I had the Conficker virus and now I can't get Windows Update to work

I had the Conficker Virus/Worm infecting my system, but have now got rid of it (I think).

I noticed yesterday that Windows Update had simply stopped working, it has a red X symbol and says that "windows update cannot currently check for updates because the service is not running". I then suspected there might be a virus and tried to download AVG anti-virus, however the virus stopped me from accessing any website or program to do with virus protection (including all Microsoft sites). Eventually I used a separate, uninfected laptop to download AVG and some other anti-virus/malware programs, and ran them in Safe Mode. I then ran Windows malicious software removal tool. That seems to have gotten rid of the virus (which was identified as Conficker), I can now go to any website so it seems the virus is gone or deactivated.

However I still cannot access Windows Update. My guess is the virus disabled some component of it, but how do I now get it working again? Is there some way to manually reactivate it? Or is there something I can download to fix it?

 

 
Question Info

Last updated March 25, 2018 Views 3,221 Applies to:
Answer

Hi,

Conficker often comes with other malware so once you think you are rid of it the real issues start so run through
these to be 100% certain all is clear and the do the Repair.

For any that think they might have Conficker :

Can you get to Microsoft.com, McAffee.com, Symatec.com? Thinking you could have a conficker.

Check with this site
http://www.confickerworkinggroup.org/infection_test/cfeyechart.html

Virus alert about the Win32/Conficker worm
http://support.microsoft.com/kb/962007

Protect yourself from Conficker
http://www.microsoft.com/security/worms/conficker.aspx

How to remove the Downadup and Conficker worm (Uninstall Instructions)
http://www.bleepingcomputer.com/virus-removal/remove-downadup-conficker

How to Remove Conficker Worm Manually
http://www.411-spyware.com/conficker-worm-removal#how-to-remove

BDTool to remove
http://www.bdtools.net/


-----------------------------------------------

Run the Microsoft Malicious Removal Tool, Scan with Malwarebytes and run Prevx to be sure it is gone. (If needed 
use UnHackMe below.) 

Start - type in Search box -> MRT  find at top of list - Right Click on it - RUN AS ADMIN.

You should be getting this tool and its updates via Windows Updated - if needed you can download it here.

Download - SAVE - go to where you out it - Right Click on it - RUN AS ADMIN
(Then run MRT as above.)

Microsoft Malicious Removal Tool
http://www.microsoft.com/downloads/details.aspx?FamilyID=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

--------------
Run these :

Malwarebytes - an on-demand scanner - update on Updates tab and run when ever you suspect malware.
http://www.malwarebytes.org/

also install Prevx to be sure it is all gone.

Prevx - Home - Free - small, fast, exceptional CLOUD protection, works with other security programs. This is
a scanner only, VERY EFFECTIVE, if it finds something come back here or use Google to see how to remove. 
http://www.prevx.com/

PCmag - Prevx - Editor's Choice
http://www.pcmag.com/article2/0,2817,2346862,00.asp

--------------------------------------------

Here are some online free scanners to help if needed (skip if not) :

http://www.eset.com/onlinescan/


http://www.kaspersky.com/virusscanner

Other Free online scans
http://www.google.com/search?hl=en&source=hp&q=antivirus+free+online+scan&aq=f&oq=&aqi=g1

--------------------------------------------

Also do these to cleanup general corruption and repair/replace damaged/missing system files.

Run DiskCleanup - Start - All Programs - Accessories - System Tools - Disk Cleanup

Start - type this in Search Box ->  COMMAND   find at top and RIGHT CLICK  -  RUN AS ADMIN

Enter this at the prompt - sfc /scannow

How to analyze the log file entries that the Microsoft Windows Resource Checker (SFC.exe) program
generates in Windows Vista cbs.log
http://support.microsoft.com/kb/928228


Run checkdisk - schedule it to run at next start and then Apply OK your way out then restart.

How to Run Check Disk at Startup in Vista
http://www.vistax64.com/tutorials/67612-check-disk-chkdsk.html

-------------------------------------------------

Run Malwarebytes when you can.

IE - Tools - Internet Options - Advanced Tab - click Restore then click Reset - Apply / OK

IE - Tools - Internet Options - Security - Reset all Zones to default level - Apply / OK

Close IE

IE - Tools - Manage Addons (for sure disable SSV2 if it is there, this is no longer needed but Java still installs it
and it causes issues - you ever update Java go back in and disable it again.) Look for other possible problems.

Windows Defender - Tools - Software Explorer - look for issues with programs that do not look right. Permitted
are usually OK and "not permitted" are not always bad. If in doubt about a program ask about it here.

Could be a BHO - BHOremover - Free - standalone program, needs no install, download and run - not all
are bad however some can cause your issue. (Toolbars are BHO's)
http://securityxploded.com/bhoremover.php

Startup Programs
http://www.vistax64.com/tutorials/79612-startup-programs-enable-disable.html


Be sure to do this :

Logon as Admin

Start - type in Search box ->   COMMAND   - find on list above - RIGHT CLICK - RUN AS ADMIN

Enter each of these one at a time and hit enter after each

ipconfig /flushdns

nbtstat -R

nbtstat -RR

netsh int reset all

netsh int ip reset

netsh winsock reset

Reboot
------------------------------------------------------

Here are some for rootkits if they were an issue :

SpyDLL Remover - Free
http://securityxploded.com/spydllremover.php

Advanced Windows Service Manager
http://securityxploded.com/winservicemanager.php

Run Rootkit Revealer - Free
http://technet.microsoft.com/en-us/sysinternals/bb897445.aspx

UnHackme - trial 5.5 or later
http://www.greatis.com/unhackme/

This tells you how to use UnHackme and has a link to version 2.5 - use it as a guideline with
the current version available as above is 5.5 or later
http://safecomputing.umn.edu/guides/scan_unhackme.html

IceSword - Free
http://www.antirootkit.com/software/IceSword.htm
Instructions and Pictorial
http://securityxploded.com/icesword.php
Tutorial for using IceSword
http://translate.google.com/translate?hl=en&sl=zh-CN&u=http://soft.zol.com.cn/2004/0803/145163.shtml&prev=/search%3Fq%3Dicesword%26hl%3Den%26lr%3D

Revo Uninstaller - Free
http://www.revouninstaller.com/

Hope this helps.


Rob - Bicycle - Mark Twain said it right.
Rob Brown - Microsoft MVP - Windows and Devices for IT 2010 - current
Windows Insider MVP 2016 - current

Did this solve your problem?

Sorry this didn't help.