Check the registry value for "UpdatesDisableNotify"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify"=dword:00000000
How to back up, edit, and restore the registry in Windows XP and Windows Server 2003
http://support.microsoft.com/kb/322756
Disclaimer: Modifying the registry can cause serious problems that may require you to
reinstall your operating system. Use the information provided at your own risk.
Don't get angry, we're only trying to help and the most likely cause at the moment is
virus/malware.
--
TaurArian [MVP] 2005-2008 - Update Services
http://taurarian.mvps.org
======================================
How to ask a question:
http://support.microsoft.com/kb/555375
Computer Maintenance: Acronis / Diskeeper / Paragon / Raxco
"Zanttux" <Zanttux@discussions.microsoft.com> wrote in message
news:5C19B767-C278-41EE-BF0D-C509783D88D1@microsoft.com...
| For past 6 years I have been fixing hardware/software and operating system
| issues on a daily basis as a profession, so I could consider my self a well
| above normal home user level.
|
| For past 3 years I have been doing a lot of virus/spyware/malware/rootkit
| etc cleaning and even F-secure (yes, the antivirus company) is glad to call
| to me certified expert on these matters. (2006-2008)
|
| So trust me, it aint virus/malware/spyware problem.
|
| Now if this would be normal virus/malware issue, I would have found solution
| to it allready. But it aint. Its simply malfunctioning service that wants to
| send stop signal to itself for some reason on every reboot.
|
| and since reregistering dll's fixes the service temporarily, it is very
| unlikely that those dll's would have been replaced with suspicious ones.
|
| Since reinstalling windows isnt possibility atm and Im 100% sure it aint
| virus problem, I must once again ask you to at least suggest some other means
| of fixing this.
|
| What I mean by this, could you suggest procedures howto make sure all AU's
| components are in right places, all registry keys exists etc etc.
|
| Now that would be 1000 times more helpfull for me then, well the pointless
| comments of consulting expert.
|
| Im sorry if I sound angry, but I have been working with this issue 3 days
| now and its starting get on my nervs.
|
| > > issue
|
| "PA Bear [MS MVP]" wrote:
|
| > HIjackThis is only one of many diagnostic tools we use to detect and remove
| > such infections. What may appear to you as a completely clean HJT log may
| > not appear the same way to an expert in such matters.
| >
| > You will need the assistance of such an expert who in all likelihood will
| > have you run some other diagnostic scans and utitilies and who will then
| > have to write a script to remove an untold number of files, folders, and
| > Registry entries.
| >
| > I can strongly recommend this forum:
http://aumha.net/viewforum.php?f=30
| > --
| > ~PA Bear
| >
| >
| > Zanttux wrote:
| > > Ok, could you please at least suggest some other means of fixing this
| > > issue
| > > then blaming simply just malware/spyware. Hijackthis is tool that I use
| > > regularly and it reveals nothing that would explain this. Hell even the
| > > logs
| > > from scans before this problem started are same as scan logs after this
| > > problem. Absolutely nothing has changed.
| > >
| > > "PA Bear [MS MVP]" wrote:
| > >
| > >> No current Removal Tool will identify and remove all of the most-recent
| > >> Vundo variants (new ones are surfacing every day), which are usually
| > >> accompanied by ZLOB and SDBot variant(s), all protected by a rootkit.
| > >> You
| > >> need assistance from another, more-experienced expert on such matters.
| > >>
| > >> When all else fails, HijackThis v2.0.2
| > >> (
http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use.
| > >> It will help you to both identify and remove any hijackware/spyware with
| > >> assistance from an expert. **Post your log to
| > >>
http://aumha.net/viewforum.php?f=30,
| > >>
http://forums.spybot.info/forumdisplay.php?f=22,
| > >>
http://castlecops.com/forum67.html, or other appropriate forums for
| > >> review
| > >> by an expert in such matters, not here.**
| > >> --
| > >> ~Robear Dyer (PA Bear)
| > >> MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
| > >> AumHa VSOP & Admin
http://aumha.net
| > >> DTS-L
http://dts-l.net/
| > >>
| > >>
| > >>
| > >> Zanttux wrote:
| > >>> Virtumonde (alias vundo) was my first thought too, but it aint the case.
| > >>> VirtumundoBegone, VundoFix or f-secures specific virtumonde removal tool
| > >>> can
| > >>> not find any trace of it, and this machine has been protected all times
| > >>> by
| > >>> good hardware firewall + F-Secure client securtiy 7.11 (latest) + all av
| > >>> scans have been clean.
| > >>>
| > >>> -Zanttux (certified F-secure expert 2006-2008)
| > >>>
| > >>> "TaurArian" wrote:
| > >>>
| > >>>> System may be infected with malware "Vundo"
| > >>>>
http://www.microsoft.com/security/po...=Win32%2fVundo
| > >>>>
| > >>>>
| > >>>>
| > >>>> --
| > >>>>
| > >>>> TaurArian [MVP] 2005-2008 - Update Services
| > >>>>
http://taurarian.mvps.org
| > >>>> ======================================
| > >>>> How to ask a question:
http://support.microsoft.com/kb/555375
| > >>>> Computer Maintenance: Acronis / Diskeeper / Paragon / Raxco
| > >>>>
| > >>>>
| > >>>> "Zanttux" <Zanttux@discussions.microsoft.com> wrote in message
| > >>>> news
A626093-B4FC-4693-B2DA-F845C9ACE893@microsoft.com...
| > >>>>> Issue is that after every reboot automatic updates service stops and
| > >>>>> removes itself (from registry and from services).
| > >>>>>
| > >>>>> This started appearing on xp pro machine with sp2. Updatng to sp3
| > >>>>> didn't
| > >>>>> help.
| > >>>>>
| > >>>>> windowsupdate log doesnt help either because all it says is that
| > >>>>> service
| > >>>>> started OK and stopped with OK code (no specified reason for stopping
| > >>>>> the
| > >>>>> service is given). Event log doesnt either show any problems, it only
| > >>>>> has
| > >>>>> events from starting the service ok and stopping it ok.
| > >>>>>
| > >>>>> This sounds like virus/malware/spyware problem, but all the scans come
| > >>>>> out
| > >>>>> clean (f-secure client security (installed), kaspersky (online), Panda
| > >>>>> (online), McAfee, ad-aware, trend micro etc.)
| > >>>>>
| > >>>>> I have tried all the fix's I have found from web (including
| > >>>>> reregistering
| > >>>>> required dll's, reinstalling from au.inf etc.) and all these do fix
| > >>>>> the
| > >>>>> issue temporarily, but after reboot the service starts, stays on for
| > >>>>> less
| > >>>>> then a minute and then disappears, yet no delete flag can found from
| > >>>>> registry before it goes.
| > >>>>>
| > >>>>> for example reregistering wuaueng.dll brings back all registry keys
| > >>>>> and
| > >>>>> Im
| > >>>>> able to start the service without problems and get the updates from
| > >>>>> windows update or by automatics update. And it works fine until
| > >>>>> reboot.
| > >>>>> No suspicious software can be found from startup that could do this (I
| > >>>>> have triple checked everything).
| > >>>>>
| > >>>>> So any good ideas.... This is really getting annoying problem.
| > >>>>>
| > >>>>> Thanks for advance.
| > >>>>>
| > >>>>> - zanttux
| >
| >
