Error 80244019
When Updating Windows Vista
A machine came into my
shop the other day with
a very strange error. Among other things, the owner could not run
Windows Update and complete an update of Windows Vista. Every time the
update would fail with Error 80244019. This error message indicates
there is a problem reaching the update server, however this explanation
does not make sense since other computers on my network including
another Vista machine can access the Internet and update properly.
First of all, you want to make sure your computer can reach the
Internet and view other web pages. Open a web browser and go to a
website listed in your favorites or type a website URL into the address
bar of your browser and verify that you can load a web page. If you
can, please skip down this page to the section entitled DNSChanger
Trojan.
Troubleshooting a Dead Network Connection
If you cannot open a web page on your computer or reach the Internet,
you'll want to follow this outline to narrow the problem and get
yourself back online. This information is the same basic info that I
recommend for the dreaded Limited or No Connectivity issues as well.
Check the following issues.
1) Your Network or DSL router may have bad or missing information.
Powercycle your router and/or rebuild the configuration in your router.
2) Double-check your cabling to the computer. Make sure you have the
correct type of cabling, straight-through CAT 5 or possibly a crossover
cable. Try another cable or test the cable to make sure its working
properly.
3) Check your network card to make sure its configured correctly and
working properly. Many times setting the network card to 10Mbps/Full
Duplex will solve this issue. To do this, open Control Panel, System,
Device Manager. Go to the properties of the Network card, click on the
Advanced tab and find the Link Speed and Duplex section. Change it from
Auto Detect to 10Mbps/Full Duplex.
4) Check and test your firewall. Your firewall, especially if its a
software firewall like Zone Alarm, Black Ice, Norton Firewall or
something else could be blocking the connection. Disable your firewall
and test the connection. You may have to resolve the problem by even
uninstalling and reinstalling the firewall.
5) Check your IP address assignments and workgroup settings in the
computer for accuracy. Statically assign IPs to the computers in your
network.
6) Reset your TCP/IP stack by downloading and running
WinsockXPFix.exe
a Visual Basic program designed to fix corrupted TCP/IP issues, host
file problems and a variety of other connectivity issues.
If these steps do not resolve the issue, please proceed. On many sites
on the web, there was a solution posted that referenced a registry
entry located at
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU.
From my investigation this registry entry generally does not exist and
therefore does not fix the problem. However, in a few cases, the system
has been infected with the DNSChanger trojan.
DNSChanger Trojan
One of the most common problems associated with Windows Vista Update
Error 80244019 is the
DNSChanger
Trojan. You'll recognize this trojan by checking the DNS
server assignments on the computer that does not update. Do this by
following these steps.
1) In Windows Vista, click on the Windows orb
2) Click in the Search box and type CMD and press Enter
3) At the command prompt, type IPCONFIG /ALL and press Enter
4) You should be presented with the bunch of information, find the
section for your Internet connection. It may be entitled Ethernet
Adapter Local Area Connection or something similar.
5) Find the DNS Server section and double-check the numbers. Usually
the DNS is a local IP like 192.168.0.1 or it could be a statically
assigned IP from your ISP. If the DNS numbers are remotely similar to
the following IPs then you have the DNSChanger trojan. These IPs
originate in Europe.
85.255.113.122
85.255.112.83
85.255.116.148
85.255.112.223
6) Type Exit at the command prompt to close it
Easiest Way to Remove the DNSChanger Trojan
If the
DNSChanger
trojan is on your computer chances are you may be infected
with more viruses or trojans. One of my favorite programs for finding
these problems is MalwareBytes Anti-Malware. Its a relatively new
anti-spyware type program but definitely one of the best. In fact the
author created the removal tool for the About:Blank hijacker a few
years ago.
Download MalwareBytes Anti-Malware by clicking on the link below. Save
the file to your desktop. When the download completes, double-click on
the file and install it. Then run an update and start a full scan of
your computer.
Free
Trial of MalwareBytes Anti-Malware
Buy
MalwareBytes Anti-Malware
If you use MalwareBytes Anti-Malware to scan your computer, you'll find
information in the log file similar to the following if the DNS Changer
trojan is found.
Registry Data Items
Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer
(Trojan.DNSChanger) -> Data: 85.255.116.148 85.255.112.223
-> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{806586a1-a695-45bb-9075-88b9ef4addf6}\NameServer
(Trojan.DNSChanger) -> Data: 85.255.116.148,85.255.112.223
-> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\NameServer
(Trojan.DNSChanger) -> Data: 85.255.116.148 85.255.112.223
-> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{806586a1-a695-45bb-9075-88b9ef4addf6}\NameServer
(Trojan.DNSChanger) -> Data: 85.255.116.148,85.255.112.223
-> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer
(Trojan.DNSChanger) -> Data: 85.255.116.148 85.255.112.223
-> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{806586a1-a695-45bb-9075-88b9ef4addf6}\NameServer
(Trojan.DNSChanger) -> Data: 85.255.116.148,85.255.112.223
-> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\NameServer
(Trojan.DNSChanger) -> Data: 85.255.116.148 85.255.112.223
-> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\Interfaces\{806586a1-a695-45bb-9075-88b9ef4addf6}\NameServer
(Trojan.DNSChanger) -> Data: 85.255.116.148,85.255.112.223
-> Quarantined and deleted successfully.
After removing the
infections and rebooting your computer, go back to Windows Updates and
try to download your updates. Everything should work now.
Visit this page for more
information on the DNSChanger
trojan.