Malicious Software / KB955069

[Dave]

Hi Windows XP will not run the Malicious software tool nor will it install
succesfully the update KB955069. It shows in ADD/REMOVE as installed but
updates still wants to install along with the Malicious Software Removal
tool. Also the pc is continually changing the services.msc file back to not
to allowing automatic updates.

Any ideas on how to fix and do a successful Malicious Scan?

 

[PA Bear [MS MVP]]

There's a very strong possibility that you have a Vundo infection, which is
usually accompanied by ZLOB and/or SDBot infections, all of which are
protected by a rootkit.

1. See if you can download/run the MSRT manually:
http://www.microsoft.com/security/malwareremove/default.mspx

2. Run this online scan (in safe mode w/networking, if need be):
http://onecare.live.com/site/en-us/center/howsafe.htm

3. Run additional checks for hijackware, including posting your hijackthis
log to an appropriate forum.

Checking for/Help with Hijackware
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://aumha.net/viewtopic.php?t=5878
http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://defendingyourmachine2.blogspot.com/
http://www.elephantboycomputers.com/page2.html#Removing_Malware

When all else fails, HijackThis v2.0.2
(http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use (in
conjuction with some other utilities). HijackThis will NOT fix anything on
its own, but it will help you to both identify and remove any
hijackware/spyware with assistance from an expert. **Post your log to
http://spywarehammer.com/simplemachinesforum/index.php?board=10.0,
http://forums.spybot.info/forumdisplay.php?f=22,
http://aumha.net/viewforum.php?f=30, or another appropriate forum for review
by an expert in such matters, not here.**

If the procedures look too complex - and there is no shame in admitting this
isn't your cup of tea - take the machine to a local, reputable and
independent (i.e., not BigBoxStoreUSA) computer repair shop.

 

[Andrew E.]

Malicious software removal utility has & is 890830,even though its been
out for a couple of years,the number has never changed.955069 is an update
for XML.Either way,try install them by themselves instead of update,get them
at:http://www.microsoft.com/technet/security/current.aspx
Get the malicous software
at:http://www.microsoft.com/security/malwareremove/default.mspx

 

[Dave]

Hi.

I downloaded the Malicious software tool manually and ran it but it just
doesnt run.
The pc that has the infections on prevously had an inferior antivirus
package on, so have upgraded it to Norton 2009. Norton has on manual scan
found nothing but comes up on real time protection blocking a number of
attacks.

Internet explorer is creating on occasion new windows with adverts.

Is there way to force the Malicious software removal to run?

OH, I downloaded the Vundo removal tool from symantec and it found 2 files,
however issues still as is.(i did turn off system restore first)

Will attempt the Live One Care online scan.

 

[Keith_Hailey]

You should have done as Pa Bear said. You have to clean it BEFORE you
install Norton or any other AV. Rootkits already installed keep an eye on
what you, and your AV software, are doing and Norton will never be able to
uninstall it on it's own. It'll just keep popping up and coming back and
after a few messages back to it's originator, could even attack, cripple or
even fully remove your Norton installation.

I don't know that the shops in your area charge. We run a flat rate on
removal of $75 and $87.50 for an "Erase & Reload". I live in a small town in
a rural area, so our prices are more inline with the reality of the local
economy. Some times we make money, some times we lose. It all balances out
though.

Keth

 

[PA Bear [MS MVP]]

[X-post to Security Home Users newsgroup]

I downloaded the Malicious software tool manually and ran it but it just
doesnt run.

Skip to Steps #2 *and* #3.

The pc that has the infections on prevously had an inferior antivirus
package on, so have upgraded it to Norton 2009...

Too late now! And chances are that Norton [whatever] 2009 wouldn't have
saved your a** in the first place if it were working properly.