Question about KB979683

Discussion in 'other security issues & news' started by bloomcounty, Apr 26, 2010.

Thread Status:
Not open for further replies.
  1. bloomcounty

    bloomcounty Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    64
    I have a question about MS Critical Update KB979683:

    This update replaced KB977165, which originally was causing BSODs, etc. due to if you had a certain form of Trojan. Then they released this "check" you could do before installing the update to see if you had the Trojan.

    But the info on KB979683 posted here states the following:

    To me, this sounds like you don't need to run that separate "check" and can just try to install the update via "Windows Updates" website (I do this "manually", i.e. go to the Windows Updates site and install the Critical Security Updates it says I need) -- and it will tell you if there is a problem and won't just automatically install the update.

    Is this correct? Am I understanding this right?

    Thanks! :thumb:
     
  2. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    The assumption is that the patch uses the same detection as the checking tool. It probably does but to be as certain as can be run both :)
     
  3. bloomcounty

    bloomcounty Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    64
    Thanks for the reply!

    Okay, dumb question time here... :)

    So running the checking tool can't do anything to your computer, can it? Can it in itself cause any problems by running it? (I'm guessing not, but with this stuff, it seems you never know!)

    Thanks again.
     
  4. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    I think tool only checks and notifies in case the file is infected and therefore incompatible with update. That is all
     
  5. HAN

    HAN Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    2,080
    Location:
    USA
    My approach was to run the patch and if a machine became a boat anchor, I knew it was rooted and needed to be cleaned up. But I had the luxury of having boot discs lying around that would allow me to fix the problem.

    That said, if you don't want to do it that way (and I can't say I blame anyone if they didn't) why not, rather than run MS's compatibility file, run a tool that scans for the TDSS root kit and if it finds it, kills and fixes the issue.

    I have used the Kaspersky tool on 2 machines and it worked great. I have also scanned PCs that were clean and all it does is leave a scan log text file after it's finished.
    http://support.kaspersky.com/faq/?qid=208280684 Once the PC is clean, it should be no problem to install the update...
     
  6. bloomcounty

    bloomcounty Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    64
    Thanks for the post. I'm always hesitant to run something else new that could potentially cause another problem. I'll keep this in mind if the MS tool actually finds something though. No harm in running the MS tool first, right? If it finds something, then I could always run that tool you're talking about. Or is there some reason not to run the MS compatibility file?
     
  7. HAN

    HAN Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    2,080
    Location:
    USA
    No, I don't believe there would be any negative issue. But as I said, (IMO) why waste the time. Run the Kaspersky tool and you're good either way. It tests the atapi.sys and if it's rooted, it will tell you, fix it and have you reboot. If not, it will tell you that and do nothing more. But the choice is yours... ;)
     
  8. bloomcounty

    bloomcounty Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    64
    Cool. Thanks!
     
Loading...
Thread Status:
Not open for further replies.