Closed Solved

Windows update blocked by virus.

Hello,
I'm working on a friend's PC that got the "Fake MS Antivirus" virus. I used Malwarebytes to remove, and cleaned up with AVG and McAfee. All looks good, except that the redirects put in by the virus have blocked all update activity from microsoft (and some other tech sites. Any ideas?
12 answers Last reply Best Answer
More about windows update blocked virus
  1. bigbeta said:
    Hello,
    I'm working on a friend's PC that got the "Fake MS Antivirus" virus. I used Malwarebytes to remove, and cleaned up with AVG and McAfee. All looks good, except that the redirects put in by the virus have blocked all update activity from microsoft (and some other tech sites. Any ideas?


    This should fix the MS Update Problem

    Start, Run RegSvr32 wuaueng.dll

    click ok.
  2. Tried that. Redirects are still happening. Can't find any evidence in registry of alternate hosts file.
  3. just reinstall windows, you'll spend less time on that than figuring out what got changed by virus
  4. I agree that would be easier - I'd do that in my day job.

    I just tried the Kaspersky rootkit killer - that appears to be working.
  5. AntiZig said:
    just reinstall windows, you'll spend less time on that than figuring out what got changed by virus


    I agree on this, just make sure you do a backup of any important files you want to keep, but not the programs themselves because it's probably infected already. Since viruses multiply and spread all by themselves, you'll be screaming for every anti-virus which are available, until you give up and do the complete reinstall, wishing you did that from the beginning.

    Good luck.
  6. Best answer
    I disagree with all of the above.

    Download and run
    THIS.


  7. That's crazy - ran it, and then I saw your post. I'll report back with the results. Sounds like you've had good luck with it.
  8. :D he found an auto fix
  9. Best answer selected by Bigbeta.
  10. tigsounds said:
    I disagree with all of the above.

    Download and run
    THIS.




    Looks like it's gone now. Scans from MS, Malwarebytes, and TDSSKiller have come up clean. Antivirus updates are now unimpeded.

    The TDSSKiller and ComboFix scans actually found the rootkit.

    My concern is the user recontacting something... I've gone with the massive hosts blacklist file provided by MS to keep the machine a little safer.

    And yes, it would have been easier to reload XP, but I've learned some new tricks along the way. Thanks to all the commenters for your help.
  11. I never thought re-installing Windows was the easier thing to do, but sometimes is the only thing that can be done. I keep a copy of M$ Malicious Software Removal Tool at 4Shared.com because some of these viruses prevent access to M$ and then a person can't get it to use it. The removal tool seems to always work to regain access to M$ and the anti-virus sites again so a real purge can be attempted. Thanks for the vote. :)

  12. This topic has been closed by Area51reopened
Ask a new question

Read More

Security Virus Windows Update Antivirus Windows XP