Latest XP update aborted with virus warning

[Anthony Buckland]

I just responded to a Windows update, KB956572, by asking to
have it downloaded (no problem) and then installed (big problem,
for the first time in my memory (such as it is) an update failed
to install). Then I got an immediate virus warning concerning
wmiprvse.exe in windows\system32\dllcache
the virus is identified as backdoor.win32.agent.afqs
and was quarantined.

Are others running into this?

 

[sgopus]

you should always disable virus software when applying updates, I would
suggest it's a false positive.

 

[Anthony Buckland]

Could be, I suppose. This thing is regenerating itself: seven
copies have been quarantined so far today. If the patch
generated a file that is going to be identified as a virus,
would it really help to turn off the antivirus during the patch
and then leave the detection to be done later? And if it
were _not_ a false positive, wouldn't that leave a window
in which the virus could do harm? Anyhow, I'll see if I can
find out what the named file does for a living, and I remain
curious as to whether other people are getting the same
result.

I notice that the Windows update was a single item this
time, which leads me to wonder if it was an unusually high
priority fix. And I suppose I have to consider that the virus
detection might have occurred just after the patch as a
matter of coincidence.

 

[sgopus]

Windows update is safe as far as virus goes, messing up your system I
couldn't make a statement about, many updates have been known to cause
problems.

it's been known in the past that some windows updates have been indentified
as false positives as far as anti virus software goes, unless you got it from
a different site than microsoft I wouldn't even consider for a moment it was
a virus. I know I recently downloaded the same update, no virus for me, what
are you using for virus software?

 

[Anthony Buckland]

Yup, I trust Windows Update. I use Zone Alarm. The file
in question turns out to be an essential Windows service,
so I suppose the multiple copies represent an attempt
by Windows to regenerate a file it found was missing?
Anyway, everything else seems to be working ok, and I
can live for a while with ZA and Windows carrying on a
minor war with one another. Thanks for your prompt
replies.

 

[sgopus]

ZA has nothing to do with antivirus, it's strictly a firewall software.

 

[Ken Blake, MVP]

ZA has nothing to do with antivirus, it's strictly a firewall software.

Bear in mind that although ZA started out strictly as a firewall
program, it no longer is limited to that. ZA now has several packages
and security suites for sale, including an anti-virus program. See
http://www.zonealarm.com/security/en-us/compare-anti-virus-spyware-software.htm
or http://tinyurl.com/8xmd6f

 

[MowGreen]

Use to be, but no longer, sgopus. Check out Zone Alarm Extreme Security,
Internet Security Suite, and Zone Alarm Antivirus :
http://www.zonealarm.com/security/en-us/compare-anti-virus-spyware-software.htm

One day Checkpoint may take the time to learn how Windows updates
itself. Until such time, I would *never* recommend their "products".

It's a False Positive, Anthony. That will be the least of your concerns
when ZA knocks the system off of the net due to an issue with a Critical
Security update - From July '08:
http://www.consumingexperience.com/2008/07/cant-connect-to-internet-windows.html


MowGreen
===============
*-343-* FDNY
Never Forgotten
===============

 

[sgopus]

Thanks, falling behind I guess.

Bear in mind that although ZA started out strictly as a firewall
program, it no longer is limited to that. ZA now has several packages
and security suites for sale, including an anti-virus program. See
http://www.zonealarm.com/security/en-us/compare-anti-virus-spyware-software.htm
or http://tinyurl.com/8xmd6f

 

[Anthony Buckland]

Normally I wouldn't top-post, but this thread seems to have
gone that way ...

The problem has disappeared. After the initial seven "virus"
quarantines, no more have occurred. The XP update which
failed the first time was re-offered to me last night, and I have
successfully installed it this morning. An extra virus scan
after the installation found nothing.

Thanks for all responses. To any anti-Zone-Alarm readers
following this thread: I've used ZA as my anti-virus for several
years now, and continue to like it. Chacun a son gout.
I first encountered it as an in-store boxed security suite
package, of which its firewall is only one component.

I'm going to write this episode off as an unexplained
phenomenon. Unless it happens again ...