on November, 9 2012 8:53A
I recently had a client's laptop in here to troubleshoot some problems they were having. It was infested with viruses so I wasn't surprised that it was acting up on them. Using Malwarebytes' Anti-Malware and ComboFix I was able to successfully clean the system, but what do you do after the viruses have been removed and the system still isn't working right? They may be gone, but they already did their damage!
The 80096001 Windows Update Problem
After removing the viruses I wanted to run a Windows Update to make sure it was all up-to-date. As soon as it came up though I knew there was a problem. It had the red shield there it had a message reading something like "You should run Windows Update regularly to keep the system updated." As soon as I clicked the "Check for Updates" button it came back with error 0x80096001, and a pop-up came on the screen reading "Windows Update cannot currently check for updates because the service is not running. You may need to restart your computer." I checked to make sure that the Background Intelligent Transfer Service (BITS) and Windows Update services were both started, and they were.
Consequently, I had also just downloaded and installed the Microsoft Security Essentials anti-virus program, and although that installed without a problem, checking for definition updates manually also gave an error and wasn't able to complete. It was able to download a definition update automatically on its own though, but wouldn't work when clicking the "Update Now" button.
Simple Fix 1
I had seen a problem very similar to this before, but that was after re-imaging a failing hard drive onto a new hard drive. For that there was a quick and simple fix of installing the Intel® Rapid Storage Technology driver. After that Windows Update was working again. Unfortunately that didn't work this time around. I guess that would have been too simple.
Simple Fix 2
The next thing I did was to run Microsoft's Fixit program for Windows Update. I figured Windows Update is a Microsoft program, so who else but Microsoft would know the best way to Fixit. This is supposed to fix the most common problems with Windows Update, but apparently this problem isn't that common because that didn't help either. It did say that Windows Update needed to be repaired, and at the end of the wizard it said that it fixed it, but trying Windows Update again just gave the same 80096001 error message. There are steps on the Fixit page (link above) that you can follow if you want to try repairing it manually too. So I followed those steps and did everything manually (was unable to rename the %systemroot%\system32\catroot2 folder though), and that didn't help either.
The Windows Update Fix for Error 80096001 That Worked For Me
After doing much research online about this error I finally ran across a forum post on the BleepingComputer.com website that solved the problem for me. It's basically updating an entry in the Windows registry for the automatic update service. It looks like he exported this registry entry from a working Vista computer (oh, and by the way, the laptop I was working on was also a Vista). To apply it you need to copy the following lines of code into Notepad and save the file as "WindowsUpdateFix.reg".
Windows Registry Editor Version 5.00
"Description"="Enables the detection, download, and installation of updates for Windows and other programs. If this service is disabled, users of this computer will not be able to use Windows Update or its automatic updating feature, and programs will not be able to use the Windows Update Agent (WUA) API."
Now before you actually merge this with your existing registry, I highly recommend that you create a system restore point so you have a backup of your registry. There's absolutely nothing wrong with this registry entry that I see, but it's just standard practice to be safe rather than sorry when you're about to make registry updates. After you've created your system restore point then you can right-click on the "WindowsUpdateFix.reg" file and select Merge. You'll be prompted asking you if you're sure you want to merge this with the registry. Accept it and then reboot your computer. Consequently, after Windows Update was working again then the manual update in Microsoft Security Essentials started working again too.
Additional Windows Update Fix
If by chance repairing the registry entry doesn't help solve the 80096001 Windows Update problem, then there's also an excellent Windows Repair tool at Tweaking.com. It's currently at version 1.7.3 as I write this and works for Windows XP, 2003, Vista, 2008 & 7 (both 32 & 64-bit). Simply download, install and then run it. Go through the 4 steps (some basic information to make sure that your system is free of viruses, the file system is intact, the system files are ok, and creating a restore point/backing up the registry). The last tab will let you start repairing the system. I would just leave everything checked and let it start repairing the system. It repairs/resets a lot of Windows functions (including Windows Updates) and is very useful in making sure your system will still work fine after a virus infection. These are the steps from my own notes when I run this on client computers to repair their problems.
- Step 1 - Make sure you've ran Malwarebyes, ComboFix and TDSS Rootkit Remover at the least.
- Step 2 - Allow it to run a Disk Check. (It will reboot the PC immediately and run the disk check.)
- Step 3 - When the PC comes back on, run Windows Repair 1.7.3 again and go to step 3 and allow it to run SFC.
- Step 4 - Create a System Restore Point and also Backup the registry. (Can't be too safe here).
- Start Repairs - On the Start Repairs tab click the Start button.
- Select the items you want repaired then run it. (By default they'll all be selected in v1.7.3)
- Reboot the PC.
- Check to see if Windows Update works
A problematic Windows Update can sometimes be a very tricky problem to solve. Hopefully some of the ideas in this post will help anyone else having similar issues. Please let me know your experiences in the comments below and if there's anything else you've done that's helped you solve this problem too.
on November, 9 2012 8:34A
Another great program I use to prevent PC viruses is Microsoft Security Essentials. It's free from Microsoft and works really well as a real-time antivirus program, which means it's always running checking for viruses when the computer is turned on (as opposed to an on-demand scanner, like ComboFix, which only runs and removes viruses when you specifically start it yourself). This tutorial will guide you on how to download, install and use the Microsoft Security Essentials software to scan your PC for infections. You can also use Microsoft Security Essentials as an on-demand scanner too if you think something got by. As always, no single antivirus program will catch or be able to remove 100% of today's viruses and spyware, but having a real-time antivirus scanner like this one is a great defense.
Demonstration video on how to download, install and run Microsoft Security Essentials
To start off with, I have a 10 minute video as a reference to everything I'm about to cover in the post below. So have a look at the video, and you'll see that downloading, installing and using Microsoft Security Essentials is pretty easy. (I'm sorry about the audio quality. I was having problems with my microphone.)
Download Microsoft Security Essentials for Free
There's only 1 version of this program available, and it's completely free. You can use this version for real-time protection and running ad-hoc scans manually.
Free Version: You can download Microsoft Security Essentials for free from Microsoft's website.
Installing Microsoft Security Essentials onto your computer
When clicking the link above for the free version, you're going to download and run an installer file, which will open up a short wizard that actually guides you into installing the Security Essentials program. If you're using Internet Explorer, then it usually already knows what your operating system is and just provides you with a "Download" button. If you're using another browser, like Google's Chrome, then you may see a drop-down box to select what your operating system is. Right now, Security Essentials runs on Windows XP, Vista and 7 (32 & 64-bit). Once you've downloaded the installer file, you need to run it to start the installation, so you need to browse to where you saved the file and typically you can just double-click on it to execute it and that'll start the installation process. (Alternatively, you may have been prompted to "Run" or "Save" when downloading it. If you selected the "Run" option (like I do in the video), then the installer process will begin automatically after it's been downloaded to a temporary location.)
The installation is really easy and consists of 8 simple steps. Just let the installation wizard guide you through it (accepting all the default options) and basically just keep clicking "Next" until it reaches the end. Here are the steps for the current installation program at this time:
- Welcome to the Microsoft Security Essentials Installation Wizard. This is just a welcome page that tells you a little about the software, just click on the Next > button to continue.
- Microsoft Security Essentials License Terms. Just about every installation program has this, and it's a good idea to read through the agreement first. Click the I accept button to continue.
- Join the Customer Experience Improvement Program. This screen gives you the option to participate in the Customer Experience Improvement Program. Basically what it means is that Security Essentials will send small amounts of information to Microsoft on how the program is being used. Joining it is up to you and could be a good idea to help make the product better. In the video I choose not to join, and although I mentioned anonymity (which it is anonymous anyway, so you don't have to worry about that), I really just don't like programs using the internet in the background without prompting me first. Regardless, you must select one of these options to continue, the Next > button will be disabled until you do. Click the Next > button to continue.
- Optimize security. This screen suggests that if you don't currently have a firewall program in use, then you allow Security Essentials to turn on the built-in Windows firewall. (This is a firewall that came pre-built with your copy of Windows, not Security Essentials). Since having a firewall is extremely important, I highly recommend that you keep this checkbox checked to have the program make sure you have a firewall running. Click the Next > button to continue.
- Preparing to install Microsoft Security Essentials. There's absolutely nothing you have to do with this screen. It's just making sure that your computer is in a state that's ready to have Security Essentials installed. I've never seen this screen do anything but automatically jump to the next screen to have you actually start the install.
- Ready to install Microsoft Security Essentials. This screen tells you that if you have another antivirus program installed, then you should un-install it before continuing. That's true, because having multiple "real-time" antivirus programs running at the same time can cause conflicts with each other and hinder performance of the PC. However, I just wish they put this screen up front somewhere because if you do need to un-install a previous antivirus program, then chances are that you'll also need to reboot and then restart the Security Essentials installation. If you don't have any other "real-time" antivirus programs on the computer, then Click the Install > button to start the actual installation of Security Essentials.
- Installing Microsoft Security Essentials. This is another screen that you don't have to do anything with. All it does is actually install the program. Once the installation is done, the wizard will automatically jump to the next screen.
- Completing the Microsoft Security Essentials Installation Wizard. This screen tells you that Microsoft Security Essentials has been successfully installed. (I've never seen it come up with a failure message.) There's a checkbox on this screen to "Scan my computer for potential threats after getting the latest updates." If you leave this checked then it'll perform a "Quick Scan" after it downloads the latest definition file, which it'll do in just a moment. Since it's only a quick scan, I usually just leave it checked, but it's entirely up to you. (At this point you might notice a message pop-up in the notification area of the task bar. It's telling you that Security Essentials is out of date and needs to be updated. It's going to automatically do that in just a moment.) Click the Finish button to continue.
At this point the security program is installed and will automatically open up and then download the latest virus definition files and run that quick scan we said it could run.
Using Microsoft Security Essentials to scan for infections on your PC
After the installation finishes, the installer window will close and the Microsoft Security Essentials interface will open. It will also add an icon to the system tray (near the clock on your task bar) and in your "Program Files" folder. The icon in the system tray looks like a house with a flag on top. If all is OK with your system, then the icon will be green with a white checkmark in it, if not, it'll be red. To start the program you can either double-click this icon in the system tray or find the program by clicking on the "Start" button on the task bar. (No icon is automatically put on the desktop; the easiest way to open the program is to double-click the icon in the system tray.)
When Security Essentials opens up for the first time after installing it, it'll automatically check for updates and then run an initial "quick scan" (if you told it to). At any time afterwards, you can always click on the Update tab at the top and then click the Update button to have it check for updates. The updates will automatically be downloaded and installed. When it's done updating the message on this tab will read, Virus and spyware definitions: Up to date. By default it will always get the latest virus and spyware definitions before running a scheduled scan. The definitions can also get downloaded by running Windows Update.
First Time Quick Scan
If you elected to have it do so, Security Essentials will automatically start running a "Quick Scan" after installation and after it downloaded and installed the latest definition file.
Running a Scan
At this point you have the Microsoft Security Essentials downloaded, installed & updated. To scan your computer for any malicious files and infections, click on the Home tab at the top and on the right you will see options where you can choose to manually run a quick scan, full scan, or scan specific files or folders. You can also schedule when future scans should automatically run. When you're running a scan, the option to take care of infected files will occur only at the end after the whole scan has completed, however, if it does recognize anything malicious during a scan, it'll display a message at the bottom of the window reading, "Preliminary scan results show that malicious or potentially unwanted software might exist on your system. You can review detected items when the scan has completed." So just wait for it to finish scanning and then you can take care of them.
- Quick scan
A quick scan will usually take anywhere between 10-20 minutes depending on the speed of your computer and the number of items to go through. If you don't really suspect you have a virus but would like to run a scan for good measure, then a quick scan is a good option. A quick scan will only check the most common areas of the computer for problems. The areas I notice it checks are the following folders: Windows\, Windows\System32, Windows\SysWOS64, Windows\Internet Explorer, Windows\Fonts, \Program Files, \Program Files (x86), \ProgramData, \AppData, ... as well as registry entries, the currently running processes, Scheduled Tasks, Desktop items, Quick Launch items, I'm sure temporary internet files are in this list too, etc...
- Full scan
A full scan will scan every single item on your computer (everything a quick scan does and more). To scan your whole computer for any malicious files and infections, just click on the Home tab then select the Full radio button on the right, then click the Scan now button below it. If you know you have a virus and you're sole purpose of running Security Essentials is to get rid of it, then definitely run the full scan.
- Custom scan
You can also run a scan on specific folders by clicking on the Home tab on the left then select the Custom radio button on the right, then click the Scan now button just below it. When you click the button this will open up another window asking you what folders you want it to scan. It won't let you select specific files within folders, just the whole folder itself. (To scan a specific file only, you can use Windows Explorer (or My Computer) to locate the file, then right-click on it (you can also select multiple files within the same directory before right-clicking on one) and then select then "Scan with Microsoft Security Essentials...") option. Put a checkmark next to the folder(s) you want to scan for viruses and then click the OK button.
- Scheduled scan
You can also schedule a scan to run at a specific time. You can click on the Change my scan schedule link at the bottom of the Home tab, or go directly to the Settings tab and click the "Scheduled scan" option on the left (they both bring you to the same screen). There's already a scheduled scan setup by default, but it's set to run on Sunday's at 2:00 am. If you set the scan to start at a time when the computer is turned off, then it won't be able to scan the computer and that scan will be missed. My experience has been that it doesn't run missed scans the next time you turn your computer on, so you may want to change the schedule to a day and time when you know your PC will be turned on. There are not many options here; you can only set it to scan daily, or on a specific day of the week. By default it's setup to run a quick scan, but you can change it to run a full scan too. For me personally, I'm OK with scheduling just the Quick scan unless I feel there's a problem, and then I'll manually run a full scan. It's also a very good idea to leave the checkbox checked that reads "Check for the latest virus and spyware definitions before running a scheduled scan". You always want it to be up-to-date so it knows the latest threats to check for.
Now that you've got the scan going, just sit back and let it do its job now. It'll show you its progress as it goes along displaying how many objects it scanned, if any threats have been found so far, and what it's currently scanning. It also displays a progress bar so you have an idea of how far into the scan it is and how much is left.
Post Scan Clean-up
When the scan completes you'll immediately know if it found anything or not because the usually green banner at the top will turn red and the picture of the monitor will turn red. It will tell you how many items it scanned, and how many potential threats it found. The easiest way to get rid of any threats it found is to just click Clean PC at this point. That will automatically take care of anything it found. If you're curious to see what it found, and to apply specific actions on what to take for individual items it found, then you can click on the Show details link just below the "Clean PC" button.
If you click to "Show details", then a window will pop up listing the items it found with a "Recommended action" next to each one. You have the option to change how it'll handle the "problem" by removing, quarantining, or ignoring the item. If you select a particular item you can also click on the Show details >> button to see more details about the potential threat it found, like what the actual threat is, and where on your computer it found it. Once you've seen everything it's found (and changed any action if you so desired) then you can just click on the Apply actions button to have it actually remove, ignore, or quarantine them. This may take a few moments and may or may not require a reboot when it's done depending on what it found, but it will prompt you for that. If it prompts you to restart, then go ahead and do that (you shouldn't have any other programs or files open right now, save all your work and close all programs). After the computer reboots then you should be all done and virus free!
If it didn't find anything, congratulations, you're system is clean and you're done... you can click the "X" button at the top right to close the interface. (Remember, Microsoft Security Essentials is a real-time scanner, so you're not actually closing the program, it's still running and you can see it's icon at the bottom of your computer screen near the clock.)