1. See if you can download/run the MSRT manually:
http://www.microsoft.com/security/malwareremove/default.mspx
2. Run the Windows Live Safety Center's 'Protection' scan (only!) in Safe
Mode with Networking, if need be:
http://onecare.live.com/site/en-us/center/howsafe.htm
3. Run a /thorough/ check for hijackware, including posting the requested
logs in an appropriate forum, not here.
Checking for/Help with Hijackware
http://aumha.net/viewtopic.php?f=30&t=4075
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://www.elephantboycomputers.com/page2.html#Removing_Malware
**Seek expert assistance in
http://spywarehammer.com/simplemachinesforum/index.php?board=10.0,
http://forums.spybot.info/forumdisplay.php?f=22,
http://aumha.net/viewforum.php?f=30, or other appropriate forums.**
If the procedures look too complex - and there is no shame in admitting this
isn't your cup of tea - take the machine to a local, reputable and
independent (i.e., not BigBoxStoreUSA) computer repair shop.
=====================
Start a free Windows Update support incident request:
https://support.microsoft.com/oas/default.aspx?gprid=6527
Support for Windows Update:
http://support.microsoft.com/gp/wusupport
For home users, no-charge support is available by calling 1-866-PCSAFETY in
the United States and in Canada or by contacting your local Microsoft
subsidiary. There is no-charge for support calls that are associated with
security updates.
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
AumHa VSOP & Admin http://aumha.net
DTS-L http://dts-l.net/
shamrin wrote:
> Trying to start Automatic Updates results in the error message:
>
> Could not start the Automatic Updates service on Local Computer.
> Error 2: The system cannot find the file specified
>
> I get the same error message when trying to start Background Intelligent
> Transfer Service.
>
> I believe both of these services have been hosed by viruses that have now
> been removed. I managed to do a manual update to SP3 but this has not
> resolved the problem. TIA
>
> /sch
However, the infection has left a few tracks that need to be cleaned up
apparently, i.e., Windows Update will not work becasue the BITS and AU
services won't start. When attempting to start them, they respond with the
message I mention above:
Error 2: The system cannot find the file specified
Cheers,
/sch
--
paulatkinson
------------------------------------------------------------------------
paulatkinson's Profile: http://forums.techarena.in/members/89791.htm
View this thread: http://forums.techarena.in/windows-update/1149963.htm
--
karthigeyan
------------------------------------------------------------------------
karthigeyan's Profile: http://forums.techarena.in/members/90186.htm
--
paulatkinson
------------------------------------------------------------------------
paulatkinson's Profile: http://forums.techarena.in/members/89791.htm
--
karthigeyan
------------------------------------------------------------------------
karthigeyan's Profile: http://forums.techarena.in/members/90186.htm
You should then be able to modify the value ImagePath.
The spyware that you had probably effected several registry keys so you
may have to follow steps 3 - 11 again if you can't modify other keys.
Good Luck!!!
--
paulatkinson
------------------------------------------------------------------------
paulatkinson's Profile: http://forums.techarena.in/members/89791.htm
--
icpop1
Posted via http://www.vistaheads.com
Or see this earlier post in this same thread:
http://groups.google.com/group/microsoft.public.windowsupdate/msg/cfbb1d89ba84764e
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Client - since 2002
KHemmingsen wrote:
> I have done this process repeatedly to resolve the same problem, but I
> dont
> get 9b/ and 9c/ as described. 9b/ is unchecked already and 9c/ does not
> appear. When I follow through with remainder steps, and althought I change
> permissions for 'Administrators' to 'allow' it seem to reset itself, and
> will not allow me to change key. Do I need to be logged on as
> 'Administrator' even if user has Administrator rights?
<snip hijacked thread>
Paul,
That posting was REALLY useful to me - many thanks!
Dealing here with a PC that had been thoroughly mauled about by Sasser
Worm and a bunch of others and thought I'd finally sorted everything
until I went to do the Windows updates!
But you pinpointed the problem perfectly:
%fystemroot%\system32\svchost.exe -k netsvcs
instead of
%systemroot%\system32\svchost.exe -k netsvcs
And, of course, I needed to give myself permission to change things!
Again, many thanks.
Cheers
Bob Crabtree
--
BobCrabtree
------------------------------------------------------------------------
BobCrabtree's Profile: http://forums.techarena.in/members/96954.htm
systemroot changed to fsystemroot is a clear indication that the system
is infected. Your original post indicated an error that is *also* caused
by malware, Error Code: 0x8024D007.
You either need to contact Microsoft for NO CHARGE ( FREE ) assistance
in cleaning up the system or, you can reformat and reinstall it. Start
here: http://www.microsoft.com/protect/support/default.mspx
Under " Scanning, detecting, and removing threats " click the
' I think my computer is infected ' link.
If there was one that said " I know my computer is infected ", I'd tell
you to click that one. The next page will provide a link to the OneCare
Safety Scanner. Click it and see if it can detect and remove the malware
on the system.
If you have run the Safety Scanner, click the Continue button.
Confirm Your Country, click Continue.
Click the " type of support you want for Consumer Security "
The Phone and all of the other options are *free*.
MowGreen
================
*-343-* FDNY
Never Forgotten
================
banthecheck.com
"Security updates should *never* have *non-security content* prechecked