Verification failed
Than Naing
23 Jun 2010
Hi
I have recently reformatted the machine, installed software I'd burned earlier on a DVD, and tried to update with Autopatcher. I keep getting this message shortly before it finishes downloading.
----
One or more files has failed verification. Please re-run AutoPatcher Updater.
If this problem persists, please report to the forums at AutoPatcher.com.
---
The other posts on this haven't helped. I have re-downloaded and re-installed it several times, rebooted once, and tried to run it from both admin and non-admin accounts, but always get the same response. I am unable to install any of the downloaded updates.
Threatfire didn't find any malware, but Avira said there was TR/BHO.Gen Trojan in \system 32\xwr16669.dll and \system 32\wr16669.dll, and the log for Malwarebytes Anti-Malware is below. I had installed quite a few apps to test out (almost all from cnet.com), like Launchy, Debrief, Belarc Advisor and Organizer, and I hadn't yet connected to the internet, so I thought they might be false positives and I haven't removed them yet. Could have been on my software DVD from before though, I suppose.
My external hard drive isn't registering when I plug it in either (it works fine in other machines). I thought that might be because the drivers hadn't been updated, but I don't really know.
..................
Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 3
6/23/2010 7:04:56 PM
mbam-log-2010-06-23 (19-04-47).txt
Scan type: Quick Scan
Objects scanned: 102593
Time elapsed: 12 minute(s), 20 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{32a0736c-3892-3de9-b3a0-0ddb5cb8d544} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{32a0736c-3892-3de9-b3a0-0ddb5cb8d544} (Trojan.Vundo.H) -> No action taken.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\xa772265.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\xa781984.exe (Trojan.Agent) -> No action taken.
..............
I can post a HJT log as well if you like.
Thanks
I have recently reformatted the machine, installed software I'd burned earlier on a DVD, and tried to update with Autopatcher. I keep getting this message shortly before it finishes downloading.
----
One or more files has failed verification. Please re-run AutoPatcher Updater.
If this problem persists, please report to the forums at AutoPatcher.com.
---
The other posts on this haven't helped. I have re-downloaded and re-installed it several times, rebooted once, and tried to run it from both admin and non-admin accounts, but always get the same response. I am unable to install any of the downloaded updates.
Threatfire didn't find any malware, but Avira said there was TR/BHO.Gen Trojan in \system 32\xwr16669.dll and \system 32\wr16669.dll, and the log for Malwarebytes Anti-Malware is below. I had installed quite a few apps to test out (almost all from cnet.com), like Launchy, Debrief, Belarc Advisor and Organizer, and I hadn't yet connected to the internet, so I thought they might be false positives and I haven't removed them yet. Could have been on my software DVD from before though, I suppose.
My external hard drive isn't registering when I plug it in either (it works fine in other machines). I thought that might be because the drivers hadn't been updated, but I don't really know.
..................
Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 3
6/23/2010 7:04:56 PM
mbam-log-2010-06-23 (19-04-47).txt
Scan type: Quick Scan
Objects scanned: 102593
Time elapsed: 12 minute(s), 20 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{32a0736c-3892-3de9-b3a0-0ddb5cb8d544} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{32a0736c-3892-3de9-b3a0-0ddb5cb8d544} (Trojan.Vundo.H) -> No action taken.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\xa772265.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\xa781984.exe (Trojan.Agent) -> No action taken.
..............
I can post a HJT log as well if you like.
Thanks
Cristiano
23 Jun 2010
> If this problem persists, please report to the forums at AutoPatcher.com
yep, but to fix this kind of issues, we need autopatcher's log, that you can generate by hitting that "hit this to generate..." file and pasting the content of the log file in here. but an issue was reported with an component that may have changed his content, due an change of size after an long time. but i will check that
[]s
yep, but to fix this kind of issues, we need autopatcher's log, that you can generate by hitting that "hit this to generate..." file and pasting the content of the log file in here. but an issue was reported with an component that may have changed his content, due an change of size after an long time. but i will check that
[]s
Than Naing
23 Jun 2010
When should I do it? I ran autopatcher again and double-clicked on it after it failed, but it said i didn't have permission to run it. In an admin account it just opened a cmd window saying ...apup.exe /log and nothing underneath. Right-clicking and printing it just produced the same text. Double-clicking the cmd thing first opens both the cmd window and the main programme, but it doesn't change when the update fails - no info is added to the log.
What am I doing wrong?
Thanks
What am I doing wrong?
Thanks
Cristiano
23 Jun 2010
> it just opened a cmd window saying ...apup.exe /log and nothing underneath
it is working as it was supposed to. that cmd window just executes apup generating the log file and just that.
as "i didn't have permission to run it", it may be related to this:
Files Infected:
C:\WINDOWS\system32\xa772265.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\xa781984.exe (Trojan.Agent) -> No action taken
so, i may be reading it in a wrong way, but seems that Malwarebytes' Anti-Malware 1.41 has detected the issue, but did nothing about. personally, i us to remove the infected drive and scan it from an safe machine, with every single autorun disabled. when the system is not running from the infected drive, the removal us to be more easy
> no info is added to the log
that virus may be locking the download sites. due that,...
[]s
it is working as it was supposed to. that cmd window just executes apup generating the log file and just that.
as "i didn't have permission to run it", it may be related to this:
Files Infected:
C:\WINDOWS\system32\xa772265.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\xa781984.exe (Trojan.Agent) -> No action taken
so, i may be reading it in a wrong way, but seems that Malwarebytes' Anti-Malware 1.41 has detected the issue, but did nothing about. personally, i us to remove the infected drive and scan it from an safe machine, with every single autorun disabled. when the system is not running from the infected drive, the removal us to be more easy
> no info is added to the log
that virus may be locking the download sites. due that,...
[]s
_def_x_
23 Jun 2010
Than Naing, you need to get rid of Trojan.Vundo.H if in fact you have it, otherwise you will continue to infect your system including the AutoPatcher release or any new DVDs you create - everything is at risk of being infected. You should update Malwarebytes regularly also - I updated late last night and the versions are - the application is at 1.46 and the database is 4227 dated 6/22/2010 - there may be a few new editions added to the database by now. You are running 1.41 w/ database 2775 - looks very outdated.
There are many sites dedicated to resolving infections using HijackThis logs but it can be time consuming, requiring many reboots at times and running multiple programs, here is one such site - Tarun is a good guy...The Anti-Malware Toolkit is a good start, again one of many. Also, the HijackThis Logs Forum is a good place to get help with the contents of your HijackThis log file.
I also have the 3 (Disabled.SecurityCenter) warnings from Malwarebytes but I disabled them myself - I use another firewall, don't use the Updates feature, and I keep an eye on my security software and updates myself. If you did not disable these this can be a sign of malicious activity by malware also.
You could run the tools found on the OnLine Scanners List.
There are many sites dedicated to resolving infections using HijackThis logs but it can be time consuming, requiring many reboots at times and running multiple programs, here is one such site - Tarun is a good guy...The Anti-Malware Toolkit is a good start, again one of many. Also, the HijackThis Logs Forum is a good place to get help with the contents of your HijackThis log file.
I also have the 3 (Disabled.SecurityCenter) warnings from Malwarebytes but I disabled them myself - I use another firewall, don't use the Updates feature, and I keep an eye on my security software and updates myself. If you did not disable these this can be a sign of malicious activity by malware also.
You could run the tools found on the OnLine Scanners List.
Than Naing
24 Jun 2010
I removed the ones that seemed to be malware and that seemed to fix it. On restarting after installing the updates I got a BSOD, and again later when installing other updates via the standard Windows Update, but after restarting they seemed to be working fine.
Still no luck using my external hard drive though so I've done a post on it here:
http://forums.majorg...770#post1502770
Still no luck using my external hard drive though so I've done a post on it here:
http://forums.majorg...770#post1502770
Cristiano
24 Jun 2010
do you have tried any online scanner and combofix? related to "but the other two partitions don't show up at all", you may have the remains of an autorun virus. as an guess, de-attach your external drive and open "my computer". then, while holding shift key, attach it again. this will disable the autoruns. now, try look into my computer for the letters of this new partitions and the old ones. now, pay attention to those letters and open an cmd windows (start, run, cmd). type like this:
(your first partition letter in here):
cd\
attrib -s -h -r autorun.inf
del autorun.inf
(move to the next partition letter) and repeat the process. ex:
c:
cd\
attrib -s -h -r autorun.inf
del autorun.inf
d:
etc
you may skip cdrom letters. if all the partitions for your external drive doesn't show, don't worry. you may try the next ones (e, f, g, h, i, j etc) until find the proper partition. after that, de-attach the device and reboot. after the boot, attach the device again. one idea: try combofix first
> Show hidden devices' there appears 'Unknown device' under PCI Bus. I cannot install it because the computer can't find any software for it.
this may be caused due lack of enough power in the usb. some time ago, certain external drives us to come with an cable with 2 usb connectors. when energy is an issue, then plug the other usb connector us to help. also, windows that was stripped from original windows drives may not be able to detect certain usb devices properly. of course, if energy is the issue, then you may have to delete the unknow device (with the device still attached. then, remove and re-attach booth connectors)
[]s
(your first partition letter in here):
cd\
attrib -s -h -r autorun.inf
del autorun.inf
(move to the next partition letter) and repeat the process. ex:
c:
cd\
attrib -s -h -r autorun.inf
del autorun.inf
d:
etc
you may skip cdrom letters. if all the partitions for your external drive doesn't show, don't worry. you may try the next ones (e, f, g, h, i, j etc) until find the proper partition. after that, de-attach the device and reboot. after the boot, attach the device again. one idea: try combofix first
> Show hidden devices' there appears 'Unknown device' under PCI Bus. I cannot install it because the computer can't find any software for it.
this may be caused due lack of enough power in the usb. some time ago, certain external drives us to come with an cable with 2 usb connectors. when energy is an issue, then plug the other usb connector us to help. also, windows that was stripped from original windows drives may not be able to detect certain usb devices properly. of course, if energy is the issue, then you may have to delete the unknow device (with the device still attached. then, remove and re-attach booth connectors)
[]s
