Automatic updates in Windows XP got disabled in my PC today. I was not able to start the service "wuauserv" from the "services" tab. It was disabled initially and I tried starting it so many times..it was returning the same error code back. Hardware profile under "Log On" tab in the service was also enabled. Something strange, it was just not getting enabled.
I've McAfee antivirus software with updated definitions in my PC. I ran a full scan which took more than two hours to get completed. 0 virus found -> This was the result. The problem persisted.
I just upgraded my Windows XP to SP3. I was wondering if it is an issue with the upgrade.
Googling in the web did not help. A lot of forums discussed about the same problem. But none offered a convincing solution. Some of the solutions include
1) Check RPC service is up and running.
2) Check for Event logger service. etc..
Finally, I decided to take the help of Spybot. Earlier during the day, when I was not connected to the internet, some program in my PC was just trying to connect to the Internet during regular intervals. I could sniff some possible spyware infection in my PC.
After spybot installation, the program updated its definitions and finally the hunting started. There were around 1.5 lac signatures that needed scanning. The scan detected one Adware in my PC
Before even proceeding to fix, I tried searching about this Adware. VirtuMonde is an adware program that downloads and displays popup advertisements. 16 entries of this program were detected in the scan. Some additional information about the Adware is available here.
Finally, I tried activating "Automatic Updates" and it got enabled successfully.
Some questions running in my mind after this operation are
1) I did not find any connection in the web between Virtumonde and Automatic Updates. How come the removal helped in enabling 'Automatic Updates' ?
2) Why McAfee did not detect Virtumonde in first place?
3) How on earth it entered my PC in first place? (Hope I will have an answer for this soon)
If you have a similar problem with 'Automatic Updates', check with Spybot. It could be due to Mr.Virtumonde. :)
I've McAfee antivirus software with updated definitions in my PC. I ran a full scan which took more than two hours to get completed. 0 virus found -> This was the result. The problem persisted.
I just upgraded my Windows XP to SP3. I was wondering if it is an issue with the upgrade.
Googling in the web did not help. A lot of forums discussed about the same problem. But none offered a convincing solution. Some of the solutions include
1) Check RPC service is up and running.
2) Check for Event logger service. etc..
Finally, I decided to take the help of Spybot. Earlier during the day, when I was not connected to the internet, some program in my PC was just trying to connect to the Internet during regular intervals. I could sniff some possible spyware infection in my PC.
After spybot installation, the program updated its definitions and finally the hunting started. There were around 1.5 lac signatures that needed scanning. The scan detected one Adware in my PC
"Virtumonde"
Before even proceeding to fix, I tried searching about this Adware. VirtuMonde is an adware program that downloads and displays popup advertisements. 16 entries of this program were detected in the scan. Some additional information about the Adware is available here.
This virus is reported to record your keystrokes and randomly displays advertisements. This virtumonde.c Trojan will create a DLL (Dynamic Link Library) to facilitate the recording of your keystrokes and communicates with a website located on the internet. Virtumonde.C attaches to explorer.exe, goes memory resident and verifies that it's running (the virus that is). If for some reason Virtumonde.c is stopped, the memory resident program will fire it back up.The virus also writes to cookies on the infected computer and may visit more than one internet site. The part that makes VirtuMonde.c tricky is that it's a memory resident and writes to a file that spyware removal programs can't erase.
Spybot was able to remove all the traces of Virtumonde. I rebooted my PC after the scan and there was one more startup scan to remove any outstanding traces. One more entry was found this time, and it got removed through Spybot.Finally, I tried activating "Automatic Updates" and it got enabled successfully.
Some questions running in my mind after this operation are
1) I did not find any connection in the web between Virtumonde and Automatic Updates. How come the removal helped in enabling 'Automatic Updates' ?
2) Why McAfee did not detect Virtumonde in first place?
3) How on earth it entered my PC in first place? (Hope I will have an answer for this soon)
If you have a similar problem with 'Automatic Updates', check with Spybot. It could be due to Mr.Virtumonde. :)
No comments:
Post a Comment