Tag Archives: virus

29
Aug

Fystemroot – Fix BITS for Windows Update after Virus Removal on Windows XP

Biggest pain in the @$$ issue I have seen so far on Windows XP. You remove tons of viruses, get everything working, and then all the sudden Windows Update doesn’t work anymore, gives a dumb error. [Error number: 0x8024D007]

The first issue is that windows wont update. The second is that you start getting locked out of all kinds of things due to system administrative policy issues.

So I decide to download Microsoft’s Fix it tool for Windows Update Issues to have it fix it for me. NO SUPRISE IT DIDN’T WORK, well sort of. It couldn’t initialize BITS, and when I tried to, it said I hadn’t the rights to do so.

I wasn’t sure what to do, I couldn’t figure it out. After 3 hours on a 1 hour job, In tears and defeated I told my customer I was going to have to backup and reformat.  He agreed and I proceeded to do a system recovery…until I realized he had no restore partition, and probably no installation discs. Ever vigilant, I began my search again. Trolling forums and Googling like crazy I came across this Comment #10.

I had this issue on a PC that was cleaned of viruses. After hours of searching for a solution I searched the registry for the word BITS and found 2 instances of a path where the word%SystemRoot% had been changed to %fystemRoot%. This prevented BITS from finding the specified file.

I searched, and found it…there it was! Beckoning for me to fix it!

Now, all is not that easy. For some reason I was getting an error message saying you do not have authority or permission to change these files from fystemroot to systemroot, so the search continued.

This following information is an example why we read comments, and not just articles ;)

Go into the registy and go to

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services (BITS and Wuauserv)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services (BITS and Wuauserv)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services (BITS and Wuauserv)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services (BITS and Wuauserv)

Find BITS and Wuauserv and right click it on the left hand side, and select “Permissions”. Tick full control again for allow (For each one of them).

This will allow you to Set Permissions and rename those nasty registry keys.

I then ran the Microsoft Fix it Tool , and immediately it cleared the BITS initialization portion. Thank Goodness….load up Windows Update.

Voilà, [Error number: 0x8024D007], Gone! Windows is now updating.

Fystemroot, I happily and triumphantly give you the /fist…multiple times /fist /fist /fist.

August 29, 2010 4 Comments , , , , , , geilt Repair
25
Jul

MSConfig: Remove Disabled / Unchecked Program Items Manually

It took a while to find this one. After accidentally installing a virus and cleaning it manually, I wanted to clean up the registry entries in MSConfig to not show the now defunct startup .dll’s and .exe’s

The way to do this is quite simple actually. There are 3 locations in your registry where the information is held.

The first two are:

  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

When you click on the folders you will find the names of the programs. Delete them and they are gone from MSConfig (Note: This does not actually delete the file). Make sure you browse too and delete the offending files before deleting them from the registry. Check both the Local Machine and Current User because they can have separate or duplicate entries. You also want to make sure one program doesnt reinstall another after rebooting thinking you had fixed the issue!

The third location is:

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig

Here you will find two folders: /startupfolder/ and /startupreg/

/Startupfolder/ will have full path folders of items that startup with the “/”‘s trimmed as “^”. You can find information on the programs by clicking the folder and viewing the contents. Delete the folder if you want it out of the MSConfig list.

/Startupreg/ has more descriptive startup items. You can clearly see the names you would normally see in MSConfig.

Once you delete the files from these locations, give your computer a restart and you should no longer have them showing / loading.

These 3 Registry keys/folders are very handy for manually removing viruses, especially those “ANti Virus” Viruses. The ones that make it seem as if they are an anti virus.

You MUST make sure to remove every file associated with them…they will try to hide. Be vigilant and careful. Once manually removed it is recommended ot always followup with antimalware/spyware software such as Spybot Search and DestroyMalwarebytes Anti-Malware, and a general Anti-Virus.

Repost from Esotech.org….who will get indexed first? Joomla! or WordPress…we’ll see!!

July 25, 2010 Leave a comment , , geilt Technology
Find Me
Join Me
Play Rift with Geilt - Get a Free Trial!
Post Categories
Post Types
Post Calendar
February 2012
M T W T F S S
« Jan    
 12345
6789101112
13141516171819
20212223242526
272829  
Twitter
Google, Facebook Comply With India’s New Internet Censorship Rules http://t.co/6iIERBZw
28 minutes ago
Want To Speak @ SMX Toronto? Here’s How http://t.co/Di2X08wa
3 hours ago
The Simple Template for a Thorough Content Style Guide http://t.co/ITvA9rNP
4 hours ago
Yahoo Launches Mobile-App Search (For PCs) In The UK http://t.co/1VJwLnFT
5 hours ago
Latest Google Search Revamp Brings Opportunities For Local Businesses http://t.co/4WzMtpZM
6 hours ago
Bing Webmaster Tools Adds Markup Validator http://t.co/qmzffQH4
8 hours ago
Why You Need Social Media Followers Who Won't Ever Buy http://t.co/iUak4GjI
8 hours ago
Hiddukel: I earned this achievement: Level 30!! http://t.co/pjfgQkkt #Rift
15 hours ago
About Geilt
Alexander Conroy is Chief Optimization Officer and Co-President of Esotech in Miami Florida
Google+ Statistics
Empire Avenue
© Copyright 2010-2012 Geilt's Blog. All rights reserved. Created by Dream-Theme — premium wordpress themes. Proudly powered by WordPress.