Vista SP2 and virus alerts - any ideas?

[zekimurad]

I recently tried to update Vista through windows update but it failed.
I got 2 Trojan Heuristic virus messages from Bullguard during the update and
then the failure. ANY help on this?

The Bullguard log indicates the following:
2009/05/27 21:44:29 |
C:\Windows\winsxs\Temp\PendingRenames\56ecb77ec0dec901c418000074101401.x86_microsoft-windows-s..ive-blackbox-driver_31bf3856ad364e35_6.0.6002.18005_none_0b5dfb3fa4f88147_spsys.sys_95b9c9e3
[BLOCKED] [process: 4212.C:\Windows\servicing\TrustedInstaller.exe] [user:
N/A] [virus: Gen:Trojan.Heur.9242BD4242] [op: CLOSE]
2009/05/27 21:44:29 |
C:\Windows\WinSxS\Temp\PendingRenames\56ecb77ec0dec901c418000074101401.x86_microsoft-windows-s..ive-blackbox-driver_31bf3856ad364e35_6.0.6002.18005_none_0b5dfb3fa4f88147_spsys.sys_95b9c9e3
[AUTO BLOCKED] [process: 4212.C:\Windows\servicing\TrustedInstaller.exe]
[user: N/A] [op: OPEN]
2009/05/27 21:44:29 |
C:\Windows\WinSxS\Temp\PendingRenames\56ecb77ec0dec901c418000074101401.x86_microsoft-windows-s..ive-blackbox-driver_31bf3856ad364e35_6.0.6002.18005_none_0b5dfb3fa4f88147_spsys.sys_95b9c9e3
[AUTO BLOCKED] [process: 4212.C:\Windows\servicing\TrustedInstaller.exe]
[user: N/A] [op: OPEN]

Cheers,
Zeki

 

[Mike Brannigan]

I recently tried to update Vista through windows update but it failed.
I got 2 Trojan Heuristic virus messages from Bullguard during the update
and
then the failure. ANY help on this?

The Bullguard log indicates the following:
2009/05/27 21:44:29 |

<snip>

There are no virus' in the packages to be downloaded from the Microsoft
website.
Any reading you receive are false positives.
You are recommended to disable all AV and Antimalware software before
installing SP2
--
Mike Brannigan

I recently tried to update Vista through windows update but it failed.
I got 2 Trojan Heuristic virus messages from Bullguard during the update
and
then the failure. ANY help on this?

The Bullguard log indicates the following:
2009/05/27 21:44:29 |
C:\Windows\winsxs\Temp\PendingRenames\56ecb77ec0dec901c418000074101401.x86_microsoft-windows-s..ive-blackbox-driver_31bf3856ad364e35_6.0.6002.18005_none_0b5dfb3fa4f88147_spsys.sys_95b9c9e3
[BLOCKED] [process: 4212.C:\Windows\servicing\TrustedInstaller.exe] [user:
N/A] [virus: Gen:Trojan.Heur.9242BD4242] [op: CLOSE]
2009/05/27 21:44:29 |
C:\Windows\WinSxS\Temp\PendingRenames\56ecb77ec0dec901c418000074101401.x86_microsoft-windows-s..ive-blackbox-driver_31bf3856ad364e35_6.0.6002.18005_none_0b5dfb3fa4f88147_spsys.sys_95b9c9e3
[AUTO BLOCKED] [process: 4212.C:\Windows\servicing\TrustedInstaller.exe]
[user: N/A] [op: OPEN]
2009/05/27 21:44:29 |
C:\Windows\WinSxS\Temp\PendingRenames\56ecb77ec0dec901c418000074101401.x86_microsoft-windows-s..ive-blackbox-driver_31bf3856ad364e35_6.0.6002.18005_none_0b5dfb3fa4f88147_spsys.sys_95b9c9e3
[AUTO BLOCKED] [process: 4212.C:\Windows\servicing\TrustedInstaller.exe]
[user: N/A] [op: OPEN]

Cheers,
Zeki

 

[zekimurad]

I wasn't asked to disable my anti virus and it's not too useful to do so for
any length of time whilst broadband connect remains open during the install.
Even now after 30 minutes since the failure I get pop up windows from
Bullguard telling me about the stopping of the malware - at east 30 so far. I
can't believe that that is supposed to be happening.
I am waiting for Bullguard to give me confirmation of a false positive -
then I might deactivate the AV and retry updating but I not happy that I have
to do that to get an update.
Many thanks.

I recently tried to update Vista through windows update but it failed.
I got 2 Trojan Heuristic virus messages from Bullguard during the update
and
then the failure. ANY help on this?

The Bullguard log indicates the following:
2009/05/27 21:44:29 |

<snip>

There are no virus' in the packages to be downloaded from the Microsoft
website.
Any reading you receive are false positives.
You are recommended to disable all AV and Antimalware software before
installing SP2
--
Mike Brannigan

I recently tried to update Vista through windows update but it failed.
I got 2 Trojan Heuristic virus messages from Bullguard during the update
and
then the failure. ANY help on this?

The Bullguard log indicates the following:
2009/05/27 21:44:29 |
C:\Windows\winsxs\Temp\PendingRenames\56ecb77ec0dec901c418000074101401.x86_microsoft-windows-s..ive-blackbox-driver_31bf3856ad364e35_6.0.6002.18005_none_0b5dfb3fa4f88147_spsys.sys_95b9c9e3
[BLOCKED] [process: 4212.C:\Windows\servicing\TrustedInstaller.exe] [user:
N/A] [virus: Gen:Trojan.Heur.9242BD4242] [op: CLOSE]
2009/05/27 21:44:29 |
C:\Windows\WinSxS\Temp\PendingRenames\56ecb77ec0dec901c418000074101401.x86_microsoft-windows-s..ive-blackbox-driver_31bf3856ad364e35_6.0.6002.18005_none_0b5dfb3fa4f88147_spsys.sys_95b9c9e3
[AUTO BLOCKED] [process: 4212.C:\Windows\servicing\TrustedInstaller.exe]
[user: N/A] [op: OPEN]
2009/05/27 21:44:29 |
C:\Windows\WinSxS\Temp\PendingRenames\56ecb77ec0dec901c418000074101401.x86_microsoft-windows-s..ive-blackbox-driver_31bf3856ad364e35_6.0.6002.18005_none_0b5dfb3fa4f88147_spsys.sys_95b9c9e3
[AUTO BLOCKED] [process: 4212.C:\Windows\servicing\TrustedInstaller.exe]
[user: N/A] [op: OPEN]

Cheers,
Zeki

 

[Mike Brannigan]

I wasn't asked to disable my anti virus and it's not too useful to do so
for
any length of time whilst broadband connect remains open during the
install.
Even now after 30 minutes since the failure I get pop up windows from
Bullguard telling me about the stopping of the malware - at east 30 so
far. I
can't believe that that is supposed to be happening.
I am waiting for Bullguard to give me confirmation of a false positive -
then I might deactivate the AV and retry updating but I not happy that I
have
to do that to get an update.
Many thanks.

If you downloaded the package from Microsoft.com - it is clean.
As regards the ability of Bullguard to correctly identify virus signatures
that is unfortunately an issue for them.
Other users with other AV products have not reports these false positives
(my systems are running either Avast - no reports or Forefront - again no
reports).
The issue clearly lies with either you source for download (if not
Microsoft's site) or your AV vendor and their product.
--
Mike Brannigan

I wasn't asked to disable my anti virus and it's not too useful to do so
for
any length of time whilst broadband connect remains open during the
install.
Even now after 30 minutes since the failure I get pop up windows from
Bullguard telling me about the stopping of the malware - at east 30 so
far. I
can't believe that that is supposed to be happening.
I am waiting for Bullguard to give me confirmation of a false positive -
then I might deactivate the AV and retry updating but I not happy that I
have
to do that to get an update.
Many thanks.

I recently tried to update Vista through windows update but it failed.
I got 2 Trojan Heuristic virus messages from Bullguard during the
update
and
then the failure. ANY help on this?

The Bullguard log indicates the following:
2009/05/27 21:44:29 |

<snip>

There are no virus' in the packages to be downloaded from the Microsoft
website.
Any reading you receive are false positives.
You are recommended to disable all AV and Antimalware software before
installing SP2
--
Mike Brannigan

I recently tried to update Vista through windows update but it failed.
I got 2 Trojan Heuristic virus messages from Bullguard during the
update
and
then the failure. ANY help on this?

The Bullguard log indicates the following:
2009/05/27 21:44:29 |
C:\Windows\winsxs\Temp\PendingRenames\56ecb77ec0dec901c418000074101401.x86_microsoft-windows-s..ive-blackbox-driver_31bf3856ad364e35_6.0.6002.18005_none_0b5dfb3fa4f88147_spsys.sys_95b9c9e3
[BLOCKED] [process: 4212.C:\Windows\servicing\TrustedInstaller.exe]
[user:
N/A] [virus: Gen:Trojan.Heur.9242BD4242] [op: CLOSE]
2009/05/27 21:44:29 |
C:\Windows\WinSxS\Temp\PendingRenames\56ecb77ec0dec901c418000074101401.x86_microsoft-windows-s..ive-blackbox-driver_31bf3856ad364e35_6.0.6002.18005_none_0b5dfb3fa4f88147_spsys.sys_95b9c9e3
[AUTO BLOCKED] [process:
4212.C:\Windows\servicing\TrustedInstaller.exe]
[user: N/A] [op: OPEN]
2009/05/27 21:44:29 |
C:\Windows\WinSxS\Temp\PendingRenames\56ecb77ec0dec901c418000074101401.x86_microsoft-windows-s..ive-blackbox-driver_31bf3856ad364e35_6.0.6002.18005_none_0b5dfb3fa4f88147_spsys.sys_95b9c9e3
[AUTO BLOCKED] [process:
4212.C:\Windows\servicing\TrustedInstaller.exe]
[user: N/A] [op: OPEN]

Cheers,
Zeki

 

[Malke]

If you downloaded the package from Microsoft.com - it is clean.
As regards the ability of Bullguard to correctly identify virus signatures
that is unfortunately an issue for them.
Other users with other AV products have not reports these false positives
(my systems are running either Avast - no reports or Forefront - again no
reports).
The issue clearly lies with either you source for download (if not
Microsoft's site) or your AV vendor and their product.

And just to add to Mr. Brannigan's excellent advice - if you are connected
to the Internet directly to a cable/DSL modem, download the full package
from Microsoft and then disconnect the ethernet cable that goes from your
computer to your modem. If you are behind a router there is no need to do
this. Completely disable your antivirus and any other third-party
anti-malware programs. Then install SP2. If you have prepared properly, you
should have no problems. Here is an article I wrote for my clients about
preparing for SP2 which may be useful to you:

http://www.elephantboycomputers.com/page3.html#5-9-09

Malke

 

[zekimurad]

Many thanks for all of your help.
Bullguard recommended a removal of their v7 for vista product and an
installation of v8.5.
This version identified the files previously mentioned as malware and
isolated them.
Strangely enough the Microsoft updater didn't show SP2 and said it wasn't
necessary!
So all sorted out but 4 hours down the track...that's Vista and the catchup
of support programs I guess...

 

[mazorj]

And just to add to Mr. Brannigan's excellent advice - if you are
connected
to the Internet directly to a cable/DSL modem, download the full
package
from Microsoft and then disconnect the ethernet cable that goes from
your
computer to your modem. If you are behind a router there is no need
to do
this. Completely disable your antivirus and any other third-party
anti-malware programs. Then install SP2. If you have prepared
properly, you
should have no problems. ...

Just to be sure here: Once you download it, will Vista SP2 install
with no Internet connection running?

The reason I ask is because back when I switched to DSL I foolishly
followed the Verizon installation CD's advice to shut down my security
programs when it came time to go to the VZ site to finish setting up.
As soon as it was done - no more than 2 minutes - I immediately
powered down the modem and rebooted. In those 2 minutes of
unprotected time online I got zapped with malware that took a week of
work and two new security programs to eradicate.

Now, whenever I do an install that insists that I shut down the
security apps, I first ignore that and plow ahead. Most of the time
the installation works perfectly. They always tell you to turn off
security because there will be one or two security suites that don't
play well with installing their application - even though the vast
majority will work fine. IMO this is reckless and irresponsible
advice intended to ward off the handful of complaints from users of
the handful of security suites that do interfere with installation.
Everyone else is asked to go unprotected and open to attacks just for
the sake of preventing a few complaints and support requests.

If the install fails with security still running, I power off the
modem, THEN shut down the security, do the install, reload the
security stuff (the install may require a reboot, which resets the
security anyway), and then get back online. I still do this even
though I've added a router, on the assumption that absolutely nothing
can get past an unpowered modem. (If anyone knows anything to the
contrary, please let me know that my modem power-down "security
blanket" has holes in it! If need be, I'll unplug the Ethernet cable
instead.)

 

[Mike Brannigan]

Just to be sure here: Once you download it, will Vista SP2 install with
no Internet connection running?

The reason I ask is because back when I switched to DSL I foolishly
followed the Verizon installation CD's advice to shut down my security
programs when it came time to go to the VZ site to finish setting up. As
soon as it was done - no more than 2 minutes - I immediately powered down
the modem and rebooted. In those 2 minutes of unprotected time online I
got zapped with malware that took a week of work and two new security
programs to eradicate.

Now, whenever I do an install that insists that I shut down the security
apps, I first ignore that and plow ahead. Most of the time the
installation works perfectly. They always tell you to turn off security
because there will be one or two security suites that don't play well with
installing their application - even though the vast majority will work
fine. IMO this is reckless and irresponsible advice intended to ward off
the handful of complaints from users of the handful of security suites
that do interfere with installation. Everyone else is asked to go
unprotected and open to attacks just for the sake of preventing a few
complaints and support requests.

If the install fails with security still running, I power off the modem,
THEN shut down the security, do the install, reload the security stuff
(the install may require a reboot, which resets the security anyway), and
then get back online. I still do this even though I've added a router, on
the assumption that absolutely nothing can get past an unpowered modem.
(If anyone knows anything to the contrary, please let me know that my
modem power-down "security blanket" has holes in it! If need be, I'll
unplug the Ethernet cable instead.)

If you download the full standalone package from
http://technet.microsoft.com/en-us/windows/dd262148.aspx
The you can run it without an Internet connection once downloaded

 

[mazorj]

....

If you download the full standalone package from
http://technet.microsoft.com/en-us/windows/dd262148.aspx
The you can run it without an Internet connection once downloaded

Thanks much!

 

[Jim]

Just to be sure here: Once you download it, will Vista SP2 install
with no Internet connection running?

The reason I ask is because back when I switched to DSL I foolishly
followed the Verizon installation CD's advice to shut down my security
programs when it came time to go to the VZ site to finish setting up.
As soon as it was done - no more than 2 minutes - I immediately
powered down the modem and rebooted. In those 2 minutes of
unprotected time online I got zapped with malware that took a week of
work and two new security programs to eradicate.

Now, whenever I do an install that insists that I shut down the
security apps, I first ignore that and plow ahead. Most of the time
the installation works perfectly. They always tell you to turn off
security because there will be one or two security suites that don't
play well with installing their application - even though the vast
majority will work fine. IMO this is reckless and irresponsible
advice intended to ward off the handful of complaints from users of
the handful of security suites that do interfere with installation.
Everyone else is asked to go unprotected and open to attacks just for
the sake of preventing a few complaints and support requests.

If the install fails with security still running, I power off the
modem, THEN shut down the security, do the install, reload the
security stuff (the install may require a reboot, which resets the
security anyway), and then get back online. I still do this even
though I've added a router, on the assumption that absolutely nothing
can get past an unpowered modem. (If anyone knows anything to the
contrary, please let me know that my modem power-down "security
blanket" has holes in it! If need be, I'll unplug the Ethernet cable
instead.)

D/l and installed with firewall ( Comodo ) and a/v ( Avast ) both
operative .