|
 |  |  |  |  |  |  |
| Welcome to Windows Vista Forums. Our forum is dedicated to helping you find solutions with any problems, errors or issues you are experiencing with Windows Vista. The Vista forum also covers news and updates and has an extensive Windows Vista tutorial section that covers a wide range of tips and tricks. |
| |||||||
 |
| |
05-27-2009
| #1 (permalink) |
| | Vista SP2 and virus alerts - any ideas? I recently tried to update Vista through windows update but it failed. I got 2 Trojan Heuristic virus messages from Bullguard during the update and then the failure. ANY help on this? The Bullguard log indicates the following: 2009/05/27 21:44:29 | C:\Windows\winsxs\Temp\PendingRenames\56ecb77ec0dec901c418000074101401.x86_microsoft-windows-s..ive-blackbox-driver_31bf3856ad364e35_6.0.6002.18005_none_0b5dfb3fa4f88147_spsys.sys_95b9c9e3 [BLOCKED] [process: 4212.C:\Windows\servicing\TrustedInstaller.exe] [user: N/A] [virus: Gen:Trojan.Heur.9242BD4242] [op: CLOSE] 2009/05/27 21:44:29 | C:\Windows\WinSxS\Temp\PendingRenames\56ecb77ec0dec901c418000074101401.x86_microsoft-windows-s..ive-blackbox-driver_31bf3856ad364e35_6.0.6002.18005_none_0b5dfb3fa4f88147_spsys.sys_95b9c9e3 [AUTO BLOCKED] [process: 4212.C:\Windows\servicing\TrustedInstaller.exe] [user: N/A] [op: OPEN] 2009/05/27 21:44:29 | C:\Windows\WinSxS\Temp\PendingRenames\56ecb77ec0dec901c418000074101401.x86_microsoft-windows-s..ive-blackbox-driver_31bf3856ad364e35_6.0.6002.18005_none_0b5dfb3fa4f88147_spsys.sys_95b9c9e3 [AUTO BLOCKED] [process: 4212.C:\Windows\servicing\TrustedInstaller.exe] [user: N/A] [op: OPEN] Cheers, Zeki |
My System Specs |
|
05-27-2009
| #2 (permalink) |
| Vista Home Premium 32bit SP2 | Re: Vista SP2 and virus alerts - any ideas? i got virus message as well (bitdefender 2008)   EDIT: for bitdefeder users, update your bitdefender product before installing SP2 Last edited by bjproc; 05-27-2009 at 08:41 AM.. |
| My System Specs |
|
05-27-2009
| #3 (permalink) |
| | Re: Vista SP2 and virus alerts - any ideas? "zekimurad" <zekimurad@xxxxxx> wrote in message news:27765517-381F-4B77-94DA-5F2902148815@xxxxxx Quote: >I recently tried to update Vista through windows update but it failed. > I got 2 Trojan Heuristic virus messages from Bullguard during the update > and > then the failure. ANY help on this? > > The Bullguard log indicates the following: > 2009/05/27 21:44:29 | There are no virus' in the packages to be downloaded from the Microsoft website. Any reading you receive are false positives. You are recommended to disable all AV and Antimalware software before installing SP2 -- Mike Brannigan "zekimurad" <zekimurad@xxxxxx> wrote in message news:27765517-381F-4B77-94DA-5F2902148815@xxxxxx Quote: >I recently tried to update Vista through windows update but it failed. > I got 2 Trojan Heuristic virus messages from Bullguard during the update > and > then the failure. ANY help on this? > > The Bullguard log indicates the following: > 2009/05/27 21:44:29 | > C:\Windows\winsxs\Temp\PendingRenames\56ecb77ec0dec901c418000074101401.x86_microsoft-windows-s..ive-blackbox-driver_31bf3856ad364e35_6.0.6002.18005_none_0b5dfb3fa4f88147_spsys.sys_95b9c9e3 > [BLOCKED] [process: 4212.C:\Windows\servicing\TrustedInstaller.exe] [user: > N/A] [virus: Gen:Trojan.Heur.9242BD4242] [op: CLOSE] > 2009/05/27 21:44:29 | > C:\Windows\WinSxS\Temp\PendingRenames\56ecb77ec0dec901c418000074101401.x86_microsoft-windows-s..ive-blackbox-driver_31bf3856ad364e35_6.0.6002.18005_none_0b5dfb3fa4f88147_spsys.sys_95b9c9e3 > [AUTO BLOCKED] [process: 4212.C:\Windows\servicing\TrustedInstaller.exe] > [user: N/A] [op: OPEN] > 2009/05/27 21:44:29 | > C:\Windows\WinSxS\Temp\PendingRenames\56ecb77ec0dec901c418000074101401.x86_microsoft-windows-s..ive-blackbox-driver_31bf3856ad364e35_6.0.6002.18005_none_0b5dfb3fa4f88147_spsys.sys_95b9c9e3 > [AUTO BLOCKED] [process: 4212.C:\Windows\servicing\TrustedInstaller.exe] > [user: N/A] [op: OPEN] > > Cheers, > Zeki |
| My System Specs |
|
05-27-2009
| #4 (permalink) |
| | Re: Vista SP2 and virus alerts - any ideas? I wasn't asked to disable my anti virus and it's not too useful to do so for any length of time whilst broadband connect remains open during the install. Even now after 30 minutes since the failure I get pop up windows from Bullguard telling me about the stopping of the malware - at east 30 so far. I can't believe that that is supposed to be happening. I am waiting for Bullguard to give me confirmation of a false positive - then I might deactivate the AV and retry updating but I not happy that I have to do that to get an update. Many thanks. "Mike Brannigan" wrote: Quote: > "zekimurad" <zekimurad@xxxxxx> wrote in message > news:27765517-381F-4B77-94DA-5F2902148815@xxxxxx Quote: > >I recently tried to update Vista through windows update but it failed. > > I got 2 Trojan Heuristic virus messages from Bullguard during the update > > and > > then the failure. ANY help on this? > > > > The Bullguard log indicates the following: > > 2009/05/27 21:44:29 | > > There are no virus' in the packages to be downloaded from the Microsoft > website. > Any reading you receive are false positives. > You are recommended to disable all AV and Antimalware software before > installing SP2 > -- > Mike Brannigan > > "zekimurad" <zekimurad@xxxxxx> wrote in message > news:27765517-381F-4B77-94DA-5F2902148815@xxxxxx Quote: > >I recently tried to update Vista through windows update but it failed. > > I got 2 Trojan Heuristic virus messages from Bullguard during the update > > and > > then the failure. ANY help on this? > > > > The Bullguard log indicates the following: > > 2009/05/27 21:44:29 | > > C:\Windows\winsxs\Temp\PendingRenames\56ecb77ec0dec901c418000074101401.x86_microsoft-windows-s..ive-blackbox-driver_31bf3856ad364e35_6.0.6002.18005_none_0b5dfb3fa4f88147_spsys.sys_95b9c9e3 > > [BLOCKED] [process: 4212.C:\Windows\servicing\TrustedInstaller.exe] [user: > > N/A] [virus: Gen:Trojan.Heur.9242BD4242] [op: CLOSE] > > 2009/05/27 21:44:29 | > > C:\Windows\WinSxS\Temp\PendingRenames\56ecb77ec0dec901c418000074101401.x86_microsoft-windows-s..ive-blackbox-driver_31bf3856ad364e35_6.0.6002.18005_none_0b5dfb3fa4f88147_spsys.sys_95b9c9e3 > > [AUTO BLOCKED] [process: 4212.C:\Windows\servicing\TrustedInstaller.exe] > > [user: N/A] [op: OPEN] > > 2009/05/27 21:44:29 | > > C:\Windows\WinSxS\Temp\PendingRenames\56ecb77ec0dec901c418000074101401.x86_microsoft-windows-s..ive-blackbox-driver_31bf3856ad364e35_6.0.6002.18005_none_0b5dfb3fa4f88147_spsys.sys_95b9c9e3 > > [AUTO BLOCKED] [process: 4212.C:\Windows\servicing\TrustedInstaller.exe] > > [user: N/A] [op: OPEN] > > > > Cheers, > > Zeki |
| My System Specs |
|
05-27-2009
| #5 (permalink) |
| | Re: Vista SP2 and virus alerts - any ideas? "zekimurad" <zekimurad@xxxxxx> wrote in message news:C66B066A-5CF8-4939-8E2F-1A8FF23CD1F6@xxxxxx Quote: >I wasn't asked to disable my anti virus and it's not too useful to do so >for > any length of time whilst broadband connect remains open during the > install. > Even now after 30 minutes since the failure I get pop up windows from > Bullguard telling me about the stopping of the malware - at east 30 so > far. I > can't believe that that is supposed to be happening. > I am waiting for Bullguard to give me confirmation of a false positive - > then I might deactivate the AV and retry updating but I not happy that I > have > to do that to get an update. > Many thanks. > As regards the ability of Bullguard to correctly identify virus signatures that is unfortunately an issue for them. Other users with other AV products have not reports these false positives (my systems are running either Avast - no reports or Forefront - again no reports). The issue clearly lies with either you source for download (if not Microsoft's site) or your AV vendor and their product. -- Mike Brannigan "zekimurad" <zekimurad@xxxxxx> wrote in message news:C66B066A-5CF8-4939-8E2F-1A8FF23CD1F6@xxxxxx Quote: >I wasn't asked to disable my anti virus and it's not too useful to do so >for > any length of time whilst broadband connect remains open during the > install. > Even now after 30 minutes since the failure I get pop up windows from > Bullguard telling me about the stopping of the malware - at east 30 so > far. I > can't believe that that is supposed to be happening. > I am waiting for Bullguard to give me confirmation of a false positive - > then I might deactivate the AV and retry updating but I not happy that I > have > to do that to get an update. > Many thanks. > > "Mike Brannigan" wrote: > Quote: >> "zekimurad" <zekimurad@xxxxxx> wrote in message >> news:27765517-381F-4B77-94DA-5F2902148815@xxxxxx Quote: >> >I recently tried to update Vista through windows update but it failed. >> > I got 2 Trojan Heuristic virus messages from Bullguard during the >> > update >> > and >> > then the failure. ANY help on this? >> > >> > The Bullguard log indicates the following: >> > 2009/05/27 21:44:29 | >> >> There are no virus' in the packages to be downloaded from the Microsoft >> website. >> Any reading you receive are false positives. >> You are recommended to disable all AV and Antimalware software before >> installing SP2 >> -- >> Mike Brannigan >> >> "zekimurad" <zekimurad@xxxxxx> wrote in message >> news:27765517-381F-4B77-94DA-5F2902148815@xxxxxx Quote: >> >I recently tried to update Vista through windows update but it failed. >> > I got 2 Trojan Heuristic virus messages from Bullguard during the >> > update >> > and >> > then the failure. ANY help on this? >> > >> > The Bullguard log indicates the following: >> > 2009/05/27 21:44:29 | >> > C:\Windows\winsxs\Temp\PendingRenames\56ecb77ec0dec901c418000074101401.x86_microsoft-windows-s..ive-blackbox-driver_31bf3856ad364e35_6.0.6002.18005_none_0b5dfb3fa4f88147_spsys.sys_95b9c9e3 >> > [BLOCKED] [process: 4212.C:\Windows\servicing\TrustedInstaller.exe] >> > [user: >> > N/A] [virus: Gen:Trojan.Heur.9242BD4242] [op: CLOSE] >> > 2009/05/27 21:44:29 | >> > C:\Windows\WinSxS\Temp\PendingRenames\56ecb77ec0dec901c418000074101401.x86_microsoft-windows-s..ive-blackbox-driver_31bf3856ad364e35_6.0.6002.18005_none_0b5dfb3fa4f88147_spsys.sys_95b9c9e3 >> > [AUTO BLOCKED] [process: >> > 4212.C:\Windows\servicing\TrustedInstaller.exe] >> > [user: N/A] [op: OPEN] >> > 2009/05/27 21:44:29 | >> > C:\Windows\WinSxS\Temp\PendingRenames\56ecb77ec0dec901c418000074101401.x86_microsoft-windows-s..ive-blackbox-driver_31bf3856ad364e35_6.0.6002.18005_none_0b5dfb3fa4f88147_spsys.sys_95b9c9e3 >> > [AUTO BLOCKED] [process: >> > 4212.C:\Windows\servicing\TrustedInstaller.exe] >> > [user: N/A] [op: OPEN] >> > >> > Cheers, >> > Zeki |
| My System Specs |
|
05-27-2009
| #6 (permalink) |
| | Re: Vista SP2 and virus alerts - any ideas? Mike Brannigan wrote: Quote: > "zekimurad" <zekimurad@xxxxxx> wrote in message > news:C66B066A-5CF8-4939-8E2F-1A8FF23CD1F6@xxxxxx Quote: >>I wasn't asked to disable my anti virus and it's not too useful to do so >>for >> any length of time whilst broadband connect remains open during the >> install. >> Even now after 30 minutes since the failure I get pop up windows from >> Bullguard telling me about the stopping of the malware - at east 30 so >> far. I >> can't believe that that is supposed to be happening. >> I am waiting for Bullguard to give me confirmation of a false positive - >> then I might deactivate the AV and retry updating but I not happy that I >> have >> to do that to get an update. >> Many thanks. >> > If you downloaded the package from Microsoft.com - it is clean. > As regards the ability of Bullguard to correctly identify virus signatures > that is unfortunately an issue for them. > Other users with other AV products have not reports these false positives > (my systems are running either Avast - no reports or Forefront - again no > reports). > The issue clearly lies with either you source for download (if not > Microsoft's site) or your AV vendor and their product. to the Internet directly to a cable/DSL modem, download the full package from Microsoft and then disconnect the ethernet cable that goes from your computer to your modem. If you are behind a router there is no need to do this. Completely disable your antivirus and any other third-party anti-malware programs. Then install SP2. If you have prepared properly, you should have no problems. Here is an article I wrote for my clients about preparing for SP2 which may be useful to you: http://www.elephantboycomputers.com/page3.html#5-9-09 Malke -- MS-MVP Elephant Boy Computers - Don't Panic! http://www.elephantboycomputers.com/#FAQ |
| My System Specs |
|
05-27-2009
| #7 (permalink) |
| | Re: Vista SP2 and virus alerts - any ideas? Many thanks for all of your help. Bullguard recommended a removal of their v7 for vista product and an installation of v8.5. This version identified the files previously mentioned as malware and isolated them. Strangely enough the Microsoft updater didn't show SP2 and said it wasn't necessary! So all sorted out but 4 hours down the track...that's Vista and the catchup of support programs I guess... "Malke" wrote: Quote: > Mike Brannigan wrote: > Quote: > > "zekimurad" <zekimurad@xxxxxx> wrote in message > > news:C66B066A-5CF8-4939-8E2F-1A8FF23CD1F6@xxxxxx Quote: > >>I wasn't asked to disable my anti virus and it's not too useful to do so > >>for > >> any length of time whilst broadband connect remains open during the > >> install. > >> Even now after 30 minutes since the failure I get pop up windows from > >> Bullguard telling me about the stopping of the malware - at east 30 so > >> far. I > >> can't believe that that is supposed to be happening. > >> I am waiting for Bullguard to give me confirmation of a false positive - > >> then I might deactivate the AV and retry updating but I not happy that I > >> have > >> to do that to get an update. > >> Many thanks. > >> > > If you downloaded the package from Microsoft.com - it is clean. > > As regards the ability of Bullguard to correctly identify virus signatures > > that is unfortunately an issue for them. > > Other users with other AV products have not reports these false positives > > (my systems are running either Avast - no reports or Forefront - again no > > reports). > > The issue clearly lies with either you source for download (if not > > Microsoft's site) or your AV vendor and their product. > And just to add to Mr. Brannigan's excellent advice - if you are connected > to the Internet directly to a cable/DSL modem, download the full package > from Microsoft and then disconnect the ethernet cable that goes from your > computer to your modem. If you are behind a router there is no need to do > this. Completely disable your antivirus and any other third-party > anti-malware programs. Then install SP2. If you have prepared properly, you > should have no problems. Here is an article I wrote for my clients about > preparing for SP2 which may be useful to you: > > http://www.elephantboycomputers.com/page3.html#5-9-09 > > Malke > -- > MS-MVP > Elephant Boy Computers - Don't Panic! > http://www.elephantboycomputers.com/#FAQ > > |
| My System Specs |
|
05-27-2009
| #8 (permalink) |
| | Re: Vista SP2 and virus alerts - any ideas? "Malke" <malke@xxxxxx> wrote in message news:Ot0uw8s3JHA.480@xxxxxx Quote: > Mike Brannigan wrote: > Quote: >> "zekimurad" <zekimurad@xxxxxx> wrote in message >> news:C66B066A-5CF8-4939-8E2F-1A8FF23CD1F6@xxxxxx Quote: >>>I wasn't asked to disable my anti virus and it's not too useful to >>>do so >>>for >>> any length of time whilst broadband connect remains open during >>> the >>> install. >>> Even now after 30 minutes since the failure I get pop up windows >>> from >>> Bullguard telling me about the stopping of the malware - at east >>> 30 so >>> far. I >>> can't believe that that is supposed to be happening. >>> I am waiting for Bullguard to give me confirmation of a false >>> positive - >>> then I might deactivate the AV and retry updating but I not happy >>> that I >>> have >>> to do that to get an update. >>> Many thanks. >>> >> If you downloaded the package from Microsoft.com - it is clean. >> As regards the ability of Bullguard to correctly identify virus >> signatures >> that is unfortunately an issue for them. >> Other users with other AV products have not reports these false >> positives >> (my systems are running either Avast - no reports or Forefront - >> again no >> reports). >> The issue clearly lies with either you source for download (if not >> Microsoft's site) or your AV vendor and their product. > And just to add to Mr. Brannigan's excellent advice - if you are > connected > to the Internet directly to a cable/DSL modem, download the full > package > from Microsoft and then disconnect the ethernet cable that goes from > your > computer to your modem. If you are behind a router there is no need > to do > this. Completely disable your antivirus and any other third-party > anti-malware programs. Then install SP2. If you have prepared > properly, you > should have no problems. ... with no Internet connection running? The reason I ask is because back when I switched to DSL I foolishly followed the Verizon installation CD's advice to shut down my security programs when it came time to go to the VZ site to finish setting up. As soon as it was done - no more than 2 minutes - I immediately powered down the modem and rebooted. In those 2 minutes of unprotected time online I got zapped with malware that took a week of work and two new security programs to eradicate. Now, whenever I do an install that insists that I shut down the security apps, I first ignore that and plow ahead. Most of the time the installation works perfectly. They always tell you to turn off security because there will be one or two security suites that don't play well with installing their application - even though the vast majority will work fine. IMO this is reckless and irresponsible advice intended to ward off the handful of complaints from users of the handful of security suites that do interfere with installation. Everyone else is asked to go unprotected and open to attacks just for the sake of preventing a few complaints and support requests. If the install fails with security still running, I power off the modem, THEN shut down the security, do the install, reload the security stuff (the install may require a reboot, which resets the security anyway), and then get back online. I still do this even though I've added a router, on the assumption that absolutely nothing can get past an unpowered modem. (If anyone knows anything to the contrary, please let me know that my modem power-down "security blanket" has holes in it! If need be, I'll unplug the Ethernet cable instead.) |
| My System Specs |
|
05-27-2009
| #9 (permalink) |
| | Re: Vista SP2 and virus alerts - any ideas? "mazorj" <mazorj@xxxxxx> wrote in message news:%23iwnVxw3JHA.3676@xxxxxx Quote: > > "Malke" <malke@xxxxxx> wrote in message > news:Ot0uw8s3JHA.480@xxxxxx Quote: >> Mike Brannigan wrote: >> Quote: >>> "zekimurad" <zekimurad@xxxxxx> wrote in message >>> news:C66B066A-5CF8-4939-8E2F-1A8FF23CD1F6@xxxxxx >>>>I wasn't asked to disable my anti virus and it's not too useful to do >>>>so >>>>for >>>> any length of time whilst broadband connect remains open during the >>>> install. >>>> Even now after 30 minutes since the failure I get pop up windows from >>>> Bullguard telling me about the stopping of the malware - at east 30 so >>>> far. I >>>> can't believe that that is supposed to be happening. >>>> I am waiting for Bullguard to give me confirmation of a false >>>> positive - >>>> then I might deactivate the AV and retry updating but I not happy that >>>> I >>>> have >>>> to do that to get an update. >>>> Many thanks. >>>> >>> >>> If you downloaded the package from Microsoft.com - it is clean. >>> As regards the ability of Bullguard to correctly identify virus >>> signatures >>> that is unfortunately an issue for them. >>> Other users with other AV products have not reports these false >>> positives >>> (my systems are running either Avast - no reports or Forefront - again >>> no >>> reports). >>> The issue clearly lies with either you source for download (if not >>> Microsoft's site) or your AV vendor and their product. >> And just to add to Mr. Brannigan's excellent advice - if you are >> connected >> to the Internet directly to a cable/DSL modem, download the full package >> from Microsoft and then disconnect the ethernet cable that goes from your >> computer to your modem. If you are behind a router there is no need to do >> this. Completely disable your antivirus and any other third-party >> anti-malware programs. Then install SP2. If you have prepared properly, >> you >> should have no problems. ... > Just to be sure here: Once you download it, will Vista SP2 install with > no Internet connection running? > > The reason I ask is because back when I switched to DSL I foolishly > followed the Verizon installation CD's advice to shut down my security > programs when it came time to go to the VZ site to finish setting up. As > soon as it was done - no more than 2 minutes - I immediately powered down > the modem and rebooted. In those 2 minutes of unprotected time online I > got zapped with malware that took a week of work and two new security > programs to eradicate. > > Now, whenever I do an install that insists that I shut down the security > apps, I first ignore that and plow ahead. Most of the time the > installation works perfectly. They always tell you to turn off security > because there will be one or two security suites that don't play well with > installing their application - even though the vast majority will work > fine. IMO this is reckless and irresponsible advice intended to ward off > the handful of complaints from users of the handful of security suites > that do interfere with installation. Everyone else is asked to go > unprotected and open to attacks just for the sake of preventing a few > complaints and support requests. > > If the install fails with security still running, I power off the modem, > THEN shut down the security, do the install, reload the security stuff > (the install may require a reboot, which resets the security anyway), and > then get back online. I still do this even though I've added a router, on > the assumption that absolutely nothing can get past an unpowered modem. > (If anyone knows anything to the contrary, please let me know that my > modem power-down "security blanket" has holes in it! If need be, I'll > unplug the Ethernet cable instead.) > > http://technet.microsoft.com/en-us/w.../dd262148.aspx The you can run it without an Internet connection once downloaded -- Mike Brannigan |
| My System Specs |
|
05-27-2009
| #10 (permalink) |
| | Re: Vista SP2 and virus alerts - any ideas? "Mike Brannigan" <Mike.Brannigan@xxxxxx> wrote in message news:2A6DC0A0-3876-4E01-A6B5-696E7475CBD2@xxxxxx .... Quote: > If you download the full standalone package from > http://technet.microsoft.com/en-us/w.../dd262148.aspx > The you can run it without an Internet connection once downloaded > > -- > > Mike Brannigan |
| My System Specs |
|
| Thread Tools | |
| |
Similar Threads | ||||
| Thread | Forum | |||
| Watch out for fake virus alerts | Security News | |||
| Stop these Vista alerts? | Vista General | |||
| Stop these Vista alerts? | Vista installation & setup | |||
| Stop these Vista alerts? | Vista performance & maintenance | |||
| Stop these Vista alerts? | Vista security | |||
