Author Topic: Missing wuauserv and BITS services - deleted by malware  (Read 14493 times)

0 Members and 1 Guest are viewing this topic.

Offline CB00099

  • Newbie
  • *
  • Join Date: Jan 2013
  • Posts: 2
  • Karma: 0
    • View Profile
Missing wuauserv and BITS services - deleted by malware
« on: January 02, 2013, 10:40:13 am »
Hi all, and Shane in particular,

Before posting I scanned the forum looking for a solution and didn't find one.

Appears I had been infected with Zero Access Malware which deleted my wuauserv and BITS services, so although I've found some online solutions about 'turning them back on', for me they're aren't there to do that.

In the forum, I found your Windows Update Repair Tool which I tried....unfortunately it didn't work.  Also had previously tried the Windows Fixit tool for same issue.  My impression is that both try to turn both services on, as opposed to check to ensure the registry lines actually exist and rewrite them if missing.

In any case, I'm stumped at the moment as to how to fix but Paws21 at PCSupport Forum pointed me in your direction and your All-in-One Tool.  Hoping you can clarify if it will add back missing registry keys....and if not, what you would recommend as it's obvious you know exponentially more than I do on this subject.

Oh....Win7 Pro, 64-bit.

Thanks so much....


Sincerely, Matthew.

P.S.  Just doing some more digging and it appears Base Filtering Agent and Windows Firewall Services also deleted.
« Last Edit: January 02, 2013, 11:07:37 am by CB00099 »

Offline Shane

  • Administrator
  • Hero Member
  • *****
  • Join Date: Sep 2011
  • Posts: 9281
  • Location: USA
  • Karma: 137
  • "Knowledge should be shared not hidden."
    • View Profile
Re: Missing wuauserv and BITS services - deleted by malware
« Reply #1 on: January 02, 2013, 01:50:19 pm »
My repair tool will put those reg keys back. If they are still deleted then you may still be infected.

Also when you run my repair tool run all the repairs. Especially the reg permissions repair. If the virus changed the permissions then the restoring the reg keys would fail. :wink:

Did you run tdsskiller.exe and malwarebytes anti rootkit as well?
http://www.malwarebytes.org/products/mbar/

Shane

Offline CB00099

  • Newbie
  • *
  • Join Date: Jan 2013
  • Posts: 2
  • Karma: 0
    • View Profile
Re: Missing wuauserv and BITS services - deleted by malware
« Reply #2 on: January 02, 2013, 09:06:47 pm »
My repair tool will put those reg keys back. If they are still deleted then you may still be infected.

Also when you run my repair tool run all the repairs. Especially the reg permissions repair. If the virus changed the permissions then the restoring the reg keys would fail. :wink:

Did you run tdsskiller.exe and malwarebytes anti rootkit as well?
http://www.malwarebytes.org/products/mbar/

Shane

You sir are a saint....I'm just having to update my PayPal because I use it so infrequently but expect a donation to come through in the next couple of days.

Ran the MalwareBytes Rootkit Beta tool you suggested and if found at least remnants of SireDef.C and 0Access Trojans.

Actually ran it three times to be sure and glad I did as 2nd time it did find something it had missed on first pass...also ran TDSSKiller afterwards and it found nothing.

Then ran your All-in-One tool and it was golden....suddenly all missing services were back and functioning....just finished installing 56 updates (because dates of updates, it looks like Windows Update got knocked out sometime in December....and based on some reading possibly because of a infection that came through old version of Flash Player).

Follow-up Question for you if you don't mind me asking....

What do you recommend for security on your PC's?  Anti-virus?  Firewall?  Browser?


Thanks so much, Matthew.

Offline Shane

  • Administrator
  • Hero Member
  • *****
  • Join Date: Sep 2011
  • Posts: 9281
  • Location: USA
  • Karma: 137
  • "Knowledge should be shared not hidden."
    • View Profile
Re: Missing wuauserv and BITS services - deleted by malware
« Reply #3 on: January 03, 2013, 04:59:45 pm »
I use avast  on my system (The free version)

The trick is to keep java and flash up to date. A lot of viruses come in from infected ads because of holes in java and flash. Always keep them up to date as they keep plugging the holes.

Firewall, I just use Windows because a router is a hardware based firewall. As long as your behind a router outside connections cant get to you unless you open the system up through opening ports. If you must have a firewall software comodo is a good one.

Shane