Windows Update proxy issue when no proxy set

[emsbronco]

I have a windows XP system on the bench that is driving me nuts. Well, it's the 2nd crazy system of the day and the customer is driving me nuts callign every 2 hours for an update.
It originally came in with a description of nothing is updating and its running really slow. I got rid of the 2 expired AVs, ComboFix deleted some FunWebProducts, nothing else, HitManPro came back clean, SuperAntiSpyware showed only cookies. The system originally had SP2 and IE7, Updated to SP3 and IE8 without issue. Doing google and yahoo searches show no redirects.

Windows Update is failing and redirecting to a MS KB item that states I need to upgrade to SP3. Well, the computer is already on SP3. I re-registered the Windows Updates and BITS components. TDSSKiller shows clean. Installed Microsoft Security Essentials - clean. Ran SFC, which replaced a few files, then reapplied SP3. No change.

I checked the WU logs and found that WU is trying to conenct to a proxy server starting with 168.x.x.x. So, I verified that IE has no proxy server set, Reset IE, Reset Winsock, reset the Windows Firewall, reset TCP/IP. checked Proxycfg, it showed no proxy set, but I ran Proxycfg -d anyway to reset defaults. I verified that there are no policies set on the system. I also recreated the MBR, just in case it is a new rootkit. I got everything else working except Windows Updates. And, the logs are still showing that it is trying to connect to a proxy server.

So, is there anywhere else that Windows Update may be getting this proxy setting? Or does anybody have any other ideas on how to fix this?

 

[Knightsman]

The first thing I would try is to check your run entries in the registry

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyOverride" = ""

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = "http=127.0.0.1:5555"

If you find these, delete the entries.

I would also uninstall SP3, and Reinstall SP2, then update to SP3. Helps a lot with the little things that cause annoying issues.

 

[emsbronco]

I forgot to mention that I checked those registry entries. Proxy Server is missing and ProxyOverride is blank. ProxyEnable is also set to 0 (zero).

I will try the uninstall of SP 3, reapply sp2 and sp3 tomorrow when I get back into the shop.
Thanks!

 

[numnutz]

take a look at this post

http://www.technibble.com/forums/showthread.php?t=29632

 

[emsbronco]

Thanks! I didn't come across that one in a search....probably because I was keyed into the proxy server coming up in the WU logs and used proxy in my search criteria.

I'll let you all know if any of these ideas work.

 

[emsbronco]

Just to update..the Force reinstall of the Windows Update Agent fixed the issue. I'm still curious why the logs showed connecting to a non-existing proxy, but I'll dig into that later when I have some free time.

Thanks everybody.

 

[FoolishTech]

Just to update..the Force reinstall of the Windows Update Agent fixed the issue. I'm still curious why the logs showed connecting to a non-existing proxy, but I'll dig into that later when I have some free time.

Thanks everybody.

I wonder if it had something to do with a group policy set in the registry. Next time check out this key:

HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU

In fact, you could actually just delete the entire WindowsUpdate key.

 

[emsbronco]

I actually tried D7 and used the repair permissions and remove policies, so I believe that path should have been deleted. Next time I come across something like this, I will double check in case of a permissions issue.

 

[FoolishTech]

I actually tried D7 and used the repair permissions and remove policies, so I believe that path should have been deleted. Next time I come across something like this, I will double check in case of a permissions issue.

Oh, lol yeah that should have been deleted all right.