certain I had the correct MS update site was to test it on my old laptop, then copy it from the site and email it to myself so I could then copy it from this machine into the post. On the laptop sitting right next to me it goes to the site, checks for updates and lists the needed and recommended updates and downloads them. On my full time machine it acts in the defective manner as I have reported above. This work of yours is indeed a puzzle.

#14 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:21 PM

Posted 29 June 2011 - 10:06 AM

July301955:

Please go to this page, click the "Fix It" button and follow the prompts.

Please include the following in your next post:
  • Let me know if that resolves your Windows Update issues

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#15 July301955

July301955
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:21 PM

Posted 29 June 2011 - 10:50 AM

I am noodling on this today too. I went to MS and reinstalled Windows XP professional Service pack 3 because it had the latest Automatic update features I could find. Id did not improve the situation. Next I looked deep in the the system administrator setting. THere are 2. SO I tried the alternative one, my wife, and it was not recognized either. The update failure to download at the MS site, which may be the wrong site, s that it isnot recognizing me as authorized service administrator to instaall. Is there a hidden service administrato created by this malware that now states the old administrators are invalid? There is no reason to wipe out the old administrators because they are not recognized as valid by the system. SO where is the valid administraot to be found or should we creat a new one? I also tried one of the MS fix it sites this morning but I will do this and report before I turn back to my day job.Thanks for staying with this. It is a plague.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users