locked
rogue antivirous kb 936181 RRS feed

  • Question

  •  

    i keep getting up date adviser and i all ready updated this just learned it rogue adware or a virous please help iv tryed everything window live one want touch it
    Saturday, September 6, 2008 5:45 PM

Answers

  • Paul, the KB936181 update causes quite a bit of trouble by getting stuck in the update list, but it’s not really malware because the authors didn’t harbor any malicious intent when they created it. With their present set of tools it’s virtually impossible for developers to predict or test every possible software interaction, and thus the law of unintended (negative) consequences still prevails. Here is the official solution to the KB936181 update problem: http://support.microsoft.com/kb/941729/en-us

     

    GreginMich

     

    Saturday, September 6, 2008 11:28 PM

All replies

  • Paul, the KB936181 update causes quite a bit of trouble by getting stuck in the update list, but it’s not really malware because the authors didn’t harbor any malicious intent when they created it. With their present set of tools it’s virtually impossible for developers to predict or test every possible software interaction, and thus the law of unintended (negative) consequences still prevails. Here is the official solution to the KB936181 update problem: http://support.microsoft.com/kb/941729/en-us

     

    GreginMich

     

    Saturday, September 6, 2008 11:28 PM
  • greg do you work for microsoft or something i read so much this last week about rouge software well tell me why all  these software company were right behind the add about getting the rouge sofeware off my pc  ///this was more then just a small problem i had to buy bitdefiender that did nort work nither did onecare  ot none of the rest i tryed so ya it was a major problem sense my nefew was over here last night till 5 am trying to take it off so they should be a back up system to let the people no about this there still lot of people i talk to think it a selling tool still maybe there something to that dont no but think for info  paul strong

    Sunday, September 7, 2008 7:24 AM
  • Paul, if you spend a little time browsing this forum you will see for yourself that rogue antivirus programs inspire a lot of “panic buying” that definitely benefits the legitimate security software vendors, and some of these companies may be exploiting this, although I haven’t seen that myself. This panic buying is unfortunate for two reasons: First, responding to a rogue infection by installing new security software usually doesn’t help. Most of the major antivirus programs seem to have difficulty detecting and cleaning the latest versions of the rogues. Second, “adding to the arsenal” can do more harm than good if the new antivirus software gets installed on top of the old, without regard for the “only-one-antivirus” and “run-the-clean-up-first” rules. These rules are repeated day after day by the moderators of this forum for good reason. Multiple memory-resident security programs will lead to Security Center conflicts, potential territorial conflicts and, sometimes, serious performance problems that are difficult to diagnose. Here are some general things to consider with respect to rogues:

     

    1.) Unlike most viruses, rogue antivirus programs are highly visible, so you will likely realize immediately that you’re infected, and you will also usually be able to identify the culprit by name without a scan detection. This works to your advantage in the case where your antivirus program fails to detect this malware.

     

    2.) If you are infected with a rogue, and your antivirus doesn’t detect and clean the infection, then first work with your vendor’s Support team. This is especially critical with rogue antivirus infections because Tech Support often gets a handle on these things way before the solution can be automated and implemented in the program’s malware engine. Those who are using OneCare can follow these instructions to reach Support:

    http://forums.microsoft.com/WindowsOneCare/ShowPost.aspx?PostID=2421771&SiteID=2

     

    3.) If your security vendor can’t remove the rogue, and you feel compelled to try alternative security software, then run the alternative vendor’s free online scanner. This will save you money and also prevent the problems that come with installing multiple security programs. There are also many online forums that offer manual removal instructions for rogues, and these are very helpful in cases where a software solution can’t be found.

     

    GreginMich

     

    Sunday, September 7, 2008 11:52 PM
  • Paul Strong,

     

    Thank you for visiting the OneCare Program forum for anti-malware issues.

     

    What was/is the status of OneCare and did you make sure to do a Tune-Up to make sure all the updates were installed?

     

    You can also go the Windows Update website and download/install updates from there. Make sure that you do not have any hidden updates.

     

    I would contact Windows Updates using the forum website to inquire about the update itself, as it looks like it is not virus related.

     

    http://www.microsoft.com/windowsxp/expertzone/newsgroups/reader.mspx?dg=microsoft.public.windowsupdate&lang=en&cr=US

     

    Please run the Scan for viruses and spyware in the meantime to ensure that your machine is being protected

    by Live OneCare.

     

    I hope this helps,

     

    Lori MS

     

     

     

    Wednesday, September 17, 2008 7:52 PM
  • Although checking for updates is always good advice, it probably won’t correct this particular issue. This is a known issue with this particular update. According to the referenced Microsoft solution, this problem will not be resolved by simply repeating the update process. In fact that’s exactly what the problem with it is. The solution presented is to run this command: “ren %windir%\System32\msxml4.dll msxml4.old”, and then reinstall KB936181. This command effectively deletes the msxm14.dll file by renaming it. This deletion is necessary prior to repeating the update process because this file has been corrupted or incorrectly installed, and deleting it will allow it to be replaced on the subsequent update. The only way that further updating could solve this problem is if a new update was written specifically to address this issue, and I haven’t seen any indication of that.

    GreginMich

     

    Wednesday, September 17, 2008 10:04 PM