Package Installer looks fishy

October 17, 2008

My question is, if I have installed SP3 from a disk, and also installed the

Package Installer update 942288, isn't it fishy that Windows Update tells me

I need to install the Package Installer from July 2005?

I have nuked and burned my hard drive an embarrassingly large number of

times, mostly because I keep finding these things that suggest I am hooked up

to a remote server, even though I am a free standing computer.

One thing I noticed is that Windows Update insists that, in order to get any

other updates, I must first install WGA (all right, already...) and KB898461,

the Package Installer released in July 2005, and last reviewed in May 2007.

Since then there have been at least two different updates, including 893802

(which is spelled out as one of the components of SP3) and 942288.

I have had desktop assistance from two Microsoft techs, one of whom forced

me to install 898461 above my protests, and one who has chased around all the

other fishy things I have found related to this (See my other posts for

details about that).

Can anyone tell me anything beyond the standard MS line, which is, "If it is

an update that comes from a Microsoft site, it is safe and effective."

Thanks to all who answer here.

October 17, 2008

Hi!

I've just re-installed Windows XP on both my Desktop machine and on my

wife's laptop. I used an SP 3 CD purchased from Microsoft for about Â£8 as I

wanted to be sure that I picked up no 'stray' items from any other machine.

In each case, once the computer was connected to the 'net, the following

Update was installed (detail from

http://www.update.microsoft.com/microsoftu...t.aspx?ln=en-us )

:-

Update for Windows XP (KB898461)

This update installs a permanent copy of Package Installer for Windows

to enable software updates to have a significantly smaller download size.

The Package Installer facilitates the install of software updates for

Microsoft Windows operating systems and other Microsoft products. After you

install this update, you may have to restart your system.

How to Uninstall

This software update can be removed via Add or Remove Programs in

Control Panel.

Get help and support

http://support.microsoft.com

When you say you "nuked and burned my hard drive" have you removed

all partitions and reset the MBR before re-installing XP? (my

assumption!).

To save time now, please refer to my thread on this very subject,

here:- http://www.malwarebytes.org/forums/index.php?showtopic=6302

I've been in your situation, 'Eliza' - and understand how you must

feel! I hope this info. helps a little.

Dave

--

"ElizaDoolittle" <ElizaDoolittle@discussions.microsoft.com> wrote in message

news:D6F77E46-0E36-4CD9-9BCE-0002745695EC@microsoft.com...

> My question is, if I have installed SP3 from a disk, and also installed

> the

> Package Installer update 942288, isn't it fishy that Windows Update tells

> me

> I need to install the Package Installer from July 2005?

>

> I have nuked and burned my hard drive an embarrassingly large number of

> times, mostly because I keep finding these things that suggest I am hooked

> up

> to a remote server, even though I am a free standing computer.

>

> One thing I noticed is that Windows Update insists that, in order to get

> any

> other updates, I must first install WGA (all right, already...) and

> KB898461,

> the Package Installer released in July 2005, and last reviewed in May

> 2007.

> Since then there have been at least two different updates, including

> 893802

> (which is spelled out as one of the components of SP3) and 942288.

>

> I have had desktop assistance from two Microsoft techs, one of whom forced

> me to install 898461 above my protests, and one who has chased around all

> the

> other fishy things I have found related to this (See my other posts for

> details about that).

>

> Can anyone tell me anything beyond the standard MS line, which is, "If it

> is

> an update that comes from a Microsoft site, it is safe and effective."

>

> Thanks to all who answer here.

October 18, 2008

Thanks so much, Dave. I looked at the links, and I think I have seen them

before in my quest... The thing about checking your router might apply,

except that I am seeing things that smell bad even before I get hooked up.

Please read on...

I guess my fear is this: There is an entity that seems to be able to survive

when I nuke and burn my hard drive. It survives things like a full-format

reinstall with a retail disk, fdisk/mbr from a Windows 98 disk, "write 0's to

disk" utilities like DBAN and KILLDISK (singularly or in serial

combination...) and still be present in the event log, (all these even before

I connect to the net) in the form of things like:

A provider, Rsop Planning Mode Provider, has been registered in the WMI

namespace, root\RSOP, but did not specify the HostingModel property. This

provider will be run using the LocalSystem account. This account is

privileged and the provider may cause a security violation if it does not

correctly impersonate user requests. Ensure that provider has been reviewed

for security behavior and update the HostingModel property of the provider

registration to an account with the least privileges possible for the

required functionality.

Application image dump failed.

Server Application ID: {01885945-612C-4A53-A479-E97507453926}

Server Application Instance ID:

{E761AC8D-14F9-4522-A149-BC9AB7FA77FE}

Server Application Name: COM+ Explorer

Error Code = 0x80004005 : Unspecified error

COM+ Services Internals Information:

File: f:\xpsp3\com\com1x\src\shared\util\svcerr.cpp, Line: 1259

Comsvcs.dll file version: ENU 2001.12.4414.702 shp

A provider, OffProv10, has been registered in the WMI namespace,

Root\MSAPPS10, but did not specify the HostingModel property. This provider

will be run using the LocalSystem account. This account is privileged and

the provider may cause a security violation if it does not correctly

impersonate user requests. Ensure that provider has been reviewed for

security behavior and update the HostingModel property of the provider

registration to an account with the least privileges possible for the

required functionality.

A provider, CmdTriggerConsumer, has been registered in the WMI namespace,

Root\cimv2, to use the LocalSystem account. This account is privileged and

the provider may cause a security violation if it does not correctly

impersonate user requests.

-----------------------------------

What this feels like is some sort of "rock in the door" scheme, where

there's a tiny bit of code that survives the nuking, and then that opens the

door for the fishy Package Installer, which then opens the door for other

things, etc.

Even though I don't know enough to know what I know, much less what I don't

know... this feels as if it works this way... whenever I use a method of

reformatting that I haven't used before, it seems to reduce the amount of

alarming stuff in the log files (although not eliminate it). The next time I

try that method it's almost as if it has "learned" to cope.

I know this all sounds like I go to bed with aluminum foil inside my hat to

ward off alien mind control, but just think about the potential of a thing

like that....

October 18, 2008

If you delete a partition, create a new partition and then format the new

partition there will be nothing left from the old installation.

Is this what you have been doing?

--

Richard Urban

Microsoft MVP

Windows Desktop Experience

"ElizaDoolittle" <ElizaDoolittle@discussions.microsoft.com> wrote in message

news:641FABED-65E9-49DD-90F1-45125555E870@microsoft.com...

> Thanks so much, Dave. I looked at the links, and I think I have seen them

> before in my quest... The thing about checking your router might apply,

> except that I am seeing things that smell bad even before I get hooked up.

> Please read on...

>

> I guess my fear is this: There is an entity that seems to be able to

> survive

> when I nuke and burn my hard drive. It survives things like a full-format

> reinstall with a retail disk, fdisk/mbr from a Windows 98 disk, "write 0's

> to

> disk" utilities like DBAN and KILLDISK (singularly or in serial

> combination...) and still be present in the event log, (all these even

> before

> I connect to the net) in the form of things like:

>

> A provider, Rsop Planning Mode Provider, has been registered in the WMI

> namespace, rootRSOP, but did not specify the HostingModel property. This

> provider will be run using the LocalSystem account. This account is

> privileged and the provider may cause a security violation if it does not

> correctly impersonate user requests. Ensure that provider has been

> reviewed

> for security behavior and update the HostingModel property of the provider

> registration to an account with the least privileges possible for the

> required functionality.

>

> Application image dump failed.

> Server Application ID: {01885945-612C-4A53-A479-E97507453926}

> Server Application Instance ID:

> {E761AC8D-14F9-4522-A149-BC9AB7FA77FE}

> Server Application Name: COM+ Explorer

> Error Code = 0x80004005 : Unspecified error

> COM+ Services Internals Information:

> File: f:xpsp3comcom1xsrcsharedutilsvcerr.cpp, Line: 1259

> Comsvcs.dll file version: ENU 2001.12.4414.702 shp

>

> A provider, OffProv10, has been registered in the WMI namespace,

> RootMSAPPS10, but did not specify the HostingModel property. This

> provider

> will be run using the LocalSystem account. This account is privileged and

> the provider may cause a security violation if it does not correctly

> impersonate user requests. Ensure that provider has been reviewed for

> security behavior and update the HostingModel property of the provider

> registration to an account with the least privileges possible for the

> required functionality.

>

> A provider, CmdTriggerConsumer, has been registered in the WMI namespace,

> Rootcimv2, to use the LocalSystem account. This account is privileged

> and

> the provider may cause a security violation if it does not correctly

> impersonate user requests.

> -----------------------------------

>

> What this feels like is some sort of "rock in the door" scheme, where

> there's a tiny bit of code that survives the nuking, and then that opens

> the

> door for the fishy Package Installer, which then opens the door for other

> things, etc.

>

> Even though I don't know enough to know what I know, much less what I

> don't

> know... this feels as if it works this way... whenever I use a method of

> reformatting that I haven't used before, it seems to reduce the amount of

> alarming stuff in the log files (although not eliminate it). The next time

> I

> try that method it's almost as if it has "learned" to cope.

>

> I know this all sounds like I go to bed with aluminum foil inside my hat

> to

> ward off alien mind control, but just think about the potential of a thing

> like that....

October 18, 2008

"Richard Urban" <richardurbanREMOVETHIS@hotmail.com> wrote in message

news:%23TA%23wHMMJHA.4540@TK2MSFTNGP05.phx.gbl...

> If you delete a partition, create a new partition and then format the new

> partition there will be nothing left from the old installation.

In that partition.

October 18, 2008

Yes, I have been deleting partitions with fdisk, then using a write 0's to

hard drive (i.e., DBAN and KILLDISK). Oh yes, and sometimes, just for fun,

wink, wink, I will do a full format with a Windows 98 disk I found. I hadn't

been able to actually install the Win 98 because I didn't have a product key,

although yesterday I did figure out how to retrieve a key from an ancient

machine in my basement.

When I used the key, it worked, but as Win 98 proceeded with the steps where

it installs drivers after you enter the product key, the machine crashed with

an error message of something like, "Windows must be restarted because of a

security error." (This after having been DBANed and KILLDISKed...) When I

rebooted, I immediately came to the screen where the key is required, the key

was accepted, and drivers began to install for a couple of minutes, then same

thing--machine crashes with message about "security error."

Can anyone tell me about the method of cleaning a hard drive where you hook

it up to a known good hard drive (and of course, I am beginning to be

skeptical about whether such a thing exists...) and transfer the contents

that way? That's the one method I haven't used for disk cleaning.

Thanks again to all of you for your replies. I would love to give you all a

great big thank you check mark, but I don't want to mislead my other paranoid

brothers and sisters.

Cheers,

E

"FromTheRafters" wrote:

>

> "Richard Urban" <richardurbanREMOVETHIS@hotmail.com> wrote in message

> news:%23TA%23wHMMJHA.4540@TK2MSFTNGP05.phx.gbl...

> > If you delete a partition, create a new partition and then format the new

> > partition there will be nothing left from the old installation.

>

> In that partition.

>

>

October 18, 2008

The following KB article should resolve all of your issues:

Updates are not installed successfully from Windows Update, from Microsoft

Update, or by using Automatic Updates after you perform a new Windows XP

installation or you repair a Windows XP installation

http://support.microsoft.com/kb/943144

--

~Robear Dyer (PA Bear)

MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002

AumHa VSOP & Admin http://aumha.net

DTS-L http://dts-l.net/

ElizaDoolittle wrote:

> My question is, if I have installed SP3 from a disk, and also installed

> the

> Package Installer update 942288, isn't it fishy that Windows Update tells

> me

> I need to install the Package Installer from July 2005?

>

> I have nuked and burned my hard drive an embarrassingly large number of

> times, mostly because I keep finding these things that suggest I am hooked

> up to a remote server, even though I am a free standing computer.

>

> One thing I noticed is that Windows Update insists that, in order to get

> any

> other updates, I must first install WGA (all right, already...) and

> KB898461, the Package Installer released in July 2005, and last reviewed

> in

> May 2007. Since then there have been at least two different updates,

> including 893802 (which is spelled out as one of the components of SP3)

> and

> 942288.

>

> I have had desktop assistance from two Microsoft techs, one of whom forced

> me to install 898461 above my protests, and one who has chased around all

> the other fishy things I have found related to this (See my other posts

> for

> details about that).

>

> Can anyone tell me anything beyond the standard MS line, which is, "If it

> is

> an update that comes from a Microsoft site, it is safe and effective."

>

> Thanks to all who answer here.

October 18, 2008

"ElizaDoolittle" <ElizaDoolittle@discussions.microsoft.com> wrote in message

news:7374967E-CC47-48DE-90A1-D59709BE0D01@microsoft.com...

> Yes, I have been deleting partitions with fdisk, then using a write 0's to

> hard drive (i.e., DBAN and KILLDISK).

You may need to use fdisk /mbr to replace the MBR code

as well (if you really want Win98 to work) - that is, if the

fdisk program is for Win98. The repartitioning doesn't make

the MBR "clean" unless the /mbr switch is used or the valid

mbr tag is not found.

Running fdisk /mbr will overwrite any non-standard MS

OS boot code such as overlays and multiboot code - so

it should be used with caution.

Anyway, your current problem is addressed in the post by

PA Bear I think.

October 19, 2008

"ElizaDoolittle" <ElizaDoolittle@discussions.microsoft.com> wrote in message

news:641FABED-65E9-49DD-90F1-45125555E870@microsoft.com...

> Thanks so much, Dave. I looked at the links, and I think I have seen them

> before in my quest... The thing about checking your router might apply,

> except that I am seeing things that smell bad even before I get hooked up.

> Please read on...

>

> I guess my fear is this: There is an entity that seems to be able to

> survive

> when I nuke and burn my hard drive. It survives things like a full-format

> reinstall with a retail disk, fdisk/mbr from a Windows 98 disk, "write 0's

> to

> disk" utilities like DBAN and KILLDISK (singularly or in serial

> combination...) and still be present in the event log, (all these even

> before

> I connect to the net) in the form of things like:

>

> A provider, Rsop Planning Mode Provider, has been registered in the WMI

> namespace, rootRSOP, but did not specify the HostingModel property. This

> provider will be run using the LocalSystem account. This account is

> privileged and the provider may cause a security violation if it does not

> correctly impersonate user requests. Ensure that provider has been

> reviewed

> for security behavior and update the HostingModel property of the provider

> registration to an account with the least privileges possible for the

> required functionality.

>

> Application image dump failed.

> Server Application ID: {01885945-612C-4A53-A479-E97507453926}

> Server Application Instance ID:

> {E761AC8D-14F9-4522-A149-BC9AB7FA77FE}

> Server Application Name: COM+ Explorer

> Error Code = 0x80004005 : Unspecified error

> COM+ Services Internals Information:

> File: f:xpsp3comcom1xsrcsharedutilsvcerr.cpp, Line: 1259

> Comsvcs.dll file version: ENU 2001.12.4414.702 shp

>

> A provider, OffProv10, has been registered in the WMI namespace,

> RootMSAPPS10, but did not specify the HostingModel property. This

> provider

> will be run using the LocalSystem account. This account is privileged and

> the provider may cause a security violation if it does not correctly

> impersonate user requests. Ensure that provider has been reviewed for

> security behavior and update the HostingModel property of the provider

> registration to an account with the least privileges possible for the

> required functionality.

>

> A provider, CmdTriggerConsumer, has been registered in the WMI namespace,

> Rootcimv2, to use the LocalSystem account. This account is privileged

> and

> the provider may cause a security violation if it does not correctly

> impersonate user requests.

> -----------------------------------

>

> What this feels like is some sort of "rock in the door" scheme, where

> there's a tiny bit of code that survives the nuking, and then that opens

> the

> door for the fishy Package Installer, which then opens the door for other

> things, etc.

>

> Even though I don't know enough to know what I know, much less what I

> don't

> know... this feels as if it works this way... whenever I use a method of

> reformatting that I haven't used before, it seems to reduce the amount of

> alarming stuff in the log files (although not eliminate it). The next time

> I

> try that method it's almost as if it has "learned" to cope.

>

> I know this all sounds like I go to bed with aluminum foil inside my hat

> to

> ward off alien mind control, but just think about the potential of a thing

> like that....

Hello again 'Eliza'. I feel for you - I really do!

Robear Dyer has provided you with the answer - supported by FromTheRafters

(who always seems to make sensible observations!) I'm no techie, but that

doesn't seem to address the concerns you have before ever connecting to

the Internet!

This throw-away comment by 'AdvancedSetup' ........... "I am not aware of

any "good" BIOS infections. There are some written that have been known to

hack the BIOS some, but from my understanding none have been done well

enough to allow the system to work properly and still present a Virus,

Tojan, worm effect on the system" might , though, be relevant.

I have no idea where you went or what you did 'on-line' in order to be

infected in the first place. I know that my PC was crashed completely (was

switched off) when I looked at a site showing the Dutch cartoons which so

upset the Muslims

http://en.wikipedia.org/wiki/Jyllands-Post...ons_controversy.

I had no idea then that every URL I visit can glean a great deal of

information, not just my IP address!

As an aside for anyone reading this (and not believing!) select 'What does a

website know about you?' on this web site:

http://member.dnsstuff.com/pages/tools.php?ptype=free

When discussing matters with our Police, after the theft of Â£245 from my

bank account via PayPal/eBay, they suggested that I dump the PC and buy a

new one - as simple as that! Of course I didn't - I tried to clean and use

that same machine to investigate all the bad things going on on the 'net

........... and became convinced that I had been 'targetted'. My PC was put

out of action numerous times but, learning 'on the job' so to speak, I

managed to recover it to a working state. Eventually, though, my hard drive

failed - I then enlisted the help of a local computer store to install a new

disk.

Like you, I re-installed Windows from a full retail copy of XP .... and used

CD's supplied by Microsoft to install SP2 - then purchased and installed

Norton Internet Security 2006 before going on-line. I continued my quest to

learn about 'the bad guys' - all the while having a 'hinky' feeling that all

was not quite as it should have been. I supected, much like you, that some

malware was still resident on my machine despite many 'flatten and

rebuild' exercises. I am pretty sure that malware can hide somewhere other

than a hard disk - and subsequently infect a clean or even a new hard disk.

My solution? The machine was broken up and confined to the trash about 18

months ago!

HTH style_emoticons/)

Dave

October 19, 2008

Why do you always highjack threads to post

your own fishy story? All rubbish

"~BD~" <~BD~@no.mail.afraid.com> wrote in message

news:eUW3micMJHA.6000@TK2MSFTNGP04.phx.gbl...

My solution? The machine was broken up and confined to the trash about 18

months ago!

Dave

October 19, 2008

All absolutely true, Mr Justice!

My response to 'Eliza' was intended to help her - was yours?

Dave

--

"BurfordTJustice" <hot@smokey.v8> wrote in message

news:E6GdnZAjXYJq32bVnZ2dnUVZ_s7inZ2d@trueband.net...

> Why do you always highjack threads to post

> your own fishy story? All rubbish

>

> "~BD~" <~BD~@no.mail.afraid.com> wrote in message

> news:eUW3micMJHA.6000@TK2MSFTNGP04.phx.gbl...

> My solution? The machine was broken up and confined to the trash about

> 18

> months ago!

>

> Dave

>

>

October 19, 2008

You need to be the center of attention

you are no help to anyone.

"~BD~" <~BD~@no.mail.afraid.com> wrote in message

news:e4y8QxhMJHA.332@TK2MSFTNGP04.phx.gbl...

All absolutely true, Mr Justice!

My response to 'Eliza' was intended to help her - was yours?

Dave

--

"BurfordTJustice" <hot@smokey.v8> wrote in message

news:E6GdnZAjXYJq32bVnZ2dnUVZ_s7inZ2d@trueband.net...

> Why do you always highjack threads to post

> your own fishy story? All rubbish

>

> "~BD~" <~BD~@no.mail.afraid.com> wrote in message

> news:eUW3micMJHA.6000@TK2MSFTNGP04.phx.gbl...

> My solution? The machine was broken up and confined to the trash about

> 18

> months ago!

>

> Dave

>

>

October 19, 2008

Cross posting shows you need attention.

Try the red light special.

"~BD~" <~BD~@no.mail.afraid.com> wrote in message

news:e4y8QxhMJHA.332@TK2MSFTNGP04.phx.gbl...

All absolutely true, Mr Justice!

My response to 'Eliza' was intended to help her - was yours?

Dave

--

"BurfordTJustice" <hot@smokey.v8> wrote in message

news:E6GdnZAjXYJq32bVnZ2dnUVZ_s7inZ2d@trueband.net...

> Why do you always highjack threads to post

> your own fishy story? All rubbish

>

> "~BD~" <~BD~@no.mail.afraid.com> wrote in message

> news:eUW3micMJHA.6000@TK2MSFTNGP04.phx.gbl...

> My solution? The machine was broken up and confined to the trash about

> 18

> months ago!

>

> Dave

>

>

October 21, 2008

I would like to put great big check marks by every one of these kind replies.

However, the pointer to "Updates are not installed successfully from Windows

Update, from Microsoft Update, or by using Automatic Updates after you

perform a new Windows XP installation or you repair a Windows XP

installation" is actually the opposite of my experience.

That is, I get the updates that supercede the Package Installer in question,

install them from a disk downloaded from another computer, and they show up

as having been installed correctly in control panel>add or remove programs.

YET, on my freshly resurfaced hard drive, if I go to Windows Update (or get

notifications from Auto Update) the old Package Installer from 2005 is shown,

along with the Friendly Windows Genuine Advantage, as a mandatory update.

So, truly, my question is the opposite of that addressed by the link below.

My question is, if I have installed SP3 from a disk, and also installed the

Package Installer update 942288- and both these updates show up as being

correctly installed-- isn't it fishy that Windows Update tells me

I need to install the Package Installer from July 2005?

Thanks again.

"PA Bear [MS MVP]" wrote:

> The following KB article should resolve all of your issues:

>

> Updates are not installed successfully from Windows Update, from Microsoft

> Update, or by using Automatic Updates after you perform a new Windows XP

> installation or you repair a Windows XP installation

> http://support.microsoft.com/kb/943144

> --

> ~Robear Dyer (PA Bear)

> MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002

> AumHa VSOP & Admin http://aumha.net

> DTS-L http://dts-l.net/

>

> ElizaDoolittle wrote:

> > My question is, if I have installed SP3 from a disk, and also installed

> > the

> > Package Installer update 942288, isn't it fishy that Windows Update tells

> > me

> > I need to install the Package Installer from July 2005?

> >

> > I have nuked and burned my hard drive an embarrassingly large number of

> > times, mostly because I keep finding these things that suggest I am hooked

> > up to a remote server, even though I am a free standing computer.

> >

> > One thing I noticed is that Windows Update insists that, in order to get

> > any

> > other updates, I must first install WGA (all right, already...) and

> > KB898461, the Package Installer released in July 2005, and last reviewed

> > in

> > May 2007. Since then there have been at least two different updates,

> > including 893802 (which is spelled out as one of the components of SP3)

> > and

> > 942288.

> >

> > I have had desktop assistance from two Microsoft techs, one of whom forced

> > me to install 898461 above my protests, and one who has chased around all

> > the other fishy things I have found related to this (See my other posts

> > for

> > details about that).

> >

> > Can anyone tell me anything beyond the standard MS line, which is, "If it

> > is

> > an update that comes from a Microsoft site, it is safe and effective."

> >

> > Thanks to all who answer here.

>

>

October 21, 2008

And here's another, related question that I started to post as a new one:

Are there known viruses or other intruders that have been documented as being

able to survive a full nuke and burn of the hard drive?

That is, are there documented cases where you can't get rid of the buggers,

whether you do a full-format reinstall of the disk, or use a Windows 98 disk

to do fdisk/mbr, use things like DBAN or KILLDISK to write 0s to the hard

drive?

"PA Bear [MS MVP]" wrote:

> The following KB article should resolve all of your issues:

>

> Updates are not installed successfully from Windows Update, from Microsoft

> Update, or by using Automatic Updates after you perform a new Windows XP

> installation or you repair a Windows XP installation

> http://support.microsoft.com/kb/943144

> --

> ~Robear Dyer (PA Bear)

> MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002

> AumHa VSOP & Admin http://aumha.net

> DTS-L http://dts-l.net/

>

> ElizaDoolittle wrote:

> > My question is, if I have installed SP3 from a disk, and also installed

> > the

> > Package Installer update 942288, isn't it fishy that Windows Update tells

> > me

> > I need to install the Package Installer from July 2005?

> >

> > I have nuked and burned my hard drive an embarrassingly large number of

> > times, mostly because I keep finding these things that suggest I am hooked

> > up to a remote server, even though I am a free standing computer.

> >

> > One thing I noticed is that Windows Update insists that, in order to get

> > any

> > other updates, I must first install WGA (all right, already...) and

> > KB898461, the Package Installer released in July 2005, and last reviewed

> > in

> > May 2007. Since then there have been at least two different updates,

> > including 893802 (which is spelled out as one of the components of SP3)

> > and

> > 942288.

> >

> > I have had desktop assistance from two Microsoft techs, one of whom forced

> > me to install 898461 above my protests, and one who has chased around all

> > the other fishy things I have found related to this (See my other posts

> > for

> > details about that).

> >

> > Can anyone tell me anything beyond the standard MS line, which is, "If it

> > is

> > an update that comes from a Microsoft site, it is safe and effective."

> >

> > Thanks to all who answer here.

>

>

October 21, 2008

"ElizaDoolittle" <ElizaDoolittle@discussions.microsoft.com> wrote in message

news:622FFA96-D60A-4521-9201-29104C349456@microsoft.com...

> And here's another, related question that I started to post as a new one:

> Are there known viruses or other intruders that have been documented as

> being

> able to survive a full nuke and burn of the hard drive?

>

> That is, are there documented cases where you can't get rid of the

> buggers,

> whether you do a full-format reinstall of the disk, or use a Windows 98

> disk

> to do fdisk/mbr, use things like DBAN or KILLDISK to write 0s to the hard

> drive?

>

>

Did you actually read my post of 19 October 2008 09:57 GMT, 'Eliza' ?

Especially this part .........