Cant access updates

Discussion in 'Windows Update' started by Michael, Jul 2, 2010.

  1. Michael

    Michael Guest

    Hi -
    I have a system that I know has some sort of virus or is in some way
    hijacked but I can't find the problem. The only way I know it is still
    hijacked is that I can no longer access Windows updates. I can try through
    control panel or by going directly to the site. Always says page cannot be
    displayed.

    This is a Windows XP Pro SP3 system. I've run full scans with Malwarebytes
    and Avira. Have also run HijackThis and fixed anything that seemed
    suspicious. This is the second system this has happened to me on. The last
    one I gave up finally and just reinstalled the OS. Has anyone else
    experienced the same problem and found a solution?

    Thank you!!!!!
     
    Michael, Jul 2, 2010
    #1
    1. Advertisements

  2. Michael

    Michael Guest

    I should add to the note that I have tried system restore and it won't work.
    Acts like it is going to restore then after the system restarts it says it
    could not restore. Have tried it with multiple restore dates and none work.

    I've also run everything in Safe Mode and same results.

    Thanks again :)
     
    Michael, Jul 2, 2010
    #2
    1. Advertisements

  3. Was the computer fully-patched at Windows Update when the computer got
    infected?

    Was Avira AntiVir installed before or after the computer got infected?

    Has a Norton or McAfee application ever been installed on the computer
    (e.g., a free-trial version that came preinstalled when you bought it)?

    The above notwithstanding...

    NB: If you had no anti-virus application installed or the subscription had
    expired *when the machine first got infected* and/or your subscription has
    since expired and/or the machine's not been kept fully-patched at Windows
    Update, don't waste your time with any of the below: Format & reinstall
    Windows. A Repair Install will NOT help!

    Microsoft PCSafety provides home users (only) with no-charge support in
    dealing with malware infections such as viruses, spyware (including unwanted
    software), and adware.
    https://support.microsoft.com/oas/default.aspx?&prid=7552&st=1

    Also available via the Consumer Security Support home page:
    https://consumersecuritysupport.microsoft.com/

    Otherwise...

    1. See if you can download/run the MSRT manually:
    http://www.microsoft.com/security/malwareremove/default.mspx

    NB: Run the FULL scan, not the QUICK scan! You may need to download the
    MSRT on a non-infected machine, then transfer MRT.EXE to the infected
    machine and rename it to SCAN.EXE before running it.

    2a. WinXP => Run the Windows Live Safety Center's 'Protection' scan (only!)
    in Safe Mode with Networking, if need be:
    http://onecare.live.com/site/en-us/center/howsafe.htm

    2b. Vista or Win7=> Run this scan instead:
    http://onecare.live.com/site/en-us/center/whatsnew.htm

    3. Now post the requested logs in an appropriate forum for assistance by an
    expert in such matters. DO NOT SKIP THIS STEP!!

    I can recommend the expert assistance offered in these forums:
    http://spywarehammer.com/simplemachinesforum/index.php?board=10.0,
    http://www.spywarewarrior.com/viewforum.php?f=5,
    http://www.dslreports.com/forum/cleanup,
    http://www.bluetack.co.uk/forums/index.php, and
    http://aumha.net/viewforum.php?f=30

    If these procedures look too complex - and there is no shame in admitting
    this isn't your cup of tea - take the machine to a local, reputable and
    independent (i.e., not BigBoxStoreUSA or Geek Squad) computer repair shop.

    NB: This newsgroup was scheduled to be removed from the MS newsserver on 01
    July. How long it'll still be available (via the MS newsserver) is anyone's
    guess.
     
    PA Bear [MS MVP], Jul 2, 2010
    #3
  4. Michael

    Daave Guest

    Since you already have HijackThis, you might as well post to one of the
    many Web forums for guidance. Here is a list:

    (courtesy of David H. Lipman)

    Suggested primary:
    http://www.thespykiller.co.uk/index.php?board=3.0

    Suggested secondary:
    http://www.bleepingcomputer.com/forums/forum22.html
    http://www.malwarebytes.org/forums/index.php?showforum=7

    Suggested tertiary:
    http://www.dslreports.com/forum/cleanup
    http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
    http://www.atribune.org/forums/index.php?showforum=9
    http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html
    http://gladiator-antivirus.com/forum/index.php?showforum=170
    http://forum.networktechs.com/forumdisplay.php?f=130
    http://forums.maddoktor2.com/index.php?showforum=17
    http://www.spywarewarrior.com/viewforum.php?f=5
    http://forums.spywareinfo.com/index.php?showforum=18
    http://forums.techguy.org/f54-s.html
    http://forums.tomcoyote.org/index.php?showforum=27
    http://forums.subratam.org/index.php?showforum=7
    http://www.5starsupport.com/ipboard/index.php?showforum=18
    http://aumha.net/viewforum.php?f=30
    http://makephpbb.com/phpbb/viewforum.php?f=2
    http://forums.techguy.org/54-security/
    http://forums.security-central.us/forumdisplay.php?f=13
     
    Daave, Jul 6, 2010
    #4
  5. Michael

    Michael Guest

    Thanks. I have given up and reformatted this machine as well. This is two
    now. One was running Avira and the other running AVG. Both subscriptions
    were up to date, all windows updates were current. The browswer gets
    hijacked to the point that I cannot access ANY microsoft page. If I try any
    type of spyware removal/antivirus page I get redirected to fake pages. This
    is the most frustrating piece of malware I've ever dealt with. I've posted
    the HijackThis log but nothing too helpful came from it. None of the AV
    programs detect anything so I can't even tell where my problem is. I've
    manually scanned every registry entry looking for anything out of the
    ordinary and removed anything I though could possibly be related - still no
    success. We are an office with about 60 pc's. This has already happened to
    two systems. I'd like to find a resolution before it happens to another.
    Reformatting 60 systems and preserving everyones data does not sound like a
    fun job!

    Thanks for the advice :)
     
    Michael, Jul 6, 2010
    #5
  6. Michael

    Jo-Anne Guest

    A recommendation I found at the Internet Explorer newsgroup is Combo-Fix,
    which you can download at Bleeping Computer. I believe the procedure is to
    disconnect the affected computer from the network, download the program to a
    flash drive or a clean computer, copy it to the affected computer, and run
    it.

    For details, go to the microsoft.public.internetexplorer.general newsgroup.
    The header for the posts is "Re: Single-clicking _sometimes_ produces
    double-click in IE8," and the first post, by PA Bear, is dated 6/20/10. Look
    for the posts by Dan.

    Jo-Anne
     
    Jo-Anne, Jul 6, 2010
    #6
  7. Michael

    Michael Guest

    I've never tried ComboFix. I'll do some research on it. When a system is
    so far gone that you cant really do anything else, what do I have to lose!!
    Thanks for the suggestion :)
     
    Michael, Jul 6, 2010
    #7
  8. Michael

    Michael Guest

    Thank you PA Bear. It definitely appears to be a pretty dangerous bit of
    software. I'm our office IT guy or I might not have wanted to attempt it.

    Just wanted to give an update to everyone in case they see the situation
    sometime. I was pretty leary of ComboFix because couldn't find a lot of
    details about it. Was going to reinstall the OS anyway so figured I had
    nothing to lose. ComboFix ran, found a rootkit and seems to have completely
    fixed the problem. I'm pretty amazed actually. As long as ComboFix didn't
    open up some back doors to let in more malware, I'd have to say I will use
    it again - but only as a last resort!!!

    Thanks for all the help!!!


    Protect Your PC!
    http://www.microsoft.com/security/pypc.aspx

    Risks & Benefits of P2P file sharing
    http://www.microsoft.com/protect/data/downloadfileshare/filesharing.aspx
    http://blogs.technet.com/mmpc/archive/2008/10/06/the-cost-of-free-software.aspx

    Steps To Help Prevent Spyware
    http://www.microsoft.com/security/spyware/prevent.aspx

    Steps to Help Prevent Computer Worms
    http://www.microsoft.com/security/worms/prevent.aspx

    Avoid Rogue Security Software!
    http://www.microsoft.com/security/antivirus/rogue.aspx
     
    Michael, Jul 7, 2010
    #8
  9. Michael

    Jo-Anne Guest

    I'm glad it worked for you, Michael!

    Jo-Anne

     
    Jo-Anne, Jul 8, 2010
    #9
  10. Michael

    Daave Guest

    YW.

    It sounds like someone in your office is visiting high-risk Web sites.
    If so, it really doesn't matter how many security programs you run.
     
    Daave, Jul 8, 2010
    #10
  11. Michael

    Michael Guest

    It's hard to say where it came from. We're running SonicWall's content
    filter. It seems to be pretty thorough about what sites are allowed or
    blocked. The user that got the malware isn't always the most computer savvy
    so who knows what she might have clicked on. :)
     
    Michael, Jul 8, 2010
    #11
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.