At Last... A Solution to Windows Automatic Update Problems
DrJoeJr
Windows Update feature on Windows XP. After doing some research online I'm
convinced that it must be cause by a virus. I scanned my machine and found
that I had several of them.
Searching for information on how to remove the series of "Vundo",
"Virtumonde" and "Smithfraud-c" trojan viruses from my computer. I tried
Microsoft Onecare.live site and downloaded the software. It located some of
the viruses but did NOT remove them... much to my disappointment! One of the
viruses prevented Automatic Windows Update from operating and it would not
allow the Automatic Updates to be set from the Microsoft Windows XP Security
Center.
I searched the Microsoft.com Communities Newsgroups and found that there
have been several hundred people who experienced the same problems cause by
this "Vundo" virus family. I tried many of the solutions proposed by various
contributors... some by Microsoft employees, but none of them worked. I tried
Spybot, Norton 360 and AdWare SE... they did not work either.
The saving grace was that I found buried a post provided by a person named
"ronrieger" on 12/30/2008. He described how he downloaded free software from
www.SUPERAntispyware.com, ran it and found the trojans that other programs
failed to find AND better yet, it removed them! Then he went back to WUAUSERV
and was able to set the Automatic Updates entry to "Start" and the problem
was resolved!
I give all the credit to "ronrieger". I repeated his suggestion and it
worked! I would suggest that Microsoft inform ALL it's Windows users that
this is a quick and easy solution to the Automatic Windows Update problem and
that it is an excellent software which Microsoft should recommend to the
hundreds or thousands of users experiencing the same problem. It would save
thousands of manhours of work and frustration to your users. Thanks again to
ronrieger and the creators of SuperAntispyware.com. I will indeed make a
voluntary donation to these people. Obviously they have a superior product!
--
DrJoeJr
![PA Bear [MS MVP]'s profile photo](http://lh3.googleusercontent.com/a-/ALV-UjXsf05hH-R8XChS3fXPPzfoO8FYYxAKhT86KfPnIELr3QJ9tQ=s40-c)
PA Bear [MS MVP]
make certain the machine's clean!
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
AumHa VSOP & Admin http://aumha.net
DTS-L http://dts-l.net/
iris
DrJoeJr
Hurrah for you, Iris. It was very, very simple to do. No thinking required.
That's the part I liked! Hope everone else sees this solution to a very, very
messy and frustrating experience.
--
DrJoeJr
MowGreen [MVP]
Methinks you have some kind of angle pushing that particular software,
methinks. I've cleaned Vundo from at least 25 systems simply by running
the OneCare scanner, MBAM, FixPolicies, and ComboFix. They *all* were
totally cleaned up and AU was functioning.
Nothing was left in the HijackThis scans.
You did run an HJT scan after cleaning the systems with SAS, right ?
MowGreen [MVP 2003-2009]
===============
*-343-* FDNY
Never Forgotten
===============
DrJoeJr
Sorry, I'm retired and work for nobody! I did not find this software...
someone else did. The Onecare scanner took literally several hours to scan my
system. It identified the viruses, but did NOT remove it or fix the Windows
Update problem! The product I reffered to ran in about 10 minutes. It seems
to be a real clunker. I looked at ComboFix and it was too complex for me.
Glad they worked you. I'm sure there are other products that work...I took
the advice of someone else and it worked very quickly for me. Let others make
their own decision.
I used Microsoft Onecare, SpyBot, Adware-SE after the fix and they all
proclamed my system free of viruses. Why don't you try the product and then
run SAS to find out if it highjacked your system and report back to this
site. I don't have time to waste fooling around with viruses...I just want
something that works!
--
DrJoeJr
MowGreen [MVP]
Since the latest variant of Vundo, Vundo.h, includes a rootkit, I
wouldn't put all my eggs in the SAS basket, so to speak.
Personally speaking, if Vundo.h was the detected variant then the system
can not be Trusted. If it wasn't that specific variant and the infection
was cleaned up quickly rather than allowing it to fester and download
other malwares to the system, I'd *still* run a HijackThis scan to see
if anything was 'left over'.
But, it's your system and if you think it's clean by scanning with the
programs you posted, more power to you.
Greske@discussions.microsoft.com Katrina Greske
I have a school computer and the automatic updates wasn't working. I tried
everything, and then I found this. I'm so glad it works again. Thanks so
much!!!
MowGreen [MVP]
Due to the nature of the malware causing AU to fail, it *behooves* you
to have someone else check to see if there's a hidden component still
resident on the 'school computer' so that it can be Trusted.
If you need some pointers as to how to do that, just ask.
MowGreen [MVP 2003-2009]
===============
*-343-* FDNY
Never Forgotten
===============
dev328
also (it also deleted my restore points) and I believe it has a "Root Kit"
because I have also used several anti-virus/Spyware programs including Super
Anti-Spyware (SAS) and it DID NOT get rid of this Vundo Variant and its
several twin brothers. They would all find, block and quarintine everything,
but when I would reboot, I still had all my problems and I would rescan and
lo and behold everything was back, even though my logs showed that they are
quarentined. I now have 4 different quarintines with this Trojan. Short of
finding someone that can hook up my HD as a slave and pull off my files I
need to keep, and then doing a full wipe & restore, I don't know how else to
deal with this. Unfortunately, this trojan is causing my desktop icons to
vanish everytime I am rebooting and loading my user profile, so I am
incapable of doing virtually anything except working with Task Mgr or
sometimes getting online through IE. Would you know of anything else besides
doing a full resore that I my be able to do? I am someone who knows some
things, but not too much, but I am a good learner!
DrJoeJr
I’m sorry, but it my excitement to share the www.SUPERAntiSpyware.com
solution with others, I forgot to explain a very important series of steps
that I did BEFORE I ran their software! I believe you must turn OFF the
System Restore function on the disc drives. Then run their software and later
turn the System Restore function in Windows back ON.
Here’s why. If a virus, worm or Trojan infects a computer, System Restore
may back up the virus, worm or Trojan on the hard drives. I believe that some
of the Vundo virus files are saved and stored in the System Restore files and
called upon later.
Windows prevents outside programs, including antivirus programs, from
modifying System Restore. As a result, System Restore has the potential of
restoring an infected file on your computer even after you have cleaned the
infected files from all other locations!
One of the key features of Windows is that the System Restore option can be
turned OFF and ON. So to make sure you don’t store the virus, turn System
Restore to OFF. Clearing the restore points is good idea as part of the
removal process.
To reset your restore points, you will need to log into your computer with
an account that has full administrative access. If you can see the System
Restore tab you will know if the account has administrator access. If the tab
is missing, you are logged in under a limited access account.
Here are the detailed steps to follow:
1. Select START
2. Right Click on MY COMPUTER
3. Left click on PROPERTIES
4. Left click on the System Restore tab at the top.
5. CHECK the box, “Turn Off System Restore on all drives.” (This deletes old
possibly infected restore points.)
6. Click on the APPLY button at the bottom.
7. Click on the OK button at the bottom.
8. Run the SUPERAntispyware.com software. (Described in my first post above.)
9. Reboot your computer.
10. Repeat steps 1- 4 shown above.
11. UNCHECK the box, “Turn Off System Restore on all drives.” (new restore
points are set on a clean system.)
12. Click on the APPLY button at the bottom.
13. Click on the OK button at the bottom.
14. Reboot your computer.
15. Check to see if your system will run.
If you carefully perform each of these steps I believe you will be able to
get rid of this awful Vundo virus! Please let us know how you do the second
time.
--
DrJoeJr
DrJoeJr
solving this problem. I apologize for the length, but I want to provide as
much detail for you!
I had problems with Microsoft Windows Automatic Update as well as lots of
others involving pop-ups. I found that I had several viruses on my machine.
Searching for information on how to remove the series of "Vundo",
"Virtumonde" and "Smitfraud-c" trojan viruses from my computer. I tried
Microsoft Onecare.live site and downloaded the software. It located some of
the viruses but did NOT remove them... much to my disappointment! One of the
viruses prevented Automatic Windows Update from operating and it would not
allow the Automatic Updates to be set from the Microsoft Windows XP Security
Center. I searched the Microsoft.com Communities Newsgroups and found that
there have been several hundred people who experienced the same problems
cause by this "Vundo" virus family. I tried many of the solutions proposed by
various contributors... some by Microsoft employees, but none of them worked.
I tried Spybot, Norton 360 and AdWare SE... they did not work either. The
saving grace was that I found buried a post provided by a person named
"ronrieger" on 12/30/2008. He described how he downloaded free software from
www.SUPERAntispware.com, ran it and found the trojans that other programs
failed to find AND better yet, it removed them! Then he went back to WUAUSERV
and was able to set the Automatic Updates entry to "Start" and the problem
was resolved! I give all the credit to "ronrieger". I repeated his suggestion
and it worked! I would suggest that Microsoft inform ALL it's Windows users
that this is a quick and easy solution to the Automatic Windows Update
problem and that it is an excellent software which Microsoft should recommend
to the hundreds or thousands of users experiencing the same problem. It would
save thousands of manhours of work and frustration to your users. Thanks
again to ronrieger and the creators of SuperAntispyware.com. I will indeed
make a voluntary donation to these people. Obviously they have a superior
product!
I’m sorry, but it my excitement to share the www.SUPERAntiSpyware.com
6. Click on the APPLY button at the bottom.
7. Click on the OK button at the bottom.
8. Run the SUPERAntispyware.com software.
9. Reboot your computer.
10. Repeat steps 1- 4 shown above.
11. UNCHECK the box, “Turn Off System Restore on all drives.”
12. Click on the APPLY button at the bottom.
13. Click on the OK button at the bottom.
14. Reboot your computer.
15. Check to see if your system will run.
If you carefully perform each of these steps I believe you will be able to
get rid of this awful Vundo virus! Please let us know how you do the second
time.
--
DrJoeJr
dev328
trojan already disabled my restore points, so I don't have any. Plus since
it plays havoc with my system tray and my desktop icons (flashing on & off
every few seconds), I can't get into anything except my Task Mgr, that's how
I shut down or switch user profiles and get into msconfig (which didn't help
with the diagnostic startup) & Safe Mode did not work (had black screen). I
was only able to check my restore points by shutting down and starting up
with F10 and getting into System Restore that way. It all started when
McAfee flashed a pop-up stating that it blocked a trojan and quarentined it.
I then ran Spybot and it found several others and also quarentined them, but
when I shut down and started up again, a lot of pop-ups suddenly came and I
closed them only to find more coming, all asking for me to download
Anti-spyware/Virus scans. After several hrs of frustrating troubleshooting,
I was able to go online and download SuperAntiSpyware which then found quite
a bit of stuff relating mostly to several varieties of this Vundant Variant
in my Memory, Files and Registry. It seems everytime I run a scan and it
gets quarentined, more come to take its place. I really do not want to
reformat my HD, but I will if there is nothing else I can do. I still need
to know how to get in long enough to copy My Documents folder onto my
external HD or find someone willing to make my HD a Slave drive to their HD
and move my folder over & then I can reformat. I am still holding out for
hope that there are some other solutions that I haven't tried and know about
but I could try. Any further suggestions would be greatly appreciated.
Thanks again!
MowGreen [MVP]
restore points can NOT reinfect the system unless they are used.
Now, if ALL restore points are infected, then disabling Restore is a
moot point.
The reason for saving any *clean* restore points is that the malware may
cause *severe* instability in the OS when one attempts to remove it and
said restore point may be the only method to restore stability outside
of a format/reinstall.
After the system is cleaned, then flushing all restore points and
manually creating a *clean*, post-infection restore point is recommended.
Put it this way ... would you rather be in a leaking life boat or adrift
at sea with NO leaking life boat ? <w>
MowGreen [MVP 2003-2009]
===============
*-343-* FDNY
Never Forgotten
===============
MowGreen [MVP]
email addy ... mowgreen
the address is at gmail <w>
The infection on your machine will eventually lead to severe
instability. This is being discussed in a private forum so the criminals
who authored this specific malware can not find out how it's being
removed. I can put you in touch with one of the folks who are dealing
with this virulent Vundo infection, dev328.
MowGreen [MVP 2003-2009]
===============
*-343-* FDNY
Never Forgotten
===============
DrJoeJr
Pass your response along to Microsoft. My detailed procedure is taken
directly from Microsoft instructions. It is not my idea, it belongs to Bill
Gates and friends! It worked for me.
--
DrJoeJr
MowGreen [MVP]
*first* step in removing malwares.
If there's more than one, please provide the URLs.
I'll get it corrected, guaranteed.
Thanks.