No Way this Machine is Infected

Posted on Updated on

Tutorials
Tutorials

The Consequence of been a PowerUser :/

The headache it can create when you have over eighty applications installed

Yes you are reading that right, eighty applications and to what one cause the headache, your guest is good as mine. A few days ago I was having problems accessing the Network Attach Storage/Server through Remote Desktop Protocol, all network shares were functioning correctly and everything was running smoothly. This was all taking place just before the Time was set to go ahead one hour at 2:00pm. The first step I took was checking the time on the machines, one of the biggest mistakes you could ever over look, trust me when I say this, time.windows.com was set, along with the service running and synchronized with the internet time server.

Windows Update was working correctly on the Network Attach Storage/Server and couldn’t understand what the hell was going on, rebooted an other tip to keep in mine when working with network shares still didn’t work. So I thought maybe the NAS may have newer KB updates then the workstation that I’m currently writing this post from, started up the service and fired up Windows Update only to get error code 800072EFE WTF!

Apparently it has something to do with the cache, from running Dr.Web CureIt to Comodo Cleaning Essentials witch by the way didn’t detect anything but the .reg files on my portable flash and Security Center disabled Warning. The first thing I blamed when Windows Update didn’t work was the software I recently downloaded from ghacks all signs were generated by me the user not software that was downloaded and scanned with PeStudio application.

Photo Powered by Google Drive

Adding Trusted Sites to Internet Explorer didn’t work, although when adding the ones that were required to access the windows update reported it was already there. Stopped Cryptographic Service and deleted catroot2 folder in System32 location and enabled the service with no success. Also ran one of Microsoft’s Fixit Utility that outline the error code that it couldn’t fix itself really and said maybe it was the Freak Attack Patch I applied.

At this point I was sure the machine was infected with malware or spyware, even though Malwarebytes Anti-Malware was reporting the system was clean, I still needed something a little better then malware protection.

Photo Powered by Google Drive

Since Dr.Web CureIt, Comodo Cleaning Essentials and Microsoft’s Fixit Utility’s couldn’t fine or do deadly squat when it came to solving the problem or again for that matter recommending a solution… Seriously you fucking outlined the same error code and couldn’t fix the fucking problem fuck! I believed strongly at the time the workstation was infected with something, next up was a Rookkit scanner

When troubleshooting the problem Kaspersky Lab TSSKiller was mention and also took that for a run, even though Malwarebytes has Rootkit detection two is better than one, also like to point out that it’s not enabled by default. The scanner came back clean and said okay, time to try a Anti-Virus, that’s right I don’t use any Anti-Virus Programs and didn’t in four years. I hate Anti-Virus programs, the performance hit your system takes just ant worth it, especially if your a gamer. PowerUsers don’t need Anti-Virus protection and I’m going to prove that one right now, September 2014 was when I build the Dream Machine and it first came alive and it’s March 2015 has of now.

Photo Powered by Google Drive

Kaspersky Lab Anti-Virus 2013 was the program I chose, why not when they announced to the public about NSA Firmware been detected on commercial HDD drives. So after the database was done updating the scan took about 20 minutes to complete and it reported noting absolutely noting, once again PowerUsers don’t need such shit on their systems. Yeah hang on now I’m going to hand over $80 dollars for protection really, I repaired enough systems to know that the biggest Anti-Virus programs couldn’t keep the simplest adware off the system cough Norton.

With every Anti-Virus program there usually would be some form of bootable USB/CD Recover or some form of extra features like file shredder etc. Well in this case I was extremely lucky when I chose Kaspersky Lab, because with their Tools they had a little feature called Browser Configuration, it analyzes Microsoft Internet Explorer setting from a security viewpoint. With that Start and it reported three problems, what you know cache.

You can even see in the image above the Trusted Websites I added to the zone. Here’s what cause the headache and what Microsoft’s Fixit couldn’t well fix, that lead me to believe my machine was infected with Malware or Spyware. First Cache autocleanup is disabled on browser closing and secondly Caching data received via protected channel is enabled, after Kaspersky repaired those three things Windows update and the Remote Desktop Connection worked perfectly fine without any problems since. So why couldn’t Microsoft repair this problem with their Fixit, again your guest is good as mine. When first setting out to fine a solution to the problem I knew it was going to be hell, just look at the error codes people have reported on Technet forums, some worked where others failed and for me this was the solution to the problem, so if anyone for some crazy apparent reason fines this post/article and it helps spread the word because this ant the first time dealing with windows update failing.

PhoneyVirus
PhoneyVirus
Has a passion for computer hardware and dream’s of been a professional technician one day, fairly educated on the subject and opened minded. Programing maybe one of many interest, but are divided into what you call time. When he ant learning what’s new, he’s usually jamming out on electric guitar or playing some awesome PC Game.

Advertisements