Fake MS Update or Not?

Skyzoomer

Senior member
Sep 27, 2007
380
14
81
I have WinXP set to notify me of MS Updates but not to install them. I installed all of the MS updates by going to microsoft.com.

However there is a yellow shield icon in the system tray that pops up the message that Updates are available. When I check that, it says "Update for Windows XP (KB959772) - update for Media Player, etc.

So I went to microsoft.com and initiated Express Update. It says no high priority updates available. So I clicked Custom and it lists some optional software updates but does not list the KB959772 update.

Do you think it is a virus masquerading as a windows update in the system tray?
 

nerp

Diamond Member
Dec 31, 2005
9,865
105
106
Originally posted by: Skyzoomer
I have WinXP set to notify me of MS Updates but not to install them. I installed all of the MS updates by going to microsoft.com.

However there is a yellow shield icon in the system tray that pops up the message that Updates are available. When I check that, it says "Update for Windows XP (KB959772) - update for Media Player, etc.

So I went to microsoft.com and initiated Express Update. It says no high priority updates available. So I clicked Custom and it lists some optional software updates but does not list the KB959772 update.

Do you think it is a virus masquerading as a windows update in the system tray?

Hmm. Googling that specific KB# shows it looks like a valid media player update.
 

Skyzoomer

Senior member
Sep 27, 2007
380
14
81
Originally posted by: nerp
Hmm. Googling that specific KB# shows it looks like a valid media player update.
Yup, I had checked that KB# on the microsoft website and it is a valid number that deals with a media player update. The thing that bothers me is why the MS Express Update on the microsoft website says no high priority updates needed but the shield icon in the system tray says it is needed.

 

Rebel44

Senior member
Jun 19, 2006
742
1
76
Originally posted by: Skyzoomer
Originally posted by: nerp
Hmm. Googling that specific KB# shows it looks like a valid media player update.
Yup, I had checked that KB# on the microsoft website and it is a valid number that deals with a media player update. The thing that bothers me is why the MS Express Update on the microsoft website says no high priority updates needed but the shield icon in the system tray says it is needed.

because its not high priority update.
 

Skyzoomer

Senior member
Sep 27, 2007
380
14
81
Originally posted by: Rebel44
Originally posted by: Skyzoomer
Originally posted by: nerp
Hmm. Googling that specific KB# shows it looks like a valid media player update.
Yup, I had checked that KB# on the microsoft website and it is a valid number that deals with a media player update. The thing that bothers me is why the MS Express Update on the microsoft website says no high priority updates needed but the shield icon in the system tray says it is needed.

because its not high priority update.
I wonder then why it is prompting me periodically to install it via the yellow shield icon in the system tray? Other non hi priority updates do not appear in that yellow system tray update icon.

 

dclive

Elite Member
Oct 23, 2003
5,626
2
81
Originally posted by: Skyzoomer
I have WinXP set to notify me of MS Updates but not to install them. I installed all of the MS updates by going to microsoft.com.

However there is a yellow shield icon in the system tray that pops up the message that Updates are available. When I check that, it says "Update for Windows XP (KB959772) - update for Media Player, etc.

So I went to microsoft.com and initiated Express Update. It says no high priority updates available. So I clicked Custom and it lists some optional software updates but does not list the KB959772 update.

Do you think it is a virus masquerading as a windows update in the system tray?

This is a Windows Update mechanism. How does a virus work its' way into this?
 

Athena

Golden Member
Apr 9, 2001
1,484
0
0
Once Windows Update has notified you that there are updates waiting, you are supposed to click the icon and select the ones you want. When you run into one that you don't want, mark it to not remind you anymore. Why are you cirumventing the update procedure?
 

b773

Junior Member
Jul 24, 2002
14
0
0
Just to be sure, why don't you download and install it from MS support site then reboot (if required) and see if it continues to prompt you?
 

corkyg

Elite Member | Peripherals
Super Moderator
Mar 4, 2000
27,370
239
106
Originally posted by: b773
Just to be sure, why don't you download and install it from MS support site then reboot (if required) and see if it continues to prompt you?

Yep! That precludes any phony update link used by malware. Just go directly there and do it. BTW - it is for XP. And since it is not an important OS or security update - it does not have much priority.

 

Skyzoomer

Senior member
Sep 27, 2007
380
14
81
Originally posted by: dclive
This is a Windows Update mechanism. How does a virus work its' way into this?
I've heard of phishing where the scammers make a website look exactly like a legit website to get personal info from the victim. I wondered if this was a new way for a virus to mimic a MS update. The scammers think of new ways to infect computers every day.

 

Skyzoomer

Senior member
Sep 27, 2007
380
14
81
Originally posted by: Athena
Once Windows Update has notified you that there are updates waiting, you are supposed to click the icon and select the ones you want. When you run into one that you don't want, mark it to not remind you anymore. Why are you cirumventing the update procedure?
I didn't think I was cirumventing the procedure since when I receive the update notices I go to microsoft.com and do all of the Express updates. For years now this procedure has worked and got rid of the reminders to update, until this one update.

Similar to never clicking a link in an email, I always log in directly to the website to verify that I'm actually dealing with the right party. I heard that even that procedure can be compromised but it's the best way I know to prevent getting infected.

 

Skyzoomer

Senior member
Sep 27, 2007
380
14
81
Originally posted by: b773
Just to be sure, why don't you download and install it from MS support site then reboot (if required) and see if it continues to prompt you?
Very good idea and I like that a lot. So I looked for the yellow update shield in the system tray to get the KB number again and guess what? The update reminder shield is gone!

So I wrote the KB959772 number down from my original post in this thread and went to the microsoft website. I clicked on "Review your update history" and that update was done on 7/8/09 along with six other updates. Somehow that one update got stuck in the update shield reminder and got un-stuck later it seems.

But I like your idea and will use it in the future if this situation ever comes up again.
Thanks,
Sky
 

dclive

Elite Member
Oct 23, 2003
5,626
2
81
Originally posted by: Skyzoomer
Originally posted by: dclive
This is a Windows Update mechanism. How does a virus work its' way into this?
I've heard of phishing where the scammers make a website look exactly like a legit website to get personal info from the victim. I wondered if this was a new way for a virus to mimic a MS update. The scammers think of new ways to infect computers every day.

Yes but you're not talking about that - you're talking about replacing binaries on the local machine (how?) so that it's going to another (bad) website natively.
 

Skyzoomer

Senior member
Sep 27, 2007
380
14
81
Originally posted by: dclive
Yes but you're not talking about that - you're talking about replacing binaries on the local machine (how?) so that it's going to another (bad) website natively.
I donno. As you can tell, I don't have in depth knowledge of the mechanics so I asked the question. I'm just so afraid of getting infected by new ways that the low lifes come up with every day.

Thanks,
Sky
 

b773

Junior Member
Jul 24, 2002
14
0
0
You're welcome! Glad it all worked out! You can never be too careful these days.