Update failures

Joined
Jul 10, 2003
Messages
9,461
Location
Not Seattle, but close.
Since Tuesday or so, nothing on my laptop will update--AVG Free 8.5, Malaware, or Windows automatic updates. The error message is always along the lines of "Update failed, couldn't connect to server". I haven't made any changes to anything, I was able today to successfully get a partial Windows update by running it with the Windows firewall disabled. AVG and Malaware still won't. I ran the Windows scanner and it found a Trojan:win32/seekwel.A virus and claims to have deleted it, as well as fixing some registry errors, but when I ran it it again today, it found the trojan again. I don't know that this is the problem, I'm able to open any website I want, just as always, though a bit slower than usual. My browser is Firefox, and the OS is XP. Any help?
 
Joined
Aug 21, 2008
Messages
25,050
Location
ON, Canada eh?
I has this same Trojan. It's a pain in the arse to get rid of. On the second computer I had to reinstall windows because it really messed things up.
 
Joined
Dec 30, 2006
Messages
25,412
Location
Dallas,Tx USA
Boot your computer in safe mode then manually delete the virus. Then reboot in normal mode and it should be gone. The virus is likely feeding and regenerating off of your operating system which goes dormant in safe mode.
 
Last edited:
Joined
Apr 22, 2009
Messages
11
Location
Maryland, USA
What most trojans do now is point update servers to their own servers. So when you run updates for windows, (most) anti-virus programs and anti-spyware programs, it just downloads their little programs, or just points to a different space out there where the files don't exist. Spybot is generally pretty good, but you might want to check your hosts file: c:\%systemroot%\system32\drivers\etc\hosts Unless you used another program to edit this file, it should be pretty empty. Spybot Immunization tool adds quite a few entries to this file though. You might want to run HiJackThis! and see if anything altered the DNS entries too.
 

MarkC

Thread starter
Joined
Jul 10, 2003
Messages
9,461
Location
Not Seattle, but close.
 Originally Posted By: aquariuscsm
Boot your computer in safe mode then manually delete the virus. Then reboot in normal mode and it should be gone. The virus is likely feeding and regenerating off of your operating system which goes dormant in safe mode.
Since I admit to be a computer [censored], how do I manually delete the virus in safe mode? For that matter, I don't remember how to get it into safe mode.
 

OVERKILL

$100 Site Donor 2021
Joined
Apr 28, 2008
Messages
47,088
Location
Ontario, Canada
 Originally Posted By: MarkC
 Originally Posted By: aquariuscsm
Boot your computer in safe mode then manually delete the virus. Then reboot in normal mode and it should be gone. The virus is likely feeding and regenerating off of your operating system which goes dormant in safe mode.
Since I admit to be a computer [censored], how do I manually delete the virus in safe mode? For that matter, I don't remember how to get it into safe mode.
Reboot and when the POST screen comes up, start hitting F8. NOTE: Depending on the motherboard (this is common with many ASUS boards) the F8 key may also trigger a boot device selection screen, in which case, choose your hard drive from the list and as soon as you hit enter, start hitting F8 again. This should bring up the Windows boot mode selection menu, from which you can choose safe mode. You would be wise to disable System Restore as well, as this is a common method of reinfection.
 

OVERKILL

$100 Site Donor 2021
Joined
Apr 28, 2008
Messages
47,088
Location
Ontario, Canada
Your antivirus software should have told you where it was. Alternatively, running something like Malwarebytes, SAS or Spybot in safe mode tends to be more effective. Don't forget to disable system restore.
 
Joined
Dec 30, 2006
Messages
25,412
Location
Dallas,Tx USA
 Originally Posted By: MarkC
Thanks. After that, how do I find and delete the trojan?
If you know the name of the trojan (run a systen scan and wrire down the names of the viruses it finds),once you boot your computer in safe mode,type the name of the virus in "search" (hit the start key,then you`ll see the search function). The search results will tell you where the virus is,for example.....it will say,my computer/c/ducuments and settings/"trojan".........which that means the trojan is in the documents and settings folder Once you locate the viruses just open up the folder it`s in,right click on the name of the trojan/virus,and click "delete" Hopefully that will kill the virus. Since you`re in safe mode,it can`t feed off your operating system to regenerate,which is dormant during same mode,and it will be gone once you reboot in normal mode.
 

MarkC

Thread starter
Joined
Jul 10, 2003
Messages
9,461
Location
Not Seattle, but close.
So... when I reboot and hit F8, I get a black screen with a list of options. I choose either Safe Mode or Safe Mode with Command Prompts, and the result is the same: a black screen with the words Safe Mode at each lower corner. I can see and move the cursor, but nothing else, just sits there.
 

MarkC

Thread starter
Joined
Jul 10, 2003
Messages
9,461
Location
Not Seattle, but close.
Okay, so I got it into safe mode, disabled System Restore, found the folder where the trojan was (c:\windows\oge.bnw) and deleted it, but it kept popping back up after a few seconds. I double-checked and System restore was still disabled. So, I had downloaded the 30-day trial of A-squared and ran the scan in Safe mode. It found the trojan and blocked it, rather than deleting. Subsequent scans in both Safe and Normal modes find nothing but the symptoms remain. No AVG, Malaware, or Windows updates will work, all say something about not being able to, or forbidden to access the server. Any next steps?
 

MarkC

Thread starter
Joined
Jul 10, 2003
Messages
9,461
Location
Not Seattle, but close.
I could if I downloaded it. Will it do anything that Malaware, AVG, and A-squared don't? According to A-squared, everything's clean. I think I have too many AS/AV programs now. The computer is verrrrry slow now.
 

MarkC

Thread starter
Joined
Jul 10, 2003
Messages
9,461
Location
Not Seattle, but close.
Well, I did uninstall AVG and Malaware, and turned off A-squared, to try Vipre. Computer is "fast" again(relatively speaking), but the [censored] thing erased my bookmarks, and won't enable it's active protection. Fun times.
 
Top