Vista Updater D/Ling Viruses???

[Wabatuckian]

Hello,

I had to redo my laptop due to an error on my part.

After reloading Vista Home Premium, I began downloading updates.

The virus scanner kept alerting, and found 15 instances of backdoor.Win32.PcClean at various times.

Thinking this was an error on the scanner's part (Comodo), I deactivated it and tried the updater again. This only resulted in a disconnection from my home's LAN.

So I'm stalled out. I've not even got SP1 or SP2 installed as of yet.

I'm far from a newbie; I've been doing this since I was 5 and had a Trash-80. Everything checks out though, and I cannot find where I might be getting a false redirect. Everything points at MS's database, but I don't think that could be the case either.

Anyone have any bright ideas?

Thank you,

Josh

 

[Scutter01]

Average time for an unpatched Windows box on the open internet to be infected is under three minutes. Are you behind a firewall? Do you maybe have a LAN with another machine on it that might be infected? I would be astonished if Windows Update were the source. That news would be all over the tech blogs in minutes.

 

[Wabatuckian]

Average time for an unpatched Windows box on the open internet to be infected is under three minutes. Are you behind a firewall? Do you maybe have a LAN with another machine on it that might be infected? I would be astonished if Windows Update were the source. That news would be all over the tech blogs in minutes.

Hi Scutter,

I'm running Comodo firewall and Windows firewall. I used to run Zonealarm as well, but it and Comodo didn't play well with each other.

I'm also routing through Comodo's secure server, so my IP address is changed.

I disconnected the other 'puters from the LAN and it's still infecting.

This is very puzzling. I've never in my life seen anything like it.

Thanks,

Josh

 

[Scutter01]

Is it possible that your Comodo firewall software is infected? How about your Vista install disk? After you first installed Vista, what else did you install that might be an attack vector?

BTW: Your question posted to Microsoft is already showing up as the first hit in Google.

 

[Wabatuckian]

Scutter,

It was a clean install.

First thing I did was install the OS and download Comodo. I then physically turned off the wireless - no internet - after making sure Comodo was updated.

I then scanned.

I removed the bloatware, then scanned again.

It's installed way over 50 updates before this problem began.

Josh

 

[Scutter01]

What I would suggest then is to download Vista Service Pack 2 (using a different computer) and burn it to a CD. Might as well download your anti-virus and firewall software and burn those to a disc as well. Disconnect the laptop and reinstall the OS so it's in a known-clean state, and then apply SP2 before reconnecting it to the internet to run Windows Update. That will at least get you into a better state before being on the internet.

Here's the link for SP2 (x86 version)

Download details: Windows Server 2008 Service Pack 2 and Windows Vista Service Pack 2 - Five Language Standalone (KB948465)

EDIT: I *think* you have to have SP1 installed before you can install SP2. If so, here's the link to that as well:

http://www.microsoft.com/downloads/...6D-5EBB-413B-89C9-CB3D06D12674&displaylang=en

 

[Wabatuckian]

Thanks Scutter, I tried that before and the d/l buttons weren't showing up - or I was in too much of a hurry as I was fitting an EGW extractor to my 1911.

I learned something: Don't try to do both at the same time. I'm now seeing the d/l buttons and the blend on the extractor looks like hell. Too course; gonna have to go back over it with 1000 grit paper and reblue.

I'm sure I have a clean install so I'm going ahead with SP1. I'll be back when it's done installing!

Thanks,

Josh

 

[Wabatuckian]

Folks,

Ok, clean install, then SP1 crashed my network connection.

Seems to be a common problem with fixes which may or may not work. None of the fixes worked, included messing with the code or resetting the ports.

So now I'm reinstalling the bloatware DVD, then have to shoot off to work - they have transferred me to a unit in which we try to enhance memory, one of three in the state, so I'll be doing something that only a handfull of people get to do. I guess this is where situational awareness pays off in everyday life - got promoted because of it.

Anyway, I'm thinking that the viruses were false positives due to the invasive nature of some of the updates. I'm going to run Zonealarm and AVG while letting Windows Updater bring things up-to-date, then go to Comodo. There was probably a wireless fix release directly prior to the SP1 release that didn't get included in the stand-alone version.

This time around I'm backed up on my removable USB HDD. Hopefully I can save time. But it looks like it'll be Monday sometime before I'm back at 100%.

I'll try to check in from time-to-time as I'm able - my parents live just down the road and that's where I'm typing this from.

Thanks,

Josh

 

[IBTL]

Honestly, I would just sell it and buy a mac.

I heard from henktermaat, that Windows 7 doesn't get viruses.

 

[Wabatuckian]

SP1 took just fine when I let it d/l through the updater (found a workaround).

Unfortunately, I have to leave for work and won't get to play with the results.

Looks like there was a wireless card update that has to be installed first, going back through the update history. It was not available on Intel's website.

Josh (who's using this mostly as a Vista journal now, in the hopes that someone might one day find it useful)