Re: Downloading updates in advance

thnx for the input
i'm not so familliar with the technical side about computers but i'll
explain why i found svchost.exe suspicious

it's not just 1 NIS popup about "MS Generetic Host Process for WIN32 Server"
at startup and then every 15 minutes or so there are 5-10 popups very rapidly
i've updated winxp completely, also fix KB894391

when i open a webpage NIS allows +/- 50 popups for each page i open (not
at this time it's set at 901 allowed coockies
i will now open a webpage... now it's set at 950

at this time i am constantly leaking Mb's both upload and download
and i'm sure it's not me who's generating traffic, i've never had this
before the infection

when i connect to the internet the 1st or 2nd time i pull the plug and start
my pc without internet connection, then my cpu keeps working without me doing
even at this time my cpu works constantly 0-10% variating very rapidly. It's
been working like this for the last half hour. In the beginning even it goes
100% for a long time. I'm abolutely sure this is something abnormal because
i've never occured this in the past. I'm sure that if i leave this like it is
and keep on installing programs and surfing the web my system will run slower
and slower. Before i got infected my cpu kept the 0% status and i had loads
of programs installed, now i have only the 3 main programs installed and
winxp & NIS updated

Based on your logic, my computer must be on life support, it's so infected!
no need to go sarcastic, if you had popups like me and all the other shit
i'm experiencing you would be suspicious about anything, it was just a

NAT router, seems like something pretty essential these days, i'll go by one
as soon as i have some money, even though my pc worked fine before without one

thnx for the tip about "Process Explorer"
i will try understanding this tool


"Nepatsfan" wrote:

On what are you basing the theory that you're being "hacked" as
soon as you go online? What events occur that make you think
your system has been compromised so soon?

Did you do any research on exactly what svchost.exe is? If you
did you would have come across this Microsoft article:

A description of Svchost.exe in Windows XP

After reading that article you would have a better
understanding of what you're dealing with. Unfortunately,
Windows XP Home Edition does not include tasklist.exe. If it
did, and you ran it at a command prompt with the /svc switch,
you would see a listing of the services that are running under
each instance of svchost. A number of those services require
network access. That's what NIS is flagging. Things such as the
browser service, DHCP, W32Time and lanmanserver are just a few
of the services operating under the umbrella of svchost.exe
that requrire network access.

Since you don't have access to tasklist the best you can do, if
you want to take a closer look at exactly what's running under
each instance of svchost, is to download and run Process
Explorer from Systernals:

Process Explorer

Right now I have seven instances of svchost.exe listed in Task
Manager. Based on your logic, my computer must be on life
support, it's so infected! My firewall program also has an
entry for Generic Host Process for Win32 Services 5.1 located
at C:\WINDOWS\system32\svchost.exe which has been allowed "Full
Access". Why? Because if I block this process, I will lose a
lot of network functionality.

If you decide to go through the installation process again, do
yourself a favor. First off, get a NAT router and put it
between your computer and your modem. Next, obtain reliable
antivirus and firewall programs from a company other than
Norton. Finally, if you decide to install any updates that
you've already downloaded from the internet, do so in a logical
manner. If your installation CD does not include Service Pack
2, start there:

Download Windows XP Service Pack 2

When you go to install any post SP2 updates, make sure you
install them in the order they were released. It's possible
that a later update requires some of the earlier updates be
already installed.

At this time, you should only focus on the Critical Updates.
Leave the Suggested Updates for later. Also, you don't need to
install any updates for .NET since you don't have the framework
installed. You also can skip any of the critical updates that
apply to Media Center Edition. The reason you had problems
installing certain updates earlier is because you were trying
to install MCE updates on a Home Edition computer or .NET
before installing the framework.

If you continue having problems getting XP installed, you might
want to consider taking your computer to a competent
professional who will install the operating system, Windows
updates and security software for you.

Good luck


omi <omi@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
my installation goes like this:
- disconnect the internet cable
- disconnect other hd's
- change BIOS to select cd-rom as 1st boot-device
- insert winxp, reboot pc and start computer from cd
- delete partition
- format the entire drive
- install winxp home
- reboot when nessecairy
- install msi-mainboard (original cd)
- (tried installing all known security progs like you
describe and scanned the disk... i've tried this before and
after updating winxp) NO infections - update winxp
the first or second time i connect to the internet i get
i tried installing & updating winxp completely offline it
makes no difference

there are no unknow processes that are active in the
register or task manager but at this time there are 4
svchost.exe that are active
that's the same program from what i get NIS popups
Rules automaticly created for MS Generetic Host Process
for WIN32 Server C:\Windows\System32\svchost.exe

i repeat, there are no mallware infections on the drive, i
do not load infected files
i've blocked MSN Messenger from running in the registry

i'm in the dark, down at sea and up a tree

"Juan" wrote:

I had the same problem after a fresh installation with the
only difference Windows Update froze up instead of getting
pop-ups, after a thorough scan and disinfection, the
problem was gone.. I also have read some other posts about
the same thing happening to them so it seems like a fairly
recent modality of attacking.. As you may already know, a
recently installed OS is very vulnerable on the net even
with the firewall enabled so your system is very likely
already infected and going to Windows Update to get
security updates, makes the spyware act up as self
preservation. You need to install antispyware applications
and thoroughly clean your system before attempting to
update it and if you have to, disinfect in safe mode (F8 at
startup) and with the Internet connection line
removed/turned off.

Install the following software and update it before the
first scan.
Adaware SE, Spybot Search & Destroy, SpywareBlaster,
CWShredder and HijackThis

Also go to Start\Run\type; msconfig and hit Enter\go to
Startup tab and disable unknown process(es) if any are
present. Then to to Start\Run\type; regedit.msc\and go to
the Run keys of the LocalMachine and CurrentUser hives and
delete any unknown process if present.

"omi" <omi@xxxxxxxxxxxxxxxxxxxxxxxxx> escribió en el
1) that's where the problem is, when i go online for
updating i get hacked, changed my IP zillion times, no luck

3) i have no scanner or printer installed or even connected
i get 5-10 popups from NIS about this very rapidly... i
don't think that's normal
also when i open a webpage, NIS allows +/- 50 coockies for
each webpage also i got a NIS popup request for
Ikernel.exe to connect to a DNS-server (blocked it)
i wunder if there's some permanent RAM in my pc, not the
ram-sticks but something like the BIOS...

4) thnx for the tip.. i changed the registry to prevent
messenger from running

5) i was able to install most winxp updates offline except:
- com_microsoft.886906_NET10_SP3_nld_5556
- com_microsoft.888316_ehome_guide_fix
- com_microsoft.KB867461_DOT_NET_EN_1_0_SP3
- com_microsoft.KB867461_DOT_NET_Tier3
- com_microsoft.KB873369_XP_SP3_eHome_INTL
- com_microsoft.Q816093_VM3810_Ver1
- com_microsoft.Q900036_VS_NET_ES_5520

oh i wish i could get my hands on one of those hackers,
he/she would suffer a very slow death, minimum a month
after messing with this problem for about a month i'm
almost ready for a mental institution


any hackers that wish to vulontier or test me, let's set
up a meeting !!

"Juan" wrote:

1) You may need to go to the Windows Update Site first
and install the most recent version of Windows Update
Software* (accept the download before a regular update
search) and after that you can install updates by any

*Check in C:\WINDOWS\Downloaded Program Files and check
update software; Validation tool and Update Class,
activex controls are necessary to update your system.

2) svchost is a normal system process

3) and Generetic Host Process may be a problem with a
scanner or printer driver. updated drivers will solve it.

4) How to disable or remove Messenger (msmsgs.exe)

"omi" <omi@xxxxxxxxxxxxxxxxxxxxxxxxx> escribió en el
Well that didn't work,

i downloaded all 90 files (582Mb)
i formatted my drive and reinstalled windows
when i tried to perform the updates one by one
there were some that would not install because the
installation program was missing
like : com_microsoft.886903_NET11_SP1_XP_5556
result: i had to go online to search for updates
i needed an installer program first,
then 28 downloads were needed
Now it's up to date but again i'm leaking Mb's :((
In my taskmanager i see there are 5 "svchost.exe" that
are active is this normal ?
svchost.exe - local service
svchost.exe - networkservice
svchost.exe - SYSTEM
svchost.exe - networkservice
svchost.exe - SYSTEM

msmsgs.exe keeps activating itself
My cpu keeps "performing" without me doing anything
(variable 0-10%) and NIS gives popups
"Rules automaticly created for MS generetic Host Process
for WIN32 server" --> c:\Windows\System32\svchost.exe

So i'm back to where i was

Looks like performing updates offline is not that easy
as i thought

Any help's appreciated

"Nepatsfan" wrote:

You're welcome.


omi <omi@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
thnx a million

hopefully this will end my virus-nightmare that lasted
a month

thnx again

"Nepatsfan" wrote:

omi <omi@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:

i'm looking for a way to dl'd winxp-home updates in
advance i want to burn them all on cd
so i can install & update winxp completely updated
OFFline Can someone give me the URL to do that ?
A friend gave me this link but i don't know if it's
I think i prefer an originale MSwinxp website

thnx in advance

Go to the following web site:

Welcome to Windows Update Catalog

Click on "Find updates for Microsoft Windows operating
In the Operating system box, scroll down to the next
to last entry, Windows XP SP2.
Click on it to highlight it and hit the Search button.
Click on "Critical Updates and Service Packs".
Scroll through the list and add all the updates you
need to your download basket.
Do the same for "Recommended Updates".
Once you've completed the selection process click on
"Go to Download Basket".
Use the Browse button to select a handy location on
your hard drive to store the updates.
Hit the Download button.

Here's another Microsoft source for updates:

Microsoft Security Bulletin Search

Here are a couple of sites you may find useful: