Viruses Preventing my windows update

sara005 · Mar 19, 2021

I posted this message in reddit

"Greetings Redditors, I am encountering this recent error concerning the updates to my OS. I have surfed he internet and youtube and found that this error is caused when the "Windows Update" service is missing. I did follow a tutorial to register the keys again ( mind you that i backed up my keys and used it but for some reason the service i recreated didn't work, so i copy pasted a registry from an article and it worked) The updates were downloaded perfectly and i restarted my laptop to install and apply. However, nothing changed and the Windows Update service was removed !! and the error kept happening .

I repeated the process several times, whenever i restart my laptop ,the Update service is removed. When all the updates were downloaded it couldn't install it on the laptop or require a restart and said there is an error installing the updates please try again later ( and the Windows Update was available)."

Someone commented that i need to run " MalewareBytes" and check for viruses or malwares, and the test gave me over 47 threats and the software quarantined them. Nothing appear to be solved, Windows still cannot install the updates. I gave the person who suggested "MalewareBytes" the results and they said it was expected, those viruses are removing the update service , and they suggested to check this form cause removing malwares isn't their specialty. How do I removed those ?

Here is the link for the results 9.4 KB file on MEGA

or here they are

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 3/17/21
Scan Time: 10:32 AM
Log File: 5a98f660-86fb-11eb-b098-c8d3ffdd1739.json

-Software Information-
Version: 4.3.0.98
Components Version: 1.0.1217
Update Package Version: 1.0.38283
License: Trial

-System Information-
OS: Windows 10 (Build 18363.1440)
CPU: x64
File System: NTFS
User: DESKTOP-TFT8G01\user

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 344434
Threats Detected: 43
Threats Quarantined: 0
Time Elapsed: 25 min, 21 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 5
Trojan.Ranumbot, C:\WINDOWS\WINDEFENDER.EXE, No Action By User, 7746, 854955, , , , , 6512AE7C9F36206F6433F78296102419, 6B9468EFEE35A8454A7FB395F43E5BDD14DF918437661846D7D6EC199BA08883
Generic.Trojan.Malicious.DDS, C:\USERS\USER\APPDATA\LOCAL\TEMP\CSRSS\MG20201223-1.EXE, No Action By User, 1000002, 0, , , , , 0A13D106FA3997A0C911EDD5AA0E147A, 5E46ECFFCFF9440E97BF4F0A85AD34132407F925B27A8759F5A01DE5EA4DA6AF
Trojan.ServStart, C:\USERS\USER\APPDATA\LOCAL\TEMP\CSRSS\M672.EXE, No Action By User, 5779, 916787, , , , , 1496F269A788B609062ADBD300F2D18C, 9D41D85B30958480BE3F7EEFF32D2CF4EBE2F1C5790DEDFD8CBAC0A3C8B58F03
Malware.AI.2876304519, C:\USERS\USER\APPDATA\LOCAL\TEMP\CSRSS\WW31.EXE, No Action By User, 1000000, 0, , , , , 9A4B7B0849A274F6F7AC13C7577DAAD8, C1D5A585FCE188423D31DF3EA806272F3DAA5EB989E18E9ECF3D94B97B965F8E
Generic.Trojan.Malicious.DDS, C:\USERS\USER\APPDATA\LOCAL\TEMP\CSRSS\ML20201223.EXE, No Action By User, 1000002, 0, , , , , D54ADE674CB0C3E6D322ED7380E8ADF6, 5191548B8EDF4B98E623F055F5205E2DB17AA220C28928B1DA1C3A9BA1A75EE0

Module: 5
Trojan.Ranumbot, C:\WINDOWS\WINDEFENDER.EXE, No Action By User, 7746, 854955, , , , , 6512AE7C9F36206F6433F78296102419, 6B9468EFEE35A8454A7FB395F43E5BDD14DF918437661846D7D6EC199BA08883
Generic.Trojan.Malicious.DDS, C:\USERS\USER\APPDATA\LOCAL\TEMP\CSRSS\MG20201223-1.EXE, No Action By User, 1000002, 0, , , , , 0A13D106FA3997A0C911EDD5AA0E147A, 5E46ECFFCFF9440E97BF4F0A85AD34132407F925B27A8759F5A01DE5EA4DA6AF
Trojan.ServStart, C:\USERS\USER\APPDATA\LOCAL\TEMP\CSRSS\M672.EXE, No Action By User, 5779, 916787, , , , , 1496F269A788B609062ADBD300F2D18C, 9D41D85B30958480BE3F7EEFF32D2CF4EBE2F1C5790DEDFD8CBAC0A3C8B58F03
Malware.AI.2876304519, C:\USERS\USER\APPDATA\LOCAL\TEMP\CSRSS\WW31.EXE, No Action By User, 1000000, 0, , , , , 9A4B7B0849A274F6F7AC13C7577DAAD8, C1D5A585FCE188423D31DF3EA806272F3DAA5EB989E18E9ECF3D94B97B965F8E
Generic.Trojan.Malicious.DDS, C:\USERS\USER\APPDATA\LOCAL\TEMP\CSRSS\ML20201223.EXE, No Action By User, 1000002, 0, , , , , D54ADE674CB0C3E6D322ED7380E8ADF6, 5191548B8EDF4B98E623F055F5205E2DB17AA220C28928B1DA1C3A9BA1A75EE0

Registry Key: 13
PUP.Optional.Restoro, HKU\S-1-5-21-493582733-3832768312-483052813-1001\SOFTWARE\Restoro, No Action By User, 819, 551610, 1.0.38283, , ame, , ,
Trojan.Ranumbot, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WinDefender, No Action By User, 7746, 854955, , , , , ,
PUP.Optional.Restoro, HKLM\SOFTWARE\CLASSES\CLSID\{BA827421-E282-479E-AE60-34796877B8AE}, No Action By User, 819, 551619, , , , , ,
PUP.Optional.Restoro, HKLM\SOFTWARE\CLASSES\Restoro.Engine.1, No Action By User, 819, 551619, , , , , ,
PUP.Optional.Restoro, HKLM\SOFTWARE\CLASSES\Restoro.Engine, No Action By User, 819, 551619, 1.0.38283, , ame, , ,
Trojan.Glupteba.E, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\csrss, No Action By User, 509, 781233, , , , , ,
Trojan.Glupteba.E, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{E95EEFAC-FE84-4190-9335-1D45BF615848}, No Action By User, 509, 781233, , , , , ,
Trojan.Glupteba.E, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{E95EEFAC-FE84-4190-9335-1D45BF615848}, No Action By User, 509, 781233, , , , , ,
PUP.Optional.InstallCore, HKU\S-1-5-21-493582733-3832768312-483052813-1001\SOFTWARE\CSASTATS\ic, No Action By User, 511, 586068, 1.0.38283, , ame, , ,
PUP.Optional.Restoro, HKU\S-1-5-21-493582733-3832768312-483052813-1001\SOFTWARE\Local AppWizard-Generated Applications\Restoro, No Action By User, 819, 551612, 1.0.38283, , ame, , ,
PUP.Optional.Restoro, HKLM\SOFTWARE\Restoro, No Action By User, 819, 551614, 1.0.38283, , ame, , ,
Trojan.Glupteba.E, HKU\S-1-5-21-493582733-3832768312-483052813-1001\SOFTWARE\MICROSOFT\6a67fa59, No Action By User, 509, 821174, 1.0.38283, , ame, , ,
PUP.Optional.SearchYa, HKU\S-1-5-21-493582733-3832768312-483052813-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{993F5746-4C15-42BC-99C1-064A1764271B}, No Action By User, 430, 242794, 1.0.38283, , ame, , ,

Registry Value: 6
Trojan.Agent, HKU\S-1-5-21-493582733-3832768312-483052813-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|WITHEREDSTAR, No Action By User, 506, 196479, 1.0.38283, , ame, , ,
Trojan.Glupteba.E, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{46018BF8-5ED4-47EC-B38B-D7E879FE6D2C}, No Action By User, 509, 795081, 1.0.38283, , ame, , ,
Trojan.Glupteba.E, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{E95EEFAC-FE84-4190-9335-1D45BF615848}|PATH, No Action By User, 509, 781231, 1.0.38283, , ame, , ,
Trojan.Agent, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WINDEFENDER|IMAGEPATH, No Action By User, 506, 428246, 1.0.38283, , ame, , ,
Trojan.Glupteba.E, HKU\S-1-5-21-493582733-3832768312-483052813-1001\SOFTWARE\MICROSOFT\6a67fa59|CAMPAIGNID, No Action By User, 509, 821174, 1.0.38283, , ame, , ,
PUP.Optional.SearchYa, HKU\S-1-5-21-493582733-3832768312-483052813-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{993F5746-4C15-42BC-99C1-064A1764271B}|DISPLAYNAME, No Action By User, 430, 242794, 1.0.38283, , ame, , ,

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 1
HackTool.KMSpico, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\KMSPICO, No Action By User, 7189, 921555, 1.0.38283, , ame, , ,

File: 13
Trojan.Ranumbot, C:\WINDOWS\WINDEFENDER.EXE, No Action By User, 7746, 854955, 1.0.38283, 2F3F9E384C4C9399D6DE1AA7, dds, 01161080, 6512AE7C9F36206F6433F78296102419, 6B9468EFEE35A8454A7FB395F43E5BDD14DF918437661846D7D6EC199BA08883
PUP.Optional.Restoro, C:\WINDOWS\RESTORO.INI, No Action By User, 819, 551609, 1.0.38283, , ame, , 0DA69F2F8B6B7B0D4B90721C743AF2F4, 908C40056B2B5036BFB68BF740A7EF6001E340A3F4D3C46A8A7F1E9641401701
Trojan.Glupteba.E, C:\WINDOWS\SYSTEM32\TASKS\CSRSS, No Action By User, 509, 781233, 1.0.38283, , ame, , 69A0D9C0C5375C69B9D9CB26897E08EF, 454C874EB9F2EEBC61CB46C37492DD34AB068BE89D3E0316F78997F15E8D966F
Generic.Trojan.Malicious.DDS, C:\USERS\USER\APPDATA\LOCAL\TEMP\CSRSS\MG20201223-1.EXE, No Action By User, 1000002, 0, 1.0.38283, 9A7A6AFB3102800D547A4E88, dds, 01161080, 0A13D106FA3997A0C911EDD5AA0E147A, 5E46ECFFCFF9440E97BF4F0A85AD34132407F925B27A8759F5A01DE5EA4DA6AF
Trojan.ServStart, C:\USERS\USER\APPDATA\LOCAL\TEMP\CSRSS\M672.EXE, No Action By User, 5779, 916787, 1.0.38283, A37FA6DE49EA5E096CB1A132, dds, 01161080, 1496F269A788B609062ADBD300F2D18C, 9D41D85B30958480BE3F7EEFF32D2CF4EBE2F1C5790DEDFD8CBAC0A3C8B58F03
Malware.AI.2876304519, C:\USERS\USER\APPDATA\LOCAL\TEMP\CSRSS\WW31.EXE, No Action By User, 1000000, 0, 1.0.38283, 88D5EFE910C9554EAB70EC87, dds, 01161080, 9A4B7B0849A274F6F7AC13C7577DAAD8, C1D5A585FCE188423D31DF3EA806272F3DAA5EB989E18E9ECF3D94B97B965F8E
Generic.Trojan.Malicious.DDS, C:\USERS\USER\APPDATA\LOCAL\TEMP\CSRSS\ML20201223.EXE, No Action By User, 1000002, 0, 1.0.38283, 9A7A6AFB3102800D547A4E88, dds, 01161080, D54ADE674CB0C3E6D322ED7380E8ADF6, 5191548B8EDF4B98E623F055F5205E2DB17AA220C28928B1DA1C3A9BA1A75EE0
Trojan.MalPack.GS, C:\USERS\USER\APPDATA\LOCAL\TEMP\RAR$EXB0.799\CLIP+STUDIO+PAINT+EX+1-PFQJ-AIGQSGC04WQAOKQCAEXCFWASAE9KKTAA.EXE, No Action By User, 8442, 920503, 1.0.38283, EB9DA494648BBF6DC723AF51, dds, 01161080, 05390F760D029576605D5AB3C72482D4, C41737E8C70364AC3475E2713B2623746B16E2AB8C6D74CDACF875FC271540EE
Generic.Malware/Suspicious, C:\USERS\USER\APPDATA\LOCAL\TEMP\CSRSS\R20210209.EXE, No Action By User, 0, 392686, 1.0.38283, , shuriken, , 02E2027A7A49D7A45EEA27AC42881C9E, 2461D5E17D86DC52AF3D194AC25A1FD3C9C833AD3B02F2ADAE78157A950035E3
Trojan.Glupteba, C:\USERS\USER\APPDATA\LOCAL\TEMP\CSRSS\GETFP.EXE, No Action By User, 4375, 916786, 1.0.38283, C50A762CEA5FDFC9FA40C0BF, dds, 01161080, 941B755A404A616A55EA57FF4DBFE184, 9AFABDF762EA2E412019CE0F6004F7FE1C948F2B36E1AAB347E623FEDD5EF440
Spyware.PasswordStealer.GO, C:\USERS\USER\APPDATA\LOCAL\TEMP\CSRSS\U20200626.EXE, No Action By User, 7544, 835370, 1.0.38283, 7B51AF3F5F13383FF7A91534, dds, 01161080, C6E81BAC5A3385A0A9CEF0BF9B45C624, 3414DDDA2D8E2D44F7E33CF513DE0C6A10D593E0358AD55586657D42682FFB5C
Trojan.MalPack.GS, C:\USERS\USER\APPDATA\LOCAL\TEMP\RAR$EXB0.386\CLIP+STUDIO+PAINT+EX+1-PFQJ-AIGQSGC04WQAOKQCAEXCFWASAE9KKTAA.EXE, No Action By User, 8442, 920503, 1.0.38283, EB9DA494648BBF6DC723AF51, dds, 01161080, 05390F760D029576605D5AB3C72482D4, C41737E8C70364AC3475E2713B2623746B16E2AB8C6D74CDACF875FC271540EE
PUP.Optional.Restoro, C:\USERS\USER\DOWNLOADS\RESTORO.EXE, No Action By User, 819, 551611, 1.0.38283, , ame, , 149B7754E41E3330E87D3C303FECE58C, 5D99408FC2F7BC85F2C4BC6DCD762008BFECD5C8DCAAACF9C9BDC2914DDD22B1

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)

(end)

icotonev · Mar 19, 2021

Hi , sara005..! Welcome to Sysnative...!

Please follow these posting instructions - Malware Removal Posting Instructions

Thank you.

icotonev · Mar 19, 2021

sara005, I will ask you to decide on which forum you will solve your problem ..? Somehow it is not correct for this to happen in several places ..!

Viruses preventing my Windows to Update - Virus, Trojan, Spyware, and Malware Removal Help (bleepingcomputer.com)

Search

Search

Viruses Preventing my windows update

sara005

New member

icotonev

Security Analyst

icotonev

Security Analyst