Author Topic: windows update failed  (Read 3093 times)

0 Members and 1 Guest are viewing this topic.

genghis123

  • Guest
windows update failed
« on: March 15, 2010, 07:22:26 AM »
i am having problem with windows update.whenever i try updating windows it comes failed! in all updates.
i recently had trojan horses in my comp,though with help of avast 5 and malwarebytes i was able to remove them.here is the log:-


Malwarebytes' Anti-Malware 1.44
Database version: 3823
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

3/14/2010 5:55:54 PM
mbam-log-2010-03-14 (17-55-54).txt

Scan type: Full Scan (D:\|)
Objects scanned: 168569
Time elapsed: 11 minute(s), 30 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 2
Registry Keys Infected: 5
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 5
Files Infected: 6

Memory Processes Infected:
C:\Documents and Settings\Ayush\Application Data\SystemProc\lsass.exe (Trojan.Agent) -> Unloaded process successfully.

Memory Modules Infected:
C:\WINDOWS\system32\iologmsg32.dll (Trojan.Tracur) -> Delete on reboot.
C:\WINDOWS\system32\iprtprio32.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{017321a0-ba38-4d4b-8bbb-b86239dd5bf1} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{017321a0-ba38-4d4b-8bbb-b86239dd5bf1} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\7cb3ce58849 (Trojan.Tracur) -> Delete on reboot.
HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{017321a0-ba38-4d4b-8bbb-b86239dd5bf1} (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rthdbpl (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\windows\system32\iologmsg32.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: system32\iologmsg32.dll -> Delete on reboot.

Folders Infected:
C:\WINDOWS\system32\SysWoW32 (Worm.Archive) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ayush\Application Data\SystemProc (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D} (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content (Worm.Prolaco.M) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\iprtprio32.dll (Trojan.BHO.H) -> Delete on reboot.
C:\Documents and Settings\Ayush\Application Data\SystemProc\lsass.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\install.rdf (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome.manifest (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\timer.xul (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iologmsg32.dll (Trojan.Tracur) -> Delete on reboot.



PLS HELP ME!i have tried methods like reinstalling windows installer 3.1 but not working. ??? ???
also when i tired installing service pack 3 there was a AWSL tag valuenot met problem


« Last Edit: March 15, 2010, 07:36:42 AM by genghis123 »

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: windows update failed
« Reply #1 on: March 15, 2010, 12:19:17 PM »
I suggest:

1. Clean your temporary files.
2. Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! instead.
3. Use MBAM (or SUPERantispyware or even Spyware Terminator) to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete them.
4. Test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster.
5. Make a HijackThis log to post here or this analysis site. Or even submit the RunScanner log to to on-line analysis.
6. Clean your Hosts file (replacing it) with HostsMan tool.
7. Disable System Restore and then reenable it again.
8. Immunize your system with SpywareBlaster.
9. Check if you have insecure applications with Secunia Software Inspector.
The best things in life are free.

genghis123

  • Guest
Re: windows update failed
« Reply #2 on: March 15, 2010, 02:59:15 PM »
1)did
2)did,some cache files were corrupted
3)did u can see the log in my previous post
4)no rootkits
5)i attached it
6)can u tell me exactly what step to do i updated it but there are so many options what should i do pls tell step wise.(ie how to clean, i installed it)
7)did(i hope i dont need to restore very soon as history checkpoints were deleted in process of reenabling it)
8)you sure this about this software?i have mbam and avast 5,do i really need it?
9)1st it said a problem with java applet and i waited for long time but there was nothing in any column like running for,detection stastics,errors with the scan,just red waves keep going up disappear and again
coming,in Status / Currently Processing:There might be problems loading the Java Applet in your browser.
and this is what when i turn on console:-
Java Plug-in 1.6.0_18
Using JRE version 1.6.0_18-b07 Java HotSpot(TM) Client VM
User home directory = C:\Documents and Settings\Ayush
----------------------------------------------------
c:   clear console window
f:   finalize objects on finalization queue
g:   garbage collect
h:   display this help message
l:   dump classloader list
m:   print memory usage
o:   trigger logging
q:   hide console
r:   reload policy configuration
s:   dump system and deployment properties
t:   dump thread list
v:   dump thread stack
x:   clear classloader cache
0-5: set trace level to <n>
----------------------------------------------------


java.security.AccessControlException: access denied (java.util.PropertyPermission java.io.tmpdir read)
   at java.security.AccessControlContext.checkPermission(Unknown Source)
   at java.security.AccessController.checkPermission(Unknown Source)
   at java.lang.SecurityManager.checkPermission(Unknown Source)
   at java.lang.SecurityManager.checkPropertyAccess(Unknown Source)
   at java.lang.System.getProperty(Unknown Source)
   at com.secunia.SoftwareInspector.SIApplet.init(SIApplet.java:94)
   at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
   at java.lang.Thread.run(Unknown Source)
Exception: java.security.AccessControlException: access denied (java.util.PropertyPermission java.io.tmpdir read)
java.security.AccessControlException: access denied (java.util.PropertyPermission java.io.tmpdir read)
   at java.security.AccessControlContext.checkPermission(Unknown Source)
   at java.security.AccessController.checkPermission(Unknown Source)
   at java.lang.SecurityManager.checkPermission(Unknown Source)
   at java.lang.SecurityManager.checkPropertyAccess(Unknown Source)
   at java.lang.System.getProperty(Unknown Source)
   at com.secunia.SoftwareInspector.SIApplet.init(SIApplet.java:94)
   at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
   at java.lang.Thread.run(Unknown Source)
Exception: java.security.AccessControlException: access denied (java.util.PropertyPermission java.io.tmpdir read)

and still updates not working failing(all of them! :( )

« Last Edit: March 15, 2010, 03:03:38 PM by genghis123 »

Avastfan1

  • Guest
Re: windows update failed
« Reply #3 on: March 15, 2010, 03:15:27 PM »
I hate to be the bearer of bad news: if you have the Vundo trojan, that is real cunt of a programme to remove.

The Malware experts on here will do their best to sort it for you though.

Good luck.....

genghis123

  • Guest
Re: windows update failed
« Reply #4 on: March 15, 2010, 03:31:22 PM »
malware bytes say it has quarantined trojan vundo ,though i heard some people say vundo totally destorys automatic updates...dont say it s end.....i know i can reinstall the ooperating system...but...my data..cammon there must be a way! :'( :'( :'( :'( :'( :'( :'( :'( :'(