Tuesday, April 20, 2010

Windows Vista won't update, getting error 80072EFE

I had to scratch my head on this one for a while. I had someone ask me to look at their personal Vista Home Premium laptop because it wasn't able to connect to Windows Update. I had helped to remove some spyware/viruses/adware from it in the past so that was my first thought. Scans came back clean though so I went on to some other stuff. Eventually I tried installing the missing updates manually. One of those updates was the most recent Windows Malicious Software Removal tool. I figured I'd let it run a full scan and that turned out to be a good idea. It reported finding Alureon.F and removing it. However, Alureon infections can bring along a rootkit, which is exactly what happened. I removed the rootkit using TDSSKiller from Kasperky, then rebooted. My atapi.sys driver had been listed as infected. Sure enough, after everything was loaded back up the Windows updates worked fine. I ran a few more scans to make sure the rootkit hadn't been hiding anything, but they came back clean so everything is back to normal.

If you're trying to update your Windows Vista machine and getting an error 80072EFE, you may want to check for the rootkit yourself. Download and unzip TDSSKiller, then rename the executable file to something random. I used 1a2b3c4d.com (.com will work the same as .exe in this instance). Then run your executable, follow the prompts, and restart. If you want more in-depth instructions, check out this article at bleepingcomputer.com


David said...

Thanks for this article. Seems I've a similar problem. Had a virus recently which I got rid of but Windows Update wont work, same error code. IE also doesn't work (Firefox FTW!).
Downloaded that TDSSKiller and seems atapi.sys is infected. Problem is no matter how many times I remove it using that tool or overwriting it with a backup atapi, each time I restart the infection comes back. Tried disabling all startup services and rebooting but still seems to happen. Nothing suspicious running when looking at Task Manager either. Kinda stumped right now but least your article pointed me in the right direction.

vince_OZ said...

Thanks it fixed my Win7 issue..

rslygh said...

You're welcome Vince. Glad to hear it, and thanks for the comment

Anonymous said...

Great solution.I had error code 80072efe in windows update too.I found your site from google.Downloaded tdsskiller and everything came back to normal,Thanks for the info.

Ian said...

Thank a million for the solution. I have been trying for months to try and rectify that problem. Tried many different things to no avail.

Great solution.

Walt A said...

I am also getting error 80072efe with Visat.
Have downloaded and tried to run TDSSKiller.
Initialization gets to 80% and then fails.
I get error fromMicrosoft Windows "TDSS rootkit removal tool has stopped working"


rslygh said...

Hi Walt,

I'd suggest pulling the hard drive from that computer and hooking it up as a secondary on a second computer. Then run TDSSKiller on that second computer and tell it to check your drive. Of course that requires a second computer, and maybe a SATA or ATA to USB bridge to keep it simple, but that way you have a non-infected OS install to run TDSSKiller with. Or even better, hook up your hard drive to a second computer, back up your files, then reformat and reinstall Windows on your machine. That way you reload the OS and wipe out the infection for sure.

Anonymous said...

This error 80072efe keeps coming up when i try to update my media player and now can't even listen to music .. This Labtop sucks Dell by far have the most horrible cowputers hen i can im going to get windows please help me with this error ion my

rslygh said...

It's not Dell's fault that your system has a software problem. As noted in this post, the 80072EFE error I encountered was caused by malware. Malware infects computers because of browsing habits, lack of antivirus software (or updated AV definitions), or lack of software patches. None of those are Dell's responsibility, unless you have some sort of managed services contract with them which I'd doubt.

Please try the solution posted in the article. If it does not work, please add another comment with what didn't work, and what the error message was that told you it wouldn't work.