xwing
2009-05-11, 02:02
When trying to update my computer (Windows XP, SP2) with Windows Update, I receive the "[Error number: 0x80070002] The website has encountered a problem and cannot display the page you are trying to view. The options provided below might help you solve the problem. " error.
I believe this was a result of a virus I contracted last weekend. The virus brought many hitchhikers with it (Win32/Blarul, Win32/Koebface.gen!D, Win32/NewDotNet, W32.IRCBot, Trojan.Win32.Agent2.iwh, Backdoor.Win32.Agen.tzl, and more...) I believe I was finally able to remove the virus from my computer using several scanners, including Windows Live OneCare, Symantec 9 (which I already had on my computer when it was infected), AdAware, Malwarebytes Anti-Malware, Windows Malicious Software Removal Tool, SuperAntiSpyware, and several other one-off fixes. Now with several scans (both in "safe" mode and in Normal mode), I cannot find any trace of a virus. However, significant damage to my registry (and possibly files) remains.
I have already fixed several registry problems by comparing with a "known good" computer that had the same OS and hotfixes. I found that I could not open regedit (w/o renaming it) or many other programs b/c one of the viruses had added the "Debugger = ntsd -d" key to a large number of .exe files. I also found several virus-related entries in my "Run" section of the registry and removed them.
Right now, the only problem I still have is that I cannot run WindowsUpdate. When I try to start Automatic Updates service manually, I receive “Error 2: The system cannot find the file specified.” My associated system log entries are ” DCOM got error "The system cannot find the file specified. " attempting to start the service wuauserv with arguments "" in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}” and “The Automatic Updates service failed to start due to the following error:
The system cannot find the file specified.”
I have searched several forums and microsoft support, and tried all the fixes that were previously suggested.
1. Confirmed that my hardware profile is enabled (http://support.microsoft.com/kb/241584)
2. Ran Symantec's "FixVundo.exe"
3. Ran "WUFix.bat"
4. Checked "Group Policy" to confirm that Automatic Updates are not disable or restricted via policy. (http://support.microsoft.com/kb/896224)
5. Renamed all associated files in system32 (http://support.microsoft.com/kb/931852)
6. Deleted software distribution directory (http://support.microsoft.com/kb/919749 and http://support.microsoft.com/kb/956698)
7. Set auto configuration (http://support.microsoft.com/kb/958043)
8. IE Browser changes (http://support.microsoft.com/kb/900936)
9. Re-register dll files (http://support.microsoft.com/kb/910359)
10. Clear BITS queue (http://support.microsoft.com/kb/958047)
11. Rename and re-register files (http://support.microsoft.com/kb/910359) [DLLRegisterServer in wuaueng.dll failed. Return code was: 0x80070005] all others succeeded.
12: Parameters and DNS (http://support.microsoft.com/kb/920151)
13. Symantec Symantec UnHookExec.inf
I would really appreciate any help in determining if I still have a virus, and determining what is causing my problem. I have run Hijackthis, and can post the log upon demand.
I believe this was a result of a virus I contracted last weekend. The virus brought many hitchhikers with it (Win32/Blarul, Win32/Koebface.gen!D, Win32/NewDotNet, W32.IRCBot, Trojan.Win32.Agent2.iwh, Backdoor.Win32.Agen.tzl, and more...) I believe I was finally able to remove the virus from my computer using several scanners, including Windows Live OneCare, Symantec 9 (which I already had on my computer when it was infected), AdAware, Malwarebytes Anti-Malware, Windows Malicious Software Removal Tool, SuperAntiSpyware, and several other one-off fixes. Now with several scans (both in "safe" mode and in Normal mode), I cannot find any trace of a virus. However, significant damage to my registry (and possibly files) remains.
I have already fixed several registry problems by comparing with a "known good" computer that had the same OS and hotfixes. I found that I could not open regedit (w/o renaming it) or many other programs b/c one of the viruses had added the "Debugger = ntsd -d" key to a large number of .exe files. I also found several virus-related entries in my "Run" section of the registry and removed them.
Right now, the only problem I still have is that I cannot run WindowsUpdate. When I try to start Automatic Updates service manually, I receive “Error 2: The system cannot find the file specified.” My associated system log entries are ” DCOM got error "The system cannot find the file specified. " attempting to start the service wuauserv with arguments "" in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}” and “The Automatic Updates service failed to start due to the following error:
The system cannot find the file specified.”
I have searched several forums and microsoft support, and tried all the fixes that were previously suggested.
1. Confirmed that my hardware profile is enabled (http://support.microsoft.com/kb/241584)
2. Ran Symantec's "FixVundo.exe"
3. Ran "WUFix.bat"
4. Checked "Group Policy" to confirm that Automatic Updates are not disable or restricted via policy. (http://support.microsoft.com/kb/896224)
5. Renamed all associated files in system32 (http://support.microsoft.com/kb/931852)
6. Deleted software distribution directory (http://support.microsoft.com/kb/919749 and http://support.microsoft.com/kb/956698)
7. Set auto configuration (http://support.microsoft.com/kb/958043)
8. IE Browser changes (http://support.microsoft.com/kb/900936)
9. Re-register dll files (http://support.microsoft.com/kb/910359)
10. Clear BITS queue (http://support.microsoft.com/kb/958047)
11. Rename and re-register files (http://support.microsoft.com/kb/910359) [DLLRegisterServer in wuaueng.dll failed. Return code was: 0x80070005] all others succeeded.
12: Parameters and DNS (http://support.microsoft.com/kb/920151)
13. Symantec Symantec UnHookExec.inf
I would really appreciate any help in determining if I still have a virus, and determining what is causing my problem. I have run Hijackthis, and can post the log upon demand.