Welcome to PlagueFest.com! Log in or Sign up to interact with the Plague Fest community.
  1. Welcome Guest! to interact with the community and gain access to all the site's features.

Two computer issues. D: (1 software, 1 hardware)

Discussion in Hardware Hangout started by Anathema, Mar 28, 2012

  1. Feb 18, 2011
    Posts
    1 is software, 2 is hardware.
    1
    This started as a minor problem but it is evolving into a big one, as I have not updated my PC in at least 6 months. Windows Update pops up asking to install updates, and I click and try to update it but I always get the same two updates, same size. (see it below.)
    When I restart my computer the same two always come up. I found it rather interesting that two important updates such as these were only 15kb in size so I ran a few virus scans with Kaspersky, MalwareBytes, MsSecEs and got nothing. Just today I tried looking around to fix it and came across Microsoft Fix It. I can not install it, every time I run it I get an error. So I decided I might as well try looking for a rootkit. Used MBR, catchme, and GMER to look, and catchme picked up traces similar to something I thought looked a bit like Ruckstock, if not that then just some other rootkit.


    detected NTDLL code modification:
    ZwEnumerateKey 0 != 47, ZwQueryKey 0 != 19, ZwOpenKey 0 != 15, ZwClose 0 != 12, ZwEnumerateValueKey 0 != 16, ZwQueryValueKey 0 != 20, ZwOpenFile 0 != 48, ZwQueryDirectoryFile 0 != 50, ZwQuerySystemInformation 0 != 51Initialization error

    If this is not an infection then good, but I need help fixing this because I am honestly at a standstill with this issue.


    2
    The second issue is a rather outdated computer I have, my brother cleaned his dusty old vista computer and tried changing out ram and a video card, and after there was an error that I have not yet been able to fix. Told him to hop on my account on BC and post, and he did this and forgot about it:
    http://www.bleepingcomputer.com/forums/topic442285.html
    Any ideas? (Note: The last post he and I have not tried yet.)

    Attached Files:

  2. Aug 1, 2011
    Posts
    I have had a similar problem before. I am pretty sure its a virus of some sort. What happened was my computer would show something like my Window's security was outdated and needed to be updated. Danger of infection, etc but I could do nothing at all. The Security Essentials shit would pop up everywhere and I would get no where. Recently, when I dusted off my laptop (not literally), the whole security thing disappeared. I do not know why, but my laptop was fine. But that sounds like what a virus would do.
  3. Dec 6, 2011
    Posts
    Basically had the same stuff as That Guy on my old computer. Honestly, if you really can't figure it out, and just want to be done with it, wipe out your hard drive and re-install windows/etc. Backup any possible crucial files you'd like to save and BAM! problem gone. Had to do this twice on my old computer, once in '09 and once in '11. Worked perfectly fine for me, even though many people despise this method.

    Alternative, slightly-trollish solution: stop watching porn. :razz:
  4. Feb 18, 2011
    Posts
    That would be a rouge anti-virus my friend. I do not have any currently, the only problem is wuauclt.exe is broken or something connecting to it is.


    Rude.



    EDIT: I has a good idea. Halp me @Churma.
    • Agree Agree x 1
    • Mar 6, 2012
      Posts
      Try and download the KB's manually. KB2556532 and KB2639308

      As far as the Hardware issue. Take out the ram and run it with one stick at time. If you get the error with all sticks, move the stick to the secondary Dual Channel. This will be an unsupported config so it will give you an error but it should let you pass. This will let you know if it is the Motherboard or RAM.
    • Mar 20, 2011
      Posts
      @Anathema sounds like your Windows Update repository may need to updated and then re registered so it is a clean state. I have come across this multiple times on different computers. First try this
      http://support.microsoft.com/kb/910339 which is an automated process. After that, I would run an elevated cmd prompt and do a sfc /scannow

      If that fails then try the following and go pro, you can use my script or manually do it, don't be afraid that my script is going to fuck up your computer, you can open it with notepad if you wish. The commands in my script are the following. If you decide to do it manually you need to be in an elevated command prompt and this is done by right clicking on the command prompt shortcut and selecting run as administrator.

      Download here

      net stop wuauserv
      rmdir %windir%\softwaredistribution /s /q
      regsvr32 /s wuaueng.dll
      regsvr32 /s wuaueng1.dll
      regsvr32 /s atl.dll
      regsvr32 /s wups.dll
      regsvr32 /s wups2.dll
      regsvr32 /s wuweb.dll
      regsvr32 /s wucltui.dll
      net start wuauserv
    • Mar 20, 2011
      Posts
      Now for your second issue it could be a virus which does the following command on boot shutdown /r /t 0 which by I forgot what variant virus that is but you can prevent that from happening if it stays booted long enough to do this command shutdown /a

      You may have to spam that second command and then run malwarebytes to find the fucker and remove it. PM me on steam if you want, I will be working in server rooms all day today but we should be able to resolve this issue. Also can you boot up pressing the f8 button right after post and select do not restart on system failure. This way if you are getting a bsod restart you can see the error, if this is the case write it down and please post it back here.
    • Jan 8, 2012
      Posts
      ^ Pretty much, people visit sites they shouldn't, which ends in disaster for 90% of the computers I fix.
    • Mar 20, 2011
      Posts
      Pr0n is not the issue here PF's, the issue is software corruption for the first issue which can happen to anyone. For the second issue could possibly be a bad torrent download which was infected or some other P2P program which had a offending music or program which was downloaded. Just because you have AV or even if you don't run AV, your a jackass in my book, you can still get infected by going to regular websites. Just recently I had a client who called me. A local chamber of commerce website was hit from Chinese hackers. They modified webpage coding which forced clients to download fake AV and compromise clients. So now you know the rest, of the story.

      Going forward, I find best practices to use no script, or if using Chrome, turn off java script all together and when you need it for site you go to, make an exception for it. Also use ad blockers to block ads, nasty's tend to creep in on those. Run with those principles and you should be good.
    • Jan 8, 2012
      Posts
      Not saying it is, but most cases are from visiting sites they shouldn't or downloading stuff they shouldn't, and in some rare cases as you said
      That kind of shit can happen which is not the case a lot of the time. Run AV regularly, nothings wrong with downloading more than one spyware/anti-walware program, some of my favorites which I run on a weekly basis.

      Spybot Search & Destroy ( http://download.cnet.com/Spybot-Search-Destroy/3000-8022_4-10122137.html )
      AVG Professional ( http://www.avg.com/us-en/homepage )
      Anti-Malwarebytes ( http://www.malwarebytes.org/ )
      CCleaner ( http://www.piriform.com/ccleaner )

      With these you can never go wrong, just do your part and save yourself some trouble later on.


      But for OP I'd do what they suggested, fresh install of windows, and stay ontop of your updates this time, and do what churma and I have mentioned aswell.
    • Mar 20, 2011
      Posts
      I agree with all you posted but AVG, there software is a joke now days. You be surprised how many IIS and even Apache servers are infected with some thing... It is the darn IT staff that needs to get in the game, do more patching and have strong passwords to help mitigate intrusions.
    • Jan 8, 2012
      Posts
      I don't know I've never have had any problems with avg that I am aware of... Been using it for so long.
    • Mar 20, 2011
      Posts
      I not saying there are problems with it, I have found it to suck when it comes to detections and removal. Much better options out there like MSE and NOD32.
    • May 14, 2011
      Posts
      I don't see how people get these problems. For the windows update my pc used to do that. Just crack windows over again and it fixes straight away. With your boot problem boot with the disc and press repair. It should fix your whole system.

      Maybe a bit late but if nothing above worked you can try these fixes.
      • Agree Agree x 1
      • Feb 18, 2011
        Posts
        @Churma you sure its malware? Because the attachment (sorry if blurry) always pops up if I disable auto-restart on boot failure. In a minute I will go try a few boot loaders to see what works.

        Regarding part one, Microsoft fixit is broken (see attachment), and after a few tries with your batch script and manual tries I got nothing fixed with windows update, still same two updates 15kb size, security update and update for windows 7.

        My school uses Forefront (business version of MSE) and it was fucked when someone started spreading TDL4. The network engineer was pissed but I give him props, he killed it.

        Personal tastes, I don't like it either. Don't let that stop you from using it though.

        @s3th I already have mbam and ccleaner, ccleaner does nothing 90% of the time except when I clean up MFT, and mbam already detected nothing. Kaspersky was nothing, and MSE was nothing.

        Attached Files:

      • Jan 8, 2012
        Posts
        I'm just saying if you decide to redo your computer make sure those programs are implemented on a regular basis. I'm pretty disappointed that you don't update your computer often, after a 6 month period your OS could be missing a lot of important patches, or changes, that if you didn't install could cause issues later on, other programs not to function etc. So make sure you stay on-top of those next time, they do a lot to make things better. But since you've went so long without an update it could be many things, tbh, I really doubt that those 2 updates popping up are anything virus or malware related. I've had the problem before to, where after trying to update, their would still be an update that didn't install and I could never get it to go away.
      • Feb 18, 2011
        Posts
        There seems to be a bit of a disconnect here,
        I am unable to update, I never noticed it until January and by then I probably missed out on a few important updates. I have been working in my spare time to look into it and see what the hell was going on with it. I am now pretty sure there's a rootkit lurking somewhere around here, because something attempts to disable Kaspersky PURE's service when I start my computer, but fails. Ima take a look into that and I guess that is what is messing with my computer.
      • Mar 20, 2011
        Posts
        @Anathema
        That is a usual fix for the Windows update issue, can you install MSI package on your computer? If not the MSI installer may be corrupt. Please check out this read: http://support.microsoft.com/kb/971187 The two updates that keep showing up, do they install or do they fail?

        Now back onto the second issue, it looks you have a root kit of some type. It probably has infected the MBR. What OS is on the old computer? Do you have the original disks? Can you boot into safe mode with command prompt? If not, boot into the computer with the windows disk, if XP enter the XP recovery console and then type fixmbr \Device\HardDisk0 if 0 returns an error try fixmbr \Device\HardDisk1 or fixmbr \Device\HardDisk2 etc.

        For windows vista/7 follow this guide

        http://www.sevenforums.com/tutorials/20864-mbr-restore-windows-7-master-boot-record.html

        Then see if it boots, if it still does not boot, make sure you boot with do not restart on failure to see if your BSOD comes up with different error string. At this point you would want to boot into the computer with a live cd which you can run TDSS killer which is a free download from Kaspersky, and I would also look for Trend Micro's rootkit buster. If you have the original install disks at this point I would just do a clean install. If you do not have recovery disks PM me or PM me on steam, I have a solution for you which I will not post here.

        Cheers
      • Nov 11, 2011
        Posts
        TL;DR

        Just put in your windows disc, go to recovery, start the command prompty (or press SHIFT+F10) and type:

        sfc /SCANNOW

        It should check replace any files that don't match with fresh copies. If that doesn't resolve your issue, a reinstall maybe in order.
        • Agree Agree x 1
        • Feb 18, 2011
          Posts
          Fixed the second problem. Re installed the OS, and thanks for the help. I guess it was malware because before I installed windows again the hard drive was shown having only five gigabytes used when I had half of it full when I last checked, I guess the hardware change fucked up the flow of the malware causing it to delete my HDD. I still can not update with my other computer. I tried multiple things and I am still at a standstill with it. I am thoroughly convinced this is malware because I can not update my Kaspersky Pure to Kaspersky Pure 2.0, I can not use Microsoft FixIt, Churma's batch script did not work and the updates show as installed successfully when they keep appearing.

          @Churma I don't mean to be a bother, but do you have time to do a TeamViewer session and see if you can help me fix it?