Jump to content
Sign in to follow this  
d0nut

Help, please. Repeated Windows update.

Recommended Posts

I am having problems with the Windows KB890307 Malicious Software Removal Tool update. I have installed it on my PC, but I keep getting repeated requests to install again. I have checked my Windows update history, and there are about seven successful installations listed. I ran Spybot, which told me I probably had a virus or malware (on screen message), but nothing has shown up.

Also, my PC is running very slowly, which makes me suspect that malware is the underlying problem.

All help appreciated.

d0nut

Edit. I am running Win. XP Pro.

Edited by d0nut

Share this post


Link to post
Share on other sites

Hey D0nut,

spybot showed problems huh?

well try this for starters>

Please download and install SUPERAntiSpyware Home Edition (free edition)

  • Load SUPERAntiSpyware and click the Check for Updates button.
  • Once the update has finished, exit SUPERAntiSpyware. Please do NOT run a scan yet!
IMPORTANT: Do NOT open any other windows or programs while SUPERAntiSpyware is scanning, it may interfere with the scanning process.
  • Open SUPERAntiSpyware and click the Scan your Computer button.
  • Check Perform Complete Scan and then click Next.
  • SUPERAntiSpyware will now scan your computer and when it’s finished it will list all the infections it has found.
  • Make sure that they all have a check next to them, and then click Next.
  • Click Finish and you will be taken back to the main interface.
  • It could be possible that it will ask you to reboot your computer in order to delete some files after reboot.
  • I'll need a log afterwards of what has been found.
  • To get the log, click Preferences and then click the Statistics/Logs tab. Click the dated log and press View Log and a text file will appear.
  • Please post the results of the SUPERAntiSpyware log in your next reply.

Lets see what it finds, post the results please.

 

Wademan

Share this post


Link to post
Share on other sites

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 08/17/2007 at 08:33 PM

 

Application Version : 3.9.1008

 

Core Rules Database Version : 3288

Trace Rules Database Version: 1299

 

Scan type : Complete Scan

Total Scan Time : 01:32:48

 

Memory items scanned : 318

Memory threats detected : 0

Registry items scanned : 6153

Registry threats detected : 0

File items scanned : 46066

File threats detected : 3

 

Adware.Tracking Cookie

C:\Documents and Settings\donut\Cookies\[email protected][1].txt

C:\Documents and Settings\donut\Cookies\[email protected][2].txt

C:\Documents and Settings\donut\Cookies\[email protected][2].txt

 

 

Thanks a lot. Here's the log. Have still got the update reminder on my task bar.

Share this post


Link to post
Share on other sites

Well SuperAntiSpyware came up clean, those 3 are just harmless tracking cookies.

 

Lots of people have problems with the Malicious Software Removal Tool , here is just one of 14 links I found quickly> http://www.intelliot.com/blog/archives/200...e-removal-tool/ Even though that link is over a year old,it gives you a basic idea. If this is still nagging you, you could use system restore, go back to Monday, the day before the updates was released.

 

Then re obtain the updates but do not select that one. It's fairly useless anyways. the Malicious Software Removal Tool was primarily

developed for those who are foolish enough to not run av or firewalls on their pc's. How do you get the updates, are they downloaded and installed automatically? I have mine set to notify me of updates then I carefully review them, and choose the ones I want or think I really need.

 

Windows updates are very important, but I remember last year I had one that really messed up one of my pc's. It was for Outlook, which I don't even have on that pc. It totally runined my Outlook Express program. Luckily I was able to use system restore and get things back. I then went to windows update site, an de-selected that update for outlook. I suggest maybe you try the same approach. Use system restore, then get updates manually and de-select the Malicious Software Removal Tool.

 

I only had you run SuperAntiSpyware, since spybot was showing a problem. What exactly did the on screen message say from Spybot?

 

You could also, after using system restore, let the windows updates notify you then de-select the Malicious Software Removal Tool. And download the other 8 updates. There should be a check box when you de-select it, that will say "dont remind me of this update again". This should make this one go away.

 

You also say your pc is running slow, so I would suggest to do as Humbluemoon advised an post a test for us from PcPitStop. Maybe it's not malware related. Test should shed some light on that.

 

Wademan

Edited by Wademan

Share this post


Link to post
Share on other sites

 

 

I only had you run SuperAntiSpyware, since spybot was showing a problem. What exactly did the on screen message say from Spybot?

 

You could also, after using system restore, let the windows updates notify you then de-select the Malicious Software Removal Tool. And download the other 8 updates. There should be a check box when you de-select it, that will say "dont remind me of this update again". This should make this one go away.

 

You also say your pc is running slow, so I would suggest to do as Humbluemoon advised an post a test for us from PcPitStop. Maybe it's not malware related. Test should shed some light on that.

 

Wademan

 

Thanks, folks! Sorry I could not reply earlier. Wademan, the Spybot message said something to the effect that there had been changes to Spybot itself, and as it did not normally make such changes, that I should run a malware test immediately. I did, but nothing showed up. I did a system restore earlier, and now my PC is running a lot faster. However, I still have the pesky update symbol on my task bar, so I will run through the other suggestions later today. This has driven me mad, but I feel as though some progress is being made now :)

I'll do a Pitstop check, try Jacee's link, etc. and get back to you all later. Sooooo glad this site is here!

Thanks again.

d0nut

Just remembered. This problem seems to have started after I had a Komodo warning about a suspect file, mrtstub.exe. Just had the warning again. Is this significant?

Edited by d0nut

Share this post


Link to post
Share on other sites

Data fragmentation 51%....ouch I'm surprised your machine even boots up.

 

I cannot find Windows KB890307 listed in your installed software, but I guess not all packages are listed there.

Are you sure it's showing as having installed 7 times?

 

Getting those uncached speeds up on drive C would speed you up as well.

Share this post


Link to post
Share on other sites

Well here is what the mrtstub.exe , it's a part of the Malicious Software Removal Tool. It is responsible

for copying mrt.exe to the correct location and launching it.

 

Also, when the tool is installed via Windows Update, mrtstub.exe is

responsible for patching the previous version of mrt.exe (if any) on your

computer. This uses a much smaller "delta" binary file instead of requiring

that you download the full mrt.exe. This reduces the download size and

consumes less bandwidth. ( http://www.microsoft.com/communities/newsg...4eee208&p=1 ) they also advise trying to update it manually, as I said an Jacee has said.

 

You have 51% defragmentation, your need to defrag the hard drive asap . And follow the "tips under "test details" in your test.

 

And to secure your pc better, Your Java Runtime Environment is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

 

Updating Java:

  • Download the latest version of Java Runtime Environment (JRE) 6u2.
  • Scroll down to where it says "Java Runtime Enviroinment (JRE) 6u2, The Java SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation, Multi-language and save it to your desktop (13.16 MB).
  • Close any programs you may have running - especially any web browsers.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u2-windows-i586-p.exe to install the newest version.
Hope this helps you some more..

Wademan

Share this post


Link to post
Share on other sites

Hello and thanks again. Yes, I looked it up, and sure enough there were about seven installations with a green tick at the side of them. I'll check again later, but I have to leave, now.

Back in about 9 hours.

Cheers.

d0nut

Share this post


Link to post
Share on other sites

Those are most likely the previous ones, each month its updated. Also, when the tool is installed via Windows Update, mrtstub.exe is

responsible for patching the previous version of mrt.exe (if any) on your

computer. This uses a much smaller "delta" binary file instead of requiring

that you download the full mrt.exe. This reduces the download size and

consumes less bandwidth.

 

I would try what me an Jacee advised, an please defragment an the other suggestions I posted for you. Should help.

 

Wademan

Share this post


Link to post
Share on other sites

Sorry, Wademan, missed your post. Fragmentation of HD is only 1% if I read correctly. I defrag every couple of days (two days ago, in fact). It's just that I do a lot of document editing for my website which fragments the HD pretty quickly.

Have to make this short, as I have to go out now.

Back later.

Cheers.

d0nut

Share this post


Link to post
Share on other sites

Ok, well here is from your test> Data fragmentation 51%

File fragmentation 1%

Uncached speed 18 MB/s (62%) 30 MB/s (103%)

 

Data fragmentation is very high. :unsure: Sure is what the test shows. Well, try other suggestions too. See you later, since you have to run.. :)

Wademan

Share this post


Link to post
Share on other sites

Back again. Just had another look at my update history, and it definitely shows TEN successful installations of the same malware tool over the last couple of days. You can take a look at a screen grab here http://www.artus-fh.co.uk/source/Screen%20Grab.html (I hope!)

 

 

I still have the update sitting on my taskbar. :angry: Apparently, this is not an uncommon problem.

Edited by d0nut

Share this post


Link to post
Share on other sites

Can't you click on the windows update, and then Uncheck the darn thing? then it should pop with option" don't remind me of this update again", and check that. At least that is how it is on most pc's, sure is on mine.. :hammer:

Wademan

Share this post


Link to post
Share on other sites

Turn that piece of carp auto update off.

Pick a day or two a week to do scans updates etc. and control what programs use your p.c

and internet(><).

 

 

 

I like to update here if it's a microsloth system.

I just don't let microsoft scan me or use more of my machine than I do, If I can

help it. (see quote below)

Edited by Humbluemoon

Share this post


Link to post
Share on other sites

Well, it has just installed itself again. The "restart now/later" dialogue box came up and I stopped the reboot, but it will be back. I have done all sorts to stop it, but it is still there. I am going to google to see what more I can find out about it. This is driving me to distraction. Why does it install without my authorization? Would a Hijack This scan help?

Share this post


Link to post
Share on other sites

This is driving me to distraction. Why does it install without my authorization?

 

Ummm.....cause auto update is running?????? :blink:

 

Theres a patch for the patch and the patch and the patch and the patch............................. :hammer:

Edited by Humbluemoon

Share this post


Link to post
Share on other sites

Ummm.....cause auto update is running?????? :blink:

 

Theres a patch for the patch and the patch and the patch and the patch............................. :hammer:

 

I have now turned off Auto update and the balloon reminders. Hopefully, I can get on with some work, now. Still have to accept this last one when I reboot........................... :( I shall reboot now and see how it goes on.

Share this post


Link to post
Share on other sites

Well, there's my defrag. http://www.artus-fh.co.uk/source/Screen%20Grab.html As I said earlier, I defrag every couple of days, so I didn't think it could be that bad. Only took 5 minutes. How does IE cache affect my Firefox browser? And what bearing will this have on the problem of the recurring MS update? Surely, Micro-soft must be aware of this issue?

I have spent literally hours on this. Might finish up reformatting.

Share this post


Link to post
Share on other sites

Well, there's my defrag. http://www.artus-fh.co.uk/source/Screen%20Grab.html Might finish up reformatting.

 

 

 

Well thats a bit extreme. So you have been in your Admin Services and turned auto update to manual...correct? If so then we must next see what other services are running and allowing this particular update to continue to run.

Are you defragging in user mode or safe mode? It's unrelated to the update problem but "Is"

part of the overall problem with your machine.

Edited by Humbluemoon

Share this post


Link to post
Share on other sites

 

Are you defragging in user mode or safe mode? It's unrelated to the update problem but "Is"

part of the overall problem with your machine.

 

Hello, again. I'm defragging in normal user mode using Auslogics defrag. I've reduced the size of my Firefox and IE browser cache and my PC speed is now pretty good. I'm going to run another test, later, and post the results.

Share this post


Link to post
Share on other sites

Maybe try defragging in safe mode. Then run another PcPitStop test for us,. It's odd that several are having this 50% fragmentation, according with the PcPitStop test. If it was really 50% + defragmented, PC would be super slow, it would be even hard to boot up. And of course many are having this crazy windows update problem that you have. :hammer:

 

Wademan

Edited by Wademan

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

×
×
  • Create New...