1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Microsoft security patch?

Discussion in 'Virus & Other Malware Removal' started by starchild, Apr 2, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. starchild

    starchild Thread Starter

    Joined:
    Sep 17, 2002
    Messages:
    2,111
    I recieved this (below) in my Outlook Express email, and I've gotten wary of attachments (even though it says it's certified virus free, anyone can say anything)

    It also came in my Yahoo Mail, but didn't have the option that's usually there to scan the attachment.

    I "SAVED TARGET AS" desktop, and scanned it with AVG and The Cleaner and it was fine. It said P161976.exe on it.

    I clicked on it (on desktop) and it said it wasn't a valid windows file.

    I'm thinking I have to click on the actual attachment in the Yahoo Mail?

    I think there is a long thread about this on here, but I couldn't understand a lot of it, and it's now CLOSED so I can't ask if this is the same thing and if I need it, and should try to find it elsewhere, IF it won't open/install from the email?

    I have I.E.6 and WIN98 SE (which seems to work fine)

    Most of the time I don't try looking for updates and patches, because I'm not sure what they are, if I need them, and as I said it seems to work okay the way it is.

    Thanks,
    Carrie

    Microsoft Customer

    this is the latest version of security update, the
    "April 2003, Cumulative Patch" update which eliminates
    all known security vulnerabilities affecting Internet Explorer,
    Outlook and Outlook Express as well as five newly
    discovered vulnerabilities. Install now to protect your computer
    from these vulnerabilities, the most serious of which could allow
    an attacker to run executable on your system. This update includes
    the functionality of all previously released patches.

    System requirements Win 9x/Me/2000/NT/XP
    This update applies to Microsoft Internet Explorer, version 4.01 and later
    Microsoft Outlook, version 8.00 and later
    Microsoft Outlook Express, version 4.01 and later
    Recommendation Customers should install the patch at the earliest opportunity.
    How to install Run attached file. Click Yes on displayed dialog box.
    How to use You don't need to do anything after installing this item.

    Microsoft Product Support Services and Knowledge Base articles
    can be found on the Microsoft Technical Support web site.
    For security-related information about Microsoft products, please
    visit the Microsoft Security Advisor web site, or Contact us.

    Please do not reply to this message. It was sent from an unmonitored
    e-mail address and we are unable to respond to any replies.

    Thank you for using Microsoft products.

    With friendly greetings,
    Microsoft Network Security Division

    --------------------------------------------------------------------------------
    ©2003 Microsoft Corporation. All rights reserved. The names of the actual companies
    and products mentioned herein may be the trademarks of their respective owners.

    ---
    Outgoing mail is certified Virus Free.
    Checked by DrWeb32 anti-virus system (http://www.drweb32.com).
    Release Date: 13.3.2003
     
  2. Corrosive

    Corrosive

    Joined:
    Jan 9, 2003
    Messages:
    1,058
    If you havn't signed up to MS about patch updates or whatever, I would update AVG if I were you, as this does sound like a virus. Next time, don't even contemplate double clicking on any .exe or .pif files that you recieve in an email, as they're probably viruses. I'll be back in a moment...

    Edit: Well, I think that this might well be a legitamate patch. Google doesn't come up with anything, and neither does Symantec. I would install it if I were you.
     
  3. starchild

    starchild Thread Starter

    Joined:
    Sep 17, 2002
    Messages:
    2,111
    I never got patch updates from msn before.

    I have both AVG (which tells me when it needs updating and has found viruses in the past) and The Cleaner.

    That's why I downloaded it to the desktop, in order to scan it.

    I was recently looking through Outlook Express and saw there was a box checked to NOT let attachments come in. I unchecked it. They won't hurt unless I open them, right?

    And if I see them I can save them on a floppy or something and scan them first.

    I've gotten into the habit of doing this.

    I vaguely remembered reading something, (awhile ago) about a virus that came in saying it was a msn update.

    I know there's the hoax that says to delete the teddy bear icon file. :)

    ~ Carrie
     
  4. Corrosive

    Corrosive

    Joined:
    Jan 9, 2003
    Messages:
    1,058
    Then it might actually be a hoax. I'm not sure, but because nothing came up in Google, no-one really seems to be trying to debunk this story as a hoax. You might want to email Microsoft customer support to see if they have heard of this, and if so why they sent it to you and how they got you're email addy.

    You said that you don't understand about patches (in the first post: I missed that bit). Well, sit down on daddy's knee and we'll begin...

    First off, the "What" part. A patch is like a sticking plaster on a burst pipe; it's there to fix things. Whenever you program something, it's inevitable that you will make mistakes, and this is especially true when it comes to very complex bit's of software, like an operating system. Patches are released to fix these problems and sometimes to allow for any new forms of technology. For instance, USB support in the very first version of Windows 98 was appaling, basically because the uptake of this technology was rather slow. As it increased, more and more people began to experiance problems with anything plugged into a USB port, MS decided they should release a patch, and lo-and-behold, people could start using their USB compatable peripherals!

    Whether you need the patch generally depends on what the patch is for. If they released a patch to allow Windows to drive you to work and back every morning (brr), and you didn't need that functionality, then you wouldn't really need to get the patch. However, if it's like this one, where they are patching up pretty major security flaws, downloading them is a rather good idea.

    I hope I've helped a bit.
     
  5. starchild

    starchild Thread Starter

    Joined:
    Sep 17, 2002
    Messages:
    2,111
    Thanks for the info.

    Sometimes I feel like a sponge (LOL)

    I'm just going to wait a bit and see if anyone else knows about this. It might be new.

    I put it in www.snopes.com with is urband legands and hoaxes, and it didn't come up

    I know it says on the bottom it's certified virus free, but if it was a virus it could say that, too.

    It came in BOTH my emails, the Outlook Express on (I rarely use, but my earthlink account and eBay uses it) and Yahoo mail.

    Usually Yahoo has an option of virus scanning when an attachment comes in. This time it just said "save to my Yahoo briefcase" and "download".

    If you notice it gives kind of a funny email address it's from.

    Microsoft Network Technical Support" <[email protected]>

    full header:


    X-Apparently-To: [email protected] via 66.218.93.31; 02 Apr 2003 09:41:08 -0800 (PST)
    Return-Path: <[email protected]>
    Received: from 24.153.64.115 (EHLO smtp.comcast.net) (24.153.64.115) by mta431.mail.yahoo.com with SMTP; 02 Apr 2003 09:41:08 -0800 (PST)
    Received: from ImVGx (pcp527404pcs.nash01.tn.comcast.net [68.52.154.30]) by mtaout09.icomcast.net (iPlanet Messaging Server 5.2 HotFix 1.14 (built Mar 18 2003)) with SMTP id <[email protected]>; Wed, 02 Apr 2003 12:41:06 -0500 (EST)
    Date: Wed, 02 Apr 2003 12:41:05 -0500 (EST)
    Date: Date header was inserted by mtaout09.icomcast.net
    From: "Microsoft Network Technical Support" <[email protected]> | This is spam | Add to Address Book
    Subject: New Network Security Update
    To: Microsoft [email protected],
    Message-id: <[email protected]>
    MIME-version: 1.0
    Content-type: multipart/mixed; boundary="Boundary_(ID_7Y5XGkFLFezDPFFWk66tQw)"
    Content-Length: 1697

    Maybe I'm being paranoid. Maybe Stephblansett and "iplanet messaging server" is just a mass mailer.

    Something about it doesn't seem quite right.

    I'm not even sure I should click the CONTACT link in it to get back to msn about it.

    I've written to them with questions (from their site) before and never got a response.

    That was a long time ago, and I don't remember what email I was using at the time, but you're right, where did they get my email addresses (both of them)?


    ~ Carrie
     
  6. starchild

    starchild Thread Starter

    Joined:
    Sep 17, 2002
    Messages:
    2,111
    I've been looking all over the microsoft website and can't find anyplace writing to ask about the emails I got (about the security patch) comes in.

    I did find their newsletter which has a Feb 2003 update notice, (not the same).

    I've never been able to find anything on their website yet, so doubt I can this time. I seem to go in circles. The emails I'd find are for product support. I found one page to fill in what my question or comment was about, and clicked NEXT and the page with the help, etc. links on it came back up!

    Maybe someone who knows more about doing this can send this and ask them about it? I put the full header on.

    It's PROBABLY legit, but something about it just seems a bit off.

    It also came into my Outlook Express mail, which has an earthlink address.


    X-Apparently-To: [email protected] via 66.218.93.31; 02 Apr 2003 09:41:08 -0800 (PST)
    Return-Path: <[email protected]>
    Received: from 24.153.64.115 (EHLO smtp.comcast.net) (24.153.64.115) by mta431.mail.yahoo.com with SMTP; 02 Apr 2003 09:41:08 -0800 (PST)
    Received: from ImVGx (pcp527404pcs.nash01.tn.comcast.net [68.52.154.30]) by mtaout09.icomcast.net (iPlanet Messaging Server 5.2 HotFix 1.14 (built Mar 18 2003)) with SMTP id <[email protected]>; Wed, 02 Apr 2003 12:41:06 -0500 (EST)
    Date: Wed, 02 Apr 2003 12:41:05 -0500 (EST)
    Date: Date header was inserted by mtaout09.icomcast.net
    From: "Microsoft Network Technical Support" <[email protected]> | This is spam | Add to Address Book
    Subject: New Network Security Update
    To: Microsoft [email protected],
    Message-id: <[email protected]>
    MIME-version: 1.0
    Content-type: multipart/mixed; boundary="Boundary_(ID_7Y5XGkFLFezDPFFWk66tQw)"
    Content-Length: 1697





    Microsoft Customer

    this is the latest version of security update, the
    "April 2003, Cumulative Patch" update which eliminates
    all known security vulnerabilities affecting Internet Explorer,
    Outlook and Outlook Express as well as five newly
    discovered vulnerabilities. Install now to protect your computer
    from these vulnerabilities, the most serious of which could allow
    an attacker to run executable on your system. This update includes
    the functionality of all previously released patches.

    System requirements Win 9x/Me/2000/NT/XP
    This update applies to Microsoft Internet Explorer, version 4.01 and later
    Microsoft Outlook, version 8.00 and later
    Microsoft Outlook Express, version 4.01 and later
    Recommendation Customers should install the patch at the earliest opportunity.
    How to install Run attached file. Click Yes on displayed dialog box.
    How to use You don't need to do anything after installing this item.

    Microsoft Product Support Services and Knowledge Base articles
    can be found on the Microsoft Technical Support web site.
    For security-related information about Microsoft products, please
    visit the Microsoft Security Advisor web site, or Contact us.

    Please do not reply to this message. It was sent from an unmonitored
    e-mail address and we are unable to respond to any replies.

    Thank you for using Microsoft products.

    With friendly greetings,
    Microsoft Network Technical Support

    --------------------------------------------------------------------------------
    ©2003 Microsoft Corporation. All rights reserved. The names of the actual companies
    and products mentioned herein may be the trademarks of their respective owners.



    Attachment


    patch298.exe
    .exe file Save to my Yahoo! Briefcase
    Download File
     
  7. starchild

    starchild Thread Starter

    Joined:
    Sep 17, 2002
    Messages:
    2,111
    I hit REPLY in the message that came into my Yahoo mail (about the security patch) and asked about it.

    Today I received a notice back saying it couldn't be delivered, it's an auto mailer.

    Didn't have any info on it but that.

    Also got the same thing back into my Outlook Express mail (where the original emal about the patch had come ALSO) and I didn't send anything back to them from there.

    I also got an email in my Outlook Express mail from someone:

    Jose Alfredo Monter Martinez <[email protected]>

    Which says in the subject like "Look at that security patch which comes from Microsoft".

    There was nothing in the message part (text) just a long list of people it was forwarded to. There was an attachment with it, but after getting the email about the patch (with attachment) yesterday, I had set OE back to not allowing any attachments that might be dangerous.

    Maybe the text message about it was in an attachment.

    I have written back to the sender and asked about it.

    All I can find on the microsoft website is about a Feb 2003 update patch, the email said it was "April 2003 update patch".

    I don't know if it's connected by since yesterday afternoon my Earthlink connection has only been around 310000 bps (usually high 40-into 50's) and it disconnects every 5-10 mins I'm online.

    I was going to call Earthlink last night, but thought if it's their problem they'd fix it. And, I don't have a really good phone cord (planning on getting a better one today). Thought I've been using it for years, and it's been fine.

    ~ Carrie
     
  8. TOGG

    TOGG

    Joined:
    Apr 2, 2002
    Messages:
    5,862
    starchild,

    Can't find any authority at the moment but I'm sure MS NEVER distribute patches by e-mail.

    If you think about it, how could they find everybody who needs the patch.

    I have signed up to receive e-mail notification of updates but that just directs me to the Update site. I don't receive attachments from MS.
     
  9. TOGG

    TOGG

    Joined:
    Apr 2, 2002
    Messages:
    5,862
  10. Corrosive

    Corrosive

    Joined:
    Jan 9, 2003
    Messages:
    1,058
    Thanks TOGG, I never knew that about MS. I apologise.

    This is starting to sound a bit like a trojan to me, and possibly something like Back Orifice Server. You might want to contact Symantec, Trend or another AV company and ask if they've heard about this, and if not they might be able to analyse the file for you.
     
  11. TOGG

    TOGG

    Joined:
    Apr 2, 2002
    Messages:
    5,862
    Corrosive,

    No apology necessary as far as I'm concerned and no harm done presumably.

    Hopefully, if carrie had opened the attachment, her AV or The Cleaner would have caught it before it could do any harm. I have got the Cleaner but, seeing as it isn't updated very often these days, I have Trojan Remover as a backup although it isn't a real time scanner of course.

    As a paranoid user I often read the Symantec details about various worms and trojans and it is surprising how many of them have obvious factual or grammatical errors which give them away.

    In this particular case, supplying the url of an anti virus based in Russia and suggesting MS used it was not too convincing (unless that was the bug and I've got it now - silly me!). Perhaps I'd better run a few scans just in case. Cheers!
     
  12. starchild

    starchild Thread Starter

    Joined:
    Sep 17, 2002
    Messages:
    2,111
    It says return path [email protected]

    I looked all over comcast website to find an address to contact them about this. Finally found a "feedback form" with an option of "other" so discribed it and gave the above name. Though it seems to be mailed from an auto mass mailer.

    Maybe a miscrosoft fan? :)

    I did try and open the attachment. After saving it on the desktop and virus scanning it with AVG (recently updated) and "the Cleaner" (I haven't had too long).

    A box came up saying it was no a legit file and I didn't think it openned or did anything.

    Today I virus scanned with AVG and The Cleaner.

    I have tried to open files (without thinking) and had AVG pop up a big red box saying it contains a virus (or trojan)!

    I've also had it find a virus and contain it, in a routine scan.

    Those were all from having kazaa lite installed.

    So, it is on the job and does work.

    How can I tell if it's done anything to my computer?

    Since yesterday afternoon, I noticed my connection hasn't been faster than 31,200 bps and it disconnects every 5-10 mins. I thought it might be an Earthlink problem (they give problems on their website but some are kind of vague and not too specific to an area).

    I also thought it might be a phone cord I've been using for 4 1/2 years I "made" from extension cord wire (from a coil of it) with spliced phone plug ends on it. It runs all around one room and into another.

    It started out as temp (4 1/2 years ago). I am getting a REAL phone cord today and going to try that.

    But, I am not using another computer (I've been working on, reinstalling windows, etc) plugged in with a small "real" phone cord and it's connected at 45333 and hasn't gone off yet, in 20 mins.

    I'm going to try downloading something, I was trying this yesterday (on the one I've been working on) and it would start downloading and disconnect.

    Which was where I go the idea it was an overall Earthlink problem.

    I didn't open any attachments on this one.

    Let me know if anyone finds out anything.

    I did think something was funny about the attachment with the patch (I'd never gotten this before) and getting it at both my emails. But, at the same time I saw the microsoft name and figured it was important.

    I am also going to see if that's a real website listed at the bottom saying it's certified virus free.

    ~ Carrie
     
  13. TOGG

    TOGG

    Joined:
    Apr 2, 2002
    Messages:
    5,862
    Carrie,

    See my earlier post. Microsoft do NOT distribute patches by e-mail. What you have is an attempt to install a worm or trojan and you should delete the e-mail and its attachment.

    Even clicking on the link within the e-mail could be dangerous. I did, and 10 seconds later realised how foolish I had been. Everything seems OK so far but when I sign off I'm going to scan my whole computer for trojans.

    There is a website which I thought was Russian because it mentioned St Petersburg but then I remembered that you've got one in Florida haven't you?
     
  14. vesselle

    vesselle

    Joined:
    Feb 16, 2003
    Messages:
    291
    hey...

    i'm a long-standing member of MSN and a user of MS products. i think that if that was a cumulative patch for all of MS customers, i woulda gotten it too. and my bf and my friends, who all use MS operating systems and peripheral software.

    i've spoken with tech support at MSN and MS both many times in my career, and they've always told me the same thing. they NEVER contact users by email, esp with patches and security updates.

    the only way you can ever know its completely official is if you get directly off the MS site or thru your internet connection by linking up to their download site.

    so, either report that as a fake or just throw it away. it's definitely not gonna do something nice and helpful to your system if you use it. :( honestly, the lengths that people will go to screw around with other people. it just never ceases to amaze me.

    at least you have something concrete. if i were you, i'd consider sending it to Snopes.

    V***V
     
  15. starchild

    starchild Thread Starter

    Joined:
    Sep 17, 2002
    Messages:
    2,111
    Apparently that website (DrWeb)is in Russia

    Our activity is under
    The License of State Technical Commission by President
    of Russian Federation
    N 000309, LG 0007
    on information protection activity.

    There is a St.Petersburg in Florida USA, also.

    I still don't understand it, and what the DrWeb website it, that certifies email as virus free- but apparently sends a virus?

    I wasn't really sure at first (didn't know about MSN not sending patches till after I posted it here) and 2 virus scans said it was okay.

    After I scanned it, and clicked on it on the desktop it said it wasn't a legit file.

    I'm still not finding anything with the virus scans. I did one online pcpittstop, but my connection disconnected. It said that it would keep scanning if that happened and I'd have to go back on to see the results, and I did and just got the h ome page.

    I guess I'll have to wait till I find out more about it.

    ~ Carrie
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/126868

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice