Ian
Tue Aug 17 14:01:17 CDT 2004
Terrycymru <me@privacy.net> wrote in news:1mm9jnayw86h0$.fstdfza4bzhx.dlg@
40tude.net:
> Windows Update offers KB836528 (Mydoom, Zindos, and Doomjuice Worm
Removal
> Tool) as a critical update with the following ominous message:
>
> The appearance of this update means that your machine is likely infected
> with one or more of these worms.
>
> How do they come to this conclusion? My up-to-date anti-virus product
does
> not agree and gives the machine a clean bill of health. What are MS
playing
> at? Producing bogus critical updates will not encourage confidence in
> users.
>
> Terry
>
In case you or other newsgroup participants didn't read the Knowledge Base
article...
What the article says (in part):
The Windows Update Web site and Automatic Updates will offer you version
4.0 of the Mydoom Worm Removal Tool if your computer appears to be infected
with Mydoom.A, Mydoom.B, Mydoom.E, Mydoom.F, Mydoom.J, Mydoom.L, Mydoom.O,
Zindos.A, Doomjuice.A, or Doomjuice.B, or if your computer contains
remnants of an infection, such as registry keys that are left behind.
Notice that you don't have to be currently infected, there just have to be
"remnants of an infection".
You can read the entire article at
http://support.microsoft.com/default.aspx?scid=kb;en-us;836528
to see the details of what the removal tool looks for (and presumably what
the update software looks for), and what the removal tool removes.
--
Ian Shef
These are my personal opinions and not those of my employer.