Avast WEBforum

Other => General Topics => Topic started by: genghis123 on March 15, 2010, 07:22:26 AM

Title: windows update failed
Post by: genghis123 on March 15, 2010, 07:22:26 AM
i am having problem with windows update.whenever i try updating windows it comes failed! in all updates.
i recently had trojan horses in my comp,though with help of avast 5 and malwarebytes i was able to remove them.here is the log:-


Malwarebytes' Anti-Malware 1.44
Database version: 3823
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

3/14/2010 5:55:54 PM
mbam-log-2010-03-14 (17-55-54).txt

Scan type: Full Scan (D:\|)
Objects scanned: 168569
Time elapsed: 11 minute(s), 30 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 2
Registry Keys Infected: 5
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 5
Files Infected: 6

Memory Processes Infected:
C:\Documents and Settings\Ayush\Application Data\SystemProc\lsass.exe (Trojan.Agent) -> Unloaded process successfully.

Memory Modules Infected:
C:\WINDOWS\system32\iologmsg32.dll (Trojan.Tracur) -> Delete on reboot.
C:\WINDOWS\system32\iprtprio32.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{017321a0-ba38-4d4b-8bbb-b86239dd5bf1} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{017321a0-ba38-4d4b-8bbb-b86239dd5bf1} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\7cb3ce58849 (Trojan.Tracur) -> Delete on reboot.
HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{017321a0-ba38-4d4b-8bbb-b86239dd5bf1} (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rthdbpl (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\windows\system32\iologmsg32.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: system32\iologmsg32.dll -> Delete on reboot.

Folders Infected:
C:\WINDOWS\system32\SysWoW32 (Worm.Archive) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ayush\Application Data\SystemProc (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D} (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content (Worm.Prolaco.M) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\iprtprio32.dll (Trojan.BHO.H) -> Delete on reboot.
C:\Documents and Settings\Ayush\Application Data\SystemProc\lsass.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\install.rdf (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome.manifest (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\timer.xul (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iologmsg32.dll (Trojan.Tracur) -> Delete on reboot.



PLS HELP ME!i have tried methods like reinstalling windows installer 3.1 but not working. ??? ???
also when i tired installing service pack 3 there was a AWSL tag valuenot met problem


Title: Re: windows update failed
Post by: Lisandro on March 15, 2010, 12:19:17 PM
I suggest:

1. Clean your temporary files.
2. Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! (http://www.freedrweb.com/cureit/) instead.
3. Use MBAM (http://malwarebytes.org/mbam.php) (or SUPERantispyware (http://www.superantispyware.com) or even Spyware Terminator (http://www.spywareterminator.com/)) to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete them.
4. Test your machine with anti-rootkit applications (http://www.antirootkit.com/software/index.htm). I suggest avast! antirootkit (http://files.avast.com/files/beta/aswar.exe) or Trend Micro RootkitBuster (http://www.trendmicro.com/download/rbuster.asp).
5. Make a HijackThis (http://www.bleepingcomputer.com/files/hijackthis.php) log to post here or this analysis site (http://www.hijackthis.de/#anl). Or even submit the RunScanner (http://www.runscanner.net/) log to to on-line analysis.
6. Clean your Hosts file (replacing it) with HostsMan (http://www.abelhadigital.com) tool.
7. Disable System Restore and then reenable it again.
8. Immunize your system with SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html).
9. Check if you have insecure applications with Secunia Software Inspector (http://secunia.com/software_inspector/).
Title: Re: windows update failed
Post by: genghis123 on March 15, 2010, 02:59:15 PM
1)did
2)did,some cache files were corrupted
3)did u can see the log in my previous post
4)no rootkits
5)i attached it
6)can u tell me exactly what step to do i updated it but there are so many options what should i do pls tell step wise.(ie how to clean, i installed it)
7)did(i hope i dont need to restore very soon as history checkpoints were deleted in process of reenabling it)
8)you sure this about this software?i have mbam and avast 5,do i really need it?
9)1st it said a problem with java applet and i waited for long time but there was nothing in any column like running for,detection stastics,errors with the scan,just red waves keep going up disappear and again
coming,in Status / Currently Processing:There might be problems loading the Java Applet in your browser.
and this is what when i turn on console:-
Java Plug-in 1.6.0_18
Using JRE version 1.6.0_18-b07 Java HotSpot(TM) Client VM
User home directory = C:\Documents and Settings\Ayush
----------------------------------------------------
c:   clear console window
f:   finalize objects on finalization queue
g:   garbage collect
h:   display this help message
l:   dump classloader list
m:   print memory usage
o:   trigger logging
q:   hide console
r:   reload policy configuration
s:   dump system and deployment properties
t:   dump thread list
v:   dump thread stack
x:   clear classloader cache
0-5: set trace level to <n>
----------------------------------------------------


java.security.AccessControlException: access denied (java.util.PropertyPermission java.io.tmpdir read)
   at java.security.AccessControlContext.checkPermission(Unknown Source)
   at java.security.AccessController.checkPermission(Unknown Source)
   at java.lang.SecurityManager.checkPermission(Unknown Source)
   at java.lang.SecurityManager.checkPropertyAccess(Unknown Source)
   at java.lang.System.getProperty(Unknown Source)
   at com.secunia.SoftwareInspector.SIApplet.init(SIApplet.java:94)
   at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
   at java.lang.Thread.run(Unknown Source)
Exception: java.security.AccessControlException: access denied (java.util.PropertyPermission java.io.tmpdir read)
java.security.AccessControlException: access denied (java.util.PropertyPermission java.io.tmpdir read)
   at java.security.AccessControlContext.checkPermission(Unknown Source)
   at java.security.AccessController.checkPermission(Unknown Source)
   at java.lang.SecurityManager.checkPermission(Unknown Source)
   at java.lang.SecurityManager.checkPropertyAccess(Unknown Source)
   at java.lang.System.getProperty(Unknown Source)
   at com.secunia.SoftwareInspector.SIApplet.init(SIApplet.java:94)
   at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
   at java.lang.Thread.run(Unknown Source)
Exception: java.security.AccessControlException: access denied (java.util.PropertyPermission java.io.tmpdir read)

and still updates not working failing(all of them! :( )

Title: Re: windows update failed
Post by: Avastfan1 on March 15, 2010, 03:15:27 PM
I hate to be the bearer of bad news: if you have the Vundo trojan, that is real cunt of a programme to remove.

The Malware experts on here will do their best to sort it for you though.

Good luck.....
Title: Re: windows update failed
Post by: genghis123 on March 15, 2010, 03:31:22 PM
malware bytes say it has quarantined trojan vundo ,though i heard some people say vundo totally destorys automatic updates...dont say it s end.....i know i can reinstall the ooperating system...but...my data..cammon there must be a way! :'( :'( :'( :'( :'( :'( :'( :'( :'(