I had the Conficker virus and now I can't get Windows Update to work

I had the Conficker Virus/Worm infecting my system, but have now got rid of it (I think).

I noticed yesterday that Windows Update had simply stopped working, it has a red X symbol and says that "windows update cannot currently check for updates because the service is not running". I then suspected there might be a virus and tried to download AVG anti-virus, however the virus stopped me from accessing any website or program to do with virus protection (including all Microsoft sites). Eventually I used a separate, uninfected laptop to download AVG and some other anti-virus/malware programs, and ran them in Safe Mode. I then ran Windows malicious software removal tool. That seems to have gotten rid of the virus (which was identified as Conficker), I can now go to any website so it seems the virus is gone or deactivated.

However I still cannot access Windows Update. My guess is the virus disabled some component of it, but how do I now get it working again? Is there some way to manually reactivate it? Or is there something I can download to fix it?

 

 

Question Info


Last updated March 25, 2018 Views 3,235 Applies to:
Answer

Hi,

Conficker often comes with other malware so once you think you are rid of it the real issues start so run through
these to be 100% certain all is clear and the do the Repair.

For any that think they might have Conficker :

Can you get to Microsoft.com, McAffee.com, Symatec.com? Thinking you could have a conficker.

Check with this site
http://www.confickerworkinggroup.org/infection_test/cfeyechart.html

Virus alert about the Win32/Conficker worm
http://support.microsoft.com/kb/962007

Protect yourself from Conficker
http://www.microsoft.com/security/worms/conficker.aspx

How to remove the Downadup and Conficker worm (Uninstall Instructions)
http://www.bleepingcomputer.com/virus-removal/remove-downadup-conficker

How to Remove Conficker Worm Manually
http://www.411-spyware.com/conficker-worm-removal#how-to-remove

BDTool to remove
http://www.bdtools.net/


-----------------------------------------------

Run the Microsoft Malicious Removal Tool, Scan with Malwarebytes and run Prevx to be sure it is gone. (If needed 
use UnHackMe below.) 

Start - type in Search box -> MRT  find at top of list - Right Click on it - RUN AS ADMIN.

You should be getting this tool and its updates via Windows Updated - if needed you can download it here.

Download - SAVE - go to where you out it - Right Click on it - RUN AS ADMIN
(Then run MRT as above.)

Microsoft Malicious Removal Tool
http://www.microsoft.com/downloads/details.aspx?FamilyID=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

--------------
Run these :

Malwarebytes - an on-demand scanner - update on Updates tab and run when ever you suspect malware.
http://www.malwarebytes.org/

also install Prevx to be sure it is all gone.

Prevx - Home - Free - small, fast, exceptional CLOUD protection, works with other security programs. This is
a scanner only, VERY EFFECTIVE, if it finds something come back here or use Google to see how to remove. 
http://www.prevx.com/

PCmag - Prevx - Editor's Choice
http://www.pcmag.com/article2/0,2817,2346862,00.asp

--------------------------------------------

Here are some online free scanners to help if needed (skip if not) :

http://www.eset.com/onlinescan/


http://www.kaspersky.com/virusscanner

Other Free online scans
http://www.google.com/search?hl=en&source=hp&q=antivirus+free+online+scan&aq=f&oq=&aqi=g1

--------------------------------------------

Also do these to cleanup general corruption and repair/replace damaged/missing system files.

Run DiskCleanup - Start - All Programs - Accessories - System Tools - Disk Cleanup

Start - type this in Search Box ->  COMMAND   find at top and RIGHT CLICK  -  RUN AS ADMIN

Enter this at the prompt - sfc /scannow

How to analyze the log file entries that the Microsoft Windows Resource Checker (SFC.exe) program
generates in Windows Vista cbs.log
http://support.microsoft.com/kb/928228


Run checkdisk - schedule it to run at next start and then Apply OK your way out then restart.

How to Run Check Disk at Startup in Vista
http://www.vistax64.com/tutorials/67612-check-disk-chkdsk.html

-------------------------------------------------

Run Malwarebytes when you can.

IE - Tools - Internet Options - Advanced Tab - click Restore then click Reset - Apply / OK

IE - Tools - Internet Options - Security - Reset all Zones to default level - Apply / OK

Close IE

IE - Tools - Manage Addons (for sure disable SSV2 if it is there, this is no longer needed but Java still installs it
and it causes issues - you ever update Java go back in and disable it again.) Look for other possible problems.

Windows Defender - Tools - Software Explorer - look for issues with programs that do not look right. Permitted
are usually OK and "not permitted" are not always bad. If in doubt about a program ask about it here.

Could be a BHO - BHOremover - Free - standalone program, needs no install, download and run - not all
are bad however some can cause your issue. (Toolbars are BHO's)
http://securityxploded.com/bhoremover.php

Startup Programs
http://www.vistax64.com/tutorials/79612-startup-programs-enable-disable.html


Be sure to do this :

Logon as Admin

Start - type in Search box ->   COMMAND   - find on list above - RIGHT CLICK - RUN AS ADMIN

Enter each of these one at a time and hit enter after each

ipconfig /flushdns

nbtstat -R

nbtstat -RR

netsh int reset all

netsh int ip reset

netsh winsock reset

Reboot
------------------------------------------------------

Here are some for rootkits if they were an issue :

SpyDLL Remover - Free
http://securityxploded.com/spydllremover.php

Advanced Windows Service Manager
http://securityxploded.com/winservicemanager.php

Run Rootkit Revealer - Free
http://technet.microsoft.com/en-us/sysinternals/bb897445.aspx

UnHackme - trial 5.5 or later
http://www.greatis.com/unhackme/

This tells you how to use UnHackme and has a link to version 2.5 - use it as a guideline with
the current version available as above is 5.5 or later
http://safecomputing.umn.edu/guides/scan_unhackme.html

IceSword - Free
http://www.antirootkit.com/software/IceSword.htm
Instructions and Pictorial
http://securityxploded.com/icesword.php
Tutorial for using IceSword
http://translate.google.com/translate?hl=en&sl=zh-CN&u=http://soft.zol.com.cn/2004/0803/145163.shtml&prev=/search%3Fq%3Dicesword%26hl%3Den%26lr%3D

Revo Uninstaller - Free
http://www.revouninstaller.com/

Hope this helps.


Rob - Bicycle - Mark Twain said it right.
Rob Brown - Microsoft MVP - Windows and Devices for IT 2010 - current
Windows Insider MVP 2016 - current

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.