PDA

View Full Version : Is this a virus



heaton
22-08-2004, 03:04 PM
Using Win XP home edition .Firefox browser and all critical updates downloaded to date, AVG [ up to date ], spybot and zone alarm firewall.
Switched on computer and created restore point , a thing I do each day. Accessed this website and read some posts. While this going on a little balloon popped up in the tray saying " updates are ready for your computer.Click here to download these up dates.
Clicked on and up came a panel with the little Microsoft Logo which looks like a globe with the Microsoft Windows flag on top. Top of panel says " Choose updates to download."
two rectangular panels : top one says " update title ", lower one says ' details ."
Nothing in either panel.
Being a bit suspicious of this I pressed the close button and went back to my start up and in programmes clicked on Windows Update which I normally do.
Now I normally get a Microsoft Website which tells me than it will scan my computer and tell me if there are any updates which I have not downloaded. I then have the choice of what I want to download and I have always downloaded the critical updates. This website looked a bit different and gave you two choices. 1. Do a fast download [recommended] or 2. Do a custom download which gives you a choice.
Now at this point I clicked on the do a custom download with the intention of exercising an option as to whether I wanted to download it or not.
Nothing seemed to happen so I went out of this and intending to write a posting on this site I tried to log on but was told my computer could not access F1.
I then tried to access one of my favourite photography sites and was told my computer could not access this site. Now starting to get alarmed I tried a third site and although I was still connected to my ISP the computer kept telling me it could not access the site. Now thoroughly paranoic and with that sinking feeling in the lower regions I suddenly though of system restore. So accessing system restore I clicked on restore to when I first started the computer this day and eagerly watched as it went through this process. With a big sigh of relief I clicked on my browser and was able to access F1 again and began this post. QUESTION : Is this a very clever hacker disguised as a Microsoft website or what. I post this in case others may be taken in. Also the little icon in my systems tray is still there and I can't get rid of it. Anybody know how ? Comments welcome please.

Spacemannz
22-08-2004, 03:11 PM
In XP a bubble will appear if there are updates for XP, if automatic updates is enabled. (You can turn this option OFF by My Computer on the desktop, right mouse/properties, Automatic updates.

Is SP1/SP1a installed? Some sites which support Java if SP1 isn't installed may not let you go to them. Depending on whats on the site.

heaton
22-08-2004, 03:31 PM
> In XP a bubble will appear if there are updates for
> XP, if automatic updates is enabled. (You can turn
> this option OFF by My Computer on the desktop, right
> mouse/properties, Automatic updates.

Clicking right mouse button only brings up the panel mentioned in my post. Don't get the normal menu with right clicking. I can turn off the auto updating elswhere but why does this particular icon not work with the right click. This is another thing to make me suspicious.

andrew93
22-08-2004, 05:18 PM
Sounds to me like you recently installed service pack 1 for Windows XP. Is this the case? If so then the Windows firewall is conflicting with ZA (I think I read you had ZA installed) - to get the two working in sync you need to allow truevector to get through the ZA firewall.
HTH

heaton
22-08-2004, 05:32 PM
> Sounds to me like you recently installed service pack
> 1 for Windows XP. Is this the case? If so then the
> Windows firewall is conflicting with ZA (I think I
> read you had ZA installed) - to get the two working
> in sync you need to allow truevector to get through
> the ZA firewall.
> HTH

No I have not recently installed service pack 1. I have had it installed for yonks. I went onto Microsofts website for downloads thru my normal method i.e. clicking on Windows Updates in program files and it seems to me they have changed their format a bit. There are no updates there for my computer. I have sibmitted a query to them but sudden changes in the normal method of the past two years gives rise to suspicions. Why do they do this to paranoid skitsoes like me ???

Oxie
22-08-2004, 05:39 PM
heaton

When you go to the Windows Update site does it show V5 instead of V4 in the URL (address)? This would account for the new look on the page. The last lot of updates I received were relayed differently to me as well - different interface. I wonder if you were downloading SP2?

Oxie (Lyn)

tommy
22-08-2004, 05:43 PM
It sounds like you have the new version of Windows auto-update. Have a look at these two threads:
http://forums.windrivers.com/showthread.php?t=61796
http://www.computing.net/windowsxp/wwwboard/forum/113168.html

If they do not fit your situation you may have a different problem.

Jen C
22-08-2004, 06:40 PM
It does sound like XP SP2 has started to download as they are drip feeding it to the XP Home users first (guess this involves the greatest numbers). Oxie is correct with the v5 update website that you are now seeing. It does look different and gives you different options now (express and custom etc).

I installed SP2 manually after downloading the .exe off the Jetstreamgames server realm before they removed it. Afterwards I couldn't connect to any website although I still could ping them. Turned out my firewall (Agnitum Outpost) and SP2 was having a wee fight in the background over what application was allowed internet access even though I had disabled the XP firewall which had been automatically reactivated. I simply reset the permissions for the browsers in the Outpost firewall and it worked fine after that.

heaton
22-08-2004, 07:54 PM
> It does sound like XP SP2 has started to download as
> they are drip feeding it to the XP Home users first
> (guess this involves the greatest numbers). Oxie is
> correct with the v5 update website that you are now
> seeing. It does look different and gives you
> different options now (express and custom etc).
>
Ok thanks people. It seems others are just as mystified as me. I have not downloaded nor have I installed anything. I am waiting for the SP2 disk so if this drip feeding is done without my permission I think it a bit on the nose. Anybody else here on F1 experiencing the same as those on the other websites quoted in the other post ???

andrew93
22-08-2004, 08:54 PM
Oh for 1 number! I meant SP2 (but typed SP1 in error) as it has only recently come out and I have been experiencing the same problems, it's no mystery, look at your zone alarm versus the Windows firewall