Jump to content

Build Theme!
  • Infected?


We invite you to ask questions, share experiences, and learn. It's 100% free. Did we mention that it's free. It is. It's free. Join 91555 other members! Anybody can ask, anybody can answer. Consistently helpful members with best answers are invited to staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Hijack.WindowsUpdates again!

  • This topic is locked This topic is locked
1 reply to this topic

#1 eak500


    New Member

  • Authentic Member
  • Pip
  • 5 posts

Posted 26 September 2009 - 10:43 AM

Hi Guys

My com keeps restarting and shows error" the system process 'C:\WINDOWS\system32\services.exe terminated unexpectedly with status code - 1073741819. The system will now shutdown and restart".

then i downloaded "Malwarebytes" to scan and it found 2 Trojans which are "Hijack.WindowUpdate". Malwarebyte can delete it and my restart symptom disappear. So, i guess those Trojans are the cause.However, after Malwarebytes deleted and quarantined, it come back every time i restart.

Basically, it is very much the same as these 2 links.

please help!!!!.... i have been searching and trying to fix it for whole day and finally i find the hope here. Thanks in advance.
here is my log from Malwarebytpe.

Malwarebytes' Anti-Malware 1.41
Database version: 2861
Windows 5.1.2600 Service Pack 2

9/27/2009 12:23:34 AM
mbam-log-2009-09-27 (00-23-34).txt

Scan type: Quick Scan
Objects scanned: 134449
Time elapsed: 5 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Edited by eak500, 26 September 2009 - 10:46 AM.


Register to Remove

#2 Noviciate


    Retired WTT Teacher

  • Visiting Fellow
  • PipPipPipPipPip
  • 2,907 posts

Posted 26 September 2009 - 01:16 PM

Take a read through this and then start a fresh thread in this forum and post accordingly. Please don't forget to include a brief description of your problem, and somebody will be along as soon as.
Helpers look for posts with zero replies which is why you need to start afresh and why i'll lock this one.
Death to the salad eaters!

Related Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users