Re: Updates from the future?
- From: Gruff the Elder <GrufftheElder@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 10 Feb 2009 10:48:01 -0800
This is Win XP Pro sp3.
To answer PA Bear, it has McAfee VirusScan Enterprise 7.1, currently
up-to-date MalwareBytes AntiMalware, Spybot S&D, and SuperAntiSpyware, also
up-to-date.
However ... this laptop was given to me to clean from some fairly unpleasant
malware infestations. After multiple scans with the above apps in both
normal mode and safe mode, as well as a review of the HJT log in an
appropriate forum (with a few additional scans performed at the request of
the reviewer), I'm satisfied that it's now clean.
To answer Freudi, I'm not aware of any messing around with the date/time,
but (a) it's not my machine and (b) the malware certainly could have messed
things up.
KB958644 *is* installed. According to Add/Remove Programs, a large number
of updates (including KB958644) were installed on 12/25/08. This seems to be
approximately when the malware also was installed. At least I was given the
laptop to clean shortly thereafter (some Xmas present!).
Windows Update History says Windows Update Agent 7.2.6001.784 installed
10/5/09
Update History also says the following 7 updates were installed 8/20/09:
KB952954
KB946648
KB953839
KB950974
KB951072
KB952287
KB951066
According to Add/Remove Programs, however, all but 2 of those updates were
installed on 12/25/08. Thus, the date info in the Windows Update catalog
appears to be different from the date info in the registry (which is where, I
assume, Add/Remove looks). I confirmed the the verification subkeys for
those 5 updates did have 12/25/08 for the install date.
The 2 updates with the "bad" update dates are KB953839 and KB951072 (which
shows as KB951072-v2 in the registry).
I looked in the Sec bulletin for KB953839, but I didn't see any file
information, possibly because this update was for ActiveX Killbits. In any
case, the subkey verification in the laptop's registry shows *no* files for
this update.
I similarly couldn't find the file info for KB951072 (there was no reference
I saw to a security bulletin, probably because this update wasn't a security
matter), but the registry shows tzchange.exe with a build date 7/14/08 in
Windows\System32. I don't know if the fact that this was a cumulative
timezone update relates to the issue or is only a coincidence.
"MowGreen [MVP]" wrote:
Which edition of Windows is this ? Sounds like it's XP..
You can always confirm that the updates in question installed properly
by opening Add/Remove Program, make sure the 'Show updates' box is
checked, and then see if they are listed under 'Windows XP - Softare
Updates'.
Then go to the KB article of said updates and check the Registry subkey
verification. The file listings for updates released last August are
shown on the Security bulletin pages.
Updates release *later that year*, such as October, will have the files
listed on the KB article page BUT the Registry subkey verification will
show on the Security bulletin page.
Simple, eh ? <w>
EX: KB953839 was an August update:
Microsoft Security Advisory: Cumulative security update for ActiveX
http://support.microsoft.com/kb/953839
The Registry subkey verification is on the KB article page.
The files are listed in the Sec bulletin:
http://www.microsoft.com/technet/security/advisory/953839.mspx
Not sure what update was installed October 5th, but it would appear to
be one released in September.
Whatever you do, *make sure* that KB958644 is installed as there is a
worm going around that takes advantage of the vulnerability that the
update addresses: http://support.microsoft.com/kb/958644
The Security bulletin discusses the vulnerability, has links to download
the update that helps mitigate it, and shows the Registry subkey
verification:
http://www.microsoft.com/technet/security/bulletin/MS08-067.mspx
If the date shown on Windows Update for Update History is incorrect then
it's possible that the updates in question were installed when the
system's date was incorrect. Not likely as the updates should, note the
word should, not install when the system's date or time are way off the
mark.
MowGreen [MVP 2003-2009]
===============
*-343-* FDNY
Never Forgotten
===============
Gruff the Elder wrote:
I have a laptop that isn't used regularly, so when I fired it up today, I
decided to go to Windows Update to see what I had missed. I was a little
surprised when WU said there were no updates available, so I looked in Update
History. I found that I had used the laptop more recently than I had
thought, because the updates from January's patch Tuesday were there.
However, in the Update History display, before the updates from January, are
a bunch of updates dated August 20, 2009 and one from October 5, 2009. I
checked some of the update descriptions and they are in fact from last August
(not this coming August).
Will there be any problem caused by these incorrect dates, or should I just
ignore them?
- Follow-Ups:
- Re: Updates from the future?
- From: PA Bear [MS MVP]
- Re: Updates from the future?
- From: Gruff the Elder
- Re: Updates from the future?
- References:
- Updates from the future?
- From: Gruff the Elder
- Re: Updates from the future?
- From: MowGreen [MVP]
- Updates from the future?
- Prev by Date: cant up date
- Next by Date: Re: Updates from the future?
- Previous by thread: Re: Updates from the future?
- Next by thread: Re: Updates from the future?
- Index(es):
Relevant Pages
|
