Fake MS Update or Not?

[Skyzoomer]

I have WinXP set to notify me of MS Updates but not to install them. I installed all of the MS updates by going to microsoft.com.

However there is a yellow shield icon in the system tray that pops up the message that Updates are available. When I check that, it says "Update for Windows XP (KB959772) - update for Media Player, etc.

So I went to microsoft.com and initiated Express Update. It says no high priority updates available. So I clicked Custom and it lists some optional software updates but does not list the KB959772 update.

Do you think it is a virus masquerading as a windows update in the system tray?

 

[nerp]

Originally posted by: Skyzoomer
I have WinXP set to notify me of MS Updates but not to install them. I installed all of the MS updates by going to microsoft.com.

However there is a yellow shield icon in the system tray that pops up the message that Updates are available. When I check that, it says "Update for Windows XP (KB959772) - update for Media Player, etc.

So I went to microsoft.com and initiated Express Update. It says no high priority updates available. So I clicked Custom and it lists some optional software updates but does not list the KB959772 update.

Do you think it is a virus masquerading as a windows update in the system tray?

Hmm. Googling that specific KB# shows it looks like a valid media player update.

 

[Skyzoomer]

Originally posted by: nerp
Hmm. Googling that specific KB# shows it looks like a valid media player update.

Yup, I had checked that KB# on the microsoft website and it is a valid number that deals with a media player update. The thing that bothers me is why the MS Express Update on the microsoft website says no high priority updates needed but the shield icon in the system tray says it is needed.

 

[Rebel44]

Originally posted by: Skyzoomer

Originally posted by: nerp
Hmm. Googling that specific KB# shows it looks like a valid media player update.

Yup, I had checked that KB# on the microsoft website and it is a valid number that deals with a media player update. The thing that bothers me is why the MS Express Update on the microsoft website says no high priority updates needed but the shield icon in the system tray says it is needed.

because its not high priority update.

 

[Skyzoomer]

Originally posted by: Rebel44

Originally posted by: Skyzoomer

Originally posted by: nerp
Hmm. Googling that specific KB# shows it looks like a valid media player update.

Yup, I had checked that KB# on the microsoft website and it is a valid number that deals with a media player update. The thing that bothers me is why the MS Express Update on the microsoft website says no high priority updates needed but the shield icon in the system tray says it is needed.

because its not high priority update.

I wonder then why it is prompting me periodically to install it via the yellow shield icon in the system tray? Other non hi priority updates do not appear in that yellow system tray update icon.

 

[us3rnotfound]

I'd just install it from the shield to be very truthful.

 

[dclive]

Originally posted by: Skyzoomer
I have WinXP set to notify me of MS Updates but not to install them. I installed all of the MS updates by going to microsoft.com.

However there is a yellow shield icon in the system tray that pops up the message that Updates are available. When I check that, it says "Update for Windows XP (KB959772) - update for Media Player, etc.

So I went to microsoft.com and initiated Express Update. It says no high priority updates available. So I clicked Custom and it lists some optional software updates but does not list the KB959772 update.

Do you think it is a virus masquerading as a windows update in the system tray?

This is a Windows Update mechanism. How does a virus work its' way into this?

 

[Athena]

Once Windows Update has notified you that there are updates waiting, you are supposed to click the icon and select the ones you want. When you run into one that you don't want, mark it to not remind you anymore. Why are you cirumventing the update procedure?

 

[b773]

Just to be sure, why don't you download and install it from MS support site then reboot (if required) and see if it continues to prompt you?

 

[corkyg]

Originally posted by: b773
Just to be sure, why don't you download and install it from MS support site then reboot (if required) and see if it continues to prompt you?

Yep! That precludes any phony update link used by malware. Just go directly there and do it. BTW - it is for XP. And since it is not an important OS or security update - it does not have much priority.

 

[Skyzoomer]

Originally posted by: dclive
This is a Windows Update mechanism. How does a virus work its' way into this?

I've heard of phishing where the scammers make a website look exactly like a legit website to get personal info from the victim. I wondered if this was a new way for a virus to mimic a MS update. The scammers think of new ways to infect computers every day.

 

[Skyzoomer]

Originally posted by: Athena
Once Windows Update has notified you that there are updates waiting, you are supposed to click the icon and select the ones you want. When you run into one that you don't want, mark it to not remind you anymore. Why are you cirumventing the update procedure?

I didn't think I was cirumventing the procedure since when I receive the update notices I go to microsoft.com and do all of the Express updates. For years now this procedure has worked and got rid of the reminders to update, until this one update.

Similar to never clicking a link in an email, I always log in directly to the website to verify that I'm actually dealing with the right party. I heard that even that procedure can be compromised but it's the best way I know to prevent getting infected.

 

[Skyzoomer]

Originally posted by: b773
Just to be sure, why don't you download and install it from MS support site then reboot (if required) and see if it continues to prompt you?

Very good idea and I like that a lot. So I looked for the yellow update shield in the system tray to get the KB number again and guess what? The update reminder shield is gone!

So I wrote the KB959772 number down from my original post in this thread and went to the microsoft website. I clicked on "Review your update history" and that update was done on 7/8/09 along with six other updates. Somehow that one update got stuck in the update shield reminder and got un-stuck later it seems.

But I like your idea and will use it in the future if this situation ever comes up again.
Thanks,
Sky

 

[dclive]

Originally posted by: Skyzoomer

Originally posted by: dclive
This is a Windows Update mechanism. How does a virus work its' way into this?

I've heard of phishing where the scammers make a website look exactly like a legit website to get personal info from the victim. I wondered if this was a new way for a virus to mimic a MS update. The scammers think of new ways to infect computers every day.

Yes but you're not talking about that - you're talking about replacing binaries on the local machine (how?) so that it's going to another (bad) website natively.

 

[Skyzoomer]

Originally posted by: dclive
Yes but you're not talking about that - you're talking about replacing binaries on the local machine (how?) so that it's going to another (bad) website natively.

I donno. As you can tell, I don't have in depth knowledge of the mechanics so I asked the question. I'm just so afraid of getting infected by new ways that the low lifes come up with every day.

Thanks,
Sky

 

[b773]

You're welcome! Glad it all worked out! You can never be too careful these days.