TO A TECH: WHAT IS "updatejpegprocessing.docx" ?

This may be perfectly legitimate..but it was weird...

While I was updating this last time for xp2000 pro, after selecting my
updates, and
DURING the update downloading process a little popup window appeared about
midway through, looking very official, and it said (something to the effect
that) A security flaw in my system had been detected and needed to download
the referenced file to correct it. That if I didn't choose to download, I
would not be prompted again.
It's 24 bytes. I did download it, even though that sounded HIGHLY
unusual...and then I scanned it (no virus) and looked at properties...i it
was unkonwn application, downloaded from another computer and was blocked,
did I want to unblock it...no digital sigs, no nothing that identified it as
anything I knew about. So I moved it and hid it and did not do anything with
it until I could ask a tech what the heck it was.

Anybody know? Anybody ever had that happen to them during updates?

THANKS FOR ANY HELP!

Judging from similar posts here in the past month or so, the behavior may be
due to a Vundo-ZLOB-SDBot infection, all of which is protected by a rootkit.

Unexplained computer behavior may be caused by deceptive software
http://support.microsoft.com/kb/827315

Run a thorough check for hijackware, including posting your hijackthis log
to an appropriate forum.

Checking for/Help with Hijackware
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://aumha.net/viewtopic.php?t=5878
http://wiki.castlecops.com/Malware_R...:_Introduction
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://defendingyourmachine2.blogspot.com/
http://www.elephantboycomputers.com/...moving_Malware

When all else fails, HijackThis v2.0.2
(http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware with
assistance from an expert. **Post your log to
http://aumha.net/viewforum.php?f=30,
http://forums.spybot.info/forumdisplay.php?f=22,
http://castlecops.com/forum67.html, or other appropriate forums for review
by an expert in such matters, not here.**

If the procedures look too complex - and there is no shame in admitting this
isn't your cup of tea - take the machine to a local, reputable and
independent (i.e., not BigBoxStoreUSA) computer repair shop.

==========================================

Start a free Windows Update support incident request:
https://support.microsoft.com/oas/de...spx?gprid=6527

Support for Windows Update:
http://support.microsoft.com/gp/wusupport

For home users, no-charge support is available by calling 1-866-PCSAFETY in
the United States and in Canada or by contacting your local Microsoft
subsidiary. There is no-charge for support calls that are associated with
security updates.
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
AumHa VSOP & Admin http://aumha.net
DTS-L http://dts-l.net/


IDidInhale wrote:
> This may be perfectly legitimate..but it was weird...
>
> While I was updating this last time for xp2000 pro, after selecting my
> updates, and
> DURING the update downloading process a little popup window appeared about
> midway through, looking very official, and it said (something to the
> effect
> that) A security flaw in my system had been detected and needed to
> download
> the referenced file to correct it. That if I didn't choose to download, I
> would not be prompted again.
> It's 24 bytes. I did download it, even though that sounded HIGHLY
> unusual...and then I scanned it (no virus) and looked at properties...i it
> was unkonwn application, downloaded from another computer and was blocked,
> did I want to unblock it...no digital sigs, no nothing that identified it
> as
> anything I knew about. So I moved it and hid it and did not do anything
> with
> it until I could ask a tech what the heck it was.
>
> Anybody know? Anybody ever had that happen to them during updates?
>
> THANKS FOR ANY HELP!

I had the same strange occurrence with the WinXP32 automatic update that
installed tonight.

I'm not sure if there is really any reason to suspect a virus. I did some
Google searches and it seems the boilerplate response above is pasted into
any question involving problems with the updater. The others were people who
said their updater is no longer working. I could not find anywhere on the
internet any other reference to download of updatejpegprocessing.docx being
related to a virus.

What happened was in tonight's update the Microsoft GDI+ Detection Tool
(KB873374) was installed, along with the usual Malicious Software Removal
Tool (KB890830) When this installs it takes you to the Microsoft site where
it allows you to optionally download updatejpegprocessing.docx which is a
word document describing the GDI+ Detection Tool and what it's for. The only
strange part is that GDI+ Detection Tool is an update from several years ago.
Why would it be installing now?

By the way, I'm running XP32 and I didn't have SP3 installed yet which I
didn't realize until I went to check on this just now, if that matters. Does
anyone have any more ideas about this?

Did you just install or reinstall WinXP SP2?

Vickery wrote:
> I had the same strange occurrence with the WinXP32 automatic update that
> installed tonight.
>
> I'm not sure if there is really any reason to suspect a virus. I did some
> Google searches and it seems the boilerplate response above is pasted into
> any question involving problems with the updater. The others were people
> who
> said their updater is no longer working. I could not find anywhere on the
> internet any other reference to download of updatejpegprocessing.docx
> being
> related to a virus.
>
> What happened was in tonight's update the Microsoft GDI+ Detection Tool
> (KB873374) was installed, along with the usual Malicious Software Removal
> Tool (KB890830) When this installs it takes you to the Microsoft site
> where
> it allows you to optionally download updatejpegprocessing.docx which is a
> word document describing the GDI+ Detection Tool and what it's for. The
> only
> strange part is that GDI+ Detection Tool is an update from several years
> ago. Why would it be installing now?
>
> By the way, I'm running XP32 and I didn't have SP3 installed yet which I
> didn't realize until I went to check on this just now, if that matters.
> Does anyone have any more ideas about this?

The computer was built about two months ago with a new copy of XP32 which
came with SP2. I've had automatic updates on but didn't have SP3 because it
apparently doesn't come in automatically. The only other Microsoft software I
have is Expression Web demo installed a few days ago.

"PA Bear [MS MVP]" wrote:

> Did you just install or reinstall WinXP SP2?
>

SP3 was released to Automatic Update on 10 July 2008.

CrystalBall© sez ignore the title and see...

Updates are not installed successfully from Windows Update, from Microsoft
Update, or by using Automatic Updates after you repair a Windows XP
installation:
http://support.microsoft.com/kb/943144


Vickery wrote:
> The computer was built about two months ago with a new copy of XP32 which
> came with SP2. I've had automatic updates on but didn't have SP3 because
> it
> apparently doesn't come in automatically. The only other Microsoft
> software
> I have is Expression Web demo installed a few days ago.
>
> "PA Bear [MS MVP]" wrote:
>> Did you just install or reinstall WinXP SP2?

"PA Bear [MS MVP]" wrote:

> SP3 was released to Automatic Update on 10 July 2008.
>
> CrystalBall© sez ignore the title and see...
>
> Updates are not installed successfully from Windows Update, from Microsoft
> Update, or by using Automatic Updates after you repair a Windows XP
> installation:
> http://support.microsoft.com/kb/943144

What does all that have to do with updatejpegprocessing.docx and viruses?

Vickery wrote:
> "PA Bear [MS MVP]" wrote:
>> SP3 was released to Automatic Update on 10 July 2008.
>>
>> CrystalBall© sez ignore the title and see...
>>
>> Updates are not installed successfully from Windows Update, from
>> Microsoft
>> Update, or by using Automatic Updates after you repair a Windows XP
>> installation:
>> http://support.microsoft.com/kb/943144
>
> What does all that have to do with updatejpegprocessing.docx and viruses?

Nothing, really. I suggested you try Resolution Methods 1 and/or 2 in
answer to your real question...

> ...GDI+ Detection Tool is an update from several years
> ago. Why would it be installing now?

....which you conveniently snipped from your last reply.

Ditto Vickory's post, and yes I just re-installed WinXP SP2, so?

"PA Bear [MS MVP]" wrote:

> Did you just install or reinstall WinXP SP2?
>
> Vickery wrote:
> > I had the same strange occurrence with the WinXP32 automatic update that
> > installed tonight.
> >
> > I'm not sure if there is really any reason to suspect a virus. I did some
> > Google searches and it seems the boilerplate response above is pasted into
> > any question involving problems with the updater. The others were people
> > who
> > said their updater is no longer working. I could not find anywhere on the
> > internet any other reference to download of updatejpegprocessing.docx
> > being
> > related to a virus.
> >
> > What happened was in tonight's update the Microsoft GDI+ Detection Tool
> > (KB873374) was installed, along with the usual Malicious Software Removal
> > Tool (KB890830) When this installs it takes you to the Microsoft site
> > where
> > it allows you to optionally download updatejpegprocessing.docx which is a
> > word document describing the GDI+ Detection Tool and what it's for. The
> > only
> > strange part is that GDI+ Detection Tool is an update from several years
> > ago. Why would it be installing now?
> >
> > By the way, I'm running XP32 and I didn't have SP3 installed yet which I
> > didn't realize until I went to check on this just now, if that matters.
> > Does anyone have any more ideas about this?
>
>