MyDoom/Zindos removal tool offered erroneously via AutomaticUpdates?

• Previous message: Jannie Hanekom: "Windows XP SP2: Hang on ASUS P4P800-E Deluxe with Intel with BIOS older than v1002"
• Next in thread: Russ: "Re: MyDoom/Zindos removal tool offered erroneously via AutomaticUpdates?"
• Maybe reply: Russ: "Re: MyDoom/Zindos removal tool offered erroneously via AutomaticUpdates?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date:         Fri, 13 Aug 2004 09:11:37 +1000
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

On one of my home PCs - which is behind the correctly-configured
firewall in my dsl modem, and also uses the Windows XP firewall, - and
which always gets updated with AutomaticUpdates, has (and always has
had) up-to-date virus protection, I was offered the MyDoom and Zindos
Removal tool in WindowsUpdate as a Critical Update.

http://support.microsoft.com/?kbid=836528

I clicked on the more information link and was told that if I'm being
offered this, it is because I'm likely infected with the worm.

Anyway, (surprise surprise), running the tool didn't find any infection.
Neither did a full scan with Norton Antivirus using current definitions.

Has anyone else been offered this download? I'd love to know what
criteria they used to determine I was infected.

I note that Zindos.A is used to create a date-triggered DoS attack
against Microsoft.com.. perhaps they are being over-cautious..

Glenn

-----
NTBugtraq Editor's Note:

Want to reply to the person who sent this message? This list is configured such that just hitting reply is going to result in the message coming to the list, not to the individual who sent the message. This was done to help reduce the number of Out of Office messages posters received. So if you want to send a reply just to the poster, you'll have to copy their email address out of the message and place it in your TO: field.
-----

• Previous message: Jannie Hanekom: "Windows XP SP2: Hang on ASUS P4P800-E Deluxe with Intel with BIOS older than v1002"
• Next in thread: Russ: "Re: MyDoom/Zindos removal tool offered erroneously via AutomaticUpdates?"
• Maybe reply: Russ: "Re: MyDoom/Zindos removal tool offered erroneously via AutomaticUpdates?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: How to enable RPC service in Windows XP ... You need to install and use ... Update regularly to keep your version of Windows current... ... You connected to the internet without a firewall on your computer. ... infection not only by SASSER, but also by the thousands of other worms, ... (microsoft.public.windowsxp.security_admin) RE: IE Malware / Spyware Control Methods ... Hardware firewall preferably. ... Any Windows box is going to have unpatched potential open vulnerabilities. ... > tough part of this is that such malware has multiple instances/threads ... > web browser that isnt subject to malware infection but doing so ... (Incidents) Re: w32.SASSER ... turn on the firewall that comes with your Windows ... This, along with frequent Windows Updates, should prevent future infection. ... Microsoft MVP - Windows Security ... (microsoft.public.scripting.virus.discussion) Re: help !! ... turn on the firewall that comes with your Windows ... This, along with frequent Windows Updates, should prevent future infection. ... Microsoft MVP - Windows Security ... (microsoft.public.security.virus) Re: Guide to secure installtion of IIS 5 ... don't forget a well-configured firewall. ... Do not put the computer onto the network or the Internet until after the ... Follow the instructions for hardening Windows and IIS at ... Install all service packs and security fixes from Microsoft and otherwise ... (microsoft.public.inetserver.iis.security)