1. TechSpot is dedicated to computer enthusiasts and power users. Ask a question and give support. Join the community here.
    TechSpot is dedicated to computer enthusiasts and power users.
    Ask a question and give support.
    Join the community here, it only takes a minute.
    Dismiss Notice

Microsoft security updates issue

By sejay · 9 replies
Apr 25, 2009
  1. Hello,

    I am having a problem with two microsoft security updates which Windows Update keeps prompting me to install even though I have already done so numerous times successfully.

    The two security updates in question are :
    - Security update for 2007 Microsoft Office System (KB960003)
    - Security update for Microsoft Office Excel 2007 (KB959997)

    After having attempted several other possible solutions such as downloading the updates from the microsoft update download site, I went through the steps which are suggested in the "8-step Viruses-Spyware-Malware Preliminary Removal Instructions" thread of this forum. This had worked once in the past, however this time it does not seem to have solved the problem, so I am posting the logs I obtained as directed in the thread. Here they are. Thank you for your help!
  2. touch

    touch TS Rookie Posts: 978

    Hello sejay

    You have a W32/Rbot-QK infection->
    "W32/Rbot-QK will attempt to setup a SOCKS4 proxy server, download and run files from the internet, login to MS SQL servers and send EXEC commands to open a command shell on the server, partake in distributed denial-of-service attacks, log keystrokes and steal CD keys when instructed to do so by a remote attacker."

    Run a scan with HijackThis. Check the following and hit 'Fix checked'
    O4 - HKCU\..\Run: [Microsoft Update Service] C:\WINDOWS\system\taksmgr.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-

    Reboot to safe mode ->
    Restart your computer.
    When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows Xp Advanced Options menu.
    Select the option for Safe Mode using the arrow keys.
    Then press enter on your keyboard to boot into Safe Mode.

    Find and delete this file (if present)

    Reboot normally

    Post new hijackthis log, and tell how things are running.

    Do you know this program:
    C:\Program Files\Le Robert
  3. sejay

    sejay TS Rookie Topic Starter

    Hello touch, and thank you for your help,

    Unfortunately the solution you suggested doesn't seem to have fixed the problem ; I did indeed find C:\WINDOWS\system\taksmgr.exe in safe mode and deleted it, but windows update still prompts me to install the same updates (I tried installing them once since to see if it would stop thereafter, which of course it didn't). Also, something which I hadn't mentioned before but is perhaps a given, my laptop's hard drive seems to be working almost continuously, and the machine does seem to be running a bit slow) Anyhow, I am posting a second HiJackThis log, hoping it contains the answer to the problem.

    Also, to answer your question, I do know the program C:\Program Files\Le Robert ; it's a french dictionary which I purchased legally and installed via CD rom.
  4. touch

    touch TS Rookie Posts: 978

    Ok. we´ll leave Le Robert ;)

    Attach a combofix log along with hijackthis log ->

    Please download Combofix:

    And save to the desktop.

    Close all other browser windows.

    Please connect all your external hard drive/flash drive before running Combofix, if you have any

    Double-click on the combofix icon found on your desktop.

    Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall. In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.

    Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt.
  5. sejay

    sejay TS Rookie Topic Starter

    It seems I cannot run ComboFix as my computer's running on Windows Vista 64-bit. Anyhow, here is the JHT log, which I forgot to attach last time. :eek:
  6. touch

    touch TS Rookie Posts: 978

    Ok. Then try this scanner -

    Please download http://oldtimer.geekstogo.com/OTViewIt.exe
    by OldTimer to your desktop.
    Double click on the OTViewIt.exe icon on your desktop. If you are using Windows Vista, right click the icon and select Run as Administrator.
    Check the Scan All Users checkbox and leave Use Whitelist checked. Set the File Age to 30 days.
    Click on the Run Scan button. Two reports that are located in the same location as OTViewIt will open.
    OTViewIt.txt <-- Will be opened
    Extra.txt <-- Will be minimized

    Attach the logs into your next reply.
  7. sejay

    sejay TS Rookie Topic Starter

    Here are the two ITViewIt scan.
  8. touch

    touch TS Rookie Posts: 978

    They looks clean to Me. How are your computer behaving now ?
  9. sejay

    sejay TS Rookie Topic Starter

    hmm.. well, Windows Update is still prompting to install the same two updates. In any case, thank you very much for your time and your suggestions. However if you or anyone else gets and idea as to why my problem is persisting, please tell me.
  10. sejay

    sejay TS Rookie Topic Starter

    well.. I'm not prompted to install those two updates anymore... however they've been replaced by 4 new microsoft office updates.

    But that's not the main reason why I'm replying again to my original post. I would like to know what you can make out of this windows update log (I remind you that windows update marks the updates as having been successfully installed)

    Thanks again in advance.
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...