Vista SP2 and virus alerts - any ideas?

I recently tried to update Vista through windows update but it failed.
I got 2 Trojan Heuristic virus messages from Bullguard during the update and
then the failure. ANY help on this?

The Bullguard log indicates the following:
2009/05/27 21:44:29 |
C:\Windows\winsxs\Temp\PendingRenames\56ecb77ec0de c901c418000074101401.x86_microsoft-windows-s..ive-blackbox-driver_31bf3856ad364e35_6.0.6002.18005_none_0b5dfb 3fa4f88147_spsys.sys_95b9c9e3
[BLOCKED] [process: 4212.C:\Windows\servicing\TrustedInstaller.exe] [user:
N/A] [virus: Gen:Trojan.Heur.9242BD4242] [op: CLOSE]
2009/05/27 21:44:29 |
C:\Windows\WinSxS\Temp\PendingRenames\56ecb77ec0de c901c418000074101401.x86_microsoft-windows-s..ive-blackbox-driver_31bf3856ad364e35_6.0.6002.18005_none_0b5dfb 3fa4f88147_spsys.sys_95b9c9e3
[AUTO BLOCKED] [process: 4212.C:\Windows\servicing\TrustedInstaller.exe]
[user: N/A] [op: OPEN]
2009/05/27 21:44:29 |
C:\Windows\WinSxS\Temp\PendingRenames\56ecb77ec0de c901c418000074101401.x86_microsoft-windows-s..ive-blackbox-driver_31bf3856ad364e35_6.0.6002.18005_none_0b5dfb 3fa4f88147_spsys.sys_95b9c9e3
[AUTO BLOCKED] [process: 4212.C:\Windows\servicing\TrustedInstaller.exe]
[user: N/A] [op: OPEN]

Cheers,
Zeki

i got virus message as well (bitdefender 2008)

[image: http://s1.lookpic.com/images/1243427340-BD.jpg]


--
bjproc

"zekimurad" <> wrote in message
news:27765517-381F-4B77-94DA-...
>I recently tried to update Vista through windows update but it failed.
> I got 2 Trojan Heuristic virus messages from Bullguard during the update
> and
> then the failure. ANY help on this?
>
> The Bullguard log indicates the following:
> 2009/05/27 21:44:29 |
<snip>

There are no virus' in the packages to be downloaded from the Microsoft
website.
Any reading you receive are false positives.
You are recommended to disable all AV and Antimalware software before
installing SP2
--
Mike Brannigan

"zekimurad" <> wrote in message
news:27765517-381F-4B77-94DA-...
>I recently tried to update Vista through windows update but it failed.
> I got 2 Trojan Heuristic virus messages from Bullguard during the update
> and
> then the failure. ANY help on this?
>
> The Bullguard log indicates the following:
> 2009/05/27 21:44:29 |
> C:\Windows\winsxs\Temp\PendingRenames\56ecb77ec0de c901c418000074101401.x86_microsoft-windows-s..ive-blackbox-driver_31bf3856ad364e35_6.0.6002.18005_none_0b5dfb 3fa4f88147_spsys.sys_95b9c9e3
> [BLOCKED] [process: 4212.C:\Windows\servicing\TrustedInstaller.exe] [user:
> N/A] [virus: Gen:Trojan.Heur.9242BD4242] [op: CLOSE]
> 2009/05/27 21:44:29 |
> C:\Windows\WinSxS\Temp\PendingRenames\56ecb77ec0de c901c418000074101401.x86_microsoft-windows-s..ive-blackbox-driver_31bf3856ad364e35_6.0.6002.18005_none_0b5dfb 3fa4f88147_spsys.sys_95b9c9e3
> [AUTO BLOCKED] [process: 4212.C:\Windows\servicing\TrustedInstaller.exe]
> [user: N/A] [op: OPEN]
> 2009/05/27 21:44:29 |
> C:\Windows\WinSxS\Temp\PendingRenames\56ecb77ec0de c901c418000074101401.x86_microsoft-windows-s..ive-blackbox-driver_31bf3856ad364e35_6.0.6002.18005_none_0b5dfb 3fa4f88147_spsys.sys_95b9c9e3
> [AUTO BLOCKED] [process: 4212.C:\Windows\servicing\TrustedInstaller.exe]
> [user: N/A] [op: OPEN]
>
> Cheers,
> Zeki

I wasn't asked to disable my anti virus and it's not too useful to do so for
any length of time whilst broadband connect remains open during the install.
Even now after 30 minutes since the failure I get pop up windows from
Bullguard telling me about the stopping of the malware - at east 30 so far. I
can't believe that that is supposed to be happening.
I am waiting for Bullguard to give me confirmation of a false positive -
then I might deactivate the AV and retry updating but I not happy that I have
to do that to get an update.
Many thanks.

"Mike Brannigan" wrote:

> "zekimurad" <> wrote in message
> news:27765517-381F-4B77-94DA-...
> >I recently tried to update Vista through windows update but it failed.
> > I got 2 Trojan Heuristic virus messages from Bullguard during the update
> > and
> > then the failure. ANY help on this?
> >
> > The Bullguard log indicates the following:
> > 2009/05/27 21:44:29 |
> <snip>
>
> There are no virus' in the packages to be downloaded from the Microsoft
> website.
> Any reading you receive are false positives.
> You are recommended to disable all AV and Antimalware software before
> installing SP2
> --
> Mike Brannigan
>
> "zekimurad" <> wrote in message
> news:27765517-381F-4B77-94DA-...
> >I recently tried to update Vista through windows update but it failed.
> > I got 2 Trojan Heuristic virus messages from Bullguard during the update
> > and
> > then the failure. ANY help on this?
> >
> > The Bullguard log indicates the following:
> > 2009/05/27 21:44:29 |
> > C:\Windows\winsxs\Temp\PendingRenames\56ecb77ec0de c901c418000074101401.x86_microsoft-windows-s..ive-blackbox-driver_31bf3856ad364e35_6.0.6002.18005_none_0b5dfb 3fa4f88147_spsys.sys_95b9c9e3
> > [BLOCKED] [process: 4212.C:\Windows\servicing\TrustedInstaller.exe] [user:
> > N/A] [virus: Gen:Trojan.Heur.9242BD4242] [op: CLOSE]
> > 2009/05/27 21:44:29 |
> > C:\Windows\WinSxS\Temp\PendingRenames\56ecb77ec0de c901c418000074101401.x86_microsoft-windows-s..ive-blackbox-driver_31bf3856ad364e35_6.0.6002.18005_none_0b5dfb 3fa4f88147_spsys.sys_95b9c9e3
> > [AUTO BLOCKED] [process: 4212.C:\Windows\servicing\TrustedInstaller.exe]
> > [user: N/A] [op: OPEN]
> > 2009/05/27 21:44:29 |
> > C:\Windows\WinSxS\Temp\PendingRenames\56ecb77ec0de c901c418000074101401.x86_microsoft-windows-s..ive-blackbox-driver_31bf3856ad364e35_6.0.6002.18005_none_0b5dfb 3fa4f88147_spsys.sys_95b9c9e3
> > [AUTO BLOCKED] [process: 4212.C:\Windows\servicing\TrustedInstaller.exe]
> > [user: N/A] [op: OPEN]
> >
> > Cheers,
> > Zeki
>

"zekimurad" <> wrote in message
news:C66B066A-5CF8-4939-8E2F-...
>I wasn't asked to disable my anti virus and it's not too useful to do so
>for
> any length of time whilst broadband connect remains open during the
> install.
> Even now after 30 minutes since the failure I get pop up windows from
> Bullguard telling me about the stopping of the malware - at east 30 so
> far. I
> can't believe that that is supposed to be happening.
> I am waiting for Bullguard to give me confirmation of a false positive -
> then I might deactivate the AV and retry updating but I not happy that I
> have
> to do that to get an update.
> Many thanks.
>

If you downloaded the package from Microsoft.com - it is clean.
As regards the ability of Bullguard to correctly identify virus signatures
that is unfortunately an issue for them.
Other users with other AV products have not reports these false positives
(my systems are running either Avast - no reports or Forefront - again no
reports).
The issue clearly lies with either you source for download (if not
Microsoft's site) or your AV vendor and their product.
--
Mike Brannigan

"zekimurad" <> wrote in message
news:C66B066A-5CF8-4939-8E2F-...
>I wasn't asked to disable my anti virus and it's not too useful to do so
>for
> any length of time whilst broadband connect remains open during the
> install.
> Even now after 30 minutes since the failure I get pop up windows from
> Bullguard telling me about the stopping of the malware - at east 30 so
> far. I
> can't believe that that is supposed to be happening.
> I am waiting for Bullguard to give me confirmation of a false positive -
> then I might deactivate the AV and retry updating but I not happy that I
> have
> to do that to get an update.
> Many thanks.
>
> "Mike Brannigan" wrote:
>
>> "zekimurad" <> wrote in message
>> news:27765517-381F-4B77-94DA-...
>> >I recently tried to update Vista through windows update but it failed.
>> > I got 2 Trojan Heuristic virus messages from Bullguard during the
>> > update
>> > and
>> > then the failure. ANY help on this?
>> >
>> > The Bullguard log indicates the following:
>> > 2009/05/27 21:44:29 |
>> <snip>
>>
>> There are no virus' in the packages to be downloaded from the Microsoft
>> website.
>> Any reading you receive are false positives.
>> You are recommended to disable all AV and Antimalware software before
>> installing SP2
>> --
>> Mike Brannigan
>>
>> "zekimurad" <> wrote in message
>> news:27765517-381F-4B77-94DA-...
>> >I recently tried to update Vista through windows update but it failed.
>> > I got 2 Trojan Heuristic virus messages from Bullguard during the
>> > update
>> > and
>> > then the failure. ANY help on this?
>> >
>> > The Bullguard log indicates the following:
>> > 2009/05/27 21:44:29 |
>> > C:\Windows\winsxs\Temp\PendingRenames\56ecb77ec0de c901c418000074101401.x86_microsoft-windows-s..ive-blackbox-driver_31bf3856ad364e35_6.0.6002.18005_none_0b5dfb 3fa4f88147_spsys.sys_95b9c9e3
>> > [BLOCKED] [process: 4212.C:\Windows\servicing\TrustedInstaller.exe]
>> > [user:
>> > N/A] [virus: Gen:Trojan.Heur.9242BD4242] [op: CLOSE]
>> > 2009/05/27 21:44:29 |
>> > C:\Windows\WinSxS\Temp\PendingRenames\56ecb77ec0de c901c418000074101401.x86_microsoft-windows-s..ive-blackbox-driver_31bf3856ad364e35_6.0.6002.18005_none_0b5dfb 3fa4f88147_spsys.sys_95b9c9e3
>> > [AUTO BLOCKED] [process:
>> > 4212.C:\Windows\servicing\TrustedInstaller.exe]
>> > [user: N/A] [op: OPEN]
>> > 2009/05/27 21:44:29 |
>> > C:\Windows\WinSxS\Temp\PendingRenames\56ecb77ec0de c901c418000074101401.x86_microsoft-windows-s..ive-blackbox-driver_31bf3856ad364e35_6.0.6002.18005_none_0b5dfb 3fa4f88147_spsys.sys_95b9c9e3
>> > [AUTO BLOCKED] [process:
>> > 4212.C:\Windows\servicing\TrustedInstaller.exe]
>> > [user: N/A] [op: OPEN]
>> >
>> > Cheers,
>> > Zeki
>>

Mike Brannigan wrote:

> "zekimurad" <> wrote in message
> news:C66B066A-5CF8-4939-8E2F-...
>>I wasn't asked to disable my anti virus and it's not too useful to do so
>>for
>> any length of time whilst broadband connect remains open during the
>> install.
>> Even now after 30 minutes since the failure I get pop up windows from
>> Bullguard telling me about the stopping of the malware - at east 30 so
>> far. I
>> can't believe that that is supposed to be happening.
>> I am waiting for Bullguard to give me confirmation of a false positive -
>> then I might deactivate the AV and retry updating but I not happy that I
>> have
>> to do that to get an update.
>> Many thanks.
>>
>
> If you downloaded the package from Microsoft.com - it is clean.
> As regards the ability of Bullguard to correctly identify virus signatures
> that is unfortunately an issue for them.
> Other users with other AV products have not reports these false positives
> (my systems are running either Avast - no reports or Forefront - again no
> reports).
> The issue clearly lies with either you source for download (if not
> Microsoft's site) or your AV vendor and their product.

And just to add to Mr. Brannigan's excellent advice - if you are connected
to the Internet directly to a cable/DSL modem, download the full package
from Microsoft and then disconnect the ethernet cable that goes from your
computer to your modem. If you are behind a router there is no need to do
this. Completely disable your antivirus and any other third-party
anti-malware programs. Then install SP2. If you have prepared properly, you
should have no problems. Here is an article I wrote for my clients about
preparing for SP2 which may be useful to you:

http://www.elephantboycomputers.com/page3.html#5-9-09

Malke
--
MS-MVP
Elephant Boy Computers - Don't Panic!
http://www.elephantboycomputers.com/#FAQ

Many thanks for all of your help.
Bullguard recommended a removal of their v7 for vista product and an
installation of v8.5.
This version identified the files previously mentioned as malware and
isolated them.
Strangely enough the Microsoft updater didn't show SP2 and said it wasn't
necessary!
So all sorted out but 4 hours down the track...that's Vista and the catchup
of support programs I guess...

"Malke" wrote:

> Mike Brannigan wrote:
>
> > "zekimurad" <> wrote in message
> > news:C66B066A-5CF8-4939-8E2F-...
> >>I wasn't asked to disable my anti virus and it's not too useful to do so
> >>for
> >> any length of time whilst broadband connect remains open during the
> >> install.
> >> Even now after 30 minutes since the failure I get pop up windows from
> >> Bullguard telling me about the stopping of the malware - at east 30 so
> >> far. I
> >> can't believe that that is supposed to be happening.
> >> I am waiting for Bullguard to give me confirmation of a false positive -
> >> then I might deactivate the AV and retry updating but I not happy that I
> >> have
> >> to do that to get an update.
> >> Many thanks.
> >>
> >
> > If you downloaded the package from Microsoft.com - it is clean.
> > As regards the ability of Bullguard to correctly identify virus signatures
> > that is unfortunately an issue for them.
> > Other users with other AV products have not reports these false positives
> > (my systems are running either Avast - no reports or Forefront - again no
> > reports).
> > The issue clearly lies with either you source for download (if not
> > Microsoft's site) or your AV vendor and their product.
>
> And just to add to Mr. Brannigan's excellent advice - if you are connected
> to the Internet directly to a cable/DSL modem, download the full package
> from Microsoft and then disconnect the ethernet cable that goes from your
> computer to your modem. If you are behind a router there is no need to do
> this. Completely disable your antivirus and any other third-party
> anti-malware programs. Then install SP2. If you have prepared properly, you
> should have no problems. Here is an article I wrote for my clients about
> preparing for SP2 which may be useful to you:
>
> http://www.elephantboycomputers.com/page3.html#5-9-09
>
> Malke
> --
> MS-MVP
> Elephant Boy Computers - Don't Panic!
> http://www.elephantboycomputers.com/#FAQ
>
>

I had the same problem too but with Bitdefender. It did finish
downloading sp 2 for vista 64 bit home premium and I did the restart. As
it restarted, it came up with some different codes with a black screen
and didn't go anywhere. I did a manual power off and let it restarted
over again and it did the same thing. So after that I did a system
restore prior to the sp2 dowload but it just keeps getting stuck.


--
T_Virus
Posted via http://www.vistaheads.com

"Malke" <> wrote in message
news:...
> Mike Brannigan wrote:
>
>> "zekimurad" <> wrote in message
>> news:C66B066A-5CF8-4939-8E2F-...
>>>I wasn't asked to disable my anti virus and it's not too useful to
>>>do so
>>>for
>>> any length of time whilst broadband connect remains open during
>>> the
>>> install.
>>> Even now after 30 minutes since the failure I get pop up windows
>>> from
>>> Bullguard telling me about the stopping of the malware - at east
>>> 30 so
>>> far. I
>>> can't believe that that is supposed to be happening.
>>> I am waiting for Bullguard to give me confirmation of a false
>>> positive -
>>> then I might deactivate the AV and retry updating but I not happy
>>> that I
>>> have
>>> to do that to get an update.
>>> Many thanks.
>>>
>>
>> If you downloaded the package from Microsoft.com - it is clean.
>> As regards the ability of Bullguard to correctly identify virus
>> signatures
>> that is unfortunately an issue for them.
>> Other users with other AV products have not reports these false
>> positives
>> (my systems are running either Avast - no reports or Forefront -
>> again no
>> reports).
>> The issue clearly lies with either you source for download (if not
>> Microsoft's site) or your AV vendor and their product.
>
> And just to add to Mr. Brannigan's excellent advice - if you are
> connected
> to the Internet directly to a cable/DSL modem, download the full
> package
> from Microsoft and then disconnect the ethernet cable that goes from
> your
> computer to your modem. If you are behind a router there is no need
> to do
> this. Completely disable your antivirus and any other third-party
> anti-malware programs. Then install SP2. If you have prepared
> properly, you
> should have no problems. ...

Just to be sure here: Once you download it, will Vista SP2 install
with no Internet connection running?

The reason I ask is because back when I switched to DSL I foolishly
followed the Verizon installation CD's advice to shut down my security
programs when it came time to go to the VZ site to finish setting up.
As soon as it was done - no more than 2 minutes - I immediately
powered down the modem and rebooted. In those 2 minutes of
unprotected time online I got zapped with malware that took a week of
work and two new security programs to eradicate.

Now, whenever I do an install that insists that I shut down the
security apps, I first ignore that and plow ahead. Most of the time
the installation works perfectly. They always tell you to turn off
security because there will be one or two security suites that don't
play well with installing their application - even though the vast
majority will work fine. IMO this is reckless and irresponsible
advice intended to ward off the handful of complaints from users of
the handful of security suites that do interfere with installation.
Everyone else is asked to go unprotected and open to attacks just for
the sake of preventing a few complaints and support requests.

If the install fails with security still running, I power off the
modem, THEN shut down the security, do the install, reload the
security stuff (the install may require a reboot, which resets the
security anyway), and then get back online. I still do this even
though I've added a router, on the assumption that absolutely nothing
can get past an unpowered modem. (If anyone knows anything to the
contrary, please let me know that my modem power-down "security
blanket" has holes in it! If need be, I'll unplug the Ethernet cable
instead.)

"mazorj" <> wrote in message
news:%...
>
> "Malke" <> wrote in message
> news:...
>> Mike Brannigan wrote:
>>
>>> "zekimurad" <> wrote in message
>>> news:C66B066A-5CF8-4939-8E2F-...
>>>>I wasn't asked to disable my anti virus and it's not too useful to do
>>>>so
>>>>for
>>>> any length of time whilst broadband connect remains open during the
>>>> install.
>>>> Even now after 30 minutes since the failure I get pop up windows from
>>>> Bullguard telling me about the stopping of the malware - at east 30 so
>>>> far. I
>>>> can't believe that that is supposed to be happening.
>>>> I am waiting for Bullguard to give me confirmation of a false
>>>> positive -
>>>> then I might deactivate the AV and retry updating but I not happy that
>>>> I
>>>> have
>>>> to do that to get an update.
>>>> Many thanks.
>>>>
>>>
>>> If you downloaded the package from Microsoft.com - it is clean.
>>> As regards the ability of Bullguard to correctly identify virus
>>> signatures
>>> that is unfortunately an issue for them.
>>> Other users with other AV products have not reports these false
>>> positives
>>> (my systems are running either Avast - no reports or Forefront - again
>>> no
>>> reports).
>>> The issue clearly lies with either you source for download (if not
>>> Microsoft's site) or your AV vendor and their product.
>>
>> And just to add to Mr. Brannigan's excellent advice - if you are
>> connected
>> to the Internet directly to a cable/DSL modem, download the full package
>> from Microsoft and then disconnect the ethernet cable that goes from your
>> computer to your modem. If you are behind a router there is no need to do
>> this. Completely disable your antivirus and any other third-party
>> anti-malware programs. Then install SP2. If you have prepared properly,
>> you
>> should have no problems. ...
>
> Just to be sure here: Once you download it, will Vista SP2 install with
> no Internet connection running?
>
> The reason I ask is because back when I switched to DSL I foolishly
> followed the Verizon installation CD's advice to shut down my security
> programs when it came time to go to the VZ site to finish setting up. As
> soon as it was done - no more than 2 minutes - I immediately powered down
> the modem and rebooted. In those 2 minutes of unprotected time online I
> got zapped with malware that took a week of work and two new security
> programs to eradicate.
>
> Now, whenever I do an install that insists that I shut down the security
> apps, I first ignore that and plow ahead. Most of the time the
> installation works perfectly. They always tell you to turn off security
> because there will be one or two security suites that don't play well with
> installing their application - even though the vast majority will work
> fine. IMO this is reckless and irresponsible advice intended to ward off
> the handful of complaints from users of the handful of security suites
> that do interfere with installation. Everyone else is asked to go
> unprotected and open to attacks just for the sake of preventing a few
> complaints and support requests.
>
> If the install fails with security still running, I power off the modem,
> THEN shut down the security, do the install, reload the security stuff
> (the install may require a reboot, which resets the security anyway), and
> then get back online. I still do this even though I've added a router, on
> the assumption that absolutely nothing can get past an unpowered modem.
> (If anyone knows anything to the contrary, please let me know that my
> modem power-down "security blanket" has holes in it! If need be, I'll
> unplug the Ethernet cable instead.)
>
>

If you download the full standalone package from
http://technet.microsoft.com/en-us/w.../dd262148.aspx
The you can run it without an Internet connection once downloaded

--

Mike Brannigan