Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

WU code 80244019

1 view
Skip to first unread message

Doug

unread,
Jun 26, 2008, 1:54:00 AM6/26/08
to
I receive code 80244019 whenever I try to use Windows Update. I have tryed
changing the dword's in regedit to no avail... Norton recently found and
"resolved" trojan.zlob in 128 registry files, 21 files (10 of which were in
system32), and 1 browser cache. Everytime I try to use IE to go to
http://windowsupdate.microsoft.com I get redirected to msn.com. Any advice or
solutions would be welcome.

TaurArian

unread,
Jun 26, 2008, 2:20:00 AM6/26/08
to
Sounds like you haven't quite removed the virus.
You'll have to check again -
http://www.symantec.com/security_response/writeup.jsp?docid=2005-042316-2917-99&tabid=3

You may need to use an alternative scanner - such as an online scanner -
http://housecall.trendmicro.com/uk/


--

--------------------------------
TaurArian [MVP] 2005-2008
Update Services
http://taurarian.mvps.org

PA Bear [MS MVP]

unread,
Jun 26, 2008, 10:22:51 AM6/26/08
to
Chances are that ZLOB was not fully removed and that it was accompanied by
Vundo and SDBot-variant infections, all protected by a rootkit infection.
You're going to need expert assistance to clean up this machine,

Unexplained computer behavior may be caused by deceptive software
http://support.microsoft.com/kb/827315

Run a /thorough/ check for hijackware, including posting your hijackthis log
to an appropriate forum.

Checking for/Help with Hijackware
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://aumha.net/viewtopic.php?t=5878
http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://defendingyourmachine2.blogspot.com/
http://www.elephantboycomputers.com/page2.html#Removing_Malware

When all else fails, HijackThis v2.0.2
(http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware with
assistance from an expert. **Post your log to
http://aumha.net/viewforum.php?f=30,
http://forums.spybot.info/forumdisplay.php?f=22,
http://castlecops.com/forum67.html, or other appropriate forums for review
by an expert in such matters, not here.**

If the procedures look too complex - and there is no shame in admitting this
isn't your cup of tea - take the machine to a local, reputable and
independent (i.e., not BigBoxStoreUSA) computer repair shop.
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
AumHa VSOP & Admin http://aumha.net
DTS-L http://dts-l.net/

Doug

unread,
Jun 26, 2008, 7:44:03 PM6/26/08
to
From what you're saying, I take it that it would be much easier just to
reformat and reinstall then? And if so.... is there much risk of reinfecting
my computer by backing up my personal data?

PA Bear [MS MVP]

unread,
Jun 26, 2008, 7:49:06 PM6/26/08
to
A format & reinstall would fix /this/ problem, yes. A Repair Install will
not.

Yes, there is a risk, however slight, that some of your personal data may be
infected, Doug. I would NOT back-up any file you got from someone else
(e.g., via P2P file sharing or via a USB key).

0 new messages