Windows Update problems...

[prototype_ix]

I have a client's XP Pro SP2 computer and it was completely loaded down with viruses. I got rid of them all with Malwarebytes and Combofix.

Every time I go to Windows Update it downloads the WGA, then fails to install. Normally you can fix this by stopping the Automatic Updates service, using regserv32 to register the .dlls, restart the service and move on with life. But not with this machine.

I tried Dial-A-Fix first, then tried registering the .dlls manually. I've downloaded the WGA standalone, it installs fine, but I'm still prompted to download it via the Windows Update site. The HOSTS file is clean. I've done a DNS flush.

Another odd thing is that when the update fails, it doesn't show up in the update history.

The only things I haven't tried are: renaming the old update folders, go digging around in the registry, or installing SP3. I doubt installing SP3 will take care of this problem.

Any ideas? Thanks, guys.

 

[Martyn]

I picked this up from somewhere and kept a note of it. I haven't tried it but you're welcome to it. Let us know if it works.

Verify Windows Update Service Settings
*Start>Run>services.msc
*Find the Automatic Updates service and double-click on it.
*Click on the Log On Tab and make sure the "Local System Account" is selected as the logon account and the box for "allow service to interact with desktop" is UNCHECKED.
*Under the Hardware Profile section in the Log On Tab, make sure the service is enabled.
*On the General Tab, the Startup Type should be Automatic, if not, drop the box down and select Automatic.
*Under "Service Status" on the General tab, the service should be Started, click the Start button enable it.
*Repeat the steps above for the service "Background Intelligent Transfer Service (BITS)"
Re-Register Windows Update DLLs
*Click on Start, Run, and type CMD and click ok
*In the black command window type REGSVR32 WUAPI.DLL and press Enter
*Wait until you receive the "DllRegisterServer in WUAPI.DLL succeeded" message and click OK
*Repeat the last two steps above for each of the following commands (I know you already did but please repeat again after above)
REGSVR32 WUAUENG.DLL
REGSVR32 WUAUENG1.DLL
REGSVR32 ATL.DLL
REGSVR32 WUCLTUI.DLL
REGSVR32 WUPS.DLL
REGSVR32 WUPS2.DLL
REGSVR32 WUWEB.DLL
*Some dlls may not exist in Vista so ignore error messages
Remove Corrupted Windows Update Files
*Start>Run>cmd>net stop WuAuServ (If doesnt stop or doesnt recognize, stop Windows Update Services in services.msc)
*Still at the command prompt,type cd %windir% and press Enter
*In the opened folder,type the following command and press Enter to rename the SoftwareDistribution Folder
ren SoftwareDistribution SD_OLD
*Restart the Windows Update Service by typing the following at the command prompt
net start WuAuServ
*Type Exit and Press Enter to close the command prompt
*Start>Run>regedit
*Navigate HKLM/ Components , right-click this key and click export and take a backup of this key (you will be able to revert back to previous config by double-clicking this exported registry, in case of failure)
*Delete the keys PendingXmIdentifier and AdvancedInstallersNeedResolving,
*Apply the Resolution step of this article http://support.microsoft.com/kb/931712
*Make sure your user is in Administrators group!
*Temporarily disable any antivirus or firewall!
*Disable UAC (Control Panel -> User Accounts)
*Restart your computer
*Download Windows update agent (Save it dont run it) even if its already there on your computer
x86:
http://download.windowsupdate.com/v7...gent30-x86.exe


x64:
http://download.windowsupdate.com/v7...gent30-x64.exe

*Then go the folder you saved it, Right click and Run it as administrator.
*After the install is complete, restart your computer.
*You can now turn back UAC if you want and then restart your computer again

 

[MobileTechie]

Does it load ANY updates?

Have you tried the system update readiness tool?

 

[waynebob]

To continue receiving security updates SP3 is required, maybe this is part of the problem.

 

[prototype_ix]

Attempting Martyn's solution right now. The BITS and Automatic Updates services were configured correctly. I registered the .dlls again. Started a few more services, as there were a lot disabled. SoftwareDistribution was set to read-only. Fixed that. Running SFC right now.

*crosses fingers*

 

[prototype_ix]

So I followed, Martyn's suggestions to the T, minus the system restore for fear of restoring the rootkit. It worked halfway. It seemed as though automatic updates were taking, but not the updates from the Windows Update website.

I called the client and he was just happy to be able to get online. I guess we'll never know the cause.

It's just frustrating becuase I've run into this twice and I feel like it makes me look like a bad tech.

 

[MobileTechie]

Installing SP3 might well have helped. A repair install also is a good idea if all else fails. The readiness tool I mentioned earlier solves a number of problems. What did the event logs have to say?

 

[prototype_ix]

SP3 was going to be my next course of action. I wanted to do a repair install as well, but the customer had thrown away the Dell disc. I'm going to have to check into the readiness tool. I'm getting frustrated because I'm running into this more and more.

I'd like to tell you what the event logs said, but I have a horrible short-term memory.

 

[MobileTechie]

SP3 was going to be my next course of action. I wanted to do a repair install as well, but the customer had thrown away the Dell disc. I'm going to have to check into the readiness tool. I'm getting frustrated because I'm running into this more and more.

I'd like to tell you what the event logs said, but I have a horrible short-term memory.

You need copies of Dell disks and the like. Next time a customer with a Dell shows up, ask for the disks and copy them. Or at a push you can download them from torrents etc.