fouten update windows 7

vanaf 10 april kan ik windows 7 niet meer updaten 

hierover met Microsoft in overleg gegaan 

fout die optrad was dat er een access denied optrad 

op aanraden van microsoft Malwarebytes in save mode uitgevoerd 

verbazing dat dit programma een rapport geeft van 68 bladzijdes met fouten

samengevat zijn er 

0 fouten in processes

2 fouten in modules 

49 fouten in egistry keys

2 fouten in nregistry values

3 fouten in registry data

219 fouten in folders

829 fouten in files 

en 0 fouten in physical sectors

als ik de scan gebruikt van F secure 

ik ben gebruiker van xs4all en heb via hen f-secure op mijn machine staan

F-Secure Security Panel 1.89 build 205

 

dan kom er geen fout uit 

uitleg van microsoft is dat als er een virus langs glipt als eerste een registry key wordt aangemaakt 

die er voor zorgt dat de beveiliging altijd o.k. terug geeft 

graag commentaar hierop en hoe op te lossen 

microsoft zegt dat dit zoveel fouten zijn dat er een volledige backup van de data gemaakt moet worden 

en dan opnieuw vanaf scratch beginnen 

 

 

Best Answer

  • BlackcatBlackcat Posts: 511
    Accepted Answer

    @Simon 

     

    He should be okay as HitManPro will only run in the background, it has no real-time scanner. For 30 days after the first install it will remove any malware it finds; after this time you need to buy a license.

     

     

Answers

  • SimonSimon Posts: 2,583
    Hello,

    This is the English language section of the community. For more people to be able to help, please repost in English, or use the Deutsch forum, if appropriate.

    Thanks. :)
  • joopkassjoopkass Posts: 4

    Sorry about posting it in dutch 

    here is the translation in english (sort of)

    From april 10 on i cannot update windows 7 

    I have talked to Microsoft about that 

    The error i got means access denied 

    they said that i should run Malwarebytes in save mode 

    when i ran the program it gave me a shock

    the error report was 68 pages long

    a recap of it  said 

    i had 

     

    0 errors in processes

    2 errors in modules 

    49 errors in registry keys

    2 errors in registry values

    3 errors in registry data

    219 errors in folders

    829 errors in files 

    en 0 errors in physical sectors

     

    I am a user of F-secure 

    F-Secure Security Panel 1.89 build 205

    which i got as a user of xs4all

     

    when i do a scan with f-secure there is no error on the machine 

     

    explanation of microsoft is that when a virus slips through the first thing it does 

    is setting a registry key which give f-secure always a o.k.

     

    Please comment on it and is there a way to circumvent it and solve the problems

    acccording to microsoft i have to backup al the files and then start with a clean windows 7  

     

  • SimonSimon Posts: 2,583

    I'm not an expert on this, but my latest build is F-Secure 1.99 build 192, so yours would appear to be older, but I'm not sure how much older, or how it works coming from xs4all.  I would initially suggest that you see if you can get a newer build, and run a scan with it. 

     

    I'm also not quite sure whether 'errors' in your report mean 'viruses', or actual errors.  I don't think F-Secure would pick up 'errors' in the registry, for example, as it's not designed to do so, if the 'errors' are not viruses or malware.

     

    Sorry not to be of more help, but hopefully someone else will be along later with a better idea of how to proceed with this.

     

    I assume you've tried doing a System Restore to before April 10th?

  • SimonSimon Posts: 2,583
    Just another point, regarding the F-Secure build number, I'm not sure if 'F-Secure Security Panel' is the same as 'F-Secure Internet Security', which is what I'm using, so sorry for any confusion there.
  • UkkoUkko Posts: 2,960

    Hello, joopkass

     

    Just because your version of F-Secure related with your provider (xs4all) - it's can be some kind of outdate in any technologies (but databases must be up-to-date);

     

    It's mean trouble with system can be related:

     

     - some of "attacks" - which can to prevent by behavior/pro-active technologies (which can be in your version a little be one-step-ago);

     

     - some kind of randomly mistake by your steps (if you randomly meet some of malicious files and think about that like safe-file);

     

     - any others - which can be, of course, with any protection-software;

     

    -----------

    About situation:

     

    Malwarebytes can to detect various PuPs/not-active-keys and etc., which related with any viruses in system (can be already deleted/removed/cleaned) or just with "false-positive" (when... it's just suspicious or potential risk);

     

    But just because your system have troubles with Updates and etc. It's can be related with any adware and etc.

    Probably you can try to check - if Malwarebytes can to detect anything else (again?) - and if it's already all clean - maybe your system without "active troubles";

     

    And you can try to fix troubles in settings by hand - or by any command-line "sfc /scannow" (and etc.);

    Also some kind of repair MBR and etc. (without totally re-install system);

     

    F-Secure can to ingore already "not-active" empty/not-empty keys in registry or some kind of "temp-files" - or just missing "that a lot of files with infection"; Here will be good any logs about detections-names and etc.

    And also you can create a ticket for F-Secure support;

     

    Most "not hard" step - indeed... backup all your important files and re-install system. Close to totally fixed any troubles or potential problems.

     

    But... if you don't want to that. Try to check situation about "sfc /scannow" and any other popular steps for checking "health" in system by default steps;

    And then... you can try to use any RescueCD/LiveCD for scan system:

     

     - can to help... if it's still with any malicious programs in system; Or... some of RCD/LCD have features about some kind of "repair" any kind of "broken default settings";

     

     

    If your system still with "active"-malicious actions... it's can be any rootkits... And here RescueCD/LiveCD (by F-Secure or any other protection/security companies) can to help too.

    If you have alternative data stream - also can be helpful default features about repair any system-files to default;

    Also you can try to download and use F-Secure Blacklight (from official F-Secure source) - re-name that file and scan system (can be helpful - if F-Secure not detected anything.. because malware have protection against "process" with F-Secure-related names).

     

    Sorry about a lot of text.

     

    Not really sure.. that understand which situation you have in current time (about your system); 

     

  • BlackcatBlackcat Posts: 511

    Is the error report from a Malwarebytes log-file or from Windows event viewer? I have never seen a 68 page error report!

     

    Can you post exactly the Windows Update error?

     

    Was there any mention anywhere in Malwarebytes of any malicious items detected?

     

    What version of Malwarebytes are you running? Version 2?

     

    I would try;

     

    1. Re-boot your machine and see if the Windows updates then come down.

     

    2. Triple check for malware by downloading and scanning with HitManPro(free 30-day version);  http://www.surfright.nl/en/hitmanpro

     

    3. Try Microsoft's diagnostic tool. It's called the Windows Update Troubleshooterhttp://windows.microsoft.com/en-us/windows7/open-the-windows-update-troubleshooter

     

    4. Reset Windows Update; http://support.microsoft.com/kb/971058

     

     

    EDIT: In addition have you posted on the XS4ALL Forums or contacted their Support?

     

  • SimonSimon Posts: 2,583
    @Blackcat - just for reference, is HitManPro compatible with FS if run in real time?
  • SimonSimon Posts: 2,583

    OK, thanks.  Might have a look at that myself, then.  :)

  • SimonSimon Posts: 2,583

    Looks a bit complex, that one.  red-face.gif

  • joopkassjoopkass Posts: 4

    O..k 

    I started hitmanpro  and it solved my problem

    it found 586 errors   

    and solves them bij deleting or put them in quaratine 

     

    Thanks every one for inputting answers to me 

     

    I will also inform microsoft that the problem could be solved so easely 

    and not the way they suggested 

     

     

  • BlackcatBlackcat Posts: 511

    @joopkass 

     

    Glad to hear you are sorted out but can you provide a little more detail.

     

    Did HitmanPro find errors or malware? Could you post one of the "errors" it corrected?

     

    Your experience confirms that HitManPro is a good backup scanner to have in anyone's protection arsenal. 

  • UkkoUkko Posts: 2,960

    Also like addition:

     

     - HitmanPro probably always (doesn't matter if you choose "one time scan") create a log-files local-folders (AppData/Local Settings) in txt-files; Already not sure - but it's can to have any "user information", but must be possible to "copy" just "found items";

     

     - HitmanPro also detected most part of tracking cookies (F-Secure can to not deleting some of them "as design" by "safe-status"; or just if you use any alternative browser);

     

     Also HitmanPro can to "give" a little be more "numbers" of "found items", than it's can be - just because it's a little be another kind of "statistics" (it's mean 586 items - can be not really indeed 586 trouble-files or registry-keys or just tracking cookies);

     

    But... probably indeed HitmanPro can to "back to default" any system settings. But that can to do Malwarebytes too (especially about part of "blocked Windows update"-keys). :)

     

    Anyway - you can be close to "sure" - that system are OK. But still you need to check more (it's must be related with kind of found-items) :).

  • joopkassjoopkass Posts: 4

    Here are the details of hitmanpro 

     

    Scan date . . . . . . : 2014-04-19 10:34:46
    Scan mode . . . . . . : Normal
    Scan duration . . . . : 13m 45s
    Disk access mode . . : Direct disk access (SRB)
    Cloud . . . . . . . . : Internet
    Reboot . . . . . . . : Yes

    Threats . . . . . . . : 586
    Traces . . . . . . . : 889

    Objects scanned . . . : 2.286.197
    Files scanned . . . . : 152.748
    Remnants scanned . . : 824.134 files / 1.309.315 keys

     

    Malware _____________________________________________________________________

    C:\ProgramData\Wincert\win32cert.dll -> Quarantined
    Size . . . . . . . : 7.168 bytes
    Age . . . . . . . : 109.0 days (2013-12-31 11:14:04)
    Entropy . . . . . : 5.0
    SHA-256 . . . . . : 667985D140FF2E4AB20FDF12F1F5195693E0AB32318827D446CA182CC311F1EE
    > Kaspersky . . . . : not-a-virus:WebToolbar.Win32.SearchSuite.a
    Fuzzy . . . . . . : 106.0

    C:\Users\hcc FVC platform\AppData\Local\Temp\{45F4935D-CF7A-4BFB-A910-87589E17B1AB}\Custom.dll -> Quarantined
    Size . . . . . . . : 61.440 bytes
    Age . . . . . . . : 369.7 days (2013-04-14 16:57:30)
    Entropy . . . . . : 6.4
    SHA-256 . . . . . : D269508431C5F9946D7A2C4217B24A2E9FD30AFA2B32E23FF40960D04CF5E994
    Product . . . . . : SoftSafe
    Publisher . . . . : SoftSafe
    Description . . . : Custom DLL for SoftSafe
    Version . . . . . : 2013.4.
    Copyright . . . . : Copyright © 2012 S
    > Kaspersky . . . . : not-a-virus:AdWare.Win32.Agent.aeph
    Fuzzy . . . . . . : 100.0

    C:\Users\hcc FVC platform\AppData\Roaming\OpenCandy\6894ED5653D54DA6AFE460B86873752B\SSStub_SearchProtect_p1v0.exe -> Quarantined
    Size . . . . . . . : 322.680 bytes
    Age . . . . . . . : 20.6 days (2014-03-29 19:38:50)
    Entropy . . . . . : 7.9
    SHA-256 . . . . . : 74D1728E35E66597921E27256C6EA6997498BD61BC6EB2536FB250D368964630
    RSA Key Size . . . : 2048
    Authenticode . . . : Valid
    > Kaspersky . . . . : not-a-virusSmiley Very Happyownloader.Win32.Agent.baxm
    Fuzzy . . . . . . : 108.0

     

    Potential Unwanted Programs _________________________________________________

    C:\Program Files (x86)\Ask.com\ (AskBar) -> Deleted
    C:\Program Files (x86)\Ask.com\assets\oobe\ (AskBar) -> Deleted
    C:\Program Files (x86)\Ask.com\assets\oobe\b.png (AskBar) -> Deleted
    C:\Program Files (x86)\Ask.com\assets\oobe\bl.png (AskBar) -> Deleted
    C:\Program Files (x86)\Ask.com\assets\oobe\br.png (AskBar) -> Deleted
    C:\Program Files (x86)\Ask.com\assets\oobe\l.png (AskBar) -> Deleted
    C:\Program Files (x86)\Ask.com\assets\oobe\pointer.png (AskBar) -> Deleted
    C:\Program Files (x86)\Ask.com\assets\oobe\r.png (AskBar) -> Deleted
    C:\Program Files (x86)\Ask.com\assets\oobe\t.png (AskBar) -> Deleted
    C:\Program Files (x86)\Ask.com\assets\oobe\tl.png (AskBar) -> Deleted
    C:\Program Files (x86)\Ask.com\assets\oobe\tr.png (AskBar) -> Deleted
    C:\Program Files (x86)\Ask.com\cobrand.ico (AskBar) -> Deleted
    C:\Program Files (x86)\Ask.com\config.xml (AskBar) -> Deleted
    C:\Program Files (x86)\Ask.com\favicon.ico (AskBar) -> Deleted
    C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (AskBar) -> Deleted
    Size . . . . . . . : 1.520.776 bytes
    Age . . . . . . . : 359.0 days (2013-04-25 09:44:14)
    Entropy . . . . . : 6.8
    SHA-256 . . . . . : F20D2999461349323E7D44795ABED7A2A1EA8D3B6A32F91B3B1B58822503766F
    Product . . . . . : Toolbar
    Publisher . . . . : Ask
    Description . . . : Ask Toolbar
    Version . . . . . : 5.15.23.36191
    Copyright . . . . : (c) Ask. All rights reserved.
    RSA Key Size . . . : 2048
    Authenticode . . . : Valid
    Fuzzy . . . . . . : -17.0
    Startup
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\
    HKU\S-1-5-21-905213307-2693827331-2924149415-1001\SOFTWARE\Microsoft\Internet Explorer\UrlSearchHooks\{00000000-6E41-4FD3-8538-502F5495E5FC}
    References
    HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\
    HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\
    HKLM\SOFTWARE\Wow6432Node\Classes\GenericAskToolbar.ToolbarWnd.1\
    HKLM\SOFTWARE\Wow6432Node\Classes\GenericAskToolbar.ToolbarWnd\
    HKLM\SOFTWARE\Wow6432Node\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}\
    HKU\S-1-5-21-905213307-2693827331-2924149415-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}\

    C:\Program Files (x86)\Ask.com\mupcfg.xml (AskBar) -> Deleted
    C:\Program Files (x86)\Ask.com\precache.exe (AskBar) -> Deleted
    Size . . . . . . . : 71.816 bytes
    Age . . . . . . . : 359.0 days (2013-04-25 09:44:15)
    Entropy . . . . . : 6.3
    SHA-256 . . . . . : 4A343C9AAF47664B14C03AFB281C15F6705C6A750B59A6C578D712200A180F07
    RSA Key Size . . . : 2048
    Authenticode . . . : Valid
    Fuzzy . . . . . . : -9.0

    C:\Program Files (x86)\Ask.com\SaUpdate.exe (AskBar) -> Deleted
    Size . . . . . . . : 198.280 bytes
    Age . . . . . . . : 359.0 days (2013-04-25 09:44:15)
    Entropy . . . . . : 6.6
    SHA-256 . . . . . : 7939C565BD4751048F57854DEE262D437E79B992EA05EE29D6111A39F7A7DAB7
    RSA Key Size . . . : 2048
    Authenticode . . . : Valid
    Fuzzy . . . . . . : -9.0

    C:\Program Files (x86)\Ask.com\Updater\ (AskBar) -> Deleted
    C:\Program Files (x86)\Ask.com\Updater\config.xml (AskBar) -> Deleted
    C:\Program Files (x86)\Ask.com\Updater\Updater.exe (AskBar) -> Deleted
    Size . . . . . . . : 1.646.216 bytes
    Age . . . . . . . : 359.0 days (2013-04-25 09:44:14)
    Entropy . . . . . : 6.1
    SHA-256 . . . . . : 0CEEC40C38DEBE1012C6D9FD08FF648AD3AB8080B388E5B62A6946847A2BB243
    Product . . . . . : Updater
    Publisher . . . . : Ask
    Description . . . : Ask Updater
    Version . . . . . : 1.2.536191
    Copyright . . . . : (c) Ask. All rights reserved.
    RSA Key Size . . . : 2048
    Authenticode . . . : Valid
    Running processes : 5180
    Fuzzy . . . . . . : -17.0

    C:\Program Files (x86)\Ask.com\UpdateTask.exe (AskBar) -> Deleted
    Size . . . . . . . : 137.864 bytes
    Age . . . . . . . : 359.0 days (2013-04-25 09:44:15)
    Entropy . . . . . : 6.5
    SHA-256 . . . . . : 727D5CF5392C6E53306C6029455EEAD2C45923010297958975700A17101698FE
    RSA Key Size . . . : 2048
    Authenticode . . . : Valid
    Fuzzy . . . . . . : -11.0
    Startup
    C:\Windows\system32\Tasks\Scheduled Update for Ask Toolbar

    C:\Program Files (x86)\Conduit\ (Conduit) -> Deleted
    C:\Program Files (x86)\Conduit\Community Alerts\ (Conduit) -> Deleted
    C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll (Conduit) -> Deleted
    Size . . . . . . . : 638.560 bytes
    Age . . . . . . . : 651.7 days (2012-07-06 18:55:19)
    Entropy . . . . . : 6.4
    SHA-256 . . . . . : F22E58CDFE94D4A5FBBF2795A743B167ED9923E289E14654631E0077DD306C1D
    Product . . . . . : Alert
    Publisher . . . . : Conduit Ltd.
    Description . . . : Alert
    Version . . . . . : 1.1.4.1
    Copyright . . . . : Copyright © Conduit Ltd. 2011.
    RSA Key Size . . . : 1024
    Authenticode . . . : Valid
    Fuzzy . . . . . . : -15.0

    C:\Program Files (x86)\DealPly\ (Delta Search) -> Deleted
    C:\Program Files (x86)\DealPly\DealPlyTune.dll (Delta Search) -> Deleted
    Size . . . . . . . : 71.272 bytes
    Age . . . . . . . : 669.8 days (2012-06-18 14:22:21)
    Entropy . . . . . : 6.4
    SHA-256 . . . . . : CDF6791EEB0EE9FBC9BBA1E96694B708EC51F0B10B68941E96D62AB217F84D4C
    Product . . . . . : DealPlyTune.dll
    Publisher . . . . : DealPly Technologies Ltd.
    Description . . . : http://www.dealply.com/
    Version . . . . . : 1.0.0.1
    Copyright . . . . : Copyright (C) 2011 DealPly Technologies Ltd.
    RSA Key Size . . . : 2048
    Authenticode . . . : Valid
    Fuzzy . . . . . . : -15.0

     

    As you see several programs caused the problems

     

     

    Ukko
  • UkkoUkko Posts: 2,960

    Thanks for updates.

     

    How you can see... a lot of troubles was about adware/riskware/toolbars, which marked as "not-a-virus";

    And F-Secure practically doesn't detect that files; because marked like as "clean/legimate programs" (a little be sad about it);

     

    But detected any certainly malicious adware/riskware/toolbars/not safe (for user's data) and etc.

     

    Bad there just next points:

     

     - some of toolbars/riskware/adware (legimate) can be worst for users, than malware.

     

    If user want to install it - all OK. Program will be do, which user want.

    But some kind of "marketing" for that programs as "payload" - and user just not "unchecked" any in installer for another program... and already have a lot of any toolbars in system or other kind of protectors/guards (which so related with any search/media big companies);

     

     

    DeltaSearch, OpenCandy and AskToolbar - some kind of already "known" mainstream in that situations... and it's a little be sad... that F-Secure doesn't prevent that yet (because current programs did a really trash things with system/registry).

     

    If you can to remember... which installers was with that "payload" (potential) - you can transfer that sample for F-Secure SAS (service for analysis samples) and ask about "are that normal or not";

    Just because current samples... most related with any not good things with system (include any broken default settings);

     

    -----------

    But.... very important - that possibly current "samples" indeed was like "payload" in any installer for another program (uncheck any settings during installation - and all good with system); Or installed by any "service-provider";

    This is some kind of "normal" and close to "legimate" process for most companies (but some of them - detected that items as "not-a-virus" or include current items to PuPs/Riskware category);

     

    And it's totally different with situations, when:

     

     - valid certs by any that of companies (because it's all with any SaaS-relationships) compromissed;

    like some of "Xunlei Downloader" was so famous about "malicious-actions";

     - payload in installer - indeed malicious totally;

     

    That kind of "malware" F-Secure detected practically always. Also it's related with any "unknown" companies (which same with ask.com, but "unknown" so good).

     

    Anyway - you can able to transfer any "samples" for F-Secure.... because:

     - what if.. current situation... "variant of compromissed" and malicious items (not likely);

     - what if - F-Secure must to detect that... and it's missing in somewhat reasons.

    ----

    Like example.. about first item on your log-list:

    667985d140ff2e4ab20fdf12f1f5195693e0ab32318827d446ca182cc311f1ee - can to check on virustotal.com

    Here practically visible.. that detected by some of companies (and most of them with category "toolbar"/"not-a-virus"/"generic-behavior-heur");

     

    Except HitmanPro (just because it's close to "trial-program" or which need to buy);

    I still also can to recommend Online Scanner by NOD32 - it's practically detected most related "PuPs/Adware" and it's good "help" too.


    All other means - F-Secure better or with "one-line" about other companies (it's mean - can not be "greates level up" if you use any other scanners for detection malicious items in malicious means);

  • BlackcatBlackcat Posts: 511

    @joopkass 

     

    As suspected your errors are threats. But as Ukko states most of these are PUPS/unwanted Toolbars/BHOs, which nearly all AVs including F-Secure are not too hot in detecting.

     

    Although you now appear threat free I would carry out additional scans to make sure you have in fact detected all the threats.

     

    1. Download AdwCleaner onto your desktop; http://www.bleepingcomputer.com/download/adwcleaner/  When the scan has finished, look through the scan results and uncheck any entries that you do not wish to remove. When you are satisfied with the selection, simply click on theClean button, which will cause AdwCleaner to reboot your computer and remove the files and registry entries associated with the various adware that you are removing.  On reboot, AdwCleaner will display a log showing the files, folders, and registry entries that were removed.

     

    2. Download Junkware Removal Tool to your desktop and carry out a scan; http://www.bleepingcomputer.com/download/junkware-removal-tool/

     

    3. Carry out another scan with Malwarebytes Anti-Malware; but if it detects any PUPS make sure that these are either checked for removal (MBAM v.1.75) or set for "Treat detections as malware" (MBAM v. 2). (Did you not try and remove these threats with MBAM first time round?).

     

    In the future I would consider backing up F-Secure with MBAM/HitMan Pro and making sure you carry out regular Image backups of your system. 

This discussion has been closed.