48 replies to this topic

[helpsought]

Microsoft Fixit was unable to fix the issue. The results report is pasted as follows. Please note, in the interim, I contacted Microsoft Support via e-mail and they provided steps to fix the issue. I have pasted the steps they provided below the results report. Please review and advise.

I am waiting for your reply regarding this issue (Windows Updates) prior to executing the Java and Adobe Reader updates as I am thinking that it is important that Windows Updates are current and working prior to executing updates of other programs.

Microsoft Fixit Results Report:

Windows UpdatePublisher details

Issues found
Windows Update components must be repairedWindows Update components must
be repaired
One or more Windows Update components are configured incorrectlyNot fixed
Repair Windows Update componentsFailed

Issues checked
Default Windows Update data locations have changedDefault Windows Update
data locations have changed
The location where Windows Update stores data has changed and must be
repairedChecked

Issues foundDetection details

>Windows Update components must be repairedNot fixed

One or more Windows Update components are configured incorrectly
Repair Windows Update componentsFailed

Repairing Windows Update components frequently resolves common
Windows Update errors


Issues checkedDetection details

>Default Windows Update data locations have changedChecked

The location where Windows Update stores data has changed and must be
repaired
Repair default Windows Update locationsNot Run

Change Windows Update locations to Windows default settings


Detection details

Collection information
Computer Name: D8ZLYC61
Windows Version:5.1
Architecture:x86
Time:1/22/2012 11:01:39 PM

Publisher details

Windows Update
Resolve problems that prevent you from updating Windows.
Package Version:4.0.2.20110411
Publisher:Microsoft Corporation

Microsoft Support E-Mail Reply:

Thank you for contacting Microsoft Customer Service.

Based on your email, I understand that you are having difficulties to update your Windows XP and you got error message 0x80070424. I apologize for the inconvenience and I know how frustrating to encounter this kind of scenario. Let me do my best to assist you.

To resolve error code 0x80070424 in Windows Update, kindly follow the steps provided below:

1. Click on Start

2. Click Run

3. Copy and paste the command below and enter

%SYSTEMROOT%\SYSTEM32\REGSVR32.EXE %SYSTEMROOT%\SYSTEM32\WUAUENG.DLL


Please let me know if the above solution helps. If not, you may try the other solution listed on the URL provided below:

http://answers.micro...fc-68b599b31bf5


Please note that you may also reply or post a question in the forum provided. You may also search or post a different forum if the link above did not work.


Note: In order to post a question to the Microsoft Answers forum you will need to log in with a Windows Live ID. To log in or to create a new Windows Live ID, click the “Sign in” link located in the top right of the page and a “Sign in” window will appear.


Also you may work with our support professionals via e-mail, telephone, and for some products, chat. Please note that depending on how you obtained your software, you may be referred to your computer manufacturer as your primary support resource, or charged a fee to use the Assisted Support option. Kindly follow the steps below to get the support you need:


1. Please click this link: https://support.micr...a...ect=1&sd=gn

2. Select a support topic.

3. Select a support option.

I hope you find this information helpful. Should you have other concern, please do not hesitate not hesitate to email back to us for further assistance. My goal is to ensure that your experience with Microsoft Customer Service leaves you pleased with our products and services.

Thank you

[Sunyata]

Hello helpsought

1. Click on Start

2. Click Run

3. Copy and paste the command below and enter

%SYSTEMROOT%\SYSTEM32\REGSVR32.EXE %SYSTEMROOT%\SYSTEM32\WUAUENG.DLL

Yes, please do try the above. Let us know if it does not work.

[helpsought]

The steps provided by Microsoft Support worked successfully. I downloaded and installed all recommended high priority Windows Updates (via "express install"). Windows Updates are now current and set to "automatic" (just like they were prior to this malware incident).

I attempted the Java update. This time, the instructions you provided didn't exactly match my experience. In fairness to you, this could be because I am not experienced at running/opening .zip files. Nevertheless, I believe that I worked through the process successfully anyway but, unfortunately, upon reaching the last bullet point step that you provide ("Download and install the latest Java Runtime Environment (JRE) version for your computer"), I am unclear exactly where to navigate on the Oracle/Java webpage in order to download the correct application. Pasted as follows are two screenshots from the webpage. On the first screenshot, I placed two blue arrows to indicate what I selected. Please advise if I selected correctly. The second screenshot displays the page that appears after I made the selection indicated in the first screenshot. Please advise which application I should select on that page (displayed in the second screenshot).

Edited by helpsought, 23 January 2012 - 05:39 PM.

[helpsought]

A duplicate post of my latest reply occurred because my computer was hanging (likely due to virus/malware not completely removed yet) and I pushed the back button and pushed "add reply" again. I do not see a "delete reply" option so I selected the "edit" option, deleted all of the text and attachments in the duplicate reply, and pressed "submit modified reply". The forum would not allow the modified blank reply to be submitted so I am instead submitting this explanation reply.

Edited by helpsought, 23 January 2012 - 05:35 PM.

[Sunyata]

Hello helpsought

I placed two blue arrows to indicate what I selected

So far, so good

Please advise which application I should select on that page (displayed in the second screenshot).

Select the download named jre-7u2-windows-i586.exe associated with Windows x86 Offline in the Product / File Description

[helpsought]

1) Java and Adobe Reader updates completed successfully, thanks! Could you please advise why these two applications were out of date? I am under the impression that both of these applications (Java and Adobe Reader) inherently provide automatic updates. Is it the case that I have to keep manually opening these two applications on a continual basis in order to check for updates without prompting? That does not sound like a realistic scenario for such well-established applications as Java and Adobe Reader. Please advise. 2) Are we going to proceed to remove the following two threat objects detected by the ESET scan?: C:\Documents and Settings\Jeff\Desktop\RK_Quarantine\qkm.exe.vir a variant of Win32/Kryptik.ZDS trojan C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\knnmp.ini.vir Win32/Adware.Virtumonde.NEO application

[Sunyata]

Hello helpsought

I am under the impression that both of these applications (Java and Adobe Reader) inherently provide automatic updates.

This link will show you how to set up automatic updates for Java
http://java.com/en/d...java_update.xml

This link shows you how to disable auto updating for Adobe Reader (but you can see how to enable it too):
http://kb2.adobe.com...2/kb402050.html

Are we going to proceed to remove the following two threat objects detected by the ESET scan?:

C:\Documents and Settings\Jeff\Desktop\RK_Quarantine\qkm.exe.vir a variant of Win32/Kryptik.ZDS trojan
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\knnmp.ini.vir Win32/Adware.Virtumonde.NEO application

We are indeed. The first, you can just delete the whole directory by hand:
C:\Documents and Settings\Jeff\Desktop\RK_Quarantine

The OTL cleanup function will pick up the second.

So on to cleanup...

Please delete the following from your desktop:

• The logs we created
• aswMBR.exe
• MBR.dat
• RougeKiller.exe

Next,

Open OTL then click the Clean Up button. You may get prompted by your firewall that OTL wants to contact the internet - allow this. A cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will do some clean up tasks and delete some of the tools you have downloaded plus itself.

I suggest you keep MBAM. Keep it updated and use it regularly.
ESET online scan can be removed via add/remove programs.

Next, we have a few recommendations to help you stay malware-free:

Make your Internet Explorer more secure - This can be done by following these simple instructions:

• From within Internet Explorer click on the Tools menu and then click on Options.
• Click once on the Security tab
• Click once on the Internet icon so it becomes highlighted.
• Click once on the Custom Level button.
• Change the Download signed ActiveX controls to Prompt
• Change the Download unsigned ActiveX controls to Disable
• Change the Initialize and script ActiveX controls not marked as safe to Disable
• Change the Installation of desktop items to Prompt
• Change the Launching programs and files in an IFRAME to Prompt
• Change the Navigate sub-frames across different domains to Prompt
• When all these settings have been made, click on the OK button.
• If it prompts you as to whether or not you want to save the settings, press the Yes button.
• Next press the Apply button and then the OK to exit the Internet Properties page.

Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week
(Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.


Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.
Without a firewall your computer is succeptible to being hacked and taken over.
I am very serious about this and see it happen almost every day with my clients.
Simply using a Firewall in its default configuration can lower your risk greatly.


WOT , Web of Trust, As 'Googling' is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
Green to go
Yellow for caution
Red to stop
WOT has an addon available for both Firefox and IE.

Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.
This will ensure your computer has always the latest security updates available installed on your computer.
If there are new updates to install, install them immediately, reboot your computer, and revisit the site
until there are no more critical updates.

Only run one Anti-Virus and Firewall program.

I would suggest you read:
PC Safety and Security--What Do I Need?
How to Prevent Malware

If there is nothing else, we will close this thread
Take care and safe computing

[helpsought]

OTL clean-up completed, thanks!

1) In regard to the IE settings, all of the settings you indicate are already in place except one - step # 10 - "Change the Navigate sub-frames across different domains to Prompt". The verbiage of that setting on my version of IE (version 8 as IE has indicated that higher versions are not compatible with WinXP) is slightly different - "Navigate windows and frames across different domains". Furthermore it is set to "disable" instead of "prompt". Screenshot pasted as follows. Please advise.




2) I currently have McAfee Site Advisor which appears to perform the same function as WOT, based on your description. I am more than happy to install WOT but please advise if it will conflict with McAfee Site Advisor or will it instead provide successful healthy additional protection in collaboration and conjunction with McAfee Site Advisor.

Edited by helpsought, 24 January 2012 - 05:25 PM.

[Sunyata]

Hello helpsought

1) This setting prevents a specific type of phishing attack. You may want to change it to "Prompt" because if it is "disabled", some web sites, that innocently rely on the feature, may fail to function correctly. If it is changed to "Prompt," you will get a warning when it occurs and can decide if you trust the site, or can direct an inquiry to the webmaster to ask about it. "Prompt" gives you the option. "Disable" will silently fail the operation.

2) McAfee Site Adviser will conflict with WOT. It is basically the same feature with different good-site / bad-site databases.

Hope that helps

[helpsought]

1) So, the option you refer to in step 10 is the same as the option on my IE (in the screenshot) even though the wording is somewhat different? 2) Since WOT and McAfee Site Advisor conflict with each other, and, consequently, only one or the other should be used, do you recommend that I disable McAfee Site Advisor and use WOT instead? Are they both equally effective or is one markedly better/more effective than the other? 3) Do you have a trustworthy effective free tool that can scan my computer and report any issues, even non-malware/virus-related (ie: unnecessary or malfunctioning processes, dll/registry issues) that are causing slow behavior? While, thanks to your wonderful help, the brutal detected malware/viruses have been removed, my machine, while working, has behaved slow for a long time (well prior to this latest malware attack) and I am hoping that can be fixed.

[Sunyata]

Hello helpsought

The difference in the wording of the particular setting you asked about has to do with the way the different versions of the browser work. The answer I gave you would apply to both.

In the second question you are asking for an opinion about competing products. I hesitate here because opinions differ as do machine profiles and your mileage may vary. I can say that I have used the free version of McAfee Site Adviser and changed to WOT because I found that the WOT link advisories loaded faster.

The one-size-fits-all tool you are asking about in your third question does not really exist. I would caution you against installing free tools that make such claims for they often come bundled with Adware or Spyware or sometimes worse. Here is a link to a Microsoft page that gives some general advice on PC performance:
http://www.microsoft...p/optimize.aspx

For performance advice more specific to your machine and the software on it, I would visit our Windows forum here. The moderators and helpers are extremely knowledgeable. I'm certain that you would not get better advice anywhere.

[helpsought]

O.K. Setting # 10 completed (set to "prompt"), thanks! We're on the home stretch to closing this thread. Just a few more things: 1) To circle back to the automatic update issue for Java and Adobe Reader: Do you have any idea why either of those two applications were out of date on my computer if in fact both applications inherently contain automatic updates upon installation which could only be disabled manually by the user, and I never disabled automatic updates on either of those two applications in the past? Thanks for the links regarding automatic updates. I'm not sure why you provided a link to DISable automatic updates for Adobe Reader since I believe the prudent approach is to maintain automatic updates. Please explain. Could you please provide the steps for me to check/confirm that automatic updates are enabled for both Java and Adobe Reader? If the steps are already contained in the links that you provided, I can review them but I'm just making sure that I can perform this check in the most certain and easiest way possible for those two applications. 2) Should I keep the ESET online scanner application and run it periodically while disabling my purchased on-board virus protection - McAfee Security Center, and, if so, should I allow the ESET scanner to remove any threat items if detected or would I need to seek instructions from this forum each time a threat object is detected? 3) Thanks for the link for PC performance and the Windows forum on this site. I will look into potentially submitting an inquiry to the Windows forum. Thanks also for the warning regarding the free online "one-size-fits-all" PC performance tools. I shall avoid them. 4) I have the paid version of McAfee Site Advisor as it came with my paid version of McAfee Security Center virus protection, firewall, scanner, etc.. I'm thinking that I will remain with McAfee Site Advisor at this point but, if I wanted to experiment with WOT, would I be able to do so by simply disabling McAfee Site Advisor, even just temporarily during the experiment? 5) If I decide to flatten my hard drive in the future due to the potential presence of a backdoor trojan still existing after this clean-up as you have advised, can I submit the inquiry for instructions on how to do that on this forum? 6) Since the threat of malware/spyware/adware/virus infection will always constantly be in place, I am thinking that, instead of spending money for a high quality PC, I should instead purchase an Apple computer as the chances of malware/spyware/adware/virus infection will be greatly decreased on an Apple computer, especially if I install high quality anti-virus, etc. protection on the machine. Is this an accurate presumption? If so, are the high quality anti-virus, etc. protection applications currently available compatible with Apple computers or are there only specific Apple-compatible anti-virus etc. protection applications that must be purchased for an Apple computer?

[Sunyata]

1) To circle back to the automatic update issue for Java and Adobe Reader:

Do you have any idea why either of those two applications were out of date on my computer if in fact both applications inherently contain automatic updates upon installation which could only be disabled manually by the user, and I never disabled automatic updates on either of those two applications in the past?

Thanks for the links regarding automatic updates. I'm not sure why you provided a link to DISable automatic updates for Adobe Reader since I believe the prudent approach is to maintain automatic updates. Please explain.

Could you please provide the steps for me to check/confirm that automatic updates are enabled for both Java and Adobe Reader? If the steps are already contained in the links that you provided, I can review them but I'm just making sure that I can perform this check in the most certain and easiest way possible for those two applications.

If you review post #37 of this thread, and look carefully at the links provided, you will find that all your questions are answered:
http://forums.whatth...=...st&p=770409

2) Should I keep the ESET online scanner application and run it periodically while disabling my purchased on-board virus protection - McAfee Security Center, and, if so, should I allow the ESET scanner to remove any threat items if detected or would I need to seek instructions from this forum each time a threat object is detected?

Keep it if you like. You will still have to go to their website to run it again and wait for it to download current virus defintions. You can remove the threat items. They are quarantined and can be restored if you make a mistake.

3) Thanks for the link for PC performance and the Windows forum on this site. I will look into potentially submitting an inquiry to the Windows forum. Thanks also for the warning regarding the free online "one-size-fits-all" PC performance tools. I shall avoid them.

You are most welcome

4) I have the paid version of McAfee Site Advisor as it came with my paid version of McAfee Security Center virus protection, firewall, scanner, etc.. I'm thinking that I will remain with McAfee Site Advisor at this point but, if I wanted to experiment with WOT, would I be able to do so by simply disabling McAfee Site Advisor, even just temporarily during the experiment?

I would assume so. Check with your McAfee documentation to learn how to disable the Site Advisor.

5) If I decide to flatten my hard drive in the future due to the potential presence of a backdoor trojan still existing after this clean-up as you have advised, can I submit the inquiry for instructions on how to do that on this forum?

Here is a link we provide with instructions for flatten / reinstall:
http://forums.whatth...showtopic=91962

If you need help with this, please post in our Windows forum:
http://forums.whatth...p?showforum=119

6) Since the threat of malware/spyware/adware/virus infection will always constantly be in place, I am thinking that, instead of spending money for a high quality PC, I should instead purchase an Apple computer as the chances of malware/spyware/adware/virus infection will be greatly decreased on an Apple computer, especially if I install high quality anti-virus, etc. protection on the machine. Is this an accurate presumption? If so, are the high quality anti-virus, etc. protection applications currently available compatible with Apple computers or are there only specific Apple-compatible anti-virus etc. protection applications that must be purchased for an Apple computer?

Here is a post from our "Other Software" forum with a list of some AV products that run on Mac:
http://forums.whatth...h...96&hl=apple

That post is rather old, however. You may get more current information if you post your question in that forum yourself.
http://forums.whatth...p?showforum=124

[helpsought]

O.K. Thanks. Could you please confirm if the following statements are correct?: 1) For Apple computers, the risk of malware/spyware/adware/virus infection is greatly lower than that risk for a Windows computer. 2) For Windows computers, the risk of malware/spyware/adware/virus infection is a constant issue that will never cease, never decrease, and likely will increase going forward.

[Sunyata]

Hello helpsought

1) For Apple computers, the risk of malware/spyware/adware/virus infection is greatly lower than that risk for a Windows computer.

This is true. However, Apple products are not immune. Please see here:
https://www.google.c...a...f.osb&cad=b

2) For Windows computers, the risk of malware/spyware/adware/virus infection is a constant issue that will never cease, never decrease, and likely will increase going forward.

It is definitely a constant issue. As for the rest, I have no crystal ball. I can see possibilities either way. These are questions for technical philosophers. I don't think we have a forum for that specifically But, you can start a thread with those questions here:

http://forums.whatth...hp?showforum=10

You may get some interesting posts