Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Apr 13 Windows updates disabled OSI scan in Firefox

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Open Discussions

This thread has been marked as resolved.
Glixx Apr 13 Windows updates disabled OSI scan in Firefox
Member 14th Apr, 2010 11:07
Ranking: 0
Posts: 4
User Since: 14th Apr, 2010
System Score: N/A
Location: US
When I click on the link inside today's Secunia's reminder e-mail in Outlook Express, the page begins to load, but then Firefox shuts down when just the top 1/5 is showing - same on 5 tries.

These updates also forced Outlook as default email program, and when I reset OE as the default e-mail program, the setting gets hijacked back to Outlook on boot or clicking desktop OE icon. The update also reset my default browser to "use current" instead of Firefox, and reverts as well. VERY annoying.

Further, Spybot Search and Destroy blocked a malicious registry change during the update! Here is the report:

4/13/2010 7:18:13 PM Encountered and terminated Win32.RJump.c in C:\WINDOWS\system32\msiexec.exe!

Anyone else having similar problems? Any workaround suggestions?



Post "RE: Apr 13 Windows updates disabled OSI scan in Firefox" has been selected as an answer.
Glixx RE: Apr 13 Windows updates disabled OSI scan in Firefox
Member 14th Apr, 2010 11:12
Score: 0
Posts: 4
User Since: 14th Apr 2010
System Score: N/A
Location: US
I just now tried the "Scan Now" icon above. The page aborts in the same fashion.
Was this reply relevant?
+0
-0
Maurice Joyce RE: Apr 13 Windows updates disabled OSI scan in Firefox
Handling Contributor 14th Apr, 2010 11:25
Score: 11626
Posts: 8,915
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Last edited on 14th Apr, 2010 11:34
Looks like U have picked up a worm.

Type this in your search box:

Win32.RJump.c

Read all about it. Best U go to your virus prevention vendor & get the fix.

Edit: Spybot solution is here:

http://forums.spybot.info/showthread.php?t=39052

If this post has solved your problem could you please select the ACCEPT option. This will lock the thread and stop you & I from receiving unnecessary update emails.


--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+1
-0
ddmarshall RE: Apr 13 Windows updates disabled OSI scan in Firefox
Dedicated Contributor 14th Apr, 2010 16:17
Score: 1205
Posts: 957
User Since: 8th Nov 2008
System Score: 98%
Location: UK
More information about this worm can be found here:

http://www.microsoft.com/security/portal/Threat/En...

This is rather an old worm. Is it possible that this is a false positive and Spybot has prevented the update completing correctly?

Another possibility is that you had malware and the update has broken it.

--
This answer is provided “as-is.” You bear the risk of using it.
Was this reply relevant?
+0
-0
Glixx RE: Apr 13 Windows updates disabled OSI scan in Firefox
Member 14th Apr, 2010 22:42
Score: 0
Posts: 4
User Since: 14th Apr 2010
System Score: N/A
Location: US
Thanks M.J. and ddm for your help. Just now came back here through a thread answer notification email link. Tried the Scan Now button above, and it aborted Firefox as before. The program default settings still get changed back from the settings I designate.

Here is what I have done:

-Before I first came here for advice, I removed the Outlook Junk Filter update I had accepted yesterday. Don't use Outlook.

-Searched as MJ recommended. I understand the concept of this trojan/worm, but don't understand enough about the OS to mess with the registry on my own. Don't understand how to "search globally" either.

-Updated and ran Spybot S&D, RunAlyzer and RootAlyzer - all negative for malware

-Ran msconfig - found none of the terms listed in the Spybot Manual Removal Guide, but was afraid to do anything more than just look at each tab

-Updated and ran MalwareBytes - no malware detected

-Went to the MS link ddm gave and ran the full works - no malware detected; 286 registry entries fixed; 631 MB Office Setup files removed or compacted (I use CCleaner religiously and always clean the reg with it after any software uninstalls, so this puzzles me); everything else fine

-Did another CCleaner registry check just after trying to scan here, getting aborted and before coming back here thru email link - TONS of stuff there now. I did not remove any of it. I have 2 screen shot .bmp's if you want to see what it found.

Remembering when I did the custom download/install of the MS updates yesterday, an Adobe update box came up at the same time, which I accepted. Now I'm thinking this "bug" was in that.

Also, I have no open ports - took care of that months ago. Maybe this is ignorant, but if the only app running is MS update with IE8 and no other open ports, did this piggyback from the MS update website?

Any other suggestions, guys? Thanks tons for your help again.
Was this reply relevant?
+0
-0
Maurice Joyce RE: Apr 13 Windows updates disabled OSI scan in Firefox
Handling Contributor 15th Apr, 2010 01:15
Score: 11626
Posts: 8,915
User Since: 4th Jan 2009
System Score: N/A
Location: UK
These things can be tricky & I note your reluctance to enter the registry.

We are a little off topic but I can still try to help U.

Have U tried HijackThis? Read about it here:

http://en.wikipedia.org/wiki/Hijackthis

If U want to try this tool download it from here:
http://download.cnet.com/Trend-Micro-HijackThis/30...

Once downloaded if U are not sure what it all means U can save the log file (it will be fairly lengthy) & send it to me at:

maurice.joycepsi@btinternet.com

I will happily take a look & advise U further by return email.

I would advise U not to tinker with removals unless U are absolutely sure of the consequences of that action.

If U wish to send the file to me could U please close this thread to stop U & I getting any more unnecessary update emails.




--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+1
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability