Q810217 critical update released for IE?

I don't know what to think about this update that I downloaded/installed via windows update. I received an error message shortly after having to do with installshield and sent error report off. Anyone know what the deal is with this update? Some sites say that it was a mistake released that shouldn't have been available and Microsoft isn't sure why it was released as there was a November update released to deal with the same problem as this one. Any insights out there?

 

Here's the scoop about this update which seems to pertain only to XP:

http://msn.com.com/2100-1105_2-5120304.html?part=msn&subj=ns_2543&tag=mymsn

 

Has anyone heard of any negative consumer effects from that update, which I downloaded yesterday? On the Ad-Aware scan I did right after the update, it found and quarantined an item with the comment that it is "Possible virus infection, REG file extension compromised." It wasn't there the night before when scanned. What I read in the link doesn't sound like anyone sees a problem.

On a gut feeling, I scanned after the next time I booted following the first reboot from the download. I don't tend to get urges to check for something reloading after Ad Aware fixes it, but it was a valid hunch. I found it. I explored until I got to my current 7 copies in quarantine. It returns when the computer boots, and never yet without rebooting. It's listed in the Quarantine Logs as being in WINDOWS, then
"obj BRACKET 0 BRACKET =RegData : regfile\shell\open\command" and I tried to use exact spacing EXCEPT for where I couldn't use the bracket symbols and have it display correctly.

Does anyone know if it's really doing any harm as long as I turn if off right away with the Ad Aware scan? Would also be great to see any input on whether it came with the "critical update," and what it might be. I scanned healthy less than 24 hrs. prior. SpyBot & NAV are both current and both oblivious. The "thing" I now have 7 copies of is 457 bytes each. Any info at all will put me ahead of where I am, now.

I tried to ask these questions at the Lavasoft forum...along with the biggie about how to get rid of it for good, whatever it is...but the board wouldn't permit me to post anywhere, despite being registered, confirmed, logged in, and with sigature and avatar set up. mj

 

Hi jayzzz,

At the LavaSoft forums they probably would have pointed you here:
http://www.lavasoftsupport.com/index.php?showtopic=12156

I already had that on my Ignore list, so I can't be sure if it has anything to do with this update.

Regards,

Pieter

 

So even though it appeared suddenly, it is okay, you're saying? I will go into Ad-Aware and make it the first entry in my Ignore List.

Thank you for your time and attention.

mj

 

Hi jayzzz,

Could you please do this:

Start > Run > type or copy&paste regedit /e regkey.txt "HKEY_CLASSES_ROOT\regfile\shell\open\command" > OK

It will make a file called regkey.txt in the C: directory (unless your active partition is not C. Could you post the content of that file?

Regards,

Pieter

 

Here it is, Pieter:

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\regfile\shell\open\command]
@="C:\\Program Files\\Script Sentry\\ScriptSentry.exe \"%1\" %*"

Please let me know if I don't have Script Sentry deliberately?

[hr]

Might it be relevant that the cachedll (dllcache?) file in the system32 folder is listed in red text, while all the other files on its level are black text?

Thank you.

mj

 

Hi jayzzz,

That is a perfectly normal entry if you have ScriptSentry installed, but it should have showed up in your AdAware scans before.
There is no relation to this update as far as I can see.

Regards,

Pieter

 

I found that I do have Script Sentry, but the item has never showed up in a log of mine before, including those done immediately after my most recent destructive recovery on Nov. 27, until this past Wednesday, 12/10/03. I'll check through some papers in the morning to see if Script Sentry was there before this recovery...I don't remember seeing it.

This latest recovery didn't return the computer to OEM OR to where it was after the first recovery on Aug. 27th. I somehow even got a different fax program than I had after the Aug. 27th process. Seemed a neat trick since the cds used were the same!

mj

 

Hello,jayzzz & Welcome

Yes you will be fine if you add that file
to the Ignore-list but that's if you did
install ScriptSentry

Good luck

Hi,Pieter

 

Thank you, Rojas. I don't remember installing Script Sentry OR seeing it in this machine's program list before last night when I looked for it, so I have to check into that. If it did not come with XPHome by default or with the Micro$oft Works Suite, how it got there is a mystery to me at this point. Your "but....." above makes me wonder what you're getting at.

I just checked the properties, and it was created when I installed the latest "mistake" critical upgrade...late in the morning on Dec. 10, '03! So it WASN'T, apparently, present previously to trigger the Ad-Aware scan. It's time for me to find out exactly what Script Sentry DOES. mj

 

Hi jayzzz,

ScriptSentry is a perfectly trustworthy program.
It can be downloaded here: http://www.jasons-toolbox.com/scriptsentry.asp
You will alos find a description of what it does there.

I think quite a few here use and trust it, so it is a real mystery, that you are unaware of ever installing it.

Regards,

Pieter

 

I have WinXp & this patch mentioned has been automatically installed. I have absolutely no problems with my computer as a result - all security scans come up clean. ..... soooooo
My penny's worth: I think you may have a VBS Scripting Worm - go to Symantec and type in the search for viruses & worms "Bracket O Bracket".

 

Pieter, I WAS looking at the toolbox site that morning, so while I don't know how it got installed, it was probably not done behind my back...more likely due to my ignorance and something I clicked on. Will read description, and if sounds like overkill for the places I go on-line, I'll uninstall the program. If not, will keep and use...and add to that "Ignore List" in AdAware.

Thanks, Peaches...wouldn't my NAV have caught it, if it was that kind of thing?

Especially with now knowing what site it came from, I'm thinking my WinPatrol, IESPYAD and Enough is Enough, along with SpywareBlaster & Kerio should've protected me from anything malicious. My memory isn't my best personal attribute, so I probably clicked okay when WinPatrol flagged it...have a VERY VAGUE sense that may have happened.

mj

 

I have found NAV to let stuff in even with updates. Remember NAV would only update weekly whereas AVG & some other scanners would update as soon as a new virus was out there. NAV is not 100% - there is always an element of missing as with any AV program. Costs nothing to give it a look at Symantec and see what you think if it applies to you. Costs nothing to do an outside online scan like with Panda. If that area proves okay, then you know you have done something that you have to find out what it was. Just my humble thoughts on the subject.

 

Thanks, Peaches. You're right, of course, and I've got only peace of mind to gain by using one of the scans you mention.

I try to manually check for NAV updates every day, and it scans on auto-pilot once a day as a separate pre-scheduled thing. Still, like birth control pills, there are no 100% guarantees.

Will plan on doing it before shutting down for the night and appreciate the nudge.

mj

 

Jayzzz - I note that you have WinXp - have you tried to do a System Restore to a date prior to your problem? It may be your simplest solution. ?

Also, if you go ahead with an outside scan you should disable System Restore in the event a nasty is hiding there. System Restore cannot be scanned when it is enabled. Something else for you to think about.

 

It seems that I don't have the type of problem it appeared it could be at first, based on what Pieter said and the link he provided.

Another friend, more knowledgeable than I am, has always advised me that using System Restore should be a last resort, generally.

I think at this point I probably have more to lose by giving up the restore points to run an outside scan than I would gain in peace of mind from its outcome. Thanks for the food for thought, Peaches; that is always appreciated. mj

 

You know that you can download updates for NAV every day LiveUpdate only works on Wednesday and sometimes a different day if there is a major problem that needs to be released sooner than Wednesday. It does take a while to download what you need from Symantec to cover NAV as the file includes numerous updates for numersous symantec programs.

 

Sure would be grateful for a link that goes to something other than the Live Update feature, then, if you have it. I didn't know that. I can't seem to find anything but Live Updates on my own, or site fields that don't want to work, even when put site in Trusted Zone.
mj

 

Hi jayzzz,

Choose your language here: http://www.symantec.com/avcenter/defs.download.html
and you will be taken to a page where you will find a downloadlink as shown below. Download the exe and run it.

HTH,

Pieter

 

Pieter beat me to it and did a fine job



Wanted to add that I always chose open rather than save when downloading. Don't have to clean anything up that way.

 

I personally would rather have peace of mind & turn off SR to do a scan than scratch my head wondering what I can do to solve the problem.... here is why .......

About Restore Points:
System Restore works by taking snapshots of your operating system. In fact, your copy of WinXP has been creating these memorized snapshots, called "restore points" ever since you've been running it. When the worst comes to pass, and your PC starts acting up, you can use the System Restore calendar to rewind your machine to its configuration the last time you remember it working well.

WinXP automatically creates landing points for your PC time machine at the following times:

* The first time you boot up WinXP
* Every 10 hrs. of operation.
* After every 24 hrs. of real-world time [unless your PC is turned off all day; then you get a restore point the next ime it is turned on.]
* Every time you install a new program [provided it uses a recent version of the Microsoft Windows Installer or InstallShield.]
* Every time the Automatic Update feature updates a component of your operating system.
* Whenever you feel like it - such as just before you install some new component . [To create one of these manual checkpoints, choose Start, Help and Support. Click "Undo changes to your computer with System Restore". On the next screen, click "create a restore point," and then click Next; name your new checkpoint and click OK.

Note: When your hard drive is running low on space, System Restore turns off automatically, without notice. It turns itself back on when you free up some space. Fortunately, you can control exactly how much disk space is dedicated to this function - or turn the function off entirely. Note that turning off System Restore, even momentarily, wipes out all existing restore points.

Windows XP automatically begins deleting restore points after 90 days [or when it is running out of disk space] - as well as any chance of rewinding your system back that far. That's also why the System Restore feature stops working if your hard drive is very full. AND that is why you should run the System Restore feature promptly when your PC acts strangely.

 

What about just removing the hotfix if it causes problems? They are available in add/remove programs in XP aren't they? I may be somewhat confused here as the subject matter has a few differen avenues. Please straighten me out if I've misunderstood.

Nevermind, I reread everything and you're talking about disabling SR to do a scan because it can't be scanned while it is running. I agree if there is reason to think that you've got a bug. That's about all I got to say about that. LOL

 

Pretender & Pieter--
FYI, I finally got to and figured out the Intelligent Update feature. It seemed to be leading me around in circles until I realized I wasn't scrolling the page down far enough to get to the actual download. Does Intelligent Update have the same items or different ones than the Virus Protection updates that seem to happen more than once a day? There's SO MUCH terminology that's similar, it's hard to recognize redundancies. mj