Microsoft Windows Vista Community Forums - Vistaheads
Recommended Download



Welcome to the Microsoft Windows Vista Community Forums - Vistaheads, YOUR Largest Resource for Windows Vista related information.

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so , join our community today!

If you have any problems with the registration process or your account login, please contact us.

Driver Scanner

Update will not run

microsoft.public.windowsupdate






Speedup My PC
Reply
  #1 (permalink)  
Old 10-10-2008
Jim Bunton
 

Posts: n/a
Update will not run
Tried:
Run services.msc
Check Background Intelligent Transfer Service running - OK
Check Event Log running - ok
Check Automatic Updates NOT running

Automatic Updates is disabled and it's start button is greyed out
Setting the combo to Automatic (or manual) it reverts to disabled

-----------
RECENT EVENTS
IeExplorer Home page began to default to MyWebHunt
When reset to normal home page on reboot reverted to MyWebHunt
---------------
Googled mywebhunt
--------
found:
http://www.threatexpert.com/report.a...0-24b662a299ea
The following Registry Value was modified:. [HKEY_CURRENT_USER\Software\
Microsoft\Internet Explorer\Main]. Start Page = "http://www.mywebhunt.com"
....

reports the folowing registry modifications
a.. The following Registry Key was created:
a.. HKEY_LOCAL_MACHINE\SOFTWARE\GodLib
a.. The newly created Registry Values are:
a.. [HKEY_LOCAL_MACHINE\SOFTWARE\GodLib]
a.. FR = "1"
b.. BootDays = "23"
b.. [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
a.. NotifyDownloadComplete = "yes"
c.. [HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run]
a.. [filename of the sample #1 without extension] =
"%Windir%\[filename of the sample #1]"

so that [filename of the sample #1] runs every time Windows starts

a.. The following Registry Value was modified:
a.. [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
a.. Start Page = http://www.mywebhunt.com
---------
I HAVE DELETED
HKEY_LOCAL_MACHINE\SOFTWARE\GodLib
HKEY_LOCAL_MACHINE\SOFTWARE\GodLib]
a.. FR = "1"
b.. BootDays = "23"
in the entry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run]
a.. [filename of the sample #1 without extension] = "%Windir%\[filename of
the sample #1]"
I found a program named molocha.exe
AND a copy of it
in C:\Windows & Documents and Settings .. . \Temp
CREATED DATE today !!

Deleted the registry entry
"[filename of the sample #1 without extension] =
"%Windir%\[filename of the sample #1]" " for this file

AND, after reboot, renamed the C:\windows instance to Xmolocha.exe
AND deleted it from Documents and Settings\ . . \Temp

----------
This has stopped the hijack of the web browser to MyWebHunt
BUT Internet explorer is occassionally opening new instances with seemingly
random websites.
--- HELP! ---





Reply With Quote
Sponsored Links
  #2 (permalink)  
Old 10-10-2008
TaurArian
 

Posts: n/a
Re: Update will not run
Thank you for posting your findings, but if you're looking for assistance
regarding your problem, perhaps post to the Security/Viruses newsgroup -

Don't forget to tell them what OS you're using including SP level and also
what level of IE you're using. All information helps.
OE client -
news://msnews.microsoft.com/microsof...security.virus
or

Web client -
http://www.microsoft.com/communities...&lang=en&cr=us


--

TaurArian [MVP] 2005-2009 - Update Services
http://taurarian.mvps.org
======================================
How to ask a question: http://support.microsoft.com/kb/555375
Disclaimer: The information has been posted "as is" with no warranties or
guarantees and doesn't give any rights.
Computer Maintenance: Acronis / Diskeeper / Paragon / Raxco


"Jim Bunton" <wbbr26814@blueyonder.co.uk> wrote in message
news:48eeee32$0$10252$426a74cc@news.free.fr...
> Tried:
> Run services.msc
> Check Background Intelligent Transfer Service running - OK
> Check Event Log running - ok
> Check Automatic Updates NOT running
>
> Automatic Updates is disabled and it's start button is greyed out
> Setting the combo to Automatic (or manual) it reverts to disabled
>
> -----------
> RECENT EVENTS
> IeExplorer Home page began to default to MyWebHunt
> When reset to normal home page on reboot reverted to MyWebHunt
> ---------------
> Googled mywebhunt
> --------
> found:
> http://www.threatexpert.com/report.a...0-24b662a299ea
> The following Registry Value was modified:. [HKEY_CURRENT_USER\Software\
> Microsoft\Internet Explorer\Main]. Start Page = "http://www.mywebhunt.com"
> ...
>
> reports the folowing registry modifications
> a.. The following Registry Key was created:
> a.. HKEY_LOCAL_MACHINE\SOFTWARE\GodLib
> a.. The newly created Registry Values are:
> a.. [HKEY_LOCAL_MACHINE\SOFTWARE\GodLib]
> a.. FR = "1"
> b.. BootDays = "23"
> b.. [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
> a.. NotifyDownloadComplete = "yes"
> c.. [HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run]
> a.. [filename of the sample #1 without extension] =
> "%Windir%\[filename of the sample #1]"
>
> so that [filename of the sample #1] runs every time Windows starts
>
> a.. The following Registry Value was modified:
> a.. [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
> a.. Start Page = http://www.mywebhunt.com
> ---------
> I HAVE DELETED
> HKEY_LOCAL_MACHINE\SOFTWARE\GodLib
> HKEY_LOCAL_MACHINE\SOFTWARE\GodLib]
> a.. FR = "1"
> b.. BootDays = "23"
> in the entry
> [HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run]
> a.. [filename of the sample #1 without extension] = "%Windir%\[filename
> of
> the sample #1]"
> I found a program named molocha.exe
> AND a copy of it
> in C:\Windows & Documents and Settings .. . \Temp
> CREATED DATE today !!
>
> Deleted the registry entry
> "[filename of the sample #1 without extension] =
> "%Windir%\[filename of the sample #1]" " for this file
>
> AND, after reboot, renamed the C:\windows instance to Xmolocha.exe
> AND deleted it from Documents and Settings\ . . \Temp
>
> ----------
> This has stopped the hijack of the web browser to MyWebHunt
> BUT Internet explorer is occassionally opening new instances with
> seemingly
> random websites.
> --- HELP! ---
>
>
>
>
>



Reply With Quote
  #3 (permalink)  
Old 10-10-2008
Jim Bunton
 

Posts: n/a
Re: Update will not run
Thank you for your prompt response

os windows xp media center 2002 service pack 3

Can a virus stop windows update from runnimg??

[I included the possible virus info and what I had done in case what I had
done was responsible for update not running.


"TaurArian" <taurarian@gmail.com> wrote in message
news:OANrC3pKJHA.1308@TK2MSFTNGP02.phx.gbl...
> Thank you for posting your findings, but if you're looking for assistance
> regarding your problem, perhaps post to the Security/Viruses newsgroup -
>
> Don't forget to tell them what OS you're using including SP level and also
> what level of IE you're using. All information helps.
> OE client -
> news://msnews.microsoft.com/microsof...security.virus
> or
>
> Web client -
> http://www.microsoft.com/communities...&lang=en&cr=us
>
>
> --
>
> TaurArian [MVP] 2005-2009 - Update Services
> http://taurarian.mvps.org
> ======================================
> How to ask a question: http://support.microsoft.com/kb/555375
> Disclaimer: The information has been posted "as is" with no warranties or
> guarantees and doesn't give any rights.
> Computer Maintenance: Acronis / Diskeeper / Paragon / Raxco
>
>
> "Jim Bunton" <wbbr26814@blueyonder.co.uk> wrote in message
> news:48eeee32$0$10252$426a74cc@news.free.fr...
>> Tried:
>> Run services.msc
>> Check Background Intelligent Transfer Service running - OK
>> Check Event Log running - ok
>> Check Automatic Updates NOT running
>>
>> Automatic Updates is disabled and it's start button is greyed out
>> Setting the combo to Automatic (or manual) it reverts to disabled
>>
>> -----------
>> RECENT EVENTS
>> IeExplorer Home page began to default to MyWebHunt
>> When reset to normal home page on reboot reverted to MyWebHunt
>> ---------------
>> Googled mywebhunt
>> --------
>> found:
>> http://www.threatexpert.com/report.a...0-24b662a299ea
>> The following Registry Value was modified:. [HKEY_CURRENT_USER\Software\
>> Microsoft\Internet Explorer\Main]. Start Page =
>> "http://www.mywebhunt.com"
>> ...
>>
>> reports the folowing registry modifications
>> a.. The following Registry Key was created:
>> a.. HKEY_LOCAL_MACHINE\SOFTWARE\GodLib
>> a.. The newly created Registry Values are:
>> a.. [HKEY_LOCAL_MACHINE\SOFTWARE\GodLib]
>> a.. FR = "1"
>> b.. BootDays = "23"
>> b.. [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
>> a.. NotifyDownloadComplete = "yes"
>> c.. [HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run]
>> a.. [filename of the sample #1 without extension] =
>> "%Windir%\[filename of the sample #1]"
>>
>> so that [filename of the sample #1] runs every time Windows starts
>>
>> a.. The following Registry Value was modified:
>> a.. [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
>> a.. Start Page = http://www.mywebhunt.com
>> ---------
>> I HAVE DELETED
>> HKEY_LOCAL_MACHINE\SOFTWARE\GodLib
>> HKEY_LOCAL_MACHINE\SOFTWARE\GodLib]
>> a.. FR = "1"
>> b.. BootDays = "23"
>> in the entry
>> [HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run]
>> a.. [filename of the sample #1 without extension] = "%Windir%\[filename
>> of
>> the sample #1]"
>> I found a program named molocha.exe
>> AND a copy of it
>> in C:\Windows & Documents and Settings .. . \Temp
>> CREATED DATE today !!
>>
>> Deleted the registry entry
>> "[filename of the sample #1 without extension] =
>> "%Windir%\[filename of the sample #1]" " for this file
>>
>> AND, after reboot, renamed the C:\windows instance to Xmolocha.exe
>> AND deleted it from Documents and Settings\ . . \Temp
>>
>> ----------
>> This has stopped the hijack of the web browser to MyWebHunt
>> BUT Internet explorer is occassionally opening new instances with
>> seemingly
>> random websites.
>> --- HELP! ---
>>
>>
>>
>>
>>

>
>



Reply With Quote
  #4 (permalink)  
Old 10-10-2008
TaurArian
 

Posts: n/a
Re: Update will not run
Yes, malware and viruses can stop the WU process.

Please post to the Security/virus newsgroup for further assistance or seek
professional help.

One that has been around for awhile now and causing a lot of problems is
Vundo and mates -
http://www.microsoft.com/security/po...=Win32%2fVundo

--

TaurArian [MVP] 2005-2009 - Update Services
http://taurarian.mvps.org
======================================
How to ask a question: http://support.microsoft.com/kb/555375
Disclaimer: The information has been posted "as is" with no warranties or
guarantees and doesn't give any rights.
Computer Maintenance: Acronis / Diskeeper / Paragon / Raxco


"Jim Bunton" <wbbr26814@blueyonder.co.uk> wrote in message
news:48eef283$0$12658$426a34cc@news.free.fr...
> Thank you for your prompt response
>
> os windows xp media center 2002 service pack 3
>
> Can a virus stop windows update from runnimg??
>
> [I included the possible virus info and what I had done in case what I had
> done was responsible for update not running.
>
>
> "TaurArian" <taurarian@gmail.com> wrote in message
> news:OANrC3pKJHA.1308@TK2MSFTNGP02.phx.gbl...
>> Thank you for posting your findings, but if you're looking for assistance
>> regarding your problem, perhaps post to the Security/Viruses newsgroup -
>>
>> Don't forget to tell them what OS you're using including SP level and
>> also what level of IE you're using. All information helps.
>> OE client -
>> news://msnews.microsoft.com/microsof...security.virus
>> or
>>
>> Web client -
>> http://www.microsoft.com/communities...&lang=en&cr=us
>>
>>
>> --
>>
>> TaurArian [MVP] 2005-2009 - Update Services
>> http://taurarian.mvps.org
>> ======================================
>> How to ask a question: http://support.microsoft.com/kb/555375
>> Disclaimer: The information has been posted "as is" with no warranties or
>> guarantees and doesn't give any rights.
>> Computer Maintenance: Acronis / Diskeeper / Paragon / Raxco
>>
>>
>> "Jim Bunton" <wbbr26814@blueyonder.co.uk> wrote in message
>> news:48eeee32$0$10252$426a74cc@news.free.fr...
>>> Tried:
>>> Run services.msc
>>> Check Background Intelligent Transfer Service running - OK
>>> Check Event Log running - ok
>>> Check Automatic Updates NOT running
>>>
>>> Automatic Updates is disabled and it's start button is greyed out
>>> Setting the combo to Automatic (or manual) it reverts to disabled
>>>
>>> -----------
>>> RECENT EVENTS
>>> IeExplorer Home page began to default to MyWebHunt
>>> When reset to normal home page on reboot reverted to MyWebHunt
>>> ---------------
>>> Googled mywebhunt
>>> --------
>>> found:
>>> http://www.threatexpert.com/report.a...0-24b662a299ea
>>> The following Registry Value was modified:. [HKEY_CURRENT_USER\Software\
>>> Microsoft\Internet Explorer\Main]. Start Page =
>>> "http://www.mywebhunt.com"
>>> ...
>>>
>>> reports the folowing registry modifications
>>> a.. The following Registry Key was created:
>>> a.. HKEY_LOCAL_MACHINE\SOFTWARE\GodLib
>>> a.. The newly created Registry Values are:
>>> a.. [HKEY_LOCAL_MACHINE\SOFTWARE\GodLib]
>>> a.. FR = "1"
>>> b.. BootDays = "23"
>>> b.. [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
>>> a.. NotifyDownloadComplete = "yes"
>>> c.. [HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run]
>>> a.. [filename of the sample #1 without extension] =
>>> "%Windir%\[filename of the sample #1]"
>>>
>>> so that [filename of the sample #1] runs every time Windows starts
>>>
>>> a.. The following Registry Value was modified:
>>> a.. [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
>>> a.. Start Page = http://www.mywebhunt.com
>>> ---------
>>> I HAVE DELETED
>>> HKEY_LOCAL_MACHINE\SOFTWARE\GodLib
>>> HKEY_LOCAL_MACHINE\SOFTWARE\GodLib]
>>> a.. FR = "1"
>>> b.. BootDays = "23"
>>> in the entry
>>> [HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run]
>>> a.. [filename of the sample #1 without extension] = "%Windir%\[filename
>>> of
>>> the sample #1]"
>>> I found a program named molocha.exe
>>> AND a copy of it
>>> in C:\Windows & Documents and Settings .. . \Temp
>>> CREATED DATE today !!
>>>
>>> Deleted the registry entry
>>> "[filename of the sample #1 without extension] =
>>> "%Windir%\[filename of the sample #1]" " for this file
>>>
>>> AND, after reboot, renamed the C:\windows instance to Xmolocha.exe
>>> AND deleted it from Documents and Settings\ . . \Temp
>>>
>>> ----------
>>> This has stopped the hijack of the web browser to MyWebHunt
>>> BUT Internet explorer is occassionally opening new instances with
>>> seemingly
>>> random websites.
>>> --- HELP! ---
>>>
>>>
>>>
>>>
>>>

>>
>>

>
>



Reply With Quote
  #5 (permalink)  
Old 10-10-2008
Jim Bunton
 

Posts: n/a
Thanks Re: Update will not run
Thanks again for the prompt response.

Will follow up on the link you have given - I have already posted to the
virus news group - waiting a response.

Thanks again

Jim Bunton

"TaurArian" <taurarian@gmail.com> wrote in message
news:OFBrIFqKJHA.728@TK2MSFTNGP03.phx.gbl...
> Yes, malware and viruses can stop the WU process.
>
> Please post to the Security/virus newsgroup for further assistance or seek
> professional help.
>
> One that has been around for awhile now and causing a lot of problems is
> Vundo and mates -
> http://www.microsoft.com/security/po...=Win32%2fVundo
>
> --
>
> TaurArian [MVP] 2005-2009 - Update Services
> http://taurarian.mvps.org
> ======================================
> How to ask a question: http://support.microsoft.com/kb/555375
> Disclaimer: The information has been posted "as is" with no warranties or
> guarantees and doesn't give any rights.
> Computer Maintenance: Acronis / Diskeeper / Paragon / Raxco
>
>
> "Jim Bunton" <wbbr26814@blueyonder.co.uk> wrote in message
> news:48eef283$0$12658$426a34cc@news.free.fr...
>> Thank you for your prompt response
>>
>> os windows xp media center 2002 service pack 3
>>
>> Can a virus stop windows update from runnimg??
>>
>> [I included the possible virus info and what I had done in case what I
>> had done was responsible for update not running.
>>
>>
>> "TaurArian" <taurarian@gmail.com> wrote in message
>> news:OANrC3pKJHA.1308@TK2MSFTNGP02.phx.gbl...
>>> Thank you for posting your findings, but if you're looking for
>>> assistance regarding your problem, perhaps post to the Security/Viruses
>>> newsgroup -
>>>
>>> Don't forget to tell them what OS you're using including SP level and
>>> also what level of IE you're using. All information helps.
>>> OE client -
>>> news://msnews.microsoft.com/microsof...security.virus
>>> or
>>>
>>> Web client -
>>> http://www.microsoft.com/communities...&lang=en&cr=us
>>>
>>>
>>> --
>>>
>>> TaurArian [MVP] 2005-2009 - Update Services
>>> http://taurarian.mvps.org
>>> ======================================
>>> How to ask a question: http://support.microsoft.com/kb/555375
>>> Disclaimer: The information has been posted "as is" with no warranties
>>> or guarantees and doesn't give any rights.
>>> Computer Maintenance: Acronis / Diskeeper / Paragon / Raxco
>>>
>>>
>>> "Jim Bunton" <wbbr26814@blueyonder.co.uk> wrote in message
>>> news:48eeee32$0$10252$426a74cc@news.free.fr...
>>>> Tried:
>>>> Run services.msc
>>>> Check Background Intelligent Transfer Service running - OK
>>>> Check Event Log running - ok
>>>> Check Automatic Updates NOT running
>>>>
>>>> Automatic Updates is disabled and it's start button is greyed out
>>>> Setting the combo to Automatic (or manual) it reverts to disabled
>>>>
>>>> -----------
>>>> RECENT EVENTS
>>>> IeExplorer Home page began to default to MyWebHunt
>>>> When reset to normal home page on reboot reverted to MyWebHunt
>>>> ---------------
>>>> Googled mywebhunt
>>>> --------
>>>> found:
>>>> http://www.threatexpert.com/report.a...0-24b662a299ea
>>>> The following Registry Value was modified:.
>>>> [HKEY_CURRENT_USER\Software\
>>>> Microsoft\Internet Explorer\Main]. Start Page =
>>>> "http://www.mywebhunt.com"
>>>> ...
>>>>
>>>> reports the folowing registry modifications
>>>> a.. The following Registry Key was created:
>>>> a.. HKEY_LOCAL_MACHINE\SOFTWARE\GodLib
>>>> a.. The newly created Registry Values are:
>>>> a.. [HKEY_LOCAL_MACHINE\SOFTWARE\GodLib]
>>>> a.. FR = "1"
>>>> b.. BootDays = "23"
>>>> b.. [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
>>>> a.. NotifyDownloadComplete = "yes"
>>>> c..
>>>> [HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run]
>>>> a.. [filename of the sample #1 without extension] =
>>>> "%Windir%\[filename of the sample #1]"
>>>>
>>>> so that [filename of the sample #1] runs every time Windows starts
>>>>
>>>> a.. The following Registry Value was modified:
>>>> a.. [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
>>>> a.. Start Page = http://www.mywebhunt.com
>>>> ---------
>>>> I HAVE DELETED
>>>> HKEY_LOCAL_MACHINE\SOFTWARE\GodLib
>>>> HKEY_LOCAL_MACHINE\SOFTWARE\GodLib]
>>>> a.. FR = "1"
>>>> b.. BootDays = "23"
>>>> in the entry
>>>> [HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run]
>>>> a.. [filename of the sample #1 without extension] =
>>>> "%Windir%\[filename of
>>>> the sample #1]"
>>>> I found a program named molocha.exe
>>>> AND a copy of it
>>>> in C:\Windows & Documents and Settings .. . \Temp
>>>> CREATED DATE today !!
>>>>
>>>> Deleted the registry entry
>>>> "[filename of the sample #1 without extension] =
>>>> "%Windir%\[filename of the sample #1]" " for this file
>>>>
>>>> AND, after reboot, renamed the C:\windows instance to Xmolocha.exe
>>>> AND deleted it from Documents and Settings\ . . \Temp
>>>>
>>>> ----------
>>>> This has stopped the hijack of the web browser to MyWebHunt
>>>> BUT Internet explorer is occassionally opening new instances with
>>>> seemingly
>>>> random websites.
>>>> --- HELP! ---
>>>>
>>>>
>>>>
>>>>
>>>>
>>>
>>>

>>
>>

>
>



Reply With Quote
  #6 (permalink)  
Old 10-10-2008
PA Bear [MS MVP]
 

Posts: n/a
Re: Update will not run
[Crossposted to Security Virus newsgroup, as OP has repost there]

There's a very strong possibility that you have a Vundo infection, which is
usually accompanied by ZLOB and/or SDBot infections, all of which are
protected by a rootkit.

Run a thorough check for hijackware, including posting your hijackthis log
to an appropriate forum.

Checking for/Help with Hijackware
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://aumha.net/viewtopic.php?t=5878
http://wiki.castlecops.com/Malware_R...:_Introduction
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://defendingyourmachine2.blogspot.com/
http://www.elephantboycomputers.com/...moving_Malware

When all else fails, HijackThis v2.0.2
(http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use (in
conjuction with some other utilities). HijackThis will NOT fix anything on
its own, but it will help you to both identify and remove any
hijackware/spyware with assistance from an expert. **Post your log to
http://spywarehammer.com/simplemachi...php?board=10.0,
http://forums.spybot.info/forumdisplay.php?f=22,
http://aumha.net/viewforum.php?f=30, or another appropriate forum for review
by an expert in such matters, not here.**

If the procedures look too complex - and there is no shame in admitting this
isn't your cup of tea - take the machine to a local, reputable and
independent (i.e., not BigBoxStoreUSA) computer repair shop.

==========================================

Start a free Windows Update support incident request:
https://support.microsoft.com/oas/de...spx?gprid=6527

Support for Windows Update:
http://support.microsoft.com/gp/wusupport

For home users, no-charge support is available by calling 1-866-PCSAFETY in
the United States and in Canada or by contacting your local Microsoft
subsidiary. There is no-charge for support calls that are associated with
security updates.
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
AumHa VSOP & Admin http://aumha.net
DTS-L http://dts-l.net/


Jim Bunton wrote:
> Tried:
> Run services.msc
> Check Background Intelligent Transfer Service running - OK
> Check Event Log running - ok
> Check Automatic Updates NOT running
>
> Automatic Updates is disabled and it's start button is greyed out
> Setting the combo to Automatic (or manual) it reverts to disabled
>
> -----------
> RECENT EVENTS
> IeExplorer Home page began to default to MyWebHunt
> When reset to normal home page on reboot reverted to MyWebHunt
> ---------------
> Googled mywebhunt
> --------
> found:
> http://www.threatexpert.com/report.a...0-24b662a299ea
> The following Registry Value was modified:. [HKEY_CURRENT_USER\Software\
> Microsoft\Internet Explorer\Main]. Start Page = "http://www.mywebhunt.com"
> ...
>
> reports the folowing registry modifications
> a.. The following Registry Key was created:
> a.. HKEY_LOCAL_MACHINE\SOFTWARE\GodLib
> a.. The newly created Registry Values are:
> a.. [HKEY_LOCAL_MACHINE\SOFTWARE\GodLib]
> a.. FR = "1"
> b.. BootDays = "23"
> b.. [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
> a.. NotifyDownloadComplete = "yes"
> c.. [HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run]
> a.. [filename of the sample #1 without extension] =
> "%Windir%\[filename of the sample #1]"
>
> so that [filename of the sample #1] runs every time Windows starts
>
> a.. The following Registry Value was modified:
> a.. [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
> a.. Start Page = http://www.mywebhunt.com
> ---------
> I HAVE DELETED
> HKEY_LOCAL_MACHINE\SOFTWARE\GodLib
> HKEY_LOCAL_MACHINE\SOFTWARE\GodLib]
> a.. FR = "1"
> b.. BootDays = "23"
> in the entry
> [HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run]
> a.. [filename of the sample #1 without extension] = "%Windir%\[filename
> of
> the sample #1]"
> I found a program named molocha.exe
> AND a copy of it
> in C:\Windows & Documents and Settings .. . \Temp
> CREATED DATE today !!
>
> Deleted the registry entry
> "[filename of the sample #1 without extension] =
> "%Windir%\[filename of the sample #1]" " for this file
>
> AND, after reboot, renamed the C:\windows instance to Xmolocha.exe
> AND deleted it from Documents and Settings\ . . \Temp
>
> ----------
> This has stopped the hijack of the web browser to MyWebHunt
> BUT Internet explorer is occassionally opening new instances with
> seemingly
> random websites.
> --- HELP! ---


Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
instAllshield update service update manager vista error requirespermission Nunya Beeswax microsoft.public.windows.vista.security 12 04-16-2009 03:03
Article ID: 927532 When you use Windows Update to install an update in Windows Vista, the update may not appear in the Programs and Features item in Control Panel KBArticles English 0 10-22-2007 20:00
Windows-Vista Update Center - Update fehlgeschlagen - Code 8007001 Ronald microsoft.public.de.windows.vista.sicherheit 6 07-12-2007 03:02
Update or Instal Vista fails "Windows could not update registry da =?Utf-8?B?U3VlIFNtaXRo?= microsoft.public.windows.vista.general 9 02-28-2007 20:13
RE: Windows update error 80070103 - Beta 2 Vista NVIDIA Driver Update =?Utf-8?B?Sm9obiBIdW1waHJleXM=?= microsoft.public.windows.vista.general 2 02-28-2007 15:26




All times are GMT +1. The time now is 05:25.




Driver Scanner - Free Scan Now

Vistaheads.com is part of the Heads Network. See also XPHeads.com , Win7Heads.com and Win8Heads.com.


Design by Vjacheslav Trushkin for phpBBStyles.com.
Powered by vBulletin® Version 3.6.7
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.6.0 RC 2

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120