Results 1 to 9 of 9

Thread: Automatic Update: Access is Denied

  1. #1
    James Guest

    Automatic Update: Access is Denied

    (Windows XP Professional SP3)
    Apologize in advance for a long message.

    My Automatic Update is not running, even though "Automatic (recommended)"
    checkbox is selected in System Properties - Automatic Updates tab.

    After opening Services (services.msc), Automatic Updates's Description,
    Status and Startup Type columns are empty. "Log On As" value is Local System.

    When double clicking or right click -> select Properties on Automatic
    Updates in Services, I get this message,
    "Unable to open service Automatic Updates for reading on Local Computer.
    Error 5: Access is denied."

    When I go to Windows Update site and try installing updates manually
    (http://www.update.microsoft.com/wind...aspx?ln=en-us), I
    get "Error number: 0x80070005" during installation after download is complete.

    This seems to happen after I got some spywares, which I removed through
    scouring registries and cleaning offensive DLLs in system32 directory.

    According to many articles indicated, this is a permission problems with
    potential errors in registry. I tried a number of suggested fixes with no
    successful result,

    - Verified BITS is running
    - Verified I'm in Administrator group
    - Added Trace Flag in Windows registry
    - Stopped AdAware daemon. Cannot stop Norton however. But I was able to
    run Auto Updates before with Norton running
    - Run 2 commands as suggested in this article,
    http://www.eggheadcafe.com/software/...ll-record.aspx
    a) "sc sdset bits ..." returned SUCCESS
    b) "sc sdset wuauserv ..." returned "OpenService FAILED 5: Access is denied"
    - Install and run SubInACL tool to repair file and registry permissions
    (http://blogs.msdn.com/astebner/archi...04/739820.aspx)
    * finish successfully, but same Access error afterwards
    - Munually re-install Automatic Update client
    (http://msmvps.com/blogs/athif/pages/49608.aspx)
    * Browse C:\windows\ServicePackFiles\i386 where wuapi.dll is located.
    Restart the system. Same Access is Denied error
    - Any attempt to "net stop/start wuauserv" returns Access is Denied

    Random clues:

    %windir%\inf\wuau.adm
    ======================
    I notice in this file it uses,
    KEYNAME "Software\Policies\Microsoft\Windows\WindowsUpdate\AU"
    which is a path I don't have under HKLM, does this indicate a problem?

    %windir%\setupapi.log
    =====================
    #-290 Processing REGISTERDLLS section [AU_dlls]. Binary: "%11%\wuaueng.dll",
    flags: 0x0001, timeout: 60s.
    #E127 Calling "DllRegisterServer" in OLE Control
    "C:\WINDOWS\system32\wuaueng.dll" failed. Error 0x80070005: Access is denied.
    #E291 Failed to register OLE server "C:\WINDOWS\system32\wuaueng.dll". Error
    0x80070005: Access is denied.

    %windir%\WindowsUpdate.log
    ==========================
    - I added a Trace flag in registry for WindowsUpdate
    (HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Trace, Flags=7,
    Level=4). Below is the log it generates during reboot.
    ------------------ 8< -----------------------
    2009-02-06 11:52:47-0800 4708 16f4 OpenService failed with error 0x80070005
    2009-02-06 11:52:47-0800 4708 16f4 WU client fail to create WU service with
    error 0x80070005
    2009-02-06 11:53:20-0800 4080 248 OpenNamedService failed (0x80070005) for
    service "wuauserv", permissions = 0x00000004
    2009-02-06 11:53:20-0800 4080 248 AU service is not running.
    2009-02-06 11:53:20-0800 4080 248 WUCheckForUpdatesAtShutdown failed,
    hr=8024000C
    2009-02-06 11:54:03-0800 1104 af8 AU service is not running.
    2009-02-06 11:54:03-0800 1104 af8 WUAutoUpdateAtShutdown failed, hr=8024000C
    2009-02-06 11:55:30-0800 1544 a24 Service Main starts
    2009-02-06 11:55:30-0800 1544 a24 updated service status to 2
    2009-02-06 11:55:30-0800 1544 a24 Processing any required registration
    2009-02-06 11:55:30-0800 1544 a24 CSusProxyManager successfully initialized.
    2009-02-06 11:55:30-0800 1544 a24 CIpAddressMonitor::CreateListenSocket
    returning with hr = 0
    2009-02-06 11:55:30-0800 1544 a24 Logging events locally at
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log.
    2009-02-06 11:55:30-0800 1544 a24 Using event cache directory at
    C:\WINDOWS\SoftwareDistribution\EventCache.
    2009-02-06 11:55:30-0800 1544 a24 Using BatchFlushAge = 5240.
    2009-02-06 11:55:30-0800 1544 a24 Using SamplingValue = 162.
    2009-02-06 11:55:30-0800 1544 a24 Write buffer is empty. Not scheduling a
    flush.
    2009-02-06 11:55:30-0800 1544 a24 Successfully loaded event namespace
    dictionary.
    2009-02-06 11:55:31-0800 1544 a24 Loaded event 1: Default Event.
    2009-02-06 11:55:31-0800 1544 a24 Loaded event 2: Retail Log event.
    2009-02-06 11:55:31-0800 1544 a24 Loaded event 3: Debug Log event.
    2009-02-06 11:55:31-0800 1544 a24 Loaded event 147: Agent has finished
    detecting items.
    2009-02-06 11:55:31-0800 1544 a24 Loaded event 148: Error: Agent failed
    detecting with reason: %1
    2009-02-06 11:55:31-0800 1544 a24 Loaded event 149: Unable to Connect:
    Windows is unable to connect to the automatic updates service and therefore
    cannot download and install updates according to the set schedule. Windows
    will continue to try to establish a connection.
    2009-02-06 11:55:31-0800 1544 a24 Performance warning: CTraceCategory::Trace
    had to allocate memory
    2009-02-06 11:55:31-0800 1544 a24 Loaded event 150: Update is installed.
    2009-02-06 11:55:31-0800 1544 a24 Loaded event 151: Update is installable.
    2009-02-06 11:55:31-0800 1544 a24 Loaded event 152: Update is superseded.
    2009-02-06 11:55:31-0800 1544 a24 Loaded event 154: Client has an invalid Pid.
    2009-02-06 11:55:31-0800 1544 a24 Loaded event 161: Error: Download failed.
    2009-02-06 11:55:31-0800 1544 a24 Loaded event 162: Download succeeded.
    2009-02-06 11:55:31-0800 1544 a24 Loaded event 163: Download canceled.
    2009-02-06 11:55:31-0800 1544 a24 Loaded event 182: Installation Failure:
    Windows failed to install the following update with error %1: %2.
    2009-02-06 11:55:31-0800 1544 a24 Loaded event 183: Installation Successful:
    Windows successfully installed the following update: %1
    2009-02-06 11:55:31-0800 1544 a24 Loaded event 184: Installation successful
    and restart required for the following update: %1
    2009-02-06 11:55:31-0800 1544 a24 Loaded event 185: Hide update: user hid
    one update.
    2009-02-06 11:55:31-0800 1544 a24 Loaded event 186: user cancelled the install
    2009-02-06 11:55:31-0800 1544 a24 Loaded event 187: Installation killed:
    Installation of the following update is killed by the agent: %2
    2009-02-06 11:55:31-0800 1544 a24 Loaded event 188: Installation Ready: The
    following updates are downloaded and ready for installation. This computer is
    currently scheduled to install these updates on %1 at %2: %3
    2009-02-06 11:55:31-0800 1544 a24 Loaded event 189: Installation Ready: The
    following updates are downloaded and ready for installation. To install the
    updates, an administrator should log on to this computer and Windows will
    prompt with further instructions: %1
    2009-02-06 11:55:31-0800 1544 a24 Performance warning: CTraceCategory::Trace
    had to allocate memory
    2009-02-06 11:55:31-0800 1544 a24 Loaded event 190: Installation Successful:
    Windows successfully installed the following update: %1
    2009-02-06 11:55:31-0800 1544 a24 Loaded event 191: Installation successful
    and restart required for the following update: %1
    2009-02-06 11:55:31-0800 1544 a24 Loaded event 192: Installation killed:
    Installation of the following update is killed by the agent: %2
    2009-02-06 11:55:31-0800 1544 a24 Loaded event 193: Restart Required: To
    complete the installation of the following updates, the computer must be
    restarted. Until this computer has been restarted, Windows cannot search for
    or download new updates: %1
    2009-02-06 11:55:31-0800 1544 a24 Loaded event 194: Restart Required: To
    complete the installation of the following updates, the computer will be
    restarted within %1 minutes: %2
    2009-02-06 11:55:31-0800 1544 a24 Loaded event 195: Installation Failure:
    Windows failed to install the following update with error %1: %2.
    2009-02-06 11:55:31-0800 1544 a24 Loaded event 196: Unhide update: user
    unhid one update.
    2009-02-06 11:55:31-0800 1544 a24 Loaded event 197: Installation Successful:
    Windows successfully installed the following update: %1
    2009-02-06 11:55:31-0800 1544 a24 Loaded event 198: Installation Failure:
    Windows failed to install the following update with error %1: %2.
    2009-02-06 11:55:31-0800 1544 a24 Loaded event 199: Installation successful
    and restart required for the following update: %1
    2009-02-06 11:55:31-0800 1544 a24 Loaded event 200: Installation killed:
    Installation of the following update is killed by the agent: %2
    2009-02-06 11:55:31-0800 1544 a24 Loaded event 201: Installation pending.
    2009-02-06 11:55:31-0800 1544 a24 Loaded event 221: Uninstallation Failure:
    Windows failed to uninstall the following update with error %1: %2.
    2009-02-06 11:55:31-0800 1544 a24 Loaded event 222: Uninstallation
    Successful: Windows successfully uninstalled the following update: %1.
    2009-02-06 11:55:31-0800 1544 a24 Loaded event 223: User cancelled the
    uninstall.
    2009-02-06 11:55:31-0800 1544 a24 Loaded event 224: Uninstallation
    successful and restart required for the following update: %1.
    2009-02-06 11:55:31-0800 1544 a24 Loaded event 225: Uninstallation killed:
    Uninstallation of the following update is killed by the agent: %2.
    2009-02-06 11:55:31-0800 1544 a24 Successfully loaded client event namespace
    descriptor.
    2009-02-06 11:55:31-0800 1544 a24 Successfully initialized local event
    logger. Events will be logged at
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log.
    2009-02-06 11:55:31-0800 1544 a24 Successfully initialized NT event logger.
    2009-02-06 11:55:31-0800 1544 a24 Batch flush age for server 0 is 120 seconds.
    2009-02-06 11:55:31-0800 1544 a24 Write buffer is empty. Not scheduling a
    flush.
    2009-02-06 11:55:31-0800 1544 a24 Successfully initialized event uploader 0.
    2009-02-06 11:55:31-0800 1544 a24 Batch flush age for server 1 is 5240
    seconds.
    2009-02-06 11:55:31-0800 1544 a24 Write buffer is empty. Not scheduling a
    flush.
    2009-02-06 11:55:31-0800 1544 a24 Successfully initialized event uploader 1.
    2009-02-06 11:55:31-0800 1544 a24 destination 2 subscribes for subscription
    1 with internalrouting 0
    2009-02-06 11:55:31-0800 1544 a24 destination 2 subscribes for subscription
    0 with internalrouting 0
    2009-02-06 11:55:31-0800 1544 a24 Network interfaces : 1
    2009-02-06 11:55:31-0800 1544 a24 Signal subscription event 8
    2009-02-06 11:55:31-0800 1544 a24 create subscription event for destination
    2 and routing 0
    2009-02-06 11:55:31-0800 1544 a24 destination 2 subscribes for subscription
    8 with internalrouting 0
    2009-02-06 11:55:31-0800 1544 a24 Network interfaces : 1
    2009-02-06 11:55:31-0800 1544 a24 destination 2 subscribes for subscription
    9 with internalrouting 0
    2009-02-06 11:55:31-0800 1544 a24 EE Handler QI: ISusExprEvaluate
    2009-02-06 11:55:31-0800 1544 a24 CEEMsiHandler::AddRef: refcount is 2
    2009-02-06 11:55:31-0800 1544 a24 Initializing BITS callback handler.
    2009-02-06 11:55:31-0800 1544 a24 AddRef: ref count -> 1
    2009-02-06 11:55:31-0800 1544 a24 DH Listener AddRef: ref count -> 1
    2009-02-06 11:55:31-0800 1544 a24 Handler QI: IUnknown
    2009-02-06 11:55:31-0800 1544 a24 CUHHandlerBase::AddRef: refcount is 2
    2009-02-06 11:55:31-0800 1544 a24 CUHHandlerBase::Release: refcount is 1
    2009-02-06 11:55:31-0800 1544 a24 Handler QI: ISusUpdateInstallerInfo
    2009-02-06 11:55:31-0800 1544 a24 CUHHandlerBase::AddRef: refcount is 2
    2009-02-06 11:55:31-0800 1544 a24 CUHHandlerBase::Release: refcount is 1
    2009-02-06 11:55:31-0800 1544 a24 ref count on CCR after AddRef is 2
    2009-02-06 11:55:31-0800 1544 a24 ref count on CCR after Release is 1
    2009-02-06 11:55:31-0800 1544 a24 fail to register class object 0x80004015
    2009-02-06 11:55:31-0800 1544 a24 Client call recorder fails to init with
    error 0x80004015
    2009-02-06 11:55:31-0800 1544 a24 WU client with version 5.4.3790.5512
    failed to initialize with error 0x80004015 from component agent
    2009-02-06 11:55:31-0800 1544 a24 Failed to initialize WU client: 0x80004015
    2009-02-06 11:55:31-0800 1544 a24 updated service status to 3
    2009-02-06 11:55:32-0800 1544 a24 CEEMsiHandler::Release: refcount is 1
    2009-02-06 11:55:32-0800 1544 a24 CEEMsiHandler::Release: refcount is 0
    2009-02-06 11:55:32-0800 1544 a24 CUHHandlerBase::Release: refcount is 0
    2009-02-06 11:55:32-0800 1544 a24 Submitting work item thread request.
    2009-02-06 11:55:32-0800 1544 a24 new event 1 of type 2 added to event system
    2009-02-06 11:55:32-0800 1544 a24 Asynchronously flushing
    CEventQueue@00608220.
    2009-02-06 11:55:32-0800 1544 a24 Asynchronously flushing
    CEventQueue@00608220.
    2009-02-06 11:55:32-0800 1544 a24 Done with asynchronous flush.
    2009-02-06 11:55:32-0800 1544 a24 event 1 of type 2 removed from event system
    2009-02-06 11:55:32-0800 1544 a24 DH Listener Release: ref count -> 0
    2009-02-06 11:55:32-0800 1544 a24 DH Listener waiting for m_hSafeToDeleteEvent
    2009-02-06 11:55:32-0800 1544 a24 Release: ref count -> 0
    2009-02-06 11:55:32-0800 1544 a24 Waiting for m_hSafeToDeleteEvent
    2009-02-06 11:55:32-0800 1544 a24 WUAUENG ServiceMain exits. Exit code is
    0x80004015
    ------------------ >8 -----------------------

    Again I apologize for the long message. But I'm running out of ideas. Any
    help would be greatly appreciated!


  2. #2
    James Guest
    I found a fix!!!

    Thanks for the suggestions. I ran MSRT (20 hrs!), OTListIt2 and Security
    Check. Fortunately no malicious software was found. I did run multiple
    scans with Norton and AdAware in safe mode before and removed suspicious
    softwares. However, there are really useful information from the scan output.

    Turns out the Security setting of wuauserv was corrupted. Can't remember
    how it happened. But it might have something to do some settings during
    multiple scans.

    Anyway, I was able to fix it by following steps as descripted here

    That was the work of the hijackware infection(s).

  3. #3
    BayAreaDave Guest
    After 3 days of seaching and comparing registries with 3 computers I found
    the Fix

    Error code 0x80070005 Can not enable Automatic Updates

    First Run Malwarbytes and your antivirus program to remove scum viruses.

    After Viruses are removed.

    Log in to Safe Mode with Administrator Privilages

    Click Start >
    Run >
    Type "regedit" (with out " ")

    On the menu bar choose edit > Find > on the text box type "wuauserv" (with
    out " "). Remove the check marks named values and Data (only Keys should
    remain checked. > click on Find Next

    Go through all the keys one at a time and first check its permissions by
    right clicking on the key > Permissions > enable FULL CONTROL > CLICK APPLY

    NOW ON THE IMAGEPATH CHANGE %fystemroot%\System32\svchost.exe -k netsvcs
    to read correctly at "%SystemRoot%\System32\svchost.exe -k netsvcs (only
    the S is changed to f). (You do this by right clicking the imagepath on the
    right hand side pane and select modify)

    HIT the F3 button to Find the next wuauserv key and do the same steps.

    check permissions on each key and change if necessary (remember you must be
    in SAFE MODE ADMINISTRATOR).

    Now do the same steps for the BITS key

    Check its permissions and set to Full control if necessary.

    Finally, close Registry Editor.

    Start > Run > services.msc

    find Automatic Udates > Right click > Properties
    under START UP TYPE > change to AUTOMATIC

    Do the same for Bits if necessary.

    And Walla Automatic Updates if back.

    How have you determined that just running MBAM removed all traces of the
    hijackware that infected your computer?

  4. #4
    Join Date
    Jun 2009
    Posts
    1

    Re: Automatic Update: Access is Denied

    After two days and probably 12 hours of working on my final bit of virus removal for a friend's PC this post helped me take the last few steps to reenable Windows Update.

    Therefore, I'm posting all the major steps I took along with the final procedure in order to help others out.

    This PC had a bad virus situation. It was sending out 50k-60k emails a day, had software that was disabling security like antivirus programs, and I couldn't run process explorer or hijackthis on it at first.

    Before I got it, the outdated McAffee was run on it and found a bunch of things. An old version of Spybot was on I had installed. So I started by getting the latest Spybot S&D which found about 4 malicious threats. 2 of those came back after cleaning, however.

    A web search led me to download Malwarebyte's Anti-malware program, which was able to remove those 2 viruses and found a few more and cleaned them. The final problem was that Windows Update was disabled... thus started a journey of a 1000 steps... or 1000 DOS commands, or something like that...

    So here's the rest of the story on how I got Windows update back up. It appears to be the same virus others in this thread posted about, but I had to do a few extra things to get it running, here's the info.

    The first part and a few others, are cut and paste from elsewhere with useful information:

    -----------------

    Here is perhaps the most definitive (and long-running) conversation about
    that error:
    http://groups.google.com/group/micro...4667c09cb402c0
    =================
    Start a free Windows Update support incident request:
    https://support.microsoft.com/oas/de...spx?gprid=6527

    Support for Windows Update:
    http://support.microsoft.com/gp/wusupport

    For home users, no-charge support is available by calling 1-866-PCSAFETY in
    the United States and in Canada or by contacting your local Microsoft
    subsidiary. There is no-charge for support calls that are associated with
    security updates.

    For more information about how to contact your local Microsoft subsidiary
    for security update support issues, visit the International Support Web
    site: http://support.microsoft.com/common/international.aspx

    For enterprise customers, support for security updates is available through
    your usual support contacts.
    --
    ~Robear Dyer (PA Bear)
    MS MVP-Windows (IE, OE, Security, Shell/User)
    AumHa VSOP & Admin; DTS-L.netw



    ---------------

    Finding the permissions problem:

    Tried to run dos (cmd) and register all the dlls as per a posting. One failed:

    > net stop wuauserv
    > net stop bits

    (neither was started)

    > regsvr32 wuaueng.dll

    Message pops up: DllRegistServer in wuaueng.dll failed. Return code was: 0x80070005

    According to many web posts this is a permissions problem.

    --------------

    Next tried doing a manual reinstall of Windows Update, as follows:

    You can install the WindowsUpdageAgent which is available for download from
    http://go.microsoft.com/fwlink/?LinkId=43264 and run the following command;
    ***********************************************
    WindowsUpdateAgent30-x86.exe /wuforce
    ***********************************************

    I just renamed it to WUA30.exe and ran
    >> WUA30.exe /wuforce
    to force the install. The install failed with following error number:
    0x8024d007

    -----------

    At some point around here I tried using the SubInACL tool (see http://blogs.msdn.com/astebner/archi...04/739820.aspx) to reset the permissions. This failed to change the affected registry keys for wuausrv (I wasn't aware of the problem with BITS at this point)

    Maybe this would have worked if I had run it in safe mode, but I wasn't aware of the virus changes to the paths at this point either...

    ----------------------------

    Posted fix in safe mode as Administrator by someone else:

    Hello Everyone,

    After 3 days of seaching and comparing registries with 3 computers I found
    the Fix

    Error code 0x80070005 Can not enable Automatic Updates

    First Run Malwarbytes and your antivirus program to remove scum viruses.

    After Viruses are removed.

    Log in to Safe Mode with Administrator Privilages

    Click Start >
    Run >
    Type "regedit" (with out " ")

    On the menu bar choose edit > Find > on the text box type "wuauserv" (with
    out " "). Remove the check marks named values and Data (only Keys should
    remain checked. > click on Find Next

    Go through all the keys one at a time and first check its permissions by
    right clicking on the key > Permissions > enable FULL CONTROL > CLICK APPLY

    NOW ON THE IMAGEPATH CHANGE %fystemroot%\System32\svchost.exe -k netsvcs
    to read correctly at "%SystemRoot%\System32\svchost.exe -k netsvcs (only
    the S is changed to f). (You do this by right clicking the imagepath on the
    right hand side pane and select modify)

    HIT the F3 button to Find the next wuauserv key and do the same steps.

    check permissions on each key and change if necessary (remember you must be
    in SAFE MODE ADMINISTRATOR).

    Now do the same steps for the BITS key

    Check its permissions and set to Full control if necessary.

    Finally, close Registry Editor.

    Start > Run > services.msc

    find Automatic Udates > Right click > Properties
    under START UP TYPE > change to AUTOMATIC

    Do the same for Bits if necessary.

    And Walla Automatic Updates if back.


    ----------------

    Some notes, clarification and my final process to fix things on my PC:


    It does not have to be the official "Administrator" account as long
    as the user you log into in safe mode has Administrator access.

    When you do 'find' in regedit is when he means to uncheck the 'values'
    and 'data' box. I thought he meant during editing after you get to the
    keys... but these should be the keys that need to be changes. There may
    be additional ones so if it doesn't work try a full search and check
    the permissions on every key it finds

    The appropriate keys on my machine were:

    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BITS
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wuauserv
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\BITS
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\wuauserv
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv

    Searching for bits and wuauserv found other entries and keys
    that were not affected

    In these keys the permissions had been changed to only administrator
    with only read permission. To get the full list back I did the following:

    - Right click on wuauserv key, choose permissions
    - See only administrators in the list.
    - Click "Advanced" at the bottom
    - Checkbox "Inherit from parent the permission entries that apply to child
    objects. Include these with entries explicitly defined here"
    - Click OK
    - Click OK

    - In the right pane double-click the "ImagePath" key to edit it
    - Change the "%fystemroot%" at the beginning of the path to "%systemroot%"
    (the virus had purposely edited it to be misspelled)
    - After doing this on ControlSet001 and COntrolSet004 the changes already
    showed up in CurrentControlSet when I got there

    In services.msc,
    Automatic Updates was set to Automatic startup type
    Background Intelligent Transfer service was set to Manual startup type

    No need to change either of those

    But boot back into windows normal mode and all the permissions are changed back and the ImagePath values are corrupted again.

    So, I go through the virusscan mode again, this time trying the full-on normal-mode, turnoff system restore, and then rescan in safe mode method.

    1. TURN OFF SYSTEM RESTORE
    2. Full scan with Malware - clean
    3. Full scan with spybot - clean

    4. Reboot into safe mode on an adminstrator-enabled account

    5. normal scan with Malware - clean
    6. Full scan with McAfee - subscription ran out about 3/2009, 3 months ago

    - found 2 files, I think from heuristic search, one auto-cleaned, I quarantined the other

    7. Now, go back and redo the permissions and path updates on the 6 registry keys
    8. This time, however, I opened a dos prompt in safe mode and ran the regsvr32 wuaueng.dll
    - SUCCESS!!

    9. I rebooted into normal mode windows and Windows Update was running.
    10. Checked the bad registry keys and they were all still in the correct new state

    So, I'm not sure if it was the 2 files mcaffee found, disabling the system restore,
    or running the regsvr32 command while still in safe mode, but I'm now up and running.

    Just wanted to share the procedure!

  5. #5
    MowGreen Guest

    Re: Automatic Update: Access is Denied

    There should be no ControlSet subkeys numbered higher than 3. The
    ControlSet004 was created by the malware[s].

    The *only* subkey that needs editing is CurrentControlSet.

    The other subkeys, ControlSet001 -ControlSet003, are pointed to by
    CurrentControlSet.
    Although the KB below is for Windows NT, the only difference is that
    there is no Clone subkey.

    What are Control Sets? What is CurrentControlSet?
    http://support.microsoft.com/kb/100010

    EX: [HKEY_LOCAL_MACHINE\SYSTEM\Select]
    "Current"=dword:00000001
    "Default"=dword:00000001
    "Failed"=dword:00000000
    "LastKnownGood"=dword:00000003

    If the system fails to boot, upon the restart the boot menu will appear.
    The same boot menu shows up when one presses F8 prior to Windows loading
    in order to reach Safe Mode.
    Choosing the LastKnownGood configuration on the boot menu will load the
    last successfully loaded ControlSet, which in this case is ControlSet003.

    Cleaning a system *first* will preclude having to reset perms and
    imagepath values more than once however, some of the tools needed to
    remove most current malwares can be deleterious to the system.
    Which is precisely why disabling System Restore should be done as a
    *last* step. It will add time to the scans but ... it's best to have a
    rat infested [malware] lifeboat rather than none at all.

    Emptying all temp and temporary internet files *will* cut down on the
    scan times without risking a non-boot situation.

    Otherwise ... nice writeups LightCC and BayAreaDave.

  6. #6
    simon Guest
    would u like tell the method which can fix this update error ?
    The link" http://entwindows.com/................." which u give can not open.
    also can mail
    thanks a lot for ur help

  7. #7
    Join Date
    Sep 2009
    Posts
    2

    Re: Automatic Update: Access is Denied

    THANK YOU THANK YOU THANK YOU!

    Specifically BayAreaDave and LightCC...

    I must have spent about 8 hours total researching and trying different things for this fix and the information on here fixed the problem for me. I created this account just to thank you guys. Automatic Updates is running fine now.

  8. #8
    Ponti1 Guest

    Re: Automatic Update: Access is Denied

    I have had a similar issue, and have found that it is related to incorrect
    registry security permissions. to resolve on Windows 2000 or Windows XP,
    please do the following:

    1. Install SubInACL from Microsoft here:

    http://www.microsoft.com/downloads/d...displaylang=en

    2. Create a batch file containing the following lines:

    cd /d "%ProgramFiles%\Windows Resource Kits\Tools"
    subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=administrators=f /grant=system=f
    subinacl /subkeyreg HKEY_CURRENT_USER /grant=administrators=f /grant=system=f
    subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=administrators=f /grant=system=f
    subinacl /subdirectories %SystemDrive% /grant=administrators=f /grant=system=f
    subinacl /subdirectories %windir%\*.* /grant=administrators=f /grant=system=f
    secedit /configure /cfg %windir%\repair\secsetup.inf /db secsetup.sdb /verbose

    3. Run that batch file on the problem machine.

    4. Go to the Windows Update site and try again...No reboot required!


    This procedure will reset registry permissions, and has worked for me on
    quite a few machines. I have put this together from many hours of searching
    for a solution, and have obtained nearly all the information from various
    Microsoft articles.

  9. #9
    Join Date
    Dec 2009
    Posts
    1

    Re: Automatic Update: Access is Denied

    Ponti1 ...

    Registered to TechArena just to say Thanks for this solution. I work in IT and can understand the time that went into the research and the batch file worked as advertised. Your time is well appreciated. Take care.

Similar Threads

  1. Outlook update error via VPN : gpresult access denied?
    By Fitroy in forum Networking & Security
    Replies: 6
    Last Post: 20-06-2011, 10:42 PM
  2. Replies: 1
    Last Post: 22-05-2008, 04:41 AM
  3. Replies: 7
    Last Post: 26-04-2008, 10:24 AM
  4. Access Denied error on Nvidia 8800GT driver update
    By elander in forum Vista Hardware Devices
    Replies: 1
    Last Post: 03-12-2007, 12:24 PM
  5. Replies: 2
    Last Post: 24-05-2007, 09:46 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •