Author Topic: Win32:Downloader-PKU Help  (Read 34921 times)

0 Members and 1 Guest are viewing this topic.

SteveinMD

  • Guest
Re: Win32:Downloader-PKU Help
« Reply #30 on: August 10, 2012, 11:59:39 PM »
OK I have an answer for that

But it did not show as a problem in FSS

Right click the following link and select "Save Target As...." and save to the desktop
https://dl.dropbox.com/u/73555776/bits.reg
Then right click the registry file and select merge
Accept the warnings and reboot

Now try

I think I correctly followed the instructions but still no BITS service.  Actually before I did these steps BITS showed up under services, but it would not start.  Afterwards, I no longer see the BITS service at all.  Hopefully I don't have to go with the MS solution!  Thanks for your help.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Win32:Downloader-PKU Help
« Reply #31 on: August 11, 2012, 12:21:09 AM »
Could you re-run FSS please

SteveinMD

  • Guest
Re: Win32:Downloader-PKU Help
« Reply #32 on: August 11, 2012, 01:02:49 AM »
FSS Log

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Win32:Downloader-PKU Help
« Reply #33 on: August 11, 2012, 12:48:05 PM »
Quote
Windows Update:
============
BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.
All the parts are there it is just not running... So I have three programmes that should be able to fix this..  I will run the two most likely to succed first

First :

Run the MSFixit from here http://support.microsoft.com/kb/971058

Reboot then try updates
If that fails then :

Second :

This will reset windows services to default, so if you have disabled any you will need to reset them to how you want

Download  Windows Repair (all in one)  from this site

Install the programme then run



Go to step 3 and allow it to run SFC



On the start repairs tab click start


Select the following  items and tick restart system when finished


SteveinMD

  • Guest
Re: Win32:Downloader-PKU Help
« Reply #34 on: August 11, 2012, 05:31:15 PM »
I tried method 1 - still no BITS service after reboot.
Then method 2 - still not BITs service.  Does the tweaking.com repair create a log file somewhere that I can post? While running it I did notice there were a few changes that did not work due to a permissions error, but the program finished executing.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Win32:Downloader-PKU Help
« Reply #35 on: August 11, 2012, 06:20:34 PM »
There should be a log on the C drive

Could you open reg edit and see if this key is present

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BITS\Parameters]
“ServiceDll”=hex(2):43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,\
00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,71,00,6d,00,\
67,00,72,00,2e,00,64,00,6c,00,6c,00,00,00


SteveinMD

  • Guest
Re: Win32:Downloader-PKU Help
« Reply #36 on: August 11, 2012, 07:31:14 PM »
 see...
 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BITS\Parameters
  Name “ServiceDll”   Type REG_EXPAND__SZ       Data %systemroot%\system32\qmgr.dll

Binary Data
0000 25 00 73 00 79 00 73 00 %.s.y.s.
0008 74 00 65 00 6D 00 72 00 t.e.m.r
0010 6F 00 6F 00 74 00 25 00 o.o.t.%.
0018 5C 00 73 00 79 00 73 00 \.s.y.s.
0020 74 00 65 00 6D 00 33 00 t.e.m.3.
0028 32 00 5C 00 71 00 6D 00 2.\.q.m.
0030 67 00 72 00 2E 00 64 00 g.r...d.
0038 6C 00 6C 00 00 00         l.l...

First 4 repair logs attached.

SteveinMD

  • Guest
Re: Win32:Downloader-PKU Help
« Reply #37 on: August 11, 2012, 07:33:55 PM »
Next 2

SteveinMD

  • Guest
Re: Win32:Downloader-PKU Help
« Reply #38 on: August 11, 2012, 07:34:47 PM »
Next 1

SteveinMD

  • Guest
Re: Win32:Downloader-PKU Help
« Reply #39 on: August 11, 2012, 07:35:50 PM »
Next 1

SteveinMD

  • Guest
Re: Win32:Downloader-PKU Help
« Reply #40 on: August 11, 2012, 07:36:55 PM »
Last 2

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Win32:Downloader-PKU Help
« Reply #41 on: August 11, 2012, 07:57:07 PM »
OK looks like this new version has deleted some other files in addition to breaking the registry

Also could you check to see if you have a service called BFE (Base Filtering Engine)

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
Code: [Select]
:filefind
qmgr.*
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

SteveinMD

  • Guest
Re: Win32:Downloader-PKU Help
« Reply #42 on: August 11, 2012, 08:32:04 PM »
I do have BFE and it seems to be running.

System Look log attached.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Win32:Downloader-PKU Help
« Reply #43 on: August 11, 2012, 08:43:22 PM »
I have fielded this out to the rest of the malware staffs as this is definitely a new twist .. qmgr is missing from the proper place

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following


    Quote
    :Files
    C:\Windows\system32\qmgr.dll|C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_81b6ca5c101195cd\qmgr.dll /replace

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

SteveinMD

  • Guest
Re: Win32:Downloader-PKU Help
« Reply #44 on: August 11, 2012, 09:25:22 PM »
OTL Log attached