MS KB890830 Critical Update Malicious...

Discussion in 'other anti-malware software' started by AlizeZ, Aug 15, 2005.

Thread Status:
Not open for further replies.
  1. AlizeZ

    AlizeZ Registered Member

    Joined:
    Aug 15, 2005
    Posts:
    38
    I recently downloaded Microsoft WinXPsp2 Critical Update - KB 890830 (August v1.7) - as I have been doing regularly for past several months. After the download I ran the "notepad %windir%.....etc." to see the log and noticed that it not only told me it found "No Infections" (as it usually did), it mentioned the following which has us quite concerned:

    "sys clean warning - mem scan get image path from pid (3096) win32 error
    code 0x00000057 (87): the parameter is incorrect (65).
    No infections found"

    Would someone be able to tell us what this means and is it serious and can
    we correct, etc.? Please advise and thank you. (Or do I have to post to another board/form/category?)
     
  2. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    Someone with knowledge of this particular problem should see your post and respond pretty soon.
     
  3. passing thru

    passing thru Guest

    I would try running the MRT tool manually by executing C:\WINDOWS\system32\MRT.exe. Before you do, open Task Manager and write down the PIDs for your running processes. If you get another similar log entry, try to match the PID in your log to the ones you wrote down. The goal is to track down the process executable responsible for the error.
     
  4. AlizeZ

    AlizeZ Registered Member

    Joined:
    Aug 15, 2005
    Posts:
    38
    Thank you. We are senior citizens and not too familiar with computers, etc.
    #1- You mention to run "Tool Manager" and we presume that is Ctrl;Alt:Del. Is that correct? But what should we look for there (Applications, Processes, etc.)?
    #2- What are PIDs?
    #3- We looked in the Winnt/System32 and did see MRT.exe.

    Just wanted to mention though that this happened on my husband's computer. When he read the "Warning" in the log for KB890839, he erased the log entry results for August entry (v1.7) and thought he would go to Critical Updates again and since he deleted the log entry for the August KB890830 download, there would be another Critical Update download for KB890830 again, but there wasn't. So he went to the download page for the same (current) KB890830 (v1.7) and clicked on download and then he clicked on RUN. When the KB890830 downloaded again my husband clicked on RUN again and the KB890830 executed and then produced a log that just said "No malicious software was detected." It did NOT mention anything about a WARNING as the first KB890830 download did we typed in run: "notepad %windir%\Debug\Mrt.log"
    Thank you so much.
    Alice ..
    P.S. Does next month's KB890830 (Sept.) remove the MRT.exe that is now in the System32 folder (for August)?
     
  5. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    Have you gone to add/remove programs and looked to see if the update was there. you might have to check the box on top of the add/remove that says show updates. If that update is there delete it and then it is gone.
     
  6. passing thru

    passing thru Guest

    Hi AlizeZ,

    According to http://support.microsoft.com/kb/891717/ (scroll down the page a bit), the error you are seeing is usually caused by processes starting or stopping while MRT is scanning. Microsoft recommends restarting your computer, wait 5 minutes, and then run MRT manually. After it completes its job, take a look at the log for the results. If you see no errors, then I would not be concerned.
     
  7. AlizeZ

    AlizeZ Registered Member

    Joined:
    Aug 15, 2005
    Posts:
    38
    Passing Thru, thank you. We looked at the page you quoted, but did not see mention of the message we received in first Aug. MRT log. Namely:
    "sys clean warning - mem scan get image path from PID (3096) (win32 error code 0X00000057 (87): The parameter is incorrect at (650)."
    As we said, we did see that "no infections were found," but then the warning was printed there also (in first log print-out).
    We ran the MRT again and "No infections were found" was the only thing printed there.
    As you stated, if we do not see errors, we should not be concerned.
    We hope you will not just pass through but remain on this board to help. It is all so confusing to us and probably to others also.
    (We also ran Ad-Aware and NortonSecurity.)
    Alice
     
  8. passing thru

    passing thru Guest

    It's basically the Failed to get process image file error on the page. Yes it can be confusing. Glad I could help.
     
  9. AlizeZ

    AlizeZ Registered Member

    Joined:
    Aug 15, 2005
    Posts:
    38
    Passing Thru, Thank You.....
    Would you know if the MRT in System32 is put there every time we have Critical Update KB890830 download (every month)? Is the one that is there now replacing the previous month's MRT? Does each month's Critical update replace the previous month's Critical update for the KB890830? Is the current month's Critical Update download of KB890830 always stored in the System32 at MRT? If you don't know, no need to reply.
    Thanks....
     
  10. passing thru

    passing thru Guest

    Hi AlizeZ,

    So far it appears that it has been updated monthly since January 2005. Each update does delete/replace the previous MRT.exe and, so far, is stored in your system32 directory.
     
Loading...
Thread Status:
Not open for further replies.