Windows 7 Update Won't Run

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Buckleyterp, Sep 22, 2016.

  1. Buckleyterp

    Buckleyterp Private First Class

    I might be having the same problem as thesmokinggun.
    TDSSKiller found no suspicious files.
    Malwarebytes finished and there was no 'Remove Selected' button at the bottom, just a big blue 'Finish' button.
    I rebooted and Windows Update still does not work.
     

    Attached Files:

  2. dr.moriarty

    dr.moriarty Malware Super Sleuth Staff Member

    Hello, Buckleyterp

    Windows updates not working on the Win 7 platform is not uncommon recently, and not always related to malware infection. Run the below tool for another look at your OS -

    Please download the latest version of Farbar Recovery Scan Tool and save it to your desktop.

    Note: Make sure you download the correct version ( 32 bit or 64 bit ) for your PC. Only the correct version will run so if you make a mistake and download the wrong one, go back and get the other.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press the Scan button and wait.
    • The first time the tool is run it makes two logs, FRST.txt and Addition.txt in the same directory the tool is run.
    • Please upload them in your next reply.
     
  3. Buckleyterp

    Buckleyterp Private First Class

    As advised...
     

    Attached Files:

  4. dr.moriarty

    dr.moriarty Malware Super Sleuth Staff Member

    Your logs show this -
    Last update => 22-09-2016 14:35:24 Windows Update
    - was the update successful?

    Java 8 Update 40 and Mozilla Firefox 47.0.1 are outdated and therefore security risks.

    NOTE: This script was written specifically for this user for use on this particular computer. Running this on another machine may cause damage to your operating system.
    • Save the attached (fixlist.txt) to your desktop.
    • Right-click FRST(x32/64) and select Run as Administrator.
    • Click the FIX button once.
    • Wait while FRST processes fixlist.txt
    • A report should pop up named Fixlog.txt, please upload it here in your next reply.
     

    Attached Files:

  5. Buckleyterp

    Buckleyterp Private First Class

    Regarding your question was update successful?

    After performing the malware preliminary tasks associated with this thread, I cold booted the laptop. Before it shut down, it displayed the message: "Please do not power off or unplug your machine. Installing update 1 of 11..."

    The status of Windows Update was that there were 19 important updates that I could not get the machine to install. I do not know where the number 11 was determined.

    While waiting for Majorgeeks's reply, I ran Tweaking.com, including power reset, scanning package files, system reparse points and environmental variables, including fixes for reparse points and environmental variables, and then up to and including running chkdsk.
    I cold booted to run chkdsk and before shutting down the computer again displayed the message: "Please do not power off or unplug your machine. Installing update 1 of 11..." (same message).

    When I got your latest post with your inquiry about today's updates, I visited the update center and, indeed, there were 8 important updates remaining. I went ahead and installed the 8 remaining updates prior to responding to you. 6 updates installed and 2 failed. The Control Panel gave me a code for each of the failures: one was 643 and the other 80246007.

    I realize that you are addressing malware issues and not general software issues, but I wanted to give you complete information.

    I will update Java and Mozilla, as you advised.

    Fixlog.txt is uploaded.

    Thank you.
     

    Attached Files:

  6. dr.moriarty

    dr.moriarty Malware Super Sleuth Staff Member

    You're welcome.

    To finish the malware cleaning = you have both JRT.exe and AdwCleaner_4.103.exe, update to the latest versions and perform scans, upload the resulting logs please.
     
  7. Buckleyterp

    Buckleyterp Private First Class

    Oh, help.
    (My only antivirus, 360, is turned off.)(Thumbdrive antivirus also off).
    Trying to run JRT: right click and 'run as administrator'. DOS window opens and 'an update was found' is seen. DOS window closes and small window with green elapsed percentage bar appears, title of window, "100% extracting" but there is an 'abort' button below the bar. Small window closes and DOS window again appears. This is a continuous stuck loop with each window appearing and disappearing for about 1/2 second each. No new progress on the bar - starts from scratch with each appearance. I stopped it. Same thing happens if I try to download JRT without uninstalling the old app. JRT or "Junkware..." not on the Control Panel Uninstall List, and not on Advanced Uninstall Pro list. Right click on JRT.com and select 'uninstall with Advanced Uninstall Pro' does not work. I search for and remove what I can find of JRT and Junkware manually. Download from Malware... gives rise to the endless Dos window/extracting window loop. Can't fix it.

    adwcleaner has also become a pia. right click, 'run as administrator'. Window pops up 'downloading database'. When that is almost complete another window pops up and says, "database corrupt. please uninstall adwcleaner..." Now adwcleaner not present on Control Panel uninstall or Advanced Uninstall Pro list populations. When adwcleaner is right-clicked and 'uninstall with Adv. Uninstaller Pro' selected, Adv. Uninstaller Pro was directed to uninstall Hitman Pro. I uninstalled Hitman just for the heck of it and repeated the right click uninstall of adwcleaner. This time Adv. Uninstall Pro was directed to the program 'AutoIT3' (I know, out of date).

    Both of these programs are sticky and uncooperative. Please help.
     
  8. dr.moriarty

    dr.moriarty Malware Super Sleuth Staff Member

  9. Buckleyterp

    Buckleyterp Private First Class

    Turned on 360 Protection and did a scan and came up with the error messages in the uploaded 'majorgeekupload.txt' file. Hit the 'resolve' button - sorry, should have asked permission first.

    Then rebooted in safe mode/networking.

    Still had problems in safe mode downloading JRT. Kept getting:

    This site can’t be reached

    The webpage at http://data-cdn.mbamupdates.com/web/JRT.exe might be temporarily down or it may have moved permanently to a new web address.

    ...from mbytes and from bleeping computer web sites. Finally downloaded it from download.CNET.

    ADWcleaner downloaded OK.
     

    Attached Files:

  10. dr.moriarty

    dr.moriarty Malware Super Sleuth Staff Member

    Using AdwCleaner.exe previously downloaded:
    • Double click on AdwCleaner.exe to run the tool. (Vista, Win7/8/10 users should right-click and "Run As Administrator")
    • Click on the Scan button.
    • When the scan has completed, click on the Clean button.
    • Press OK when asked to close all programs and follow the on-screen prompts.
    • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    • After rebooting, a logfile report (AdwCleaner[C#].txt) will open automatically (where the largest value of # represents the most recent report).
    • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
    • Upload this log to your next reply.
    Please download ZHPcleaner to your desktop.
    • Close all applications (including your web browsers and antivirus)
    • Double-click on ZHPCleaner to run the tool.
    • If you are using Windows Vista, 7/8/10; instead of double-clicking, right-mouse click ZHPCleaner and select "Run as Administrator".
    • Please click the "J'accepte/I agree" button.
      • First press the "Scanner" button. Be patient, the scan takes longer than 5mins.
      • Then press the ''Repair'' button.
    • Browsers will automatically shut down.
    • A logfile will automatically open after the scan has finished.
    • Please upload that logfile with your next reply.
    Tell me how your PC is running now.
     
  11. Buckleyterp

    Buckleyterp Private First Class

    Adwcleaner uneventful. ZHPclean during scan and again during repair asked me the same two questions: "did you create the server 0.0.0.0" and "did you create the server 172.20.10.1". I am an untrained computer user and I did not know how to respond, so I just said 'no' to the two sets of two questions.

    I will tell you how the computer runs after I have used it some but right now I have to fly out of state, so my responses will be more protracted.
     

    Attached Files:

  12. dr.moriarty

    dr.moriarty Malware Super Sleuth Staff Member

    Buckleyterp likes this.
  13. Buckleyterp

    Buckleyterp Private First Class

    Major thanks.
     
  14. dr.moriarty

    dr.moriarty Malware Super Sleuth Staff Member

    You're welcome.

    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase it, it provide no protection. It do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. Go back to step 6 of the READ ME and re-enable your Disk Emulation software with Defogger if you had disabled it.
    3. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    4. If running Vista, Win 7/8/10 - it is time to make sure you have re-enabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    5. Go to add/remove programs and uninstall HijackThis.
    6. Go to the C:\MGtools folder and find the MGclean.bat file. Double-click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    7. If you are running Win 7/8/10, Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures pointed to by step 6 of the READ ME
        for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    8. After doing the above, you should work through the below link:
    Safe surfing! [​IMG]
     
  15. Buckleyterp

    Buckleyterp Private First Class

    I get as far as Configure under the System Protection tab. When I move the radio button to Turn off System Protection and hit Apply, the blue circular 'wait' pointer appears and nothing happens. Other clickables are unresponsive, including the close window red 'x'. I waited two minutes, then closed the Control Panel by the Task Manager.
     
  16. dr.moriarty

    dr.moriarty Malware Super Sleuth Staff Member

    Make note of your last restore point and when it was made. In the event that you need to, don't restore your machine past this date as that point is malware free. Hopefully you'll get the problem corrected.

    Good Luck!
     
  17. Buckleyterp

    Buckleyterp Private First Class

    Luck is not yet good.
    I removed the programs you suggested. I also wanted to remove all of the cleaner programs and reinstall them as needed.
    I get the impression that all of them have been compromised by malware; they all would not allow themselves to be uninstalled by the usual methods. I had to manually delete all of them.
    CCleaner will not let me delete it because 'file is in use'. Constantly. Even if I terminate it using Task Manager and use command prompt 'del' of even 'del /f', access is always denied. Please help me reach the end.

    Buckley
     
  18. dr.moriarty

    dr.moriarty Malware Super Sleuth Staff Member

    You are having problems with Windows itself and not malware.

    Download Windows Repair by Tweaking.com and unzip the contents into a newly created folder on your desktop.
    *Reboot your pc into Safe Mode!
    • Now run Repair_Windows.exe by double clicking on it ( if you are running Vista or Win 7, use right click and select Run As Administrator)
    • Now select the + Repairs tab.
    • Then click the + Open Repairs button down on the bottom right.
    • This will automatically begin a registry backup, so wait for it to complete and when it finishes, you will see a list of many possible different repairs and they are all selected by default. At the bottom of this form there is a not so obvious Unselect All Repairs check box which is to the right of a check box with a green check mark in it. Please click the Unselect All Repairs box. The green check mark box is to Select All Repairs. The ony way you see what these boxes are is when your mouse hovers over them.
    • Now select the following repair options ( the numbers at the begin are the current repair numbers but this is subject to change.)
      • 01 - Reset Registry Permissions
      • 02 - Reset File Permissions
      • 03 - Reset Service Permissions
      • 04 - Register System Files
      • 05 - Repair WMI
      • 06 - Repair Windows Firewall
      • 10 - Remove Policies Set By Infections
      • 13 - Network
      • 14 - Repair Proxy Settings
      • 15 - Repair Windows Updates
      • 21 - Repair MSI (Windows Installer)
      • 23 - Repair File Associations (12 )
      • 26 - Restore Important Windows Services
      • 27 - Set Windows Services To Default Startup
    • Now on the right side under the When Repairs Complete title, check the box for Restart/Shutdown System and then make sure the Restart System radio button is enabled not the Shutdown System button.
    • Shutdown any other programs that you are running now before continuing.
    • Now click the Start Repairs button at the lower right.
    • Be patient while the tool repairs the selected items.
    • It should reboot automatically when finished. If it does not then reboot it yourself.

    EDIT: Run the tool twice.
     
    Last edited: Sep 26, 2016
  19. Buckleyterp

    Buckleyterp Private First Class

    Thank you times two. Everything is working as expected.
    B
     
  20. dr.moriarty

    dr.moriarty Malware Super Sleuth Staff Member

    Glad to hear that. ;)
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds