Can't Start Automatic Update Service

Discussion in 'Windows Update' started by Rascal, Apr 11, 2009.

  1. Rascal

    Rascal Guest

    First let me say that I am working on a friend's computer that I know has the
    Vundo trojan. I've read many posting and tried many tools (MalwareBytes,
    Microsoft Malicious etc, Super Anti Spware, Rootkit Revealer...etc) and most
    of them find things and clean them but the just come back.

    So, yes, they let their anti virus subcription expire and, yes, they have
    themselves to blame, and yes, I nag them about it, but sick puppies still end
    up coming back.

    I also know that this is not a microsoft issue, per se - and I have posted
    logs on bleeping computer and am currently patiently waiting and hoping that
    my issue will attract someone's attention.

    The reason for this post is, while I'm waiting I'm trying to learn, I'd like
    to get insight from this community on one particular aspect of the infection.
    The windows update service will not start - I get 'access denied'. And I
    notice that the path to the executable begins with %fystem% ...etc - (the f
    is not a typo). That can't be good.

    What do you think?
    Rascal, Apr 11, 2009
    1. Advertisements

  2. Time to format. ;-)
    Shenan Stanley, Apr 11, 2009
    1. Advertisements

  3. Rascal

    Rascal Guest

    Ha! I'm pretty much assuming that. Thought I'd try other avenues first just
    for the heck of it.

    Maybe this time they will learn their AV lesson...

    Rascal, Apr 11, 2009
  4. Rascal

    Volstag Guest

    Reformatting and reinstalling might be a little overkill.

    Search the registry for fystemroot. Change permissions on the key if
    necessary (malware likes to make it read only). Change it to the correct
    value (systemroot). Repeat for as many occurances of fystemroot that you

    Volstag, Apr 14, 2009
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.