%fystemRoot% Need to get this fix
Richard aka:finder
right. But I do not know how to change it to it right name %SystemRoot%. I
find this in the bitt and winupdate. When I try to edit Image path it tell me
I can't. So can one point mr it where I can learn how to edit it to make it
right. Windows XP SP3.
1PW
<http://www.malwarebytes.org/forums/index.php?showtopic=11558&mode=linear>
Your system is likely infected with malware. Have you checked using
scans with good antimalware recently? If not, consider downloading,
installing, updating and running the freeware version of MBAM:
<http://www.malwarebytes.org/mbam.php>
Please update this thread with your progress.
Pete
--
1PW @?6A62?FEH9:DE=6o2@=]4@> [r4o7t]
Jim
Run your a/v program .
don morell
problem. You mention %SystemRoot% - the terms "%" function as a
placeholder referring to whatever file/folder is functioning as System
Root - default for a Windows installation is C:\Windows.
"Richard aka:finder" <Richarda...@discussions.microsoft.com> wrote in
message news:A001ED96-352A-4860...@microsoft.com...
1PW
> Richard your post is , at least to me, confusing. Exactly what is the
> problem. You mention %SystemRoot% - the terms "%" function as a
> placeholder referring to whatever file/folder is functioning as System
> Root - default for a Windows installation is C:\Windows.
Hello Don:
At a quick glance one might think that the poster mistyped the Subject:
"%fystemRoot% Need to get this fix"
However %fystemRoot% *IS* the problem and indicates malware infestation.
<http://www.malwarebytes.org/forums/index.php?showtopic=11558>
We await the OP's reply to see what has happened since.
Richard aka:finder
system. as for running melware. I think I have run more of it then it than
anyone has. None of it show anything. At frist I pick up some adware and
cookies and one mid trogan. All is gone and I can still see the %F and I am
not able to upgade on Microsoft site.
1PW
> Don I have a few places in the reg that show %f and not %s for the word
> system. as for running malware. I think I have run more of it then it than
> anyone has. None of it show anything. At first I pick up some adware and
> cookies and one mid trojan. All is gone and I can still see the %F and I am
> not able to upgrade on Microsoft site.
Hello Richard:
Please reply with *exactly* what antimalware you have used. Please
carefully identify the trojan that was found. What is the exact version
of XP? Home, Pro, MCE???
Thank you.
Richard aka:finder
Microsoft Windows XP Professional
Version 5.1.2600 Service Pack 3 Build 2600
Processor x86 Family 15 Model 67 Stepping 3 AuthenticAMD ~3216 Mhz
BIOS Version/Date Phoenix Technologies, LTD ASUS M2N-E SLI ACPI BIOS
Revision 0801, 4/25/2007
SMBIOS Version 2.4
Windows Directory C:\WINDOWS
System Directory C:\WINDOWS\system32
Total Physical Memory 4,096.00 MB
Antimelware
spybotsd162 no tea time and Malwarebytes' Anti-Malware
Anti spy/virus
McAfee Internet security Sute
trojan found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\services
(Trojan.Agent) -> Quarantined and deleted successfully.
***********************************************************************
jwconklin
Just experienced this same problem...My customer got hit with all kinds
of viruses, malware, spyware..to the point where only the wallpaper
loaded...I ran a repair install of XP and it brought everything back to
normal (but only on the surface). I couldn't run any updates... serveral
days of research and recommended fixes produced nothing...I ran symantec
and Malwarebytes more than several times...It seamed clean but then I
couldn't run Windows Updates or get symantec to update... then symantec
wouldn't reinstall...I thought all was lost...then someone suggested
running RootRepeal and then SuperAntSpyware. 'Bingo'... SuperAntiSpyware
cleaned out a bunch of stuff and allowed me to reset the Admins
permissions in the registry and then Modify the %systemRoot% values...I
ran a complete registry search for any other %fystemroot% values and
changed them...and all held fast....I was then able to restart the BITS
and Auto updates...Systems are now running normal and updates are now
loading.
--
jwconklin
------------------------------------------------------------------------
jwconklin's Profile: http://forums.techarena.in/members/94938.htm
View this thread: http://forums.techarena.in/windows-xp-support/1129836.htm
DJohnG
Thanks to those people who have contributed to this solution in regard
to fixing Windows Automatic Updates. You can go through all the MS
solutions you want but you will not find this.
It is as stated, caused by malware that renames registry entries. After
cleaning out the malware with the various available methods: SpyBot S&D,
MalwareBytes, Superantispyware and as many others as you can. Even pay
for Prevx because they all find other ones if you've been hit bad (or
bought a machine from some idiot who knows not what they do) and don't
forget to donate where possible:
Start > Run > regedit (open registry editor)
Then: Edit > Find > fystem
Find: ImagePath entries
Click/select then go to Edit > Permissions > check Full Control
Then right-click ImagePath > Modify
Change the f to S
F3 on keyboard to go through all entries and edit permissions then the
entry.
Next: Run > services.msc
Find: Background Intelligent Transfer Service (BITS), double-click and
change start-up type to manual the click Start. Change start-up type
back to automatic.
Still in services: Find Automatic Updates and start as above if not
started.
Go to the updates site and start again. All should be well. If not
you'll be a lot closer to fixing it.
--
DJohnG
------------------------------------------------------------------------
DJohnG's Profile: http://forums.techarena.in/members/137450.htm
Shenan Stanley
<snipped>
<Well - not really - it was responded to on a forum instead of in the
newsgroups>
<In my response you will find a link to the entire conversation>
Another Forum poster that leaves everyone actually reading the original
newsgroup post scratching their head at what they are referring to...
This is the conversation, uninterrupted and fully quoted:
http://groups.google.com/group/microsoft.public.windowsxp.help_and_support/browse_frm/thread/9f55813d9ffb690f
Now - as to how to properly cleanup and fix your Windows Update system -
especially given that this concerns Windows XP - this has been posted many
times over. Here is everything you could do to ensure your Windows XP
(32-bit) updates system is working as it should be and you are fairly
certain (90%) that you are free of malware that would affect the
functionality of it in any way...
The details they have added on how to search the registry are nice, I
admint.
But - the more it is posted, the more it will come up when searched for in
the many different ways it could be searched for - so here it is one more
time... ;-)
Start button --> RUN
(no "RUN"? Press the "Windows Key" + R on your keyboard)
--> type in:
winver
--> Click OK.
The picture at the top of the window that opens will give you the general
(Operating System name and flavor) while the line starting with the word
"version" will give you the rest of the story.
Post _both_ in response to this message verbatim. ;-)
Fix your file/registry permissions...
Ignore the title and follow the sub-section under "Advanced Troubleshooting"
titled, "Method 1: Reset the registry and the file permissions"
http://support.microsoft.com/kb/949377
*will take time
(** Ignore the last step - you should have SP3 installed - if not - you can
do that *later* - it is not necessary to continue with the cleanup.)
Reboot and ...
Search your registry for %fystem and replace the "f" with an "s". May be
three or four matches, may be none. You may even have to take ownership
(even after doing the above) of the keys in order to make the change.
Reboot and ...
Download/install this:
http://support.microsoft.com/kb/290301
After installing, do the following:
Start button --> RUN --> type in:
"%ProgramFiles%\Windows Installer Clean Up\msizap.exe" g!
--> Click OK.
(The quotation marks and percentage signs and spacing should be exact.)
Download, install, run, update and perform a full scan (separately) with the
following two applications (freeware versions are the ones to use for this):
SuperAntiSpyware
http://www.superantispyware.com/
MalwareBytes
http://www.malwarebytes.com/
After performing a full scan with one and then the other and removing
whatever they both find completely, you may uninstall these products,
if you wish.
Download and run the MSRT manually:
http://www.microsoft.com/security/malwareremove/default.mspx
Reboot.
CHKDSK
How to scan your disks for errors
http://support.microsoft.com/kb/315265
* will take time and a reboot
Defragment
How to Defragment your hard drives
http://support.microsoft.com/kb/314848
* will take time
Ensure your hardware drivers are up to date (from the hardware
manufacturer's respective web pages.) Never get hardware drivers
for hardware that was not created/sold by Microsoft from Microsoft.
Installing the latest updates may have you rebooting several times,
which is fine - but after you are sure you are done - still...
Reboot.
Download/Install the latest Windows Installer (for your OS):
( Windows XP 32-bit : WindowsXP-KB942288-v3-x86.exe )
http://www.microsoft.com/downloadS/details.aspx?familyid=5A58B56F-60B6-4412-95B9-54D056D6F9F4&displaylang=en
Reboot.
and...
Download the latest version of the Windows Update agent from here (x86):
http://go.microsoft.com/fwlink/?LinkID=91237
... and save it to the root of your C:\ drive. After saving it to the root
of the C:\ drive, do the following:
Close all Internet Explorer windows and other applications.
Start button --> RUN and type in:
%SystemDrive%\windowsupdateagent30-x86.exe /WUFORCE
--> Click OK.
(If asked, select "Run.) --> Click on NEXT --> Select "I agree" and click on
NEXT --> When it finishes installing, click on "Finish"...
Reboot.
Then follow the instructions here:
How do I reset Windows Update components?
http://support.microsoft.com/kb/971058
Reboot.
Log on as an user with administrative rights and open Internet Explorer
and visit http://windowsupdate.microsoft.com/ and select to do a
CUSTOM scan...
Every time you are about to click on something while at these web pages -
first press and hold down the CTRL key while you click on it. You can
release the CTRL key after clicking each time.
Once the scan is done, select just _ONE_ of the high priority updates
(deselect any others) and install it.
Reboot again.
If it did work - try the web page again - selecting no more than 3-5 at a
time. Rebooting as needed.
The Optional Software updates are generally safe - although I recommend
against the "Windows Search" one and any of the "Office Live" ones or
"Windows Live" ones for now. I would completely avoid the
Optional Hardware updates. Also - I do not see any urgent need to install
Internet Explorer 8 at this time.
Seriously - do all that. This is like antibiotics - don't skip a single
step, don't quit because you think things will be okay now - go through
until the end, until you have done everything given in the order given. If
you have a problem with a step come ask and let someone here get you
through that step. If you don't understand how to do a step, come back and
ask here about that step and let someone walk you through it.
In any case - no matter what - when you are done doing whatever you decide
to do - please - come back here and let everyone know what you did and
how things turned out.
--
Shenan Stanley
MS-MVP
--
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html