Sign in with
Sign up | Sign in
Your question
Closed

Windows update blocked by virus.

Last response: in Windows XP
Share
August 5, 2011 2:51:57 AM

Hello,
I'm working on a friend's PC that got the "Fake MS Antivirus" virus. I used Malwarebytes to remove, and cleaned up with AVG and McAfee. All looks good, except that the redirects put in by the virus have blocked all update activity from microsoft (and some other tech sites. Any ideas?
a b 8 Security
August 5, 2011 9:53:03 AM

bigbeta said:
Hello,
I'm working on a friend's PC that got the "Fake MS Antivirus" virus. I used Malwarebytes to remove, and cleaned up with AVG and McAfee. All looks good, except that the redirects put in by the virus have blocked all update activity from microsoft (and some other tech sites. Any ideas?


This should fix the MS Update Problem

Start, Run RegSvr32 wuaueng.dll

click ok.
Score
0
August 7, 2011 3:38:32 AM

Tried that. Redirects are still happening. Can't find any evidence in registry of alternate hosts file.
Score
0
Related resources
August 7, 2011 5:50:51 AM

just reinstall windows, you'll spend less time on that than figuring out what got changed by virus
Score
0
August 8, 2011 1:27:46 PM

I agree that would be easier - I'd do that in my day job.

I just tried the Kaspersky rootkit killer - that appears to be working.
Score
0
August 8, 2011 9:39:13 PM

AntiZig said:
just reinstall windows, you'll spend less time on that than figuring out what got changed by virus


I agree on this, just make sure you do a backup of any important files you want to keep, but not the programs themselves because it's probably infected already. Since viruses multiply and spread all by themselves, you'll be screaming for every anti-virus which are available, until you give up and do the complete reinstall, wishing you did that from the beginning.

Good luck.
Score
0

Best solution

a b 8 Security
August 9, 2011 5:20:57 AM




I disagree with all of the above.

Download and run
THIS.





Share
August 9, 2011 1:35:55 PM

That's crazy - ran it, and then I saw your post. I'll report back with the results. Sounds like you've had good luck with it.
Score
0
August 9, 2011 1:55:39 PM

:D  he found an auto fix
Score
0
August 9, 2011 2:32:32 PM

Best answer selected by Bigbeta.
Score
0
August 9, 2011 2:39:43 PM

tigsounds said:
I disagree with all of the above.

Download and run
THIS.





Looks like it's gone now. Scans from MS, Malwarebytes, and TDSSKiller have come up clean. Antivirus updates are now unimpeded.

The TDSSKiller and ComboFix scans actually found the rootkit.

My concern is the user recontacting something... I've gone with the massive hosts blacklist file provided by MS to keep the machine a little safer.

And yes, it would have been easier to reload XP, but I've learned some new tricks along the way. Thanks to all the commenters for your help.
Score
0
a b 8 Security
August 9, 2011 3:09:07 PM



I never thought re-installing Windows was the easier thing to do, but sometimes is the only thing that can be done. I keep a copy of M$ Malicious Software Removal Tool at 4Shared.com because some of these viruses prevent access to M$ and then a person can't get it to use it. The removal tool seems to always work to regain access to M$ and the anti-virus sites again so a real purge can be attempted. Thanks for the vote. :) 

Score
0
a b 8 Security
a b รจ Antivirus
August 10, 2011 4:48:29 PM

This topic has been closed by Area51reopened
Score
0
!