Newsletter Archives

  • Malicious Software Removal Tool update, KB 890830, throwing weird WinXP (!) EULA prompts

    Posted on November 15, 2018 at 05:11 CST by Comment in the Forums

    If I’d seen it once, I’d just disregard it as another bizarre Microsoft bug. But we have three reports now, like this one from @Morat:

    I’m running Windows 7 Pro 32-bit. MSRT Nov 2018 KB890830 popup notice says, “Prerelease Version of Service Pack 2 for Microsoft Windows XP Professional, Home, Media Center, or Tablet PC Edition END-USER LICENSE AGREEMENT FOR PRERELEASE CODE”. What the heck… prerelease code for Windows XP?

    There’s confirmation from @bsfinkel and from an anonymous poster.

    Looks like there’s a bug in KB 890830 for 32-bit Win7 — Prerelease code for XP? Pshaw.

    Thx, @Microfix

    Windows Patches/Security , , ,

  • The “new” XP patch KB 982316 is a dud, but the new MSRT is for real

    Posted on May 23, 2017 at 06:12 CDT by Comment in the Forums

    Yesterday, I wrote about the mysterious “new” Windows XP patch KB 982316. There’s speculation all over the web that Microsoft is now patching Windows XP again.

    Wrong.

    @abbodi86 dug in and confirmed:

    The digital signature of the downloaded file indicates that it’s still the same old one, “Monday, ‎June ‎14, ‎2010”. So this is just a review/renew of the download page for some reason

    On the other hand, the new Malicious Software Removal Tool, KB 890830, is very real. An anonymous poster notes that it’s marked “Important” in Windows 7. The Windows Update list says that the program has changed, and the metadata has changed. @ch100 theorizes that it’s a WannaCry detector, which is confirmed in the Technet post Customer Guidance for WannaCrypt attacks:

    Update 5/22/2017: Today, we released an update to the Microsoft Malicious Software Removal Tool (MSRT) to detect and remove WannaCrypt malware. For customers that run Windows Update, the tool will detect and remove WannaCrypt and other prevalent malware infections. Customers can also manually download and run the tool by following the guidance here. The MSRT tool runs on all supported Windows machines where automatic updates are enabled, including those that aren’t running other Microsoft security products.

    As I’ve said many times over the past week, WannaCrypt only attacks Windows 7. No matter which version of Windows you have, you’d be well advised to run the new MSRT and see if it picks up any vestiges.

    (Historical note: Microsoft’s sticking to the “WannaCrypt” name while most of the popular press has moved to “WannaCry.” I switched from WannaCrypt to WannaCry, too, in response to an edit. The worm calls itself “Wana Decrypt0r” with a zero. Malware researchers pick their own names, and there’s no central authority assigning names to specific infections. It’s all about branding, folks — I guess “WannaCry” sounds more compelling.)

    Windows Patches/Security , , , ,

  • Born: Microsoft Malicious Software Removal Tool update KB 890830 causing problems

    Posted on April 12, 2017 at 19:18 CDT by Comment in the Forums

    Günter Born, posting on his Born’s Tech and Windows World blog, lists several problems with this month’s MSRT.

    Access violations during install error 0xc0000005

    Blocks other updates

    Collides with other AV software

    Born has links to Norton, Avast, and a discussion on Bleeping Computer.

    Windows Patches/Security , ,

  • Running the Malicious Software Removal Tool while keeping it from phoning home

    Posted on April 3, 2009 at 06:10 CDT by Comment in the Forums

    With the Conficker scare finally behind us (see! I toldja so!), I got an interesing message from an old friend who ran Microsoft’s Malicious Software Removal Tool, but figured out how to keep the MSRT from phoning home during the run.

    Here’s what he says:

    The Malicious Software Removal Tool EULA tries to get you to give permission for MSRT to “phone home”, in order to give MS a feel for how many infections, and on which versions of Windows, are out there in the wild. Sadly, MS has SUCH a bad track record about saying one thing and doing quite another– reporting home with ALL software names (not just the apps being updates nor just MS’s apps– ALL software and version #s on your PC get reported) and version numbers during a software patch, for example– that MS can’t be trusted to be telling the truth in their EULA.

    The EULA also warns that the MSRT won’t work after 60 days, and that sharing/redistributing/copying the file is prohibited.

    Interestingly, deeply buried in one of the support the website, there’s a way for PC nerds to block MSRT’s phone-home. It involves entering two new keys in the Windows registry: definitely not something for a n00b to do. Strangely, MSRT has a lot of command-line switches like “find but don’t fix malware”, but MS didn’t bother to make “don’t phone home” one of those command-line switches.

    Anway, I didn’t connect my Wi-Fi, thus eliminating the possibility that MSRT could phone home. I then ran MSRT twice, first using “rapid scan” and then “complete scan”. It took 5 minutes to do a simple scan, and found nothing. It took 8 hours to do a complete scan of 1 terabyte of data in 14 partitions, during which it discovered and “partly uninstalled” three viruses. During the procedure, Avira’s resident shield twice popped up to deal with those viruses. One “virus”, by the way, was a fragment of the driveby malware that sat on AskWoody.com early last year, and which I’d stored in email and in a text file. Avira routinely finds the fragment in the text file, but had never before spotted the code in my email.

    Clearly, MSRT found and somehow “revealed” these viruses in such a way that Avira could find and delete’em.

    MSRT appeared to complete normally, and –again– was fully prevented from phoning home by the simple expediency of shutting off the WiFi during that Windows session.

    MSRT created several randomly named, easily deleted folders with hidden files, branching off the root directories, on at least two of my partitions.

    Just one note from me: Microsoft is allowing Web sites to distribute the MSRT. If you look at Knowledge Base article 890830, MS says, “Per the terms of this tool’s license terms, the tool can be redistributed. However, make sure that you are redistributing the latest version of the tool.”

    Windows Patches/Security , , , , ,
DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    April 2025
    S M T W T F S
     12345
    6789101112
    13141516171819
    20212223242526
    27282930  

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.