Q810217 critical update released for IE?

Discussion in 'other security issues & news' started by Pretender, Dec 10, 2003.

Thread Status:
Not open for further replies.
  1. Pretender

    Pretender Registered Member

    Joined:
    Apr 23, 2002
    Posts:
    670
    Location:
    Virtual Paradise
    I don't know what to think about this update that I downloaded/installed via windows update. I received an error message shortly after having to do with installshield and sent error report off. Anyone know what the deal is with this update? Some sites say that it was a mistake released that shouldn't have been available and Microsoft isn't sure why it was released as there was a November update released to deal with the same problem as this one. Any insights out there?
     
  2. Pretender

    Pretender Registered Member

    Joined:
    Apr 23, 2002
    Posts:
    670
    Location:
    Virtual Paradise
    Here's the scoop about this update which seems to pertain only to XP:

    http://msn.com.com/2100-1105_2-5120304.html?part=msn&subj=ns_2543&tag=mymsn
     
  3. jayzzz

    jayzzz Registered Member

    Joined:
    Mar 23, 2003
    Posts:
    367
    Location:
    California
    Has anyone heard of any negative consumer effects from that update, which I downloaded yesterday? On the Ad-Aware scan I did right after the update, it found and quarantined an item with the comment that it is "Possible virus infection, REG file extension compromised." It wasn't there the night before when scanned. What I read in the link doesn't sound like anyone sees a problem.

    On a gut feeling, I scanned after the next time I booted following the first reboot from the download. I don't tend to get urges to check for something reloading after Ad Aware fixes it, but it was a valid hunch. I found it. I explored until I got to my current 7 copies in quarantine. It returns when the computer boots, and never yet without rebooting. It's listed in the Quarantine Logs as being in WINDOWS, then
    "obj BRACKET 0 BRACKET =RegData : regfile\shell\open\command" and I tried to use exact spacing EXCEPT for where I couldn't use the bracket symbols and have it display correctly.

    Does anyone know if it's really doing any harm as long as I turn if off right away with the Ad Aware scan? Would also be great to see any input on whether it came with the "critical update," and what it might be. I scanned healthy less than 24 hrs. prior. SpyBot & NAV are both current and both oblivious. The "thing" I now have 7 copies of is 457 bytes each. Any info at all will put me ahead of where I am, now. :)

    I tried to ask these questions at the Lavasoft forum...along with the biggie about how to get rid of it for good, whatever it is...but the board wouldn't permit me to post anywhere, despite being registered, confirmed, logged in, and with sigature and avatar set up. :( mj
     
  4. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Hi jayzzz,

    At the LavaSoft forums they probably would have pointed you here:
    http://www.lavasoftsupport.com/index.php?showtopic=12156

    I already had that on my Ignore list, so I can't be sure if it has anything to do with this update.

    Regards,

    Pieter
     
  5. jayzzz

    jayzzz Registered Member

    Joined:
    Mar 23, 2003
    Posts:
    367
    Location:
    California
    So even though it appeared suddenly, it is okay, you're saying? I will go into Ad-Aware and make it the first entry in my Ignore List.

    Thank you for your time and attention. :cool:

    mj
     
  6. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Hi jayzzz,

    Could you please do this:

    Start > Run > type or copy&paste regedit /e regkey.txt "HKEY_CLASSES_ROOT\regfile\shell\open\command" > OK

    It will make a file called regkey.txt in the C: directory (unless your active partition is not C:). Could you post the content of that file?

    Regards,

    Pieter
     
  7. jayzzz

    jayzzz Registered Member

    Joined:
    Mar 23, 2003
    Posts:
    367
    Location:
    California
    Here it is, Pieter:

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\regfile\shell\open\command]
    @="C:\\Program Files\\Script Sentry\\ScriptSentry.exe \"%1\" %*"

    Please let me know if I don't have Script Sentry deliberately?

    [hr]

    Might it be relevant that the cachedll (dllcache?) file in the system32 folder is listed in red text, while all the other files on its level are black text?

    Thank you.

    mj
     
  8. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Hi jayzzz,

    That is a perfectly normal entry if you have ScriptSentry installed, but it should have showed up in your AdAware scans before.
    There is no relation to this update as far as I can see.

    Regards,

    Pieter
     
  9. jayzzz

    jayzzz Registered Member

    Joined:
    Mar 23, 2003
    Posts:
    367
    Location:
    California
    I found that I do have Script Sentry, but the item has never showed up in a log of mine before, including those done immediately after my most recent destructive recovery on Nov. 27, until this past Wednesday, 12/10/03. I'll check through some papers in the morning to see if Script Sentry was there before this recovery...I don't remember seeing it.

    This latest recovery didn't return the computer to OEM OR to where it was after the first recovery on Aug. 27th. I somehow even got a different fax program than I had after the Aug. 27th process. Seemed a neat trick since the cds used were the same!

    mj
     
  10. AAP

    AAP Registered Member

    Joined:
    Jul 30, 2003
    Posts:
    117
    Hello,jayzzz & Welcome

    Yes you will be fine if you add that file
    to the Ignore-list but that's if you did
    install ScriptSentry

    Good luck

    Hi,Pieter :D
     
  11. jayzzz

    jayzzz Registered Member

    Joined:
    Mar 23, 2003
    Posts:
    367
    Location:
    California
    Thank you, Rojas. I don't remember installing Script Sentry OR seeing it in this machine's program list before last night when I looked for it, so I have to check into that. If it did not come with XPHome by default or with the Micro$oft Works Suite, how it got there is a mystery to me at this point. Your "but....." above makes me wonder what you're getting at.

    I just checked the properties, and it was created when I installed the latest "mistake" critical upgrade...late in the morning on Dec. 10, '03! So it WASN'T, apparently, present previously to trigger the Ad-Aware scan. It's time for me to find out exactly what Script Sentry DOES. :doubt: mj
     
  12. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Hi jayzzz,

    ScriptSentry is a perfectly trustworthy program.
    It can be downloaded here: http://www.jasons-toolbox.com/scriptsentry.asp
    You will alos find a description of what it does there.

    I think quite a few here use and trust it, so it is a real mystery, that you are unaware of ever installing it.

    Regards,

    Pieter
     
  13. Peaches4U

    Peaches4U Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    5,070
    Location:
    At my computer
    I have WinXp & this patch mentioned has been automatically installed. I have absolutely no problems with my computer as a result - all security scans come up clean. ..... soooooo o_O
    My penny's worth: I think you may have a VBS Scripting Worm - go to Symantec and type in the search for viruses & worms "Bracket O Bracket".
     
  14. jayzzz

    jayzzz Registered Member

    Joined:
    Mar 23, 2003
    Posts:
    367
    Location:
    California
    Pieter, I WAS looking at the toolbox site that morning, so while I don't know how it got installed, it was probably not done behind my back...more likely due to my ignorance and something I clicked on. Will read description, and if sounds like overkill for the places I go on-line, I'll uninstall the program. If not, will keep and use...and add to that "Ignore List" in AdAware.

    Thanks, Peaches...wouldn't my NAV have caught it, if it was that kind of thing?

    Especially with now knowing what site it came from, I'm thinking my WinPatrol, IESPYAD and Enough is Enough, along with SpywareBlaster & Kerio should've protected me from anything malicious. My memory isn't my best personal attribute, so I probably clicked okay when WinPatrol flagged it...have a VERY VAGUE sense that may have happened.

    mj :)
     
  15. Peaches4U

    Peaches4U Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    5,070
    Location:
    At my computer
    I have found NAV to let stuff in even with updates. Remember NAV would only update weekly whereas AVG & some other scanners would update as soon as a new virus was out there. NAV is not 100% - there is always an element of missing as with any AV program. Costs nothing to give it a look at Symantec and see what you think if it applies to you. Costs nothing to do an outside online scan like with Panda. If that area proves okay, then you know you have done something that you have to find out what it was. Just my humble thoughts on the subject. :doubt:
     
  16. jayzzz

    jayzzz Registered Member

    Joined:
    Mar 23, 2003
    Posts:
    367
    Location:
    California
    Thanks, Peaches. You're right, of course, and I've got only peace of mind to gain by using one of the scans you mention.

    I try to manually check for NAV updates every day, and it scans on auto-pilot once a day as a separate pre-scheduled thing. Still, like birth control pills, there are no 100% guarantees.

    Will plan on doing it before shutting down for the night and appreciate the nudge. :)

    mj
     
  17. Peaches4U

    Peaches4U Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    5,070
    Location:
    At my computer
    Jayzzz - I note that you have WinXp - have you tried to do a System Restore to a date prior to your problem? It may be your simplest solution. o_O?

    Also, if you go ahead with an outside scan you should disable System Restore in the event a nasty is hiding there. System Restore cannot be scanned when it is enabled. Something else for you to think about.
     
  18. jayzzz

    jayzzz Registered Member

    Joined:
    Mar 23, 2003
    Posts:
    367
    Location:
    California
    It seems that I don't have the type of problem it appeared it could be at first, based on what Pieter said and the link he provided.

    Another friend, more knowledgeable than I am, has always advised me that using System Restore should be a last resort, generally.

    I think at this point I probably have more to lose by giving up the restore points to run an outside scan than I would gain in peace of mind from its outcome. Thanks for the food for thought, Peaches; that is always appreciated. :) mj
     
  19. Pretender

    Pretender Registered Member

    Joined:
    Apr 23, 2002
    Posts:
    670
    Location:
    Virtual Paradise
    You know that you can download updates for NAV every dayo_O LiveUpdate only works on Wednesday and sometimes a different day if there is a major problem that needs to be released sooner than Wednesday. It does take a while to download what you need from Symantec to cover NAV as the file includes numerous updates for numersous symantec programs.
     
  20. jayzzz

    jayzzz Registered Member

    Joined:
    Mar 23, 2003
    Posts:
    367
    Location:
    California
    Sure would be grateful for a link that goes to something other than the Live Update feature, then, if you have it. I didn't know that. I can't seem to find anything but Live Updates on my own, or site fields that don't want to work, even when put site in Trusted Zone.
    mj :)
     
  21. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Hi jayzzz,

    Choose your language here: http://www.symantec.com/avcenter/defs.download.html
    and you will be taken to a page where you will find a downloadlink as shown below. Download the exe and run it.

    HTH,

    Pieter
     

    Attached Files:

  22. Pretender

    Pretender Registered Member

    Joined:
    Apr 23, 2002
    Posts:
    670
    Location:
    Virtual Paradise
    Pieter beat me to it and did a fine job ;)



    Wanted to add that I always chose open rather than save when downloading. Don't have to clean anything up that way.
     
  23. Peaches4U

    Peaches4U Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    5,070
    Location:
    At my computer

    I personally would rather have peace of mind & turn off SR to do a scan than scratch my head wondering what I can do to solve the problem.... here is why .......

    About Restore Points:
    System Restore works by taking snapshots of your operating system. In fact, your copy of WinXP has been creating these memorized snapshots, called "restore points" ever since you've been running it. When the worst comes to pass, and your PC starts acting up, you can use the System Restore calendar to rewind your machine to its configuration the last time you remember it working well.

    WinXP automatically creates landing points for your PC time machine at the following times:

    * The first time you boot up WinXP
    * Every 10 hrs. of operation.
    * After every 24 hrs. of real-world time [unless your PC is turned off all day; then you get a restore point the next ime it is turned on.]
    * Every time you install a new program [provided it uses a recent version of the Microsoft Windows Installer or InstallShield.]
    * Every time the Automatic Update feature updates a component of your operating system.
    * Whenever you feel like it - such as just before you install some new component . [To create one of these manual checkpoints, choose Start, Help and Support. Click "Undo changes to your computer with System Restore". On the next screen, click "create a restore point," and then click Next; name your new checkpoint and click OK.

    Note: When your hard drive is running low on space, System Restore turns off automatically, without notice. It turns itself back on when you free up some space. Fortunately, you can control exactly how much disk space is dedicated to this function - or turn the function off entirely. Note that turning off System Restore, even momentarily, wipes out all existing restore points.

    Windows XP automatically begins deleting restore points after 90 days [or when it is running out of disk space] - as well as any chance of rewinding your system back that far. That's also why the System Restore feature stops working if your hard drive is very full. AND that is why you should run the System Restore feature promptly when your PC acts strangely. ;)
     
  24. Pretender

    Pretender Registered Member

    Joined:
    Apr 23, 2002
    Posts:
    670
    Location:
    Virtual Paradise
    What about just removing the hotfix if it causes problems? They are available in add/remove programs in XP aren't they? I may be somewhat confused here as the subject matter has a few differen avenues. Please straighten me out if I've misunderstood.

    Nevermind, I reread everything and you're talking about disabling SR to do a scan because it can't be scanned while it is running. I agree if there is reason to think that you've got a bug. That's about all I got to say about that. LOL
     
  25. jayzzz

    jayzzz Registered Member

    Joined:
    Mar 23, 2003
    Posts:
    367
    Location:
    California
    Pretender & Pieter--
    FYI, I finally got to and figured out the Intelligent Update feature. It seemed to be leading me around in circles until I realized I wasn't scrolling the page down far enough to get to the actual download. Does Intelligent Update have the same items or different ones than the Virus Protection updates that seem to happen more than once a day? There's SO MUCH terminology that's similar, it's hard to recognize redundancies. mj :)
     
Loading...
Thread Status:
Not open for further replies.