OS: Windows 7 x64 Home Premium SP 1
I recently got hit by a drive-by download of some sort of malware that really screwed up a lot of things in my computer.
Here are the details:
Initial registry keys deleted from HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services - bfe, bits, mpssvc, sharedaccess, wscsvc, wuauserv
I managed to run a few malware scanners, but only the first one I ran detected the malware as a trojan and deleted it. I don't remember which one detected it because I downloaded a bunch of different scanners and ran them all (not at the same time). I'm pretty sure some of what I tried were Malwarebytes and microsoft malicious software removal tool.
I then ran the sfc /scannow from cmd. It said a few files that it found were corrupted and that it fixed them.
I also replaced each of the registry keys listed above with clean ones found from a computer with the exact same OS, and then I fixed permissions for each of the keys that required it by adding NT SERVICE/mpssvc (if I remember that string of characters correctly) and Everyone and setting full control for both. Then I ran some batch files to re-register dll's such as:
regsvr32 wuapi.dll
regsvr32 wuaueng.dll
regsvr32 wups.dll
regsvr32 wups2.dll
regsvr32 wuwebv.dll
regsvr32 wucltux.dll
(There were others but i don't remember at the moment)
Windows Update isn't even listed in the services listing until I run this command after every time I restart the computer:
regsvr32 wuaueng.dll
or else it just tells me that the service isn't running when I try to use Windows Update.
Although, my only other evident problem now is that the BITS registry key is auto-deleted when I restart the computer. The other keys I replaced remain, but I can't use Windows Update without this BITS key, as I get error code 80246008 when attempting to download new updates. I continue to receive the same error even after re-adding the BITS key to the registry, but I think the system needs to be restarted for the change in registry to actually take effect? So it ends up being a looping problem. Restart to have changes take effect, but delete the key that's supposed to be making the changes...*censored*?
Everything I did in attempt to fix this problem was under instruction of websites I searched for solutions for about 9 hours straight. I can't find anything to solve these last remaining problems. Any help that doesn't involve a restore/recover is much appreciated! Really, I don't have any restore points and a recover would take days of tweaking all the settings of the numerous programs I'd have to get back onto my computer...
