Deleted Virus & edited reg...now can't start Win Update service

Discussion in 'Virus Information' started by Dawn, Aug 29, 2004.

  1. Dawn

    Dawn Guest

    I followed the following steps to remove a
    virus "w32.maddis.b"...
    I stopped the service:
    a. Click Start > Programs > Administrative Tools >
    Services.
    b. Right-Click "Windows Update."
    c. Set Startup type to "Disabled."
    d. Click Stop.
    Now after stopping the Windows Update & deleting the
    infected USRINIT.EXE & HELPER.DLL & then I went into the
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services
    and the deleted the "Windows Update" key.
    In the removal instruction it also said to delete the
    value: "WindowsUpdate" = "%System%\USRINIT.EXE"in
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersio
    n\Run but it wasn't there.
    I can't start it again the Windows Update again. I don't
    know if I need to though.
    I get "error 1058-The service cannot be started either
    because it is diabled or because it has no enabled devices
    associated with it". When I right click & try to gp into
    properties so I can enable it I get "Configoration
    Manager:A required entry in the registry is missing or an
    attempt to right to it has failed.
    Am I OK or do I need to set up the registry key for the
    windows update...If I do can some one give me details of
    what to do?

    Thanks
    Dawn
     
    Dawn, Aug 29, 2004
    #1
    1. Advertisements

  2. Dawn

    pauly [MSFT] Guest

    Hi Dawn,

    Thanks for your post.

    To answer your question, you *do not* need to restart the service named
    "Windows Update". That service was part of the worm.

    The bad guys named part of their worm program "Windows Update" so people
    would think it is legitimate and leave it alone. This "Windows Update"
    service should not be started.

    Windows does not have a service called "Windows Update" by default.

    MORE INFORMATION:
    http://securityresponse.symantec.com/avcenter/venc/data/w32.maddis.b.html

    =========

    This posting is provided "AS IS" with no warranties, and confers no rights.

    Windows XP Security Homepage:
    http://www.microsoft.com/windowsxp/security/default.asp

    Windows 2000 Security Homepage:
    http://www.microsoft.com/windows2000/security/default.asp

    Top 10 Windows Newsgroups Security Questions:
    http://www.microsoft.com/technet/newsgroups/default.asp?url=/technet/newsgro
    ups/nodepages/sectop10.asp

    =========
    Paul Hayes, MCSE
    Product Support Services
    Microsoft Corporation


    --------------------
    | From: "Dawn" <>
    | Subject: Deleted Virus & edited reg...now can't start Win Update service
    | Date: Sun, 29 Aug 2004 14:17:02 -0700
    |
    | I followed the following steps to remove a
    | virus "w32.maddis.b"...
    | I stopped the service:
    | a. Click Start > Programs > Administrative Tools >
    | Services.
    | b. Right-Click "Windows Update."
    | c. Set Startup type to "Disabled."
    | d. Click Stop.
    | Now after stopping the Windows Update & deleting the
    | infected USRINIT.EXE & HELPER.DLL & then I went into the
    | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services
    | and the deleted the "Windows Update" key.
    | In the removal instruction it also said to delete the
    | value: "WindowsUpdate" = "%System%\USRINIT.EXE"in
    | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersio
    | n\Run but it wasn't there.
    | I can't start it again the Windows Update again. I don't
    | know if I need to though.
    | I get "error 1058-The service cannot be started either
    | because it is diabled or because it has no enabled devices
    | associated with it". When I right click & try to gp into
    | properties so I can enable it I get "Configoration
    | Manager:A required entry in the registry is missing or an
    | attempt to right to it has failed.
    | Am I OK or do I need to set up the registry key for the
    | windows update...If I do can some one give me details of
    | what to do?
    |
    | Thanks
    | Dawn
    |
    |
    |
     
    pauly [MSFT], Sep 1, 2004
    #2
    1. Advertisements

  3. Dawn

    Guest Guest

    Thanks for the info... It's just the virus removal
    instructions didn't explain that part & I wasn't sure if I
    needed anything further. I posted this question in various
    newsgroups and yours is the first clear answer. Thanks a
    lot, Dawn
     
    Guest, Sep 2, 2004
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.