Downloading updates in advance

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hello,

i'm looking for a way to dl'd winxp-home updates in advance
i want to burn them all on cd
so i can install & update winxp completely updated OFFline
Can someone give me the URL to do that ?
A friend gave me this link but i don't know if it's relaible
http://www.softwarepatch.com/windows/
I think i prefer an originale MSwinxp website

thnx in advance
omi
 
(e-mail address removed),
omi said:
Hello,

i'm looking for a way to dl'd winxp-home updates in advance
i want to burn them all on cd
so i can install & update winxp completely updated OFFline
Can someone give me the URL to do that ?
A friend gave me this link but i don't know if it's relaible
http://www.softwarepatch.com/windows/
I think i prefer an originale MSwinxp website

thnx in advance
omi
Click to expand...

Go to the following web site:

Welcome to Windows Update Catalog
http://v4.windowsupdate.microsoft.com/catalog/en/default.asp

Click on "Find updates for Microsoft Windows operating
systems".
In the Operating system box, scroll down to the next to last
entry, Windows XP SP2.
Click on it to highlight it and hit the Search button.
Click on "Critical Updates and Service Packs".
Scroll through the list and add all the updates you need to
your download basket.
Do the same for "Recommended Updates".
Once you've completed the selection process click on "Go to
Download Basket".
Use the Browse button to select a handy location on your hard
drive to store the updates.
Hit the Download button.

Here's another Microsoft source for updates:

Microsoft Security Bulletin Search
http://www.microsoft.com/technet/security/current.aspx

Here are a couple of sites you may find useful:

How to download updates and drivers from the Windows Update
Catalog
http://support.microsoft.com/default.aspx?scid=kb;en-us;323166

How to install multiple Windows updates or hotfixes with only
one reboot
http://support.microsoft.com/kb/296861/

Good luck

Nepatsfan
 
Also dont forget to go to java.sun.com and download the latest java vm from
there from what others are saying in the news groups there are too many
exploits using the older javas

Jon
 
thnx a million

hopefully this will end my virus-nightmare that lasted a month

thnx again
omi
 
thnx for the tip,

this is excactly how i got infected with
EXP/MS05-013
i will now format my drive (again) and hopefully return online without any
probs

cheerz
omi
 
Well that didn't work,

i downloaded all 90 files (582Mb)
i formatted my drive and reinstalled windows
when i tried to perform the updates one by one
there were some that would not install because the installation program was
missing
like : com_microsoft.886903_NET11_SP1_XP_5556
result: i had to go online to search for updates
i needed an installer program first,
then 28 downloads were needed
Now it's up to date but again i'm leaking Mb's :((
In my taskmanager i see there are 5 "svchost.exe" that are active
is this normal ?
svchost.exe - local service
svchost.exe - networkservice
svchost.exe - SYSTEM
svchost.exe - networkservice
svchost.exe - SYSTEM

msmsgs.exe keeps activating itself
My cpu keeps "performing" without me doing anything (variable 0-10%)
and NIS gives popups
"Rules automaticly created for MS generetic Host Process for WIN32 server"
--> c:\Windows\System32\svchost.exe

So i'm back to where i was

Looks like performing updates offline is not that easy as i thought

Any help's appreciated
omi
 
1) You may need to go to the Windows Update Site first and install the most
recent version of Windows Update Software* (accept the download before a
regular update search) and after that you can install updates by any means.

*Check in C:\WINDOWS\Downloaded Program Files and check update software;
Validation tool and Update Class, activex controls are necessary to update
your system.

2) svchost is a normal system process

3) and Generetic Host Process may be a problem with a scanner or printer
driver. updated drivers will solve it.

4) How to disable or remove Messenger (msmsgs.exe)
http://www.kellys-korner-xp.com/xp_messenger.htm
http://www.dougknox.com/xp/utils/xp_mess_disable.htm
http://www.updatexp.com/disable-messenger-msn.html

-------------------------------------
 
1) that's where the problem is, when i go online for updating i get hacked,
changed my IP zillion times, no luck

3) i have no scanner or printer installed or even connected
i get 5-10 popups from NIS about this very rapidly... i don't think that's
normal
also when i open a webpage, NIS allows +/- 50 coockies for each webpage
also i got a NIS popup request for Ikernel.exe to connect to a DNS-server
(blocked it)
i wunder if there's some permanent RAM in my pc, not the ram-sticks but
something like the BIOS...

4) thnx for the tip.. i changed the registry to prevent messenger from running

5) i was able to install most winxp updates offline except:
- com_microsoft.886906_NET10_SP3_nld_5556
- com_microsoft.888316_ehome_guide_fix
- com_microsoft.KB867461_DOT_NET_EN_1_0_SP3
- com_microsoft.KB867461_DOT_NET_Tier3
- com_microsoft.KB873369_XP_SP3_eHome_INTL
- com_microsoft.Q816093_VM3810_Ver1
- com_microsoft.Q900036_VS_NET_ES_5520

oh i wish i could get my hands on one of those hackers,
he/she would suffer a very slow death, minimum a month
after messing with this problem for about a month i'm almost ready for a
mental institution

omi

any hackers that wish to vulontier or test me, let's set up a meeting !!
 
If you did a pristine install of the operating system from a genuine Windows
install disk and either enable Windows Firewall or are behind an internet
router/firewall device that does not allow any unsolicited inbound traffic
you should not have a problem with getting Windows Updates without becoming
infected or hacked. However I suggest that you go to Windows Updates first
thing before installing any software on your computer after the fresh
install. I do this a lot with never a problem and the next thing I do is to
install antivirus software and update it immediately. Then when you are done
if you are not protected by an internet router or firewall device then
disconnect from the network and disable the Windows Firewall before you
install another software firewall and make sure it is enabled before
connecting to the internet again. Personally I like using the Windows
Firewall and do not like all the noise that other software firewalls
generate with all the pop messages though they have there place especially
on a shared computer where you want to restrict what applications a user can
use to access the internet. If you continue to have problems I might suspect
that you have infected files in the applications or data files that you are
restring to your computer which you should be scanning for malware before
you restore/install on your computer. --- Steve

http://www.microsoft.com/athome/security/protect/windowsxpsp2/Default.mspx
--- Protect Your PC tips
http://scan.sygatetech.com/ --- Check your firewall configuration here for
inbound threats
 
I had the same problem after a fresh installation with the only difference
Windows Update froze up instead of getting pop-ups, after a thorough scan
and disinfection, the problem was gone.. I also have read some other posts
about the same thing happening to them so it seems like a fairly recent
modality of attacking.. As you may already know, a recently installed OS is
very vulnerable on the net even with the firewall enabled so your system is
very likely already infected and going to Windows Update to get security
updates, makes the spyware act up as self preservation. You need to install
antispyware applications and thoroughly clean your system before attempting
to update it and if you have to, disinfect in safe mode (F8 at startup) and
with the Internet connection line removed/turned off.

Install the following software and update it before the first scan.
Adaware SE, Spybot Search & Destroy, SpywareBlaster, CWShredder and
HijackThis
http://www.majorgeeks.com/downloads31.html

Also go to Start\Run\type; msconfig and hit Enter\go to Startup tab and
disable unknown process(es) if any are present. Then to to Start\Run\type;
regedit.msc\and go to the Run keys of the LocalMachine and CurrentUser hives
and delete any unknown process if present.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

---------------------------------
 
i've tried your discription about 20 times last month
formatting the drive, installing winxp & msi mainboard from original cd-roms
(offline)
connecting to the internet & updating winxp... 1st or 2nd time i connect to
update i get hacked... changing ip doesn't help
this is a serious issue that developpers should look into
there's no way i load infected files when installing/updating
i've tried it again today
same problem
:((((((((((((((((((((((((((((((
 
my installation goes like this:
- disconnect the internet cable
- disconnect other hd's
- change BIOS to select cd-rom as 1st boot-device
- insert winxp, reboot pc and start computer from cd
- delete partition
- format the entire drive
- install winxp home
- reboot when nessecairy
- install msi-mainboard (original cd)
- (tried installing all known security progs like you describe and scanned
the disk... i've tried this before and after updating winxp) NO infections
- update winxp
the first or second time i connect to the internet i get hacked
i tried installing & updating winxp completely offline it makes no difference

there are no unknow processes that are active in the register or task manager
but at this time there are 4 svchost.exe that are active
that's the same program from what i get NIS popups
i repeat, there are no mallware infections on the drive, i do not load
infected files
i've blocked MSN Messenger from running in the registry

i'm in the dark, down at sea and up a tree
:((((((((
 
but at this time there are 4 svchost.exe that are active
that's the same program from what i get NIS popups
Click to expand...

The svchost in 4 or 5 processes is normal, the NIS may be giving false
alarms, I would disable the Norton and enable the Windows Firewall at least
untill you get over this problem. You can also install fix KB894391

Hotfix information
A supported hotfix is now available from Microsoft. For Windows XP SP2, the
Generic Host Process error can potentially occur on any system at any time.
Although you receive the error message shortly after system startup, the
actual error occurred during the previous system shutdown. Because of the
broad nature of this issue, this hotfix was made available through Windows
Update and distributed to users who have Automatic Updates enabled to
eliminate this problem on Windows XP SP2 systems. For Windows XP SP2, you
may experience one last Generic Host Process error upon restart after you
install this hotfix. This is from the previous system shutdown before the
new version installation was completed.

Download the WindowsXP-KB894391-x86-ENU.exe package now.
(http://www.microsoft.com/downloads/details.aspx?FamilyId=A87B44B9-7A6A-49B6
-BD89-AFAD4E049C48&displaylang=en)

You receive a "Generic Host Process" error message after you start the
computer, or DBCS attachment file names are not displayed in Rich Text
e-mail messages
http://support.microsoft.com/kb/894391/en-us

Generic Host Info
http://search.lycos.com/?src=sf&loc=sem&query=microsoft+generic+host+process
+for&nlubid=1

--------------------------------------------
 
On what are you basing the theory that you're being "hacked" as
soon as you go online? What events occur that make you think
your system has been compromised so soon?

Did you do any research on exactly what svchost.exe is? If you
did you would have come across this Microsoft article:

A description of Svchost.exe in Windows XP
http://support.microsoft.com/?kbid=314056

After reading that article you would have a better
understanding of what you're dealing with. Unfortunately,
Windows XP Home Edition does not include tasklist.exe. If it
did, and you ran it at a command prompt with the /svc switch,
you would see a listing of the services that are running under
each instance of svchost. A number of those services require
network access. That's what NIS is flagging. Things such as the
browser service, DHCP, W32Time and lanmanserver are just a few
of the services operating under the umbrella of svchost.exe
that requrire network access.

Since you don't have access to tasklist the best you can do, if
you want to take a closer look at exactly what's running under
each instance of svchost, is to download and run Process
Explorer from Systernals:

Process Explorer
http://www.sysinternals.com/Utilities/ProcessExplorer.html

Right now I have seven instances of svchost.exe listed in Task
Manager. Based on your logic, my computer must be on life
support, it's so infected! My firewall program also has an
entry for Generic Host Process for Win32 Services 5.1 located
at C:\WINDOWS\system32\svchost.exe which has been allowed "Full
Access". Why? Because if I block this process, I will lose a
lot of network functionality.

If you decide to go through the installation process again, do
yourself a favor. First off, get a NAT router and put it
between your computer and your modem. Next, obtain reliable
antivirus and firewall programs from a company other than
Norton. Finally, if you decide to install any updates that
you've already downloaded from the internet, do so in a logical
manner. If your installation CD does not include Service Pack
2, start there:

Download Windows XP Service Pack 2
http://www.microsoft.com/downloads/...BE-3B8E-4F30-8245-9E368D3CDB5A&displaylang=en

When you go to install any post SP2 updates, make sure you
install them in the order they were released. It's possible
that a later update requires some of the earlier updates be
already installed.

At this time, you should only focus on the Critical Updates.
Leave the Suggested Updates for later. Also, you don't need to
install any updates for .NET since you don't have the framework
installed. You also can skip any of the critical updates that
apply to Media Center Edition. The reason you had problems
installing certain updates earlier is because you were trying
to install MCE updates on a Home Edition computer or .NET
before installing the framework.

If you continue having problems getting XP installed, you might
want to consider taking your computer to a competent
professional who will install the operating system, Windows
updates and security software for you.

Good luck

Nepatsfan



(e-mail address removed),
 
How do you know you are being hacked and what evidence? An attacker can not
get past the Windows Firewall as it does not allow inbound connections by
default that are not in response to traffic that was initiated by your
computer and a correctly installed pristine operating system from authentic
Windows XP install disk would have no malware on it. I have done what I
suggested scores of times without any problem what so ever. You are right
about changing IP address though as that has nothing to do with increasing
security in your situation. --- Steve
 
thnx for the input
i'm not so familliar with the technical side about computers but i'll
explain why i found svchost.exe suspicious

it's not just 1 NIS popup about "MS Generetic Host Process for WIN32 Server"
at startup and then every 15 minutes or so there are 5-10 popups very rapidly
i've updated winxp completely, also fix KB894391

when i open a webpage NIS allows +/- 50 popups for each page i open (not
normal)
at this time it's set at 901 allowed coockies
i will now open a webpage... now it's set at 950

at this time i am constantly leaking Mb's both upload and download
and i'm sure it's not me who's generating traffic, i've never had this
before the infection

when i connect to the internet the 1st or 2nd time i pull the plug and start
my pc without internet connection, then my cpu keeps working without me doing
anything
even at this time my cpu works constantly 0-10% variating very rapidly. It's
been working like this for the last half hour. In the beginning even it goes
100% for a long time. I'm abolutely sure this is something abnormal because
i've never occured this in the past. I'm sure that if i leave this like it is
and keep on installing programs and surfing the web my system will run slower
and slower. Before i got infected my cpu kept the 0% status and i had loads
of programs installed, now i have only the 3 main programs installed and
winxp & NIS updated
no need to go sarcastic, if you had popups like me and all the other shit
i'm experiencing you would be suspicious about anything, it was just a
question.

NAT router, seems like something pretty essential these days, i'll go by one
as soon as i have some money, even though my pc worked fine before without one

thnx for the tip about "Process Explorer"
i will try understanding this tool

cheerz
omi
 
i have also done what you describe scores of times in the past without problems
i am 110% sure that what i am experiencing is abnormal, i might be a
semi-noob on the technical side of computers, but i'm no idiot. If you would
see the way my cpu is working, the way NIS gives popups, the way i have
internet traffic without me doing anything, the way NIS allows coockies...
and all of these things are happening the second i got infected. None of
those things were happening in the past.
 
All that can certainly happen but you indicated that your computer is being
hacked right after a pristine install of the operating system and just the
operating system with the Windows Firewall enabled by just going to Windows
Updates. Again what makes you think it has been hacked just doing that and
what evidence such as malicious processes running? Maybe there is an
explanation for what you think is being hacked or malicious activity. Even
so from your description just because your NIS firewall gives you pop up
alerts and says that cookies are being created does not mean a computer has
been hacked or infected with malware as that can all be normal.

Firewall alerts do not necessarily mean hack attempts and most often don't
but are just asking you questions about what network activity you want to
allow or not and in general software firewalls do a poor job in scaring
users because of all the alerts for normal network activity such as dns name
resolution requests, file and print sharing, computer browser service, or
when an application goes to the publishers website to check for updates
which is why I usually recommend that users use the Windows Firewall or an
internet router or firewall device and forget a firewall like NIS. CPU
useage and memory useage can be tracked via Task Manager and you can see
what processes are hogging memory or CPU cycles. Maybe you have a program
with a memory leak or incomaptibility between applications though of course
spyware will make the computer seem to run slow. I have also seen power
supply problems cause poor performance of a computer that normally should
work well. If booting into Safe Mode makes the computer perform a lot better
then you have a problem with a startup application/service/driver that could
be related to malware/spyware and you can troubleshoot with msconfig by
doing selective startup. --- Steve
 
thnx for the input,
looks like my answer didn't get published... i'll start again :( but a bit
shorter

- internet traffic should be 0, like it always has been... but it's not, i
have a constant up-& downstream and i'm not generating traffic
- when doing nothing, cpu should be working 0%, like it always has done...
but it's not, in the beginning it works 100% for 5 minutes or so. After a
while it goes working 0-10% variable speed changing very rapidly, this can
last up to half an hour... never had this in the past !!
- NIS gives 5-10 popups about MS generetic Host Process for WIN32 very
rapidly each 15 minutes or so... not just 1 at start-up (this happened a few
seconds after i got infected and since then)
fix KB894391 is installed but it didn't change this
- NIS allowes +/- 50 coockies for each time i open a webpage... last session
was over a 1000 cookies. At this time it's set at 117 cookies (only to get to
this website), i will now refresh this page... 183 cookies

thnx for the "ProcessExplorer", i don't see anything odd that is eating my
cpu, it's doing his 0-10% variable dance again but i only see some NIS
applications that are active
ccproxy.exe (NIS)
CCEVTMGR.EXE (NIS)
NMain.exe (NIS)
procexp.exe
Based on your logic, my computer must be on life support, it's so infected!
Click to expand...
plz no need to go sarcastic, if you would see all those popups you would be
suspicious also, it was just a question

All these problems occured a few seconds after i got infected and keep
lasting untill now

cheerz
omi
 
Back
Top