HELP! Can't install Microsoft DCOM Patch

CotswoldCS

Senior member
Sep 14, 2000
384
0
0
Please help!

I have a Windows XP pro machine and cannot install the patch. I keep getting an error message and it won't install. Before you ask, I thought I had taken a screenshot of the error message but can't find it now. Suffice to say I have tried everything. Furthermore, I cannot upgrade the computer to WinXP SP1, I can't get the Windows Firewall to work and ICS isn't working due to a WMI error. What a mess!!!

I obviously need to reinstall - but this is a major job and I haven't time now. For now I need to ensure I am protected from the Blaster worm and any variants of the worm. I have installed ZoneAlarm and my antivirus software (McAfee VirusScan v4) is up-to-date. However, before I installed Zone Alarm McAfee wasn't stopping the virus re-infecting my machine, despite having up-to-date definitions . Would a newer version (v7.0) stop the virus on an unpatched machine?????

Is ZoneAlarm enough to stop the Blaster virus re-infecting my system
 

prosaic

Senior member
Oct 30, 2002
700
0
0
AFAIK you can't apply the patch (MS03-026) on an Windows XP until after SP1 is applied.

The current ZoneAlarm should protect your system from this particular exploit if you don't answer "Yes" to the wrong questions. Allowing any process to act as a server on the Internet is risky unless you know what you're doing.

When you say "ICS" I assum you mean "ICF / Internet Connection Firewall". So, you don't have SP1 applied, you're running an old version of your chosen AV software (which, even with the latest updates available for it is not adept at catching a lot of the current crop of malware), and you were running without any kind of firewall. It may be a little late for that system for you to be getting religion. Under the circumstances you should consider the possibility that the system may have been compromised by more than just the worm of the day, malware-wise. And it has definitely been compromised by the way in which you have operated it.

I'm not saying that to be mean. I'm trying to point out that you are very concerned about the MSBLAST worm and variants but you don't appear to be considering the possibility that your system functionality and data may be at risk from other issues as well. Frankly, I think the sooner you take the drive down to bare metal and start over with a proper patched and protected OS installation the better off you and your system will be.

You might also want to consider putting an added layer of security between your system and the Internet, like a router. A decent router (with no passthroughs enabled) would have protected your computer from this threat all by itself. Keeping it patched up-to-date would have protected it. Keeping the ICF up (or making sure ICF was operational) would have protected it. So don't look at this as the situation which taught you that you should have applied a particular patch. Look at it as motivation for changing your general attitude about system security (and, not coincidentally, data backups). You won't be sorry again on down the line if you take that approach.

an aside -- I don't understand why people with infected systems are satisfied to remove the known payload and resume operations. I have seen indications that some examples of this exploit have included root kits in the payload. I hope that a lot of people don't learn later that there was more to this than what met the eye. To my way of thinking any compromise of this sort on any system of any importance whatsoever requires a fresh installation, pronto.

- prosaic
 

CotswoldCS

Senior member
Sep 14, 2000
384
0
0
Thanks for the advise.

I would have loved to install the patch, upgrade to Windows XP SP1 and to enable the Firewall but sadly error messages appear each time and prevent it from happening. This has taught me a valuable lesson though - not to ignore these problems. However, as you can appreciate, a full reinstall is very time consuming, especially with the large number of files and applications on this machine.

Is is worth doing a repair of Windows XP without the need to format and reinstall all those applications? If this would repair the WMI, ICS, and ICF errors and allow me to update to SP1 and KB823980 then I would be somewhat happier.

By ICS I meant Internet Connection Sharing - I use this to share a paltry 56K dialup with three other computers. Yes, I know what you are going to say!!!! Dialup is the only option here I'm afraid so we will have to make do! It doesn't work anymore due to a WMI error.

I agree with your comments on McAfee AV - I think I will try and pursuade the user to purchase v7.0 or NAV 20003. Not sure which at the moment.

However, now that Zone Alarm is installed I may go with this instead of the Windows ICF. I have one concern about Zone Alarm though - the user of this PC is a novice user and although basic the Windows ICF doesn't require user intervention.
 

pmailloux

Member
Nov 13, 2001
37
0
0
Originally posted by: prosaic


When you say "ICS" I assum you mean "ICF / Internet Connection Firewall". So, you don't have SP1 applied, you're running an old version of your chosen AV software (which, even with the latest updates available for it is not adept at catching a lot of the current crop of malware), and you were running without any kind of firewall. It may be a little late for that system for you to be getting religion. Under the circumstances you should consider the possibility that the system may have been compromised by more than just the worm of the day, malware-wise. And it has definitely been compromised by the way in which you have operated it.


- prosaic

I agree with almost everything said except this part, Internet Connection Firewall has nothing to do with SP1 I was using it way before SP1 was even a idea on paper, there is something else wrong obviously with your computer, might I suggest running a program like adaware and updating to a newer AV Program, otherwise I guess you could spend the time and do a reload.

 

CotswoldCS

Senior member
Sep 14, 2000
384
0
0
How should I reinstall Windows; Repair or Full Install? Has anyone here had any success with a repair installation???
 

bsobel

Moderator Emeritus<br>Elite Member
Dec 9, 2001
13,346
0
0
Originally posted by: prosaic
AFAIK you can't apply the patch (MS03-026) on an Windows XP until after SP1 is applied.

The patch does not requrie SP1.
Bill

 

prosaic

Senior member
Oct 30, 2002
700
0
0
Originally posted by: pmailloux
Originally posted by: prosaic


When you say "ICS" I assum you mean "ICF / Internet Connection Firewall". So, you don't have SP1 applied, you're running an old version of your chosen AV software (which, even with the latest updates available for it is not adept at catching a lot of the current crop of malware), and you were running without any kind of firewall. It may be a little late for that system for you to be getting religion. Under the circumstances you should consider the possibility that the system may have been compromised by more than just the worm of the day, malware-wise. And it has definitely been compromised by the way in which you have operated it.


- prosaic

I agree with almost everything said except this part, Internet Connection Firewall has nothing to do with SP1 I was using it way before SP1 was even a idea on paper, there is something else wrong obviously with your computer, might I suggest running a program like adaware and updating to a newer AV Program, otherwise I guess you could spend the time and do a reload.


I don't believe that I said that ICF had anything to do with SP1, but my rambling, meandering style of expression may have given that impression. I said that I didn't think that the MS03-026 patch could be applied on a machine that wasn't at SP1. bsobel says I'm wrong about that. Could be. I wouldn't know for certain because SP1 was long since applied to every WinXP machine around here.

As it is the thread originator wasn't talking about ICF at that point. There was no typo on the TO's part. I just figured the TO would be more concerned about the firewall than connection sharing.

And I seem to be in disagreement with almost everyone in thinking that a clean install is always the best thing to do on any machine that has been compromised. I wouldn't clean and patch after the fact unless I just needed to do so to gain a few hours' worth of operation from the system before fixing it properly with a fresh OS image.

To CotswoldCS: I think I understand your situation a little better now. Yes, I know its a huge honking PIA to do a clean installation, but it's the only recommendation I can make honestly. I would not trust that MSBLAST.EXE was the only payload placed on the system. But we all have to juggle priorities -- data, time, effort -- and I have to admit that it"s very easy for me to tell everyone to stay up-to-date when I have two separate broadband connections (1 cable, 1 SDSL) at home. There is no question that keeping up with the updates for this OS over dial-up requires a MAJOR investment in time and effort. To anyone without broadband, whether an IT professional or not, I suggest a subscription to one of the Microsoft technical services (MSDN or whatnot) might be worth the money -- you know, so you get all of the updates on optical media. About as expensive as low-end broadband, but potentially worth it I suppose. I hope that you can get this sorted without too much grief. I feel for you, buddy.

- prosaic
 

bsobel

Moderator Emeritus<br>Elite Member
Dec 9, 2001
13,346
0
0
[qI said that I didn't think that the MS03-026 patch could be applied on a machine that wasn't at SP1. bsobel says I'm wrong about that. Could be. I wouldn't know for certain because SP1 was long since applied to every WinXP machine around here.[/quote]

Just for reference "This security patch requires the released version of Windows XP or Windows XP Service Pack 1 (SP1). "

Bill

 

prosaic

Senior member
Oct 30, 2002
700
0
0
That's good information for us to have. That would mean that the inability of the TO to install the patch has nothing to do with the fact that SP1 hasn't been installed on the system.

Do my old gray cells serve me correctly when they suggest that there was at least a minimum service pack level required in Windows 2000 before the patch could be installed?

- prosaic
 

bsobel

Moderator Emeritus<br>Elite Member
Dec 9, 2001
13,346
0
0
Do my old gray cells serve me correctly when they suggest that there was at least a minimum service pack level required in Windows 2000 before the patch could be installed?

Yep, SP2 or higher ("This security patch requires Windows 2000 Service Pack 2 (SP2), Windows 2000 Service Pack 3 (SP3), or Windows 2000 Service Pack 4 (SP4).") The 2k SP requirement is probably where all the XP sp confusion has come from.

Bill
 

prosaic

Senior member
Oct 30, 2002
700
0
0
Now let's give credit where credit is due. The confusion on that issue (at least in this thread) must be attributed to me! ;)

- prosaic