I am MVP now!


Yesterday was the biggest day of my life. It was the day I daydreamed about. I got THE MVP AWARD. Thanks to Microsoft for giving me this award.


 

ImageProxy.mvc

Dear Prashant Kumar,

Congratulations! We are pleased to present you with the 2014 Microsoft® MVP Award! This award is given to exceptional technical community leaders who actively share their high quality, real world expertise with others. We appreciate your outstanding contributions in Consumer Security technical communities during the past year.

The Microsoft MVP Award provides us the unique opportunity to celebrate and honor your significant contributions and say “Thank you for your technical leadership.”

At Microsoft, we believe that technical communities enhance people’s lives and the industry’s success because independent experts, like you, help others extract greater value from products and technologies through the free and objective exchange of knowledge. As a Microsoft MVP, you are part of a highly select group of experts that represent technology’s best and brightest who share a deep commitment to community and a willingness to help others.

Can I use MSE/WD with Command Prompt? – Part 1


Many people ask- “Whether MSE/WD can be used with Command Prompt?”. Answer is ‘Yes’. But do we really need it? Well, the answer again is ‘Yes’. It is reasonable because in many cases when MSE/WD GUI (the interface you see) is not accessible or its corrupted or its not functioning well (because of malware attacks, incorrect installation, etc.), in these cases you can use MSE/WD using Command Prompt to get some details about the error.

Now before we jump into all that command stuff we need to know something; some terminology and technologies to understand commands easily. So here we go:

1. What are definitions and signatures?
An easy explanation, a signature is something that is unique in a malware (or multiple malwares) and can be used to identify it/them, compare it with fingerprints for humans. Definitions are files that consists of signatures along with other information. When you update your antivirus you basically download these definitions. Say if your PC was last updated on 31st Sept. (hypothetical date, <wink>) then it would not be able to detect malwares released in Oct. Thus, you should update your antivirus regularly.

2. What is MAPS and Dynamic Signature?
Suppose a process has some evil intentions and tries to invade into your sensitive Operating System files and registry. MSE/WD, with its heuristic detections (certain set of rules to identify evil processes as suspects, even though they are not yet identified as malware), will detect, “Hmmm, this process doesn’t seems to be a decent one, let’s open its history and geography”. At that point, MSE/WD contacts MAPS (Microsoft Active Protection Service) and asks them, “Hey buddy, have you seen this particular process before?”. Now hold a second, what is MAPS? Actually, MAPS is a service of Microsoft where suspicious programs (which are yet to be identified as malware) are reported and a member of MAPS gets protection from those yet-to-be-identified evils. So continuing, if MAPS has identified that particular program or process as ‘suspicious’ then it creates a ‘Dynamic’ signature (well, you now know what signature is) which contains instructions to remove, restrict or quarantine that process/program. Therefore, MAPS is also known as Dynamic Signature Service.

Now time for commands in MpCmdRun.exe. MpCmdRun basically has 11 commands:

  1. -Scan
  2. -Trace
  3. -GetFiles
  4. -RemoveDefinitions
  5. -SignatureUpdate
  6. -Restore
  7. -AddDynamicSignature
  8. -ListAllDynamicSignature
  9. -RemoveDynamicSignature
  10. -EnableIntegrityService
  11. -SubmitSample

Now, I’ll explain each of them.

1. -Scan
As name suggests, it is used to scan file/folder.
Usage: mpcmdrun.exe -scan -scantype X -path <path> -disableremediation

-scantype defines which type of scan you want, quick scan, full scan or custom scan. ‘X‘ is a number ranging from 0 to 3. All options are explained below:

  • 0 – Default Scan.
    Now explaining this is really a big topic. A whole separate blog will be based on this. All I can say right now is ‘Default scan’ is by default Full Scan for MSE and Quick Scan for Windows Defender in Windows 8. It can’t be changed using GUI, but can be using a complex process.
  • 1 – Quick Scan.
    Quick scans your PC.
    * I have seen many people who think Quick Scan scans whole PC for a severe threats only and do not scan for minor threats, thereby reducing scan time (and I was among one of them). But, instead Quick Scan scans PC’s critical areas (like critical Windows files, registry, etc.) for all known threats (whether severe or minor) and thereby reduce scan time.
  • 2 – Full Scan.
    Scan your whole PC.
    * According to my opinion, full scan is only needed when quick scan detects something. OK, you would say what if a malware is hidden in my documents in D: drive. I would say until & unless Quick Scan didn’t find it you can consider that malware as inactive (as Quick Scan scans for areas that a malware affects). If its inactive (ex. : when its in a compressed file) then you have no threat with it. Whenever you will reach that file (or unzip a file containing malware) then MSE/WD’s Real Time Protection will detect the malware and take necessary action. So no need of a Full Scan. However, I recommend one  Full Scan after installing antivirus and one each month or in two months.
  • 3 – Custom Scan.
    Scan only the file/folder you define in <path>.

-file defines the path for custom scan, therefore its needed with -scantype 3.

-disableremediation option is catch-everything-do-nothing kind of thing. With this option (its available with Custom Scan i.e -scantype 3 only) scan will not leave even excluded files. It will scan archive files (files inside archive), ignore exclusions set by you, event entries in Event Manager are not written (007 kind of thing, huh?) and (as name says) it do not take any action on any malware found.

Some examples:

  • For a normal Full Scan:
    mpcmdrun.exe -scan -scantype 2
  • For a Custom Scan of C:\Windows folder:
    mpcmdrun.exe -scan -scantype 3 -path C:\Windows
    [you need to enclose <path> in quotes if path contain a blank space, like “C:\Program Files”]
  • For a Custom Scan of a ‘E:\Test Folder’ without removing any malware found:
    mpcmdrun.exe -scan -scantype 3 -path “E:\Test Folder” -disableremediation[notice quotes for path]

A better example to show what difference -disableremediation makes:
I downloaded EICAR test virus and placed it in folder ‘E:\New Folder’. I excluded ‘E:\New Folder’ in Windows Defender settings.
exclu_mpcmdrun_scan_sample

After this, I scanned the folder twice, once without -disableremediation and once with it. See its results yourself:
cmd_mpcmdrun_scan_sampleAs you can clearly see first scan doesn’t found anything (the folder is excluded) but with that argument it found one threat (EICAR test virus).

2. -Trace

I’ll not discuss much about this command because its of no use for us. When you will type ‘mpcmdrun.exe -trace’ and hit enter you will a screen with message like “Tracing started. Press any key to stop…” and when you will press any key it will stop. After running this command, open C:\ProgramData\Microsoft\Microsoft Security Client (or Windows Defender)\Support and you will see a file like MPTrace-XXXXXXXX-XXXXXX.bin (where ‘X’ are some digits). This is the ‘trace’ i.e. record of every activity Windows Defender has performed after you pressed enter (after entering mpcmdrun.exe -trace command) and pressed any key to stop tracing. Its pretty large file and is of no use for us. Actually, this file can’t be decoded (read) until you have some special files which only Microsoft has and it doesn’t distribute it. So it is used only when Microsoft asks for trace file in Paid Supports, etc.

3. -GetFiles

Now this is most important feature of mpcmdrun.exe, according to me. It gathers all log files related to MSE/WD, pack them in an archive and place them in C:\ProgramData\Microsoft\Microsoft Security Client (or Windows Defender)\Support with file name MPSupportFiles.cab. The following log files are collected:

  1. Traces of MS Antimalware service.
    Files in this category are numerous. Some are files with names like MpWppTracing-XXXXXXX…..bin and are useless like -trace command. Some are MpCmdRun.log, MpCmdRun-System.log and MpCmdRun-NetworkService.log. Some are MpLogXXXX….log. Some are MpCacheStats.log. Means almost anything that contains MS Antimalware service in its log is listed in this.
  2. Windows Update history.
    Saved with name WindowsUpdate.log.
  3. MS Antimalware service events.
    Saved with name MPWHCEvents.txt and MPOperationalEvents.txt.
  4. MS Antimalware registry entries.Saved with name MPRegistry.txt and WSCInfo.txt.
  5. Log file of tool gathering all information.
    Saved with name cbs.log.
  6. Log of signature update helper tool (MpSigStub.exe).
    Saved with name MpSigStub.log.

Now this is actually more than enough for now. Explanation for other commands and some more secrets are about to be revealed in my next blog.

Till then I would request you to please provide feedback on this first part, so please comment your views on it. If you have anything to ask then don’t hesitate. Anything about this blog will be helpful.

How to troubleshoot MSE/WD update issues


In this post I’m going to talk about some general steps which even an newbie can apply to fix many big update issues related to MSE/WD and even Windows Update.

Before beginning, you should rule out common causes. Very common causes are :

  1. Faulty internet connection
    Please check if your browser (preferably IE) can browse internet or not.
  2. Incorrect date/time
    Very common cause. You must have correct date/time for Windows Update to work.
  3. Restart your PC and check if problem is still their or not.

Before beginning we should do some analysis of the problem. So the very first thing you have to do is to check whether MSE/WD is throwing any error code/error message after update has failed. If there is an error code then note it. If its not their then you may find MSE’s log file. It can be found here:
“%systemroot%\Temp\MpCmdRun.log”
(Don’t get confused by %systemroot%, it represents the folder where Windows is installed [normally C:\Windows] but if you have Windows installed in let’s say D: drive then it will represent D:\Windows, you should navigate to D:\Windows\Temp\MpCmdRun.log in that case)

After you open the log scroll down to very last line and see if any error code is listed their or not. Let’s say your log’s last lines were:

…………………………..
Update failed with hr: 0x8024001e
Update completed with hr: 0x8024001e
End: Signatures Update Service
MpCmdRun: End Time: ‎Mon ‎Sep ‎23 ‎2013 21:16:18
————————————————————————————-

You can clearly see that error code is 0x8024001e. Now if you have error code you can search it on internet and if you find any article from Microsoft Support then (hxxp://support.microsoft.com/kb/……..) you can follow it, do not go with other sites (specially forums like Microsoft Answers, Seven Forums, etc.) as their is no guarantee whether something written there is right or wrong and may contain variety of clumsy solutions that may even increase your problem. Note that even log may not have error code in some cases. You can proceed further in that case.

Next, check whether Windows Update is working or not. Its important step. MSE/WD update through Windows Update so if its not working then problem is not with MSE, but with Windows Update. If Windows Update is working well then problem is with MSE, which makes troubleshooting bit difficult. See this on how MSE updates:
MSE Definitions/Signatures Update FAQ

IF WINDOWS UPDATE IS NOT WORKING

First try Automated Troubleshooter, the Windows Update Fix it. It can be downloaded from here:
http://support.microsoft.com/kb/971058

Fix it normally solves the problem. But sometimes it may not work or may fix problem temporarily. Here are some things you can try if Fix it doesn’t work:

1. Restarting Microsoft Update service

<!– Copied from http://windows.microsoft.com/en-US/windows/error-0x8-encountered-while-virus-and-spyware-definition-updates-or-product-upgrades and added common solution and solution for Windows 8  –>

Common Step for all Windows

  1. Open C:\Windows\System32\services.msc file.
  2. Right-click Windows Update (Automatic Updates for Windows XP), and then click Start. If Start is unavailable, click Restart.

In Windows 8

  1. In Windows 8, press Start button, type “Run”, click on Run in the results , type “services.msc”, and then press Enter.
  2. Right-click Windows Update, and then click Start. If Start is unavailable, click Restart.

In Windows 7

  1. In Windows 7, click Start, and in the Search programs and files box, type “services.msc”, and then press Enter.
  2. Right-click Windows Update, and then click Start. If Start is unavailable, click Restart.

In Windows Vista

  1. In Windows Vista, click Start, and in the Start Search box, type “services.msc”, and then press Enter.
  2. Right-click Windows Update, and then click Start. If Start is unavailable, click Restart.

In Windows XP

  1. In Windows XP, click Start, click Run, type services.msc, and then press Enter.
  2. Right-click Automatic Updates and then click Start. If Start is unavailable, click Restart.

2. Renaming SoftwareDistribution folder

If it doesn’t solve your problem then we have to do some ‘expert’ kind of thing. We will rename SoftwareDistribution folder. To do this you can download and run this BAT file (don’t worry I myself have created the file and it doesn’t contain any hidden virus, <wink>). You must run this file as Administrator (right click on BAT file and click on Run as Admin.) otherwise it will not work. It can be downloaded from here:
SoftwareDistributuion fix.bat

If this file doesn’t work the follow these manual steps:

  1. Stop Windows Update service
    Stop Windows Update service by following the steps given in Method 1, but instead of clicking on Start or Restart click on Stop.
  2. Rename SoftwareDistribution folder
    Navigate to C:\Windows –> right click on SoftwareDistribution folder –> click on Rename –> type “SoftwareDistribution.old” and hit enter.
  3. Start Windows Update service
    Similar to Step 1, just you have to click on Start.

<!– Method 3, 4 & 5 are copied from http://support.microsoft.com/kb/2509997 and edited for better understanding –>

3. Resetting Catroot2 folder

  1. Open Command Prompt as Admin. and type the following commands, and press Enter after each command:
    • net stop cryptsvc
    • md %systemroot%\system32\catroot2.old
    • xcopy %systemroot%\system32\catroot2 %systemroot%\system32\catroot2.old /s
  2. Navigate to C:\Windows\System32 and delete all contents of the catroot2 folder, but do not delete the catroot2 folder.
  3. Type the following command, and then press Enter in Command Prompt:
    net start cryptsvc
  4. Exit the Command Prompt window.

4. Fixing Registry

  1. Click Start, and then type “regedit” in the Start Search box.
  2. In the Programs list, click regedit.exe.
  3. Locate and then select the following registry subkey:
    HKEY_LOCAL_MACHINE\COMPONENTS
    (Note this registry key may not be present, if its not present then skip this method)
  4. Right-click COMPONENTS.
  5. Click Export.
  6. In the File Name box, type COMPONENTS.
  7. In the Save in box, click Desktop, click Save, and then save the file to your desktop.
  8. In the details pane, right-click PendingXmlIdentifier, and then click Delete. If this value does not exist, go to the next step.
  9. In the details pane, right click NextQueueEntryIndex, and then click Delete. If this value does not exist, go to the next step.
  10. In the details pane, right click AdvancedInstallersNeedResolving, and then click Delete. If the value does not exist, go to the next step.
  11. Restart the computer.
  12. Try to install the updates again.

5. Registering Windows Update Files

  1. Open an administrative Command Prompt window.
  2. At the command prompt, type the following command:
    REGSVR32 WUPS2.DLL /S
    REGSVR32 WUPS.DLL /S
    REGSVR32 WUAUENG.DLL /S
    REGSVR32 WUAPI.DLL /S
    REGSVR32 WUCLTUX.DLL /S
    REGSVR32 WUWEBV.DLL /S
    REGSVR32 JSCRIPT.DLL /S
    REGSVR32 MSXML3.DLL /S
  3. Try to install updates again.

IF WINDOWS UPDATE IS WORKING

If Windows Update is working then we got very less options. Problem lies within MSE and its bit difficult to find. Follow these methods serially and check after each step if update works or not:

1. Check for conflicting software

Many antiviruses leave their traces after uninstalling them which may result in conflict with MSE, causing it to malfunction. So you should remove them using their removal tools. You can download removal tools from here:
List of antivirus product removal tools

You can also try AppRemover which is scans and removes traces of almost every antivirus available.

2. Remove installed Virus Definitions of MSE/WD

Start Command Prompt as Admin. –> Type these codes (hit enter after each code):

cd “C:\Program Files\Microsoft Security Essentials” {“C:\Program Files\Windows Defender” for Windows Defender}
mpcmdrun.exe -removedefinitions -all

exit

It will remove installed definitions. Now try to update again.

3. Manually install Virus Definitions

By manually installing virus defintions, sometimes the problem within MSE/WD is fixed so its worth trying it. Download definitions from here:
http://www.microsoft.com/security/portal/definitions/adl.aspx

Note that this is not a solution, I said it may fix the problem. You should not take it as solution and regularly download that large file to update MSE/WD.

4. Reinstall MSE (for Windows XP, Vista, 7 only)

Uninstall MSE using any one method given here:Uninstalling MSE

Then download and install latest version of MSE from here:
Microsoft Security Essentials

If everything fails then post a question in Virus & Malware forum of Microsoft Answers with as much information as possible and the results of every method you tried (with a link to this post, of course!). If you came here through your own thread on Microsoft Answers then post the results of all steps you tried here in a reply in your thread.

Now comments are welcome! Please do rate, vote or comment. It helps me to analyze my article and please suggest any changes you want.

A day fighting with Ransomeware


In this post I’m gonna explain the basic and common steps to get rid of Ransomeware (well, title explains the what I’m gonna write). You should be thinking from where I got Ransomeware, any bad sites? No, honestly saying I worked really hard to get infected (well that’s odd thing), it was first time for me to search through internet to download virus to get infected. But ultimately somehow I managed to get one. Download reached 100 % and at same instant MSE said it is cleaning viruses. I worked so hard to get that file and MSE removed it, grrr. Anyways, I restored it from quarantine and turned off MSE (turned off its Real Time Protection). The virus MSE detected was Trojan:Win32/Urausy.E. I don’t know why but Ransomeware didn’t install correctly and all I got was a White screen like this:

rgfefgv

OK now its removal part. Ransomeware are very broad, some only infect single user and some even disable Safe mode. First thing you should try is to do a System Restore in Safe mode. See this article for accessing safe mode:
How to start Windows in Safe Mode

Do a Restore to a point where you know your PC was OK. How to do a System Restore:
For XP: http://support.microsoft.com/kb/306084
For Windows Vista, 7, 8: http://windows.microsoft.com/en-IN/windows7/products/features/system-restore
(I know article is for Windows 7, but method is same for others)

Screenshot when I did it:

If System Restore didn’t work then you can use HitmanPro.Kicstart. Since I am doing all this in a Virtual PC and since booting from USB is not supported, I have used HitmanPro.Sidekick (It is used alternate way of booting i.e. booting from CD, you must have Kickstart USB connected for it to work). When I started my virtual PC with Sidekick and Kickstart I got this:

gfghujk

As mentioned in Options, you should first select Option 1, if it doesn’t work then 2 and then 3. After selecting an option your PC will start normally, as if you didn’t use anything. But you will get through ransomeware and will be able to scan your PC with HitmanPro (comes in Kickstart USB). When I ran the scan following result came:

fsdgfxcb

If you got sharp eyes you will notice many things. First is that I hid the name of file found, that’s because I don’t want you to know its name, its not suitable for public view. Second is Ransomeware was found on desktop (although you can see Desktop don’t have any file, because I hid all my files on Desktop by editing this image) and in Temporary Internet Files (yes I use IE 6 because of its vulnerabilities!). Third is that MSE and Security Center are red. If you remember, I have mentioned I turned off MSE, that’s why both are red. Now when the removal process is finished I got screen like this:

trfghj

After all this removal process I restarted my PC, this time without HitmanPro and White screen is gone!

I know I may have failed to explain in understandable words so please feel free to comment if you have anything to ask/say/have feedback, etc.

Security Center showing MSE off!


NOTE: This applies to Windows XP only!
Reference: http://answers.microsoft.com/en-us/protect/wiki/mse-protect_start/microsoft-security-essentials-windows-xp-security/97f054ef-82ab-49b1-a632-509923caf2b2

Well, I am feeling blessed. Only because of my new XP virtual machine. In 4 days I solved two problems in it (one I mentioned in my previous blog, other one is this) and currently working on two or three more. Now about the problem- I started my XP and found a screen like this:

You can see Security Center alerting that MSE is off but MSE is actually green. Which to believe? Answer is MSE. Security Center alert is wrong. Reason is mis-communication between MSE and Windows Management Instrumentation (WMI) repository. If you doubt MSE is working you can use this EICAR test file to see if MSE is working or not:
EICAR Test Virus

Now, what to do when this alert comes? Easiest is to ignore it. But I don’t think anyone would like to ignore alerts about antivirus, even if its false. Also, if something really happens to MSE then you would also ignore it. So a fix for this problem is required.

Normally it is fixed by performing a scan or updating virus definitions, it may re-establish the communication. If this simple fix doesn’t work then we have to perform a some ‘expert’ kind of thing. We will delete the Repository folder and let WMI rebuild its database again so that it can revise MSE’s current state. But Repository folder is locked by WMI to prevent editing, which we are going to perform, <wink>. So first we have to stop WMI service. Detailed steps are below:

1. Stopping WMI service

Press Win key + R (OR go to Start –> Run) to open Run dialog. Type “services.msc” and hit enter.

tuykhugjh

It will open Services. In the list of services find and click on ‘Windows Management Instrumentation‘. On left pane you will see ‘Pause‘, just click on it (clicking on ‘Stop’ will also work).

hgrtbgdfv

2. Deleting WMI Repository folder

Navigate to C:\Windows\System32\wbem. Right click on ‘Repository‘ folder and ‘Delete‘ it.

yrtfdf

3. Restarting WMI service

Normally clicking on ‘Resume‘ works. For me, even ‘Restart‘ didn’t work. So, first try to ‘Resume‘ service, wait for some time and see if Security Center shows MSE as working or not. If MSE is still off then ‘Restart‘ the service and reboot your PC (like I did). And its result is this:

aetjgh

Hopefully it will permanently fix the problem. Now comments please.

A case of MSE update error on fresh XP!


Few days ago, I created a virtual machine of Windows XP SP3 (one reason was to do research work for Microsoft Community questions, other one was to gain experience). The first program I installed was Microsoft Security Essentials (of course!). When it was doing its first update it encountered an error which states I wasn’t connected to internet. At that moment I felt a mixture of  feeling- happiness because that was my intention behind creating XP machine and surprise because it was fresh installation of XP. I thought lets play with it!

First, I retried update procedure and got this:

After several tries opened MpCmdRun.log (found in C:\Windows\Temp) and saw what’s going on. A part of log (well, you can skip the log part as its very lengthy and not required also, log part is written in italics):

————————————————————————————-
MpCmdRun: Command Line: “c:\Program Files\Microsoft Security Client\MpCmdRun.exe” SignaturesUpdateService -UnmanagedUpdate
 Start Time: ‎Sat ‎Sep ‎21 ‎2013 23:05:19

Start: Signatures Update Service
Update Started
Search Started (MU/WU update) (Path: http://www.microsoft.com)…
Time Info – ‎Sat ‎Sep ‎21 ‎2013 23:06:59 Search Completed
Download Started…
Time Info – ‎Sat ‎Sep ‎21 ‎2013 23:08:48 Download Progress-
 Update Index:0 of 1 – 0%
Download Completed
Download Completed
Download Completed
Update failed with hr: 0x8024001b
Update completed with hr: 0x8024001b
End: Signatures Update Service
MpCmdRun: End Time: ‎Sat ‎Sep ‎21 ‎2013 23:08:49

————————————————————————————-
MpCmdRun: Command Line: “c:\Program Files\Microsoft Security Client\MpCmdRun.exe” SignaturesUpdateService -UnmanagedUpdate
 Start Time: ‎Sun ‎Sep ‎22 ‎2013 12:38:12

Start: Signatures Update Service
Update Started
Search Started (MU/WU update) (Path: http://www.microsoft.com)…
Time Info – ‎Sun ‎Sep ‎22 ‎2013 12:38:38 Search Completed
Download Started…
Download Progress-
 Update Index:0 of 1 – 0%
Download Progress-
 Update Index:0 of 1 – 0%
Download Progress-
 Update Index:0 of 1 – 0%
Download Progress-
 Update Index:0 of 1 – 0%
Download Progress-
 Update Index:0 of 1 – 0%
Download Progress-
 Update Index:0 of 1 – 0%
Download Progress-
 Update Index:0 of 1 – 0%
Download Progress-
 Update Index:0 of 1 – 0%
Download Progress-
 Update Index:0 of 1 – 0%
Download Progress-
 Update Index:0 of 1 – 0%
Download Progress-
 Update Index:0 of 1 – 0%
Time Info – ‎Sun ‎Sep ‎22 ‎2013 12:41:32 Download Progress-
 Update Index:0 of 1 – 0%
Download Progress-
 Update Index:0 of 1 – 0%
Time Info – ‎Sun ‎Sep ‎22 ‎2013 12:41:52 Download Progress-
 Update Index:0 of 1 – 0%
Download Progress-
 Update Index:0 of 1 – 0%
Download Progress-
 Update Index:0 of 1 – 0%
Time Info – ‎Sun ‎Sep ‎22 ‎2013 12:42:22 Download Progress-
 Update Index:0 of 1 – 0%
Time Info – ‎Sun ‎Sep ‎22 ‎2013 12:42:44 Download Progress-
 Update Index:0 of 1 – 0%
Time Info – ‎Sun ‎Sep ‎22 ‎2013 12:43:02 Download Progress-
 Update Index:0 of 1 – 0%
Download Progress-
 Update Index:0 of 1 – 0%
Time Info – ‎Sun ‎Sep ‎22 ‎2013 12:43:23 Download Progress-
 Update Index:0 of 1 – 1%
Download Progress-
 Update Index:0 of 1 – 1%
Download Progress-
 Update Index:0 of 1 – 1%
Download Progress-
 Update Index:0 of 1 – 1%
Time Info – ‎Sun ‎Sep ‎22 ‎2013 12:43:57 Download Progress-
 Update Index:0 of 1 – 2%
Time Info – ‎Sun ‎Sep ‎22 ‎2013 12:44:16 Download Progress-
 Update Index:0 of 1 – 2%
Time Info – ‎Sun ‎Sep ‎22 ‎2013 12:44:33 Download Progress-
 Update Index:0 of 1 – 2%
Download Progress-
 Update Index:0 of 1 – 2%
Download Progress-
 Update Index:0 of 1 – 3%
Download Progress-
 Update Index:0 of 1 – 3%
Download Progress-
 Update Index:0 of 1 – 3%
Download Progress-
 Update Index:0 of 1 – 3%
Download Progress-
 Update Index:0 of 1 – 3%
Download Progress-
 Update Index:0 of 1 – 3%
Time Info – ‎Sun ‎Sep ‎22 ‎2013 12:45:21 Download Progress-
 Update Index:0 of 1 – 3%
Time Info – ‎Sun ‎Sep ‎22 ‎2013 12:45:43 Download Progress-
 Update Index:0 of 1 – 3%
Time Info – ‎Sun ‎Sep ‎22 ‎2013 12:46:04 Download Progress-
 Update Index:0 of 1 – 3%
Time Info – ‎Sun ‎Sep ‎22 ‎2013 12:46:21 Download Progress-
 Update Index:0 of 1 – 4%
Download Progress-
 Update Index:0 of 1 – 4%
Download Progress-
 Update Index:0 of 1 – 4%
Download Progress-
 Update Index:0 of 1 – 4%
Download Progress-
 Update Index:0 of 1 – 4%
Download Progress-
 Update Index:0 of 1 – 4%
Download Progress-
 Update Index:0 of 1 – 4%
Download Progress-
 Update Index:0 of 1 – 4%
Download Progress-
 Update Index:0 of 1 – 4%
Download Progress-
 Update Index:0 of 1 – 4%
Download Progress-
 Update Index:0 of 1 – 4%
Download Progress-
 Update Index:0 of 1 – 4%
Download Progress-
 Update Index:0 of 1 – 4%
Time Info – ‎Sun ‎Sep ‎22 ‎2013 12:47:07 Download Progress-
 Update Index:0 of 1 – 5%
Time Info – ‎Sun ‎Sep ‎22 ‎2013 12:47:27 Download Progress-
 Update Index:0 of 1 – 5%
Time Info – ‎Sun ‎Sep ‎22 ‎2013 12:47:43 Download Progress-
 Update Index:0 of 1 – 5%
Download Progress-
 Update Index:0 of 1 – 5%
Download Progress-
 Update Index:0 of 1 – 5%
Download Progress-
 Update Index:0 of 1 – 5%
Download Progress-
 Update Index:0 of 1 – 5%
Download Progress-
 Update Index:0 of 1 – 5%
Time Info – ‎Sun ‎Sep ‎22 ‎2013 12:59:46 Download Progress-
 Update Index:0 of 1 – 5%
Download Completed
Download Completed
Download Completed
Update failed with hr: 0x80240022
Update completed with hr: 0x80240022
End: Signatures Update Service
MpCmdRun: End Time: ‎Sun ‎Sep ‎22 ‎2013 12:59:47

————————————————————————————-
MpCmdRun: Command Line: “c:\Program Files\Microsoft Security Client\MpCmdRun.exe” SignaturesUpdateService -ScheduleJob -UnmanagedUpdate
 Start Time: ‎Mon ‎Sep ‎23 ‎2013 21:08:46

Start: Signatures Update Service
Update Started
Search Started (MU/WU update) (Path: http://www.microsoft.com)…
Time Info – ‎Mon ‎Sep ‎23 ‎2013 21:08:59 Search Completed
Update failed with hr: 0x8024001e
Update completed with hr: 0x8024001e
End: Signatures Update Service
MpCmdRun: End Time: ‎Mon ‎Sep ‎23 ‎2013 21:08:59
————————————————————————————-

————————————————————————————-
MpCmdRun: Command Line: “c:\Program Files\Microsoft Security Client\MpCmdRun.exe” SignaturesUpdateService -ScheduleJob -UnmanagedUpdate
 Start Time: ‎Mon ‎Sep ‎23 ‎2013 21:14:37

Start: Signatures Update Service
Update Started
Search Started (MU/WU update) (Path: http://www.microsoft.com)…
Time Info – ‎Mon ‎Sep ‎23 ‎2013 21:15:40 Search Completed
Download Started…
Download Progress-
 Update Index:0 of 1 – 0%
Time Info – ‎Mon ‎Sep ‎23 ‎2013 21:15:52 Download Progress-
 Update Index:0 of 1 – 0%
Download Progress-
 Update Index:0 of 1 – 0%
Download Progress-
 Update Index:0 of 1 – 0%
Download Progress-
 Update Index:0 of 1 – 0%
Download Progress-
 Update Index:0 of 1 – 0%
Download Progress-
 Update Index:0 of 1 – 0%
Download Progress-
 Update Index:0 of 1 – 0%
Download Progress-
 Update Index:0 of 1 – 0%
Download Progress-
 Update Index:0 of 1 – 0%
Download Completed
Download Completed
Download Completed
Update failed with hr: 0x8024001e
Update completed with hr: 0x8024001e
End: Signatures Update Service
MpCmdRun: End Time: ‎Mon ‎Sep ‎23 ‎2013 21:16:18
————————————————————————————-

Now here we can see several error codes. I will explain meaning of all of them:

  1. 0x8024001b: WU_E_SELFUPDATE_IN_PROGRESS The operation could not be performed because the Windows Update Agent is already updating Windows. Okay, now this was my fault. I started Windows Update when MSE update was running.
  2. 0x80240022: WU_E_ALL_UPDATES_FAILED Operation failed for all the updates.Of course, this doesn’t give any clue of fault.
  3. 0x8024001e: WU_E_SERVICE_STOP Operation did not complete because the service or system was being shut down.Hmmmm, that does make some sense. But who can turn off Windows Update service? This is indication of some error in Service only.

Okay, now I bored you heavily, let’s move to its solution. Normally, we solve it using a simple method- Renaming ‘SoftwareDistribution’ folder. But, simple renaming will not work as it is locked by Windows Update service. So, we first have to turn off Windows Update service. For this whole purpose, we use four commands (entered in Command Prompt {Run it as Admin. for Windows Vista, 7 & 8}):

net stop wuauserv

cd %systemroot%\SoftwareDistribution

ren Download Download.old

net start wuauserv

The first one stops Windows Update service, second navigate Command Prompt to ‘C:\Windows’ folder, third renames the folder, fourth enables Windows Update service.

For your simplicity I have created a bat file, just download it, right click on it, select ‘Run as Admin’ [on Windows Vista, 7 & 8] and rest is on that file. Download it from here:
http://sdrv.ms/1fuqyRJ
[In file you will find ‘pause’ command at last, it enables you to view the results of commands]

After running those codes, I got this:

WOW! That fixed it. Not only that my Windows Update was also sticking on ‘Checking for updates’ and it was also fixed!