Been trying to install the Vista Service Pack 2 and it wont stick, no Vista update has worked since the malware issue but other updates have, so im assuming its the cause, but not sure if it can be fixed aside from wiping Vista which has been suggested.
I know where the worm was, but not sure what that means in terms of accepting updates.
|
Download this to see if it finds anything. You could have a rootkit, which is hiding viruses from your scanners.
support.kaspersky.com/viruses/solutions?qid=208280684
Then run this
www.surfright.nl/en
And finally this
www.superantispyware.com/portablescanner.html?tag=SAS_HOMEPAGE
You may also want to run this too.
www.malwarebytes.org/
There is free versions for personal use of each of the above, although I have quite expensive technicians licences for them.
Also check this to make sure there is no proxy server the virus has redirect you through
www.reget.com/esupport/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=26
And check network connections, TCP IP properties, and make sure its set to automatic.
If you need any help of on any them steps just ask me, but if none of them scanners find anything it is a good indication the machine is clear.
However you may want to rewrite the master boot record, but for now just do the steps above to see if finds anything hijack this has not shown up. There is actually a lot more to it than what I have posted above, but doing all the above is a good starting point. I have written software to automatically do the above for me, it saves me a lot of time :).
Last edited by: RattleandSmoke on Sat 2 Jul 11 at 23:26
|
It might be worth looking at Windows Update to see why the updates aren't applying Stu - if one update gets stuck it can stop all subsequent updates.
Go to Windows Update, look in Update History, and right click on the failed update. It should give the update number (kb.....) and a reason for the failure.
|
I have looked up the fail codes but tbh, it never lead me to anything that told me what to do, but the codes are: 800706BE, 800706BA, 80070020.
Ive already run a full scan with MalwareBytes which says its clean but ill try the others if they will find stuff it wont.
Maybe worth a note, this is what/where the bugs were found:
Registry Keys Infected:
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats
{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
(Adware.MyWebSearch)
Files Infected:
c:UsersAppDataLocalmicrosoftWindowstemporary internet filesContent.IE51G982PG0setup[1].exe (Trojan.FakeAlert) c:UsersAppDataLocalTempLow�.42584813247508024.exe (Worm.Prolaco) c:UsersAppDataLocalLowSunJavadeploymentcache6.0626e07f33e-7a
17c86b
(Worm.Prolaco)
Dont know if these locations would affect an update or not.
|
I'd start by downloading this fix from Microsoft for the BITS. support.microsoft.com/kb/940520
I also would NOT download any software from anywhere else which claims to fix this problem.
|
Ok cheers, im still plugging away.
I tried all the steps from the micosoft website for the 80070020 code, none of which worked at all because for some reason, in Safe mode I cannot get windows update to open, but it will in normal, which is blooming frustrating, so ive saved rather than run the service pack so I can try a few more things first like that download you suggest.
What is so irritating is that its come up with three different error codes for downloading the same update - its like a government department making excuses!
|
Oh this isnt fun.
I clicked on that download and it says requires validation, I click on continue and it says thanks for validating then takes me to a home page. I did the same on my mums computer and it worked fine...
I also keep getting DEP things pop up...
|
|
Ok I circumvented the validation thing and got validated, but it said that the download is not currently required. Hmm.
|
Looks like theres another bug on the system yet, I just had some 'anti-malware' thing pop up telling me that MalwareBytes is infected ( nor would it open ), but the prog that it was claiming to be isnt something ive downloaded and it seemed to have disabled MS security aswell.
I stuck it in safe mode and im running MalwareBytes now which so far hasnt found anything but it takes an hour, theres time yet and funny enough, its working fine, will running it in safe mode hide anything? Im pretty sure when I first had teh problem I ran it in safe but i cant remember?
|
I don't think running in Safe Mode really hides anything, all it really does is starts up without many of the drivers which can often cause start up problems.
If your MSE has been shut down it does sound like you may have something lurking there that you don't want. Not really sounding too good.
|
I see a recommendation to use Spybot Search and Destroy to get rid of Prolac. Could be worth a try.
www.safer-networking.org/en/download/index.html
|
Tell me about it, ive already wiped it of all my pictures of family etc so its ready for wiping if needs be.
I found where this 'Malware' thing was and deleted it but I doubt that will be the end of it, I too suspect something is lurking there, perhaps a little smarter than MSE which updated a few hours ago.
Of course this time atleast, I knew when the doomsday messages came up, it was prob a false one, saying I had some worm, which I may well do, but i somewhat doubt its the one it said. MB too an hour 20 mins last time so plenty of time to wait.
I ran Rkill again aswell before I started the scan, but I fear I havent a clue what Im really doing, give me a shammy any day!
|
Although I would personally format it, if I was an ordinary user such as yourself I would reinstall windows. There is too many problems with this installation that needs to be sorted out, if I had this machine it would take me a good couple of hours to sort it all out after doing all the scans.
I would rewrite the master boot record and then format it.
There could well be a rootkit hiding there, which can be very hard to show up as they hide the services they run from stuff like hijack this.
|
|
What will I need to reinstall windows? Ive not seen teh box since I took the laptop out of it, so I fully expect something vital was in there with it!
|
|
While reformatting i the absolutely best solution it can be hard if you don't have the original media and licence key. It is possible to have a good system after repairing a virus but as Rats said it can take time. The Prolac thing you mention above spreads itself around and I'd give Search & Destroy a go as I've had success with that in the past, before rushing off to reformat.
|
You will probably need the recovery CD, or there may be a recovery partition on it, which is not ideal as it won't fix things like infected master boot records which is a very common problem.
Did you run that TDSSKILLER program I linked to?
You could also try a program called combofix, but it is at your risk and it is not for commercial use. In fact the author doesn't even want people discussing it so google it :).
You also need to remove Java and reinstall it as it is infected according to malwarebytes.
Am I right in thinking the game isn't working still?
|
tbh i havent even bothered with the game again, bigger problems and all that.
Im running this Search and Destroy thing atm, im making my way down the list of things but I got sidetracked earlier so Im starting with this and then moving to your list Rats.
I am so throughly fed up already with the whole thing, life without a computer is seeming so unattractive ( im on my mums atm ).
Last edited by: FoR on Sun 3 Jul 11 at 22:39
|
|
Just a lil update, Malware B found something called Rogue.Spypro.
|
Im in the process of reinstalling the gubbins from the recovery disks I just created, fingers crossed, prob hours of updates to come when its done its bit but can hope it will work.
Oh and I HATE computers :-)
|
|
Got it! Now downloading IE9. Thanks guys :-)
|
Vista update wont take - RattleandSmoke
