Microsoft Windows Vista Community Forums - Vistaheads
Recommended Download



Welcome to the Microsoft Windows Vista Community Forums - Vistaheads, YOUR Largest Resource for Windows Vista related information.

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so , join our community today!

If you have any problems with the registration process or your account login, please contact us.

Driver Scanner

Updates infected with "Antivirus Soft" virus?

microsoft.public.windowsupdate






Speedup My PC
Reply
  #1 (permalink)  
Old 03-03-2010
Wattsfan
 

Posts: n/a
Updates infected with "Antivirus Soft" virus?
1. New Toshiba Laptop, formatted hard drive
2. Installed Basic Toshiba drivers: Chipset, LAN, WAN, Audio
3. Connected to Wireless Network
4. Run Microsoft Update up to the point where it says do I want to activate
my license
5. Then I let Automatic Updates download and install the updates (don't have
to activate when Automatic Updates does the work for me.)
6. This pc still has XP PRO SP2
7. Downloaded 64 updates
8. Rebooted and the "Antivirus Soft" virus came up, basically locking up all
my exe files.

I've scanned everything and the virus has not been found on any of my media.
I triple checked every file with Symantec's Endpoint Protection 11.0.5, and
Microosft Security Essentials (current) and Malwarebytes. Nothing. I even
decompressed each install file from Toshiba and checked every file on the PC
after the installers ran.

Nothing.

Is it possible Microsoft Update is infected with this virus? I know, remote.

The virus infected my computer after installing the first round of updates
via Automatic Updates which there were 64 updates to download and install
including IE8 and its updates.

After the restart, Antivirus Soft took over and disabled everything.

Thanks.
Reply With Quote
Sponsored Links
  #2 (permalink)  
Old 03-04-2010
MowGreen
 

Posts: n/a
Re: Updates infected with "Antivirus Soft" virus?
You are asserting that this system never visited any web sites except
the Microsoft Update site. The only way it could have become compromised
is if there was *no* firewall turned on, which is NOT the case with XP
SP2's Default installation settings, and it was exploited by using a DNS
or SMB vulnerability.

In the steps you've listed, where was Windows XP Pro SP2 installed as
it's not listed ?

> 1. New Toshiba Laptop, formatted hard drive
> 2. Installed Basic Toshiba drivers: Chipset, LAN, WAN, Audio
> 3. Connected to Wireless Network
> 4. Run Microsoft Update up to the point where it says do I want to activate
> my license
> 5. Then I let Automatic Updates download and install the updates (don't have
> to activate when Automatic Updates does the work for me.)


The above is IMPOSSIBLE without installing a Windows OS.
Also, an *XP* system would *have* to visit the Windows Update site first
in order to opt into the Microsoft Update site.

And, you are prompted to Activate Windows during the installation
process, NOT when visiting Windows Update. When visiting WU the system
needs to be Validated by passing WGA.

> 6. This pc still has XP PRO SP2


OK, so when was that installed as it's not listed as any of your
previous steps ?

Rogue AVs, such as Antivirus Soft, are *installed* through User
Intervention. The fake scans that the rogues show are presented to the
User via javascript.

Said rogue AVs will only infect the system when the *User agrees to
install it*, *clicks* the Cancel or OK buttons, BUT *not* when it's
running it's fake scan. Said fake scans are there to Socially Engineer (
scare; frighten; or entice ) the unknowing User into thinking that their
systems are infected.
If the User end tasks the browser's executable, the system will NOT be
infected.

> I've scanned everything and the virus has not been found on any of my media.
> I triple checked every file with Symantec's Endpoint Protection 11.0.5, and
> Microosft Security Essentials (current) and Malwarebytes.


Microsoft Security Essentials will NOT install in Windows XP until the
system has been Validated, which you claim hasn't taken place.

Something is either really fishy here or you've omitted some *vital*
details, either on purpose or accidentally.

Care to fill us in on all the details or should we start guessing ?


MowGreen
================
*-343-* FDNY
Never Forgotten
================

banthecheck.com
"Security updates should *never* have *non-security content* prechecked



Wattsfan wrote:
> 1. New Toshiba Laptop, formatted hard drive
> 2. Installed Basic Toshiba drivers: Chipset, LAN, WAN, Audio
> 3. Connected to Wireless Network
> 4. Run Microsoft Update up to the point where it says do I want to activate
> my license
> 5. Then I let Automatic Updates download and install the updates (don't have
> to activate when Automatic Updates does the work for me.)
> 6. This pc still has XP PRO SP2
> 7. Downloaded 64 updates
> 8. Rebooted and the "Antivirus Soft" virus came up, basically locking up all
> my exe files.
>
> I've scanned everything and the virus has not been found on any of my media.
> I triple checked every file with Symantec's Endpoint Protection 11.0.5, and
> Microosft Security Essentials (current) and Malwarebytes. Nothing. I even
> decompressed each install file from Toshiba and checked every file on the PC
> after the installers ran.
>
> Nothing.
>
> Is it possible Microsoft Update is infected with this virus? I know, remote.
>
> The virus infected my computer after installing the first round of updates
> via Automatic Updates which there were 64 updates to download and install
> including IE8 and its updates.
>
> After the restart, Antivirus Soft took over and disabled everything.
>
> Thanks.

Reply With Quote
  #3 (permalink)  
Old 03-04-2010
Michael
 

Posts: n/a
Re: Updates infected with "Antivirus Soft" virus?
Where did this version of XP SP2 come from? Did this ship with your laptop
or did you acquire it 'elsewhere'?

--


"Don't pick a fight with an old man.
If he is too old to fight, he'll just kill you."


"Wattsfan" <Wattsfan@discussions.microsoft.com> wrote in message
news:9E2255AB-3402-43FA-AE7D-0B5A13264BC6@microsoft.com...
> 1. New Toshiba Laptop, formatted hard drive
> 2. Installed Basic Toshiba drivers: Chipset, LAN, WAN, Audio
> 3. Connected to Wireless Network
> 4. Run Microsoft Update up to the point where it says do I want to
> activate
> my license
> 5. Then I let Automatic Updates download and install the updates (don't
> have
> to activate when Automatic Updates does the work for me.)
> 6. This pc still has XP PRO SP2
> 7. Downloaded 64 updates
> 8. Rebooted and the "Antivirus Soft" virus came up, basically locking up
> all
> my exe files.
>
> I've scanned everything and the virus has not been found on any of my
> media.
> I triple checked every file with Symantec's Endpoint Protection 11.0.5,
> and
> Microosft Security Essentials (current) and Malwarebytes. Nothing. I even
> decompressed each install file from Toshiba and checked every file on the
> PC
> after the installers ran.
>
> Nothing.
>
> Is it possible Microsoft Update is infected with this virus? I know,
> remote.
>
> The virus infected my computer after installing the first round of updates
> via Automatic Updates which there were 64 updates to download and install
> including IE8 and its updates.
>
> After the restart, Antivirus Soft took over and disabled everything.
>
> Thanks.


Reply With Quote
  #4 (permalink)  
Old 03-04-2010
Wattsfan
 

Posts: n/a
Re: Updates infected with "Antivirus Soft" virus?
Thank you for response. I've installed clean OS's at least 200 pcs, xp, vista
and currently windows 7. A lot of experience in installing but perhaps not in
explaining because this is the first time I've been hit by a virus during a
pc setup. This is why I posted the question and I will respond as follows. I
am not leaving anything out. I need to figure this out.

WHAT I DID

1. New Toshiba Laptop
2. New Seagate harddrive
3. Installed XP Pro OEM SP2 from a clean CD. Formatted the new seagate drive
with NTFS
4. Entered my product id
5. Put in USB stick (which was already scanned with antivirus softwarwe many
times over) and copied over to the seagate drive the Toshiba drivers to the C
drive. The drivers and usb stick have been scanned with Norton Internet
Security Version 10, McAfee Online Scanner, Symantec SEP 11.0.5,
MalwareBytes, Microsoft Essential Security, and Bitdefender Online Scanner. I
have a main machine that scans via Virtual Machines and several XP
Partitions. A workhorse desktop. This is where I scanned with Microsoft
Security Essentials, on the workhorse machine BEFORE copying over the Toshiba
drivers to the new pc. You are right, cannot install Microsoft Security
Essentials on a machine that is not validated. I also scanned the drivers on
the virustotal website from my workhorse desktop. No viruses found.
5. Installed from manufacturer's website, the WIFI driver from the USB stick
to the C drive.
6. NO WEBSITES VISITED yet on the new Toshiba. Have not opened Internet
Explorer on the new Toshiba.
7. Connected to my internal wireless network
8. Opened Internet Explorer (which is version 6 at this point) since this is
still SP2
9. When to Windows Updates and installed all the updates up to the point
where the Microsoft page says that in order to get anymore updates I need to
activate my pc.
10. I don't activate until I know the pc is stable and working. And yes, a
WGA message pops up reminding me to activate.
11. I let Automatic Updates run (via the control panel) at that time and the
updates will download and install without activation. You have to activate
Windows if you hit the EXPRESS buttton in Internet Explorer. I also use
Microsoft Update, not Windows Update. I run the active-x controls needed for
Microsoft Update.
12. Updates start to download and install on the new hard drive, at this
point 64 updates need to download and install. Part of these updates are IE8
and WGA. SP3 presents itself later.
13. I downloaded the 64 updates and restarted
14. "Antivirus Soft" launches and all my executibles are disabled. Have to
reformat the Seagate drive again on the Toshiba.

HOW I CHECKED FOR VIRUSES/MALWARE

1. I checked my USB flash with my main desktop's Antivirus which is Symantec
SEP 11.0.5. the latest and also MalWareBytes. No viruses found.
2. I checked the Toshiba drivers with my main desktop Symantec SEP 11.0.5
and Malwarebytes. No viruses found.
3. I booted off another partition on my main pc that has the consumer
version of Norton Internet Security 10 and scanned my C drive and the USB
stick. No viruses found.
4. I opened a virtual machine with Microsoft Security Essentials and scanned
all the files from the USB stick and the Toshiba drivers. No viruses found
5. I opened a virtual machine with McAfee online scanner. No viruses found
on the usb stick or Toshiba drivers.
6. Opened up a virtual machine with BitDefender. Scanned everything again.
No viruses found.
7. Scanned C drive and USB stick with Malwarebytes from a virtual machine.
No viruses found.
8. Submitted all the toshiba drivers (downloaded from toshiba's website,
verified the page sources) to virustotal.com. No viruses found.

The only software that downloaded to the new Toshiba were the 64 updates
done via the Automatic Updates in the Control Panel. These updates were not
checked by an antivirus because I did not have an antivirus loaded yet on the
new Toshiba seagate drive.

Normally, you can install even SP3 without activation. Do it all the time.
But I don't run the updates in Internet Explorer


Thank you.

Wattsfan
"MowGreen" wrote:

> You are asserting that this system never visited any web sites except
> the Microsoft Update site. The only way it could have become compromised
> is if there was *no* firewall turned on, which is NOT the case with XP
> SP2's Default installation settings, and it was exploited by using a DNS
> or SMB vulnerability.
>
> In the steps you've listed, where was Windows XP Pro SP2 installed as
> it's not listed ?
>
> > 1. New Toshiba Laptop, formatted hard drive
> > 2. Installed Basic Toshiba drivers: Chipset, LAN, WAN, Audio
> > 3. Connected to Wireless Network
> > 4. Run Microsoft Update up to the point where it says do I want to activate
> > my license
> > 5. Then I let Automatic Updates download and install the updates (don't have
> > to activate when Automatic Updates does the work for me.)

>
> The above is IMPOSSIBLE without installing a Windows OS.
> Also, an *XP* system would *have* to visit the Windows Update site first
> in order to opt into the Microsoft Update site.
>
> And, you are prompted to Activate Windows during the installation
> process, NOT when visiting Windows Update. When visiting WU the system
> needs to be Validated by passing WGA.
>
> > 6. This pc still has XP PRO SP2

>
> OK, so when was that installed as it's not listed as any of your
> previous steps ?
>
> Rogue AVs, such as Antivirus Soft, are *installed* through User
> Intervention. The fake scans that the rogues show are presented to the
> User via javascript.
>
> Said rogue AVs will only infect the system when the *User agrees to
> install it*, *clicks* the Cancel or OK buttons, BUT *not* when it's
> running it's fake scan. Said fake scans are there to Socially Engineer (
> scare; frighten; or entice ) the unknowing User into thinking that their
> systems are infected.
> If the User end tasks the browser's executable, the system will NOT be
> infected.
>
> > I've scanned everything and the virus has not been found on any of my media.
> > I triple checked every file with Symantec's Endpoint Protection 11.0.5, and
> > Microosft Security Essentials (current) and Malwarebytes.

>
> Microsoft Security Essentials will NOT install in Windows XP until the
> system has been Validated, which you claim hasn't taken place.
>
> Something is either really fishy here or you've omitted some *vital*
> details, either on purpose or accidentally.
>
> Care to fill us in on all the details or should we start guessing ?
>
>
> MowGreen
> ================
> *-343-* FDNY
> Never Forgotten
> ================
>
> banthecheck.com
> "Security updates should *never* have *non-security content* prechecked
>
>
>
> Wattsfan wrote:
> > 1. New Toshiba Laptop, formatted hard drive
> > 2. Installed Basic Toshiba drivers: Chipset, LAN, WAN, Audio
> > 3. Connected to Wireless Network
> > 4. Run Microsoft Update up to the point where it says do I want to activate
> > my license
> > 5. Then I let Automatic Updates download and install the updates (don't have
> > to activate when Automatic Updates does the work for me.)
> > 6. This pc still has XP PRO SP2
> > 7. Downloaded 64 updates
> > 8. Rebooted and the "Antivirus Soft" virus came up, basically locking up all
> > my exe files.
> >
> > I've scanned everything and the virus has not been found on any of my media.
> > I triple checked every file with Symantec's Endpoint Protection 11.0.5, and
> > Microosft Security Essentials (current) and Malwarebytes. Nothing. I even
> > decompressed each install file from Toshiba and checked every file on the PC
> > after the installers ran.
> >
> > Nothing.
> >
> > Is it possible Microsoft Update is infected with this virus? I know, remote.
> >
> > The virus infected my computer after installing the first round of updates
> > via Automatic Updates which there were 64 updates to download and install
> > including IE8 and its updates.
> >
> > After the restart, Antivirus Soft took over and disabled everything.
> >
> > Thanks.

> .
>

Reply With Quote
  #5 (permalink)  
Old 03-04-2010
Wattsfan
 

Posts: n/a
Re: Updates infected with "Antivirus Soft" virus?
Original OEM SP2 CD.

"Michael" wrote:

> Where did this version of XP SP2 come from? Did this ship with your laptop
> or did you acquire it 'elsewhere'?
>
> --
>
>
> "Don't pick a fight with an old man.
> If he is too old to fight, he'll just kill you."
>
>
> "Wattsfan" <Wattsfan@discussions.microsoft.com> wrote in message
> news:9E2255AB-3402-43FA-AE7D-0B5A13264BC6@microsoft.com...
> > 1. New Toshiba Laptop, formatted hard drive
> > 2. Installed Basic Toshiba drivers: Chipset, LAN, WAN, Audio
> > 3. Connected to Wireless Network
> > 4. Run Microsoft Update up to the point where it says do I want to
> > activate
> > my license
> > 5. Then I let Automatic Updates download and install the updates (don't
> > have
> > to activate when Automatic Updates does the work for me.)
> > 6. This pc still has XP PRO SP2
> > 7. Downloaded 64 updates
> > 8. Rebooted and the "Antivirus Soft" virus came up, basically locking up
> > all
> > my exe files.
> >
> > I've scanned everything and the virus has not been found on any of my
> > media.
> > I triple checked every file with Symantec's Endpoint Protection 11.0.5,
> > and
> > Microosft Security Essentials (current) and Malwarebytes. Nothing. I even
> > decompressed each install file from Toshiba and checked every file on the
> > PC
> > after the installers ran.
> >
> > Nothing.
> >
> > Is it possible Microsoft Update is infected with this virus? I know,
> > remote.
> >
> > The virus infected my computer after installing the first round of updates
> > via Automatic Updates which there were 64 updates to download and install
> > including IE8 and its updates.
> >
> > After the restart, Antivirus Soft took over and disabled everything.
> >
> > Thanks.

>

Reply With Quote
  #6 (permalink)  
Old 03-04-2010
Wattsfan
 

Posts: n/a
Re: Updates infected with "Antivirus Soft" virus?
Hi Michael, It is an original OEM SP2 XP PRO CD. Used many times.

"Michael" wrote:

> Where did this version of XP SP2 come from? Did this ship with your laptop
> or did you acquire it 'elsewhere'?
>
> --
>
>
> "Don't pick a fight with an old man.
> If he is too old to fight, he'll just kill you."
>
>
> "Wattsfan" <Wattsfan@discussions.microsoft.com> wrote in message
> news:9E2255AB-3402-43FA-AE7D-0B5A13264BC6@microsoft.com...
> > 1. New Toshiba Laptop, formatted hard drive
> > 2. Installed Basic Toshiba drivers: Chipset, LAN, WAN, Audio
> > 3. Connected to Wireless Network
> > 4. Run Microsoft Update up to the point where it says do I want to
> > activate
> > my license
> > 5. Then I let Automatic Updates download and install the updates (don't
> > have
> > to activate when Automatic Updates does the work for me.)
> > 6. This pc still has XP PRO SP2
> > 7. Downloaded 64 updates
> > 8. Rebooted and the "Antivirus Soft" virus came up, basically locking up
> > all
> > my exe files.
> >
> > I've scanned everything and the virus has not been found on any of my
> > media.
> > I triple checked every file with Symantec's Endpoint Protection 11.0.5,
> > and
> > Microosft Security Essentials (current) and Malwarebytes. Nothing. I even
> > decompressed each install file from Toshiba and checked every file on the
> > PC
> > after the installers ran.
> >
> > Nothing.
> >
> > Is it possible Microsoft Update is infected with this virus? I know,
> > remote.
> >
> > The virus infected my computer after installing the first round of updates
> > via Automatic Updates which there were 64 updates to download and install
> > including IE8 and its updates.
> >
> > After the restart, Antivirus Soft took over and disabled everything.
> >
> > Thanks.

>

Reply With Quote
  #7 (permalink)  
Old 03-04-2010
فشمشم
 

Posts: n/a
Re: Updates infected with "Antivirus Soft" virus?


"Wattsfan" wrote:

> Hi Michael, It is an original OEM SP2 XP PRO CD. Used many times.
>
> "Michael" wrote:
>
> > Where did this version of XP SP2 come from? Did this ship with your laptop
> > or did you acquire it 'elsewhere'?
> >
> > --
> >
> >
> > "Don't pick a fight with an old man.
> > If he is too old to fight, he'll just kill you."
> >
> >
> > "Wattsfan" <Wattsfan@discussions.microsoft.com> wrote in message
> > news:9E2255AB-3402-43FA-AE7D-0B5A13264BC6@microsoft.com...
> > > 1. New Toshiba Laptop, formatted hard drive
> > > 2. Installed Basic Toshiba drivers: Chipset, LAN, WAN, Audio
> > > 3. Connected to Wireless Network
> > > 4. Run Microsoft Update up to the point where it says do I want to
> > > activate
> > > my license
> > > 5. Then I let Automatic Updates download and install the updates (don't
> > > have
> > > to activate when Automatic Updates does the work for me.)
> > > 6. This pc still has XP PRO SP2
> > > 7. Downloaded 64 updates
> > > 8. Rebooted and the "Antivirus Soft" virus came up, basically locking up
> > > all
> > > my exe files.
> > >
> > > I've scanned everything and the virus has not been found on any of my
> > > media.
> > > I triple checked every file with Symantec's Endpoint Protection 11.0.5,
> > > and
> > > Microosft Security Essentials (current) and Malwarebytes. Nothing. I even
> > > decompressed each install file from Toshiba and checked every file on the
> > > PC
> > > after the installers ran.
> > >
> > > Nothing.
> > >
> > > Is it possible Microsoft Update is infected with this virus? I know,
> > > remote.
> > >
> > > The virus infected my computer after installing the first round of updates
> > > via Automatic Updates which there were 64 updates to download and install
> > > including IE8 and its updates.
> > >
> > > After the restart, Antivirus Soft took over and disabled everything.
> > >
> > > Thanks.

> >

Reply With Quote
  #8 (permalink)  
Old 03-04-2010
Harry Johnston [MVP]
 

Posts: n/a
Re: Updates infected with "Antivirus Soft" virus?
Wattsfan,

One possibility is that your wireless router might be compromised and
redirecting you to malicious websites. I'm not very familiar with the issues
involved so can't provide much advice, but one thing you could try is explicitly
configuring your DNS servers (your ISP should be able to provide you with this
information) rather than using the DNS service provided by the router.

Harry.

On 2010-03-04 10:36 a.m., Wattsfan wrote:
> 1. New Toshiba Laptop, formatted hard drive
> 2. Installed Basic Toshiba drivers: Chipset, LAN, WAN, Audio
> 3. Connected to Wireless Network
> 4. Run Microsoft Update up to the point where it says do I want to activate
> my license
> 5. Then I let Automatic Updates download and install the updates (don't have
> to activate when Automatic Updates does the work for me.)
> 6. This pc still has XP PRO SP2
> 7. Downloaded 64 updates
> 8. Rebooted and the "Antivirus Soft" virus came up, basically locking up all
> my exe files.
>
> I've scanned everything and the virus has not been found on any of my media.
> I triple checked every file with Symantec's Endpoint Protection 11.0.5, and
> Microosft Security Essentials (current) and Malwarebytes. Nothing. I even
> decompressed each install file from Toshiba and checked every file on the PC
> after the installers ran.
>
> Nothing.
>
> Is it possible Microsoft Update is infected with this virus? I know, remote.
>
> The virus infected my computer after installing the first round of updates
> via Automatic Updates which there were 64 updates to download and install
> including IE8 and its updates.
>
> After the restart, Antivirus Soft took over and disabled everything.
>
> Thanks.



--
Harry Johnston
http://harryjohnston.wordpress.com
Reply With Quote
  #9 (permalink)  
Old 03-04-2010
Wattsfan
 

Posts: n/a
Re: Updates infected with "Antivirus Soft" virus?
Thank you, Harry.

I am looking at that. I use OPENDNS router numbers.

Another possibility is after I installed all the updates. I went on the
default home webpage which was msn.com and clicked on clicks on the top of
the MSN page. One of the pages requested I install the adobe flash player
which I did. Also, to test the stability of th enew system, I open all the
programs that come with XP PRO and I open all the games, including the
internet games included in XP PRO. I noticed today when I opened some of the
internet based games, there were ads on the games themselves. Is this normal,
ads on the games? I need to look at that.

Anyway, I tried to reproduce the virus today without success. Installed
every driver I had on the flash drive and no "Antivirus soft", which by the
way is very hard to remove. Even in safe mode.

I've had instances where Symantec Endpoint Protection 11.0.5 was not
catching some variants of "fake" adobe flash player updaters which present
themselves as .exe files and I know to avoid them.

I did install a flash player update from an MSN top page linked site. But
the update came through Internet Explorer like it always has.

I checked my router and the DNS numbers are hard coded.

I did open Media Player and I remember it going to a BRAVO based page with
the housewives movie playing and I think that is when the virus launched.

I can't duplicate the problem. I checked every disk and software piece I had
with several up to date antiirus/antimalware programs and nothing came up.
Norton Internet Security version 10 is pretty good at detection but no
viruses.

I know there are cases where a file is downloaded and it is not a virus.
Then the file launches, still undetected, then downloads a virus. At that
point, Symantec will catch it but it is too late, the pc is compromised.

If my router was compromised, my other pcs would also be infected. I think
they would be.

My wireless security is solid.

Thank you.


"Harry Johnston [MVP]" wrote:

> Wattsfan,
>
> One possibility is that your wireless router might be compromised and
> redirecting you to malicious websites. I'm not very familiar with the issues
> involved so can't provide much advice, but one thing you could try is explicitly
> configuring your DNS servers (your ISP should be able to provide you with this
> information) rather than using the DNS service provided by the router.
>
> Harry.
>
> On 2010-03-04 10:36 a.m., Wattsfan wrote:
> > 1. New Toshiba Laptop, formatted hard drive
> > 2. Installed Basic Toshiba drivers: Chipset, LAN, WAN, Audio
> > 3. Connected to Wireless Network
> > 4. Run Microsoft Update up to the point where it says do I want to activate
> > my license
> > 5. Then I let Automatic Updates download and install the updates (don't have
> > to activate when Automatic Updates does the work for me.)
> > 6. This pc still has XP PRO SP2
> > 7. Downloaded 64 updates
> > 8. Rebooted and the "Antivirus Soft" virus came up, basically locking up all
> > my exe files.
> >
> > I've scanned everything and the virus has not been found on any of my media.
> > I triple checked every file with Symantec's Endpoint Protection 11.0.5, and
> > Microosft Security Essentials (current) and Malwarebytes. Nothing. I even
> > decompressed each install file from Toshiba and checked every file on the PC
> > after the installers ran.
> >
> > Nothing.
> >
> > Is it possible Microsoft Update is infected with this virus? I know, remote.
> >
> > The virus infected my computer after installing the first round of updates
> > via Automatic Updates which there were 64 updates to download and install
> > including IE8 and its updates.
> >
> > After the restart, Antivirus Soft took over and disabled everything.
> >
> > Thanks.

>
>
> --
> Harry Johnston
> http://harryjohnston.wordpress.com
> .
>

Reply With Quote
  #10 (permalink)  
Old 03-04-2010
PA Bear [MS MVP]
 

Posts: n/a
Re: Updates infected with "Antivirus Soft" virus?
What anti-virus application or security suite is installed, is your
subscription current, and when did you install it: Before or after visiting
Windows Update? What anti-spyware applications (other than Defender)? Has
a firewall been enabled at all times?

> Another possibility is after I installed all the updates. I went on the
> default home webpage which was msn.com and clicked on clicks on the top of
> the MSN page. One of the pages requested I install the adobe flash player
> which I did...


Maybe not. See
http://groups.google.com/group/micro...87fd9c8c07d067



Wattsfan wrote:
> Thank you, Harry.
>
> I am looking at that. I use OPENDNS router numbers.
>
> Another possibility is after I installed all the updates. I went on the
> default home webpage which was msn.com and clicked on clicks on the top of
> the MSN page. One of the pages requested I install the adobe flash player
> which I did. Also, to test the stability of th enew system, I open all the
> programs that come with XP PRO and I open all the games, including the
> internet games included in XP PRO. I noticed today when I opened some of
> the
> internet based games, there were ads on the games themselves. Is this
> normal, ads on the games? I need to look at that.
>
> Anyway, I tried to reproduce the virus today without success. Installed
> every driver I had on the flash drive and no "Antivirus soft", which by
> the
> way is very hard to remove. Even in safe mode.
>
> I've had instances where Symantec Endpoint Protection 11.0.5 was not
> catching some variants of "fake" adobe flash player updaters which present
> themselves as .exe files and I know to avoid them.
>
> I did install a flash player update from an MSN top page linked site. But
> the update came through Internet Explorer like it always has.
>
> I checked my router and the DNS numbers are hard coded.
>
> I did open Media Player and I remember it going to a BRAVO based page with
> the housewives movie playing and I think that is when the virus launched.
>
> I can't duplicate the problem. I checked every disk and software piece I
> had
> with several up to date antiirus/antimalware programs and nothing came up.
> Norton Internet Security version 10 is pretty good at detection but no
> viruses.
>
> I know there are cases where a file is downloaded and it is not a virus.
> Then the file launches, still undetected, then downloads a virus. At that
> point, Symantec will catch it but it is too late, the pc is compromised.
>
> If my router was compromised, my other pcs would also be infected. I think
> they would be.
>
> My wireless security is solid.
>
> Thank you.
>
>
> "Harry Johnston [MVP]" wrote:
>
>> Wattsfan,
>>
>> One possibility is that your wireless router might be compromised and
>> redirecting you to malicious websites. I'm not very familiar with the
>> issues involved so can't provide much advice, but one thing you could try
>> is explicitly configuring your DNS servers (your ISP should be able to
>> provide you with this information) rather than using the DNS service
>> provided by the router.
>>
>> Harry.
>>
>> On 2010-03-04 10:36 a.m., Wattsfan wrote:
>>> 1. New Toshiba Laptop, formatted hard drive
>>> 2. Installed Basic Toshiba drivers: Chipset, LAN, WAN, Audio
>>> 3. Connected to Wireless Network
>>> 4. Run Microsoft Update up to the point where it says do I want to
>>> activate my license
>>> 5. Then I let Automatic Updates download and install the updates (don't
>>> have to activate when Automatic Updates does the work for me.)
>>> 6. This pc still has XP PRO SP2
>>> 7. Downloaded 64 updates
>>> 8. Rebooted and the "Antivirus Soft" virus came up, basically locking up
>>> all my exe files.
>>>
>>> I've scanned everything and the virus has not been found on any of my
>>> media. I triple checked every file with Symantec's Endpoint Protection
>>> 11.0.5, and Microosft Security Essentials (current) and Malwarebytes.
>>> Nothing. I even decompressed each install file from Toshiba and checked
>>> every file on the PC after the installers ran.
>>>
>>> Nothing.
>>>
>>> Is it possible Microsoft Update is infected with this virus? I know,
>>> remote.
>>>
>>> The virus infected my computer after installing the first round of
>>> updates
>>> via Automatic Updates which there were 64 updates to download and
>>> install
>>> including IE8 and its updates.
>>>
>>> After the restart, Antivirus Soft took over and disabled everything.
>>>
>>> Thanks.

>>
>>
>> --
>> Harry Johnston
>> http://harryjohnston.wordpress.com
>> .


Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Should "Patch Tuesday" updates include a free virus scan? Steve Security News 0 09-22-2009 01:50
Should "Patch Tuesday" updates include a free virus scan? Steve Security News 0 09-21-2009 21:40
"YOUR COMPUTER WAS INFECTED BY UNKNOWN TROJAN IT'S DANGE..." Tristan microsoft.public.windows.vista.general 16 02-04-2008 01:34
Article ID: 937249 "Mirovanje" is used for both the "Sleep" command and the "Hibernate" command on the "Shut Down" menu in the Slovenian version of Windows Vista KBArticles English 0 10-22-2007 20:00
Article ID: 938723 "Hibernates" or "hibernation" appears instead of "sleeps" or "sleep" in Power Options in the Traditional Chinese (CHT) version of Windows Vista KBArticles English 0 10-22-2007 20:00




All times are GMT +1. The time now is 05:38.




Driver Scanner - Free Scan Now

Vistaheads.com is part of the Heads Network. See also XPHeads.com , Win7Heads.com and Win8Heads.com.


Design by Vjacheslav Trushkin for phpBBStyles.com.
Powered by vBulletin® Version 3.6.7
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.6.0 RC 2

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120