Microsoft Windows Vista Community Forums - Vistaheads
Recommended Download



Welcome to the Microsoft Windows Vista Community Forums - Vistaheads, YOUR Largest Resource for Windows Vista related information.

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so , join our community today!

If you have any problems with the registration process or your account login, please contact us.

Driver Scanner

Windows Update was acting very suspiciously this morning...

microsoft.public.windowsupdate






Speedup My PC
Reply
  #1 (permalink)  
Old 11-13-2008
Deane
 

Posts: n/a
Windows Update was acting very suspiciously this morning...
I've had the Windows Update icon in my system tray for a while, and
the lone update (SP3) always failed to install for some reason.

This morning, I decided to go through the browser in the hopes that I
would get some kind of error message I could follow up on.

I opened Windows Update through the start menu.

IE opened to "update.microsoft.com," and I got an information bar that
I need to authorize an ActiveX control.

Weird thing was, the referenced add-on was "'DTBDOT~1.ocx' from
'ALLTEL (unverified publisher)'".

Who is ALLTEL? Why are they wanting to run ActiveX controls on
Microsoft's own site? And why would they be unverified?

I got to wondering if this was a man-in-the-middle attack. I checked
my HOSTS file for rogue entries, but found nothing.

I pinged "update.microsoft.com" and it came back "65.55.184.93".
Reverse DNS failed to resolve, but there was a pointer to
"update.microsoft.com.nsatc.com."

What is "nsatc.com"? I tried to pull this up in a browser, but it
doesn't resolve.

Needless to say, I didn't do the update.

So...does all this seem weird to anyone else?
Reply With Quote
Sponsored Links
  #2 (permalink)  
Old 11-13-2008
Deane
 

Posts: n/a
Re: Windows Update was acting very suspiciously this morning...
On Nov 13, 7:39*am, Deane <de...@blendinteractive.com> wrote:
> I've had the Windows Update icon in my system tray for a while, and
> the lone update (SP3) always failed to install for some reason.
>
> This morning, I decided to go through the browser in the hopes that I
> would get some kind of error message I could follow up on.
>
> I opened Windows Update through the start menu.
>
> IE opened to "update.microsoft.com," and I got an information bar that
> I need to authorize an ActiveX control.
>
> Weird thing was, the referenced add-on was "'DTBDOT~1.ocx' from
> 'ALLTEL (unverified publisher)'".
>
> Who is ALLTEL? *Why are they wanting to run ActiveX controls on
> Microsoft's own site? *And why would they be unverified?
>
> I got to wondering if this was a man-in-the-middle attack. *I checked
> my HOSTS file for rogue entries, but found nothing.
>
> I pinged "update.microsoft.com" and it came back "65.55.184.93".
> Reverse DNS failed to resolve, but there was a pointer to
> "update.microsoft.com.nsatc.com."
>
> What is "nsatc.com"? *I tried to pull this up in a browser, but it
> doesn't resolve.
>
> Needless to say, I didn't do the update.
>
> So...does all this seem weird to anyone else?


I tried on my computer at the office, and I did not get prompted to
load that ActiveX control. Additionally, I searched the controls
currently installed, and it did not appear anywhere.

Deane
Reply With Quote
  #3 (permalink)  
Old 11-13-2008
PA Bear [MS MVP]
 

Posts: n/a
Re: Windows Update was acting very suspiciously this morning...
Deane wrote:
> On Nov 13, 7:39 am, Deane <de...@blendinteractive.com> wrote:
>> I've had the Windows Update icon in my system tray for a while, and
>> the lone update (SP3) always failed to install for some reason.
>>
>> This morning, I decided to go through the browser in the hopes that I
>> would get some kind of error message I could follow up on.
>>
>> I opened Windows Update through the start menu.
>>
>> IE opened to "update.microsoft.com," and I got an information bar that
>> I need to authorize an ActiveX control.
>>
>> Weird thing was, the referenced add-on was "'DTBDOT~1.ocx' from
>> 'ALLTEL (unverified publisher)'".
>>
>> Who is ALLTEL? Why are they wanting to run ActiveX controls on
>> Microsoft's own site? And why would they be unverified?
>>
>> I got to wondering if this was a man-in-the-middle attack. I checked
>> my HOSTS file for rogue entries, but found nothing.
>>
>> I pinged "update.microsoft.com" and it came back "65.55.184.93".
>> Reverse DNS failed to resolve, but there was a pointer to
>> "update.microsoft.com.nsatc.com."
>>
>> What is "nsatc.com"? I tried to pull this up in a browser, but it
>> doesn't resolve.
>>
>> Needless to say, I didn't do the update.
>>
>> So...does all this seem weird to anyone else?

>
> I tried on my computer at the office, and I did not get prompted to
> load that ActiveX control. Additionally, I searched the controls
> currently installed, and it did not appear anywhere.


Alltel is/was a wireless provider which was/is being acquired by Verizon;
cf. http://en.wikipedia.org/wiki/Alltel

Were you connecting via a wireless USB key at home (or wherever you were at
the time)?

>> I've had the Windows Update icon in my system tray for a while, and
>> the lone update (SP3) always failed to install for some reason.


WinXP SP3 - Read all prerequisites for a successful installation
http://msmvps.com/blogs/harrywaldron...tallation.aspx

Free unlimited installation and compatibility support is available for
Windows XP, but only for Service Pack 3 (SP3), until 14 Apr-09. Chat and
e-mail support is available only in the United States and Canada. Go to
http://support.microsoft.com/oas/def...spx?gprid=1173 | select "Windows
XP" then select "Windows XP Service Pack 3"
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
AumHa VSOP & Admin http://aumha.net
DTS-L http://dts-l.net/

Reply With Quote
  #4 (permalink)  
Old 11-14-2008
Deane
 

Posts: n/a
Re: Windows Update was acting very suspiciously this morning...
On Nov 13, 10:46*am, "PA Bear [MS MVP]" <PABear...@gmail.com> wrote:
> Deanewrote:
> > On Nov 13, 7:39 am,Deane<de...@blendinteractive.com> wrote:
> >> I've had the Windows Update icon in my system tray for a while, and
> >> the lone update (SP3) always failed to install for some reason.

>
> >> This morning, I decided to go through the browser in the hopes that I
> >> would get some kind of error message I could follow up on.

>
> >> I opened Windows Update through the start menu.

>
> >> IE opened to "update.microsoft.com," and I got an information bar that
> >> I need to authorize an ActiveX control.

>
> >> Weird thing was, the referenced add-on was "'DTBDOT~1.ocx' from
> >> 'ALLTEL (unverified publisher)'".

>
> >> Who is ALLTEL? Why are they wanting to run ActiveX controls on
> >> Microsoft's own site? And why would they be unverified?

>
> >> I got to wondering if this was a man-in-the-middle attack. I checked
> >> my HOSTS file for rogue entries, but found nothing.

>
> >> I pinged "update.microsoft.com" and it came back "65.55.184.93".
> >> Reverse DNS failed to resolve, but there was a pointer to
> >> "update.microsoft.com.nsatc.com."

>
> >> What is "nsatc.com"? I tried to pull this up in a browser, but it
> >> doesn't resolve.

>
> >> Needless to say, I didn't do the update.

>
> >> So...does all this seem weird to anyone else?

>
> > I tried on my computer at the office, and I did not get prompted to
> > load that ActiveX control. *Additionally, I searched the controls
> > currently installed, and it did not appear anywhere.

>
> Alltel is/was a wireless provider which was/is being acquired by Verizon;
> cf.http://en.wikipedia.org/wiki/Alltel
>
> Were you connecting via a wireless USB key at home (or wherever you were at
> the time)?
>
> >> I've had the Windows Update icon in my system tray for a while, and
> >> the lone update (SP3) always failed to install for some reason.

>
> WinXP SP3 - Read all prerequisites for a successful installationhttp://msmvps.com/blogs/harrywaldron/archive/2008/05/08/windows-xp-sp...
>
> Free unlimited installation and compatibility support is available for
> Windows XP, but only for Service Pack 3 (SP3), until 14 Apr-09. Chat and
> e-mail support is available only in the United States and Canada. *Go tohttp://support.microsoft.com/oas/default.aspx?gprid=1173| select "Windows
> XP" then select "Windows XP Service Pack 3"
> --
> ~Robear Dyer (PA Bear)
> MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
> AumHa VSOP & Adminhttp://aumha.net
> DTS-Lhttp://dts-l.net/


Well, I know who Alltel is, I guess, but why would they be trying to
install an ActiveX control on the Microsoft Update site?

Deane

Reply With Quote
  #5 (permalink)  
Old 11-14-2008
PA Bear [MS MVP]
 

Posts: n/a
Re: Windows Update was acting very suspiciously this morning...
Deane wrote:
> On Nov 13, 10:46 am, "PA Bear [MS MVP]" <PABear...@gmail.com> wrote:
>> Deanewrote:
>>> On Nov 13, 7:39 am,Deane<de...@blendinteractive.com> wrote:
>>>> I've had the Windows Update icon in my system tray for a while, and
>>>> the lone update (SP3) always failed to install for some reason.

>>
>>>> This morning, I decided to go through the browser in the hopes that I
>>>> would get some kind of error message I could follow up on.

>>
>>>> I opened Windows Update through the start menu.

>>
>>>> IE opened to "update.microsoft.com," and I got an information bar that
>>>> I need to authorize an ActiveX control.

>>
>>>> Weird thing was, the referenced add-on was "'DTBDOT~1.ocx' from
>>>> 'ALLTEL (unverified publisher)'".

>>
>>>> Who is ALLTEL? Why are they wanting to run ActiveX controls on
>>>> Microsoft's own site? And why would they be unverified?

>>
>>>> I got to wondering if this was a man-in-the-middle attack. I checked
>>>> my HOSTS file for rogue entries, but found nothing.

>>
>>>> I pinged "update.microsoft.com" and it came back "65.55.184.93".
>>>> Reverse DNS failed to resolve, but there was a pointer to
>>>> "update.microsoft.com.nsatc.com."

>>
>>>> What is "nsatc.com"? I tried to pull this up in a browser, but it
>>>> doesn't resolve.

>>
>>>> Needless to say, I didn't do the update.

>>
>>>> So...does all this seem weird to anyone else?

>>
>>> I tried on my computer at the office, and I did not get prompted to
>>> load that ActiveX control. Additionally, I searched the controls
>>> currently installed, and it did not appear anywhere.

>>
>> Alltel is/was a wireless provider which was/is being acquired by Verizon;
>> cf.http://en.wikipedia.org/wiki/Alltel
>>
>> Were you connecting via a wireless USB key at home (or wherever you were
>> at
>> the time)?
>>
>>>> I've had the Windows Update icon in my system tray for a while, and
>>>> the lone update (SP3) always failed to install for some reason.

>>
>> WinXP SP3 - Read all prerequisites for a successful
>> installationhttp://msmvps.com/blogs/harrywaldron/archive/2008/05/08/windows-xp-sp...
>>
>> Free unlimited installation and compatibility support is available for
>> Windows XP, but only for Service Pack 3 (SP3), until 14 Apr-09. Chat and
>> e-mail support is available only in the United States and Canada. Go
>> tohttp://support.microsoft.com/oas/default.aspx?gprid=1173| select
>> "Windows XP" then select "Windows XP Service Pack 3" --
>> ~Robear Dyer (PA Bear)
>> MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
>> AumHa VSOP & Adminhttp://aumha.net
>> DTS-Lhttp://dts-l.net/

>
> Well, I know who Alltel is, I guess, but why would they be trying to
> install an ActiveX control on the Microsoft Update site?


Repost:
>> Were you connecting via a wireless USB key at home (or wherever you were
>> at
>> the time)?


Reply With Quote
  #6 (permalink)  
Old 11-14-2008
Deane
 

Posts: n/a
Re: Windows Update was acting very suspiciously this morning...
> > Were you connecting via a wireless USB key at home (or wherever you were at
> > the time)?


No, my connection was wired at the time.
Reply With Quote
  #7 (permalink)  
Old 11-14-2008
PA Bear [MS MVP]
 

Posts: n/a
Re: Windows Update was acting very suspiciously this morning...
Deane wrote:
>>> Were you connecting via a wireless USB key at home (or wherever you were
>>> at the time)?

>
> No, my connection was wired at the time.


PLEASE stop snipping my replies!

Open a free Support Incident.

[I am no longer watching this thread.]

Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Re: SP3 is available on Windows Update this morning. PA Bear [MS MVP] microsoft.public.windowsupdate 1 05-07-2008 04:35
Windows is acting very very buggy. tomduo microsoft.public.windows.vista.performance maintenance 11 03-09-2008 18:36
WINDOWS VISTA IS ACTING UP CUZZTOWN microsoft.public.windows.vista.installation setup 1 12-27-2007 10:38
Windows Mail acting up Brookside microsoft.public.windows.vista.mail 7 12-22-2007 16:16
RE: Help. Windows Security Center acting up Byron Followell microsoft.public.windows.vista.security 0 08-17-2007 01:45




All times are GMT +1. The time now is 07:05.




Driver Scanner - Free Scan Now

Vistaheads.com is part of the Heads Network. See also XPHeads.com , Win7Heads.com and Win8Heads.com.


Design by Vjacheslav Trushkin for phpBBStyles.com.
Powered by vBulletin® Version 3.6.7
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.6.0 RC 2

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120