# Windows Update Virus?



## mikellmikell (Nov 9, 2005)

I have Windows 7 Ultimate on a computer I bought new over a year ago. I have updated it many times today a screen tells me that my version is not valid??? Is there some kind of virus out there that would corrupt the setup?

My screen saver was set to black and so was my background.

Just wondering if anybody else has had this problem


----------



## mnn2501 (Apr 2, 2008)

Don't know if there is malware/virus that would cause it, but have you _updated_ and run your virus program and malwarebytes and/or spybot?


----------



## Kung (Jan 19, 2004)

Actually I've seen that happen a few times. Can you post the exact message, word for word?


----------



## ninny (Dec 12, 2005)

I got a virus from a Java update two weeks ago. It can happen.

.


----------



## mikellmikell (Nov 9, 2005)

It's been doing updates fine and I have AVG and Malwarebytes. Last week I thought something happened when I went to a news site and it just kept opening the home page I don't know how many before I got taskmanager open and stopped it. Then made sure everything was up to date and ran full sans and now this. It finally took the latest update and is finishing up and rebooting right now.

I looked at my updates and it's installed nearly 50 probably so why would it now say I have an illegal version.


----------



## Kari (Mar 24, 2008)

mikellmikell said:


> I have Windows 7 Ultimate on a computer I bought new over a year ago. I have updated it many times today a screen tells me that my version is not valid??? Is there some kind of virus out there that would corrupt the setup?
> 
> My screen saver was set to black and so was my background.



Sounds like Windows 7 could possibly lost it's activation config and needs to be reactivated. Usually there is an icon in the system tray that you can click on or check Start Menu>>>Right click on Computer>>>Properties. If the pc needs to be reactivated, there will be a prompt at the bottom of the window.


----------



## mikellmikell (Nov 9, 2005)

Thanks I'll check it out when I go in right ow I'm making switches for my railroad and the shop computer runs just fine


----------



## mikellmikell (Nov 9, 2005)

It says it doesn't pass validation and wants me to spend 200$. I only paid 250for the thing new


----------



## Kari (Mar 24, 2008)

mikellmikell said:


> It says it doesn't pass validation and wants me to spend 200$. I only paid 250for the thing new


Welcome to the world of Windows WGA (Windows Genuine Advantage)

Where did you purchase the pc and or Windows software from? 

If it is a legit copy, the activation code must be either on the pc (look for a sticker) or on the software DVD case. If you don't have either....well good luck.


----------



## Kari (Mar 24, 2008)

ninny said:


> I got a virus from a Java update two weeks ago. It can happen.




I find that very, very difficult to believe. Sun (Oracle) Java updates do not contain viruses otherwise IT people like myself (we do 100's of Java updates per month) would be posting our collective wrath on the Sun Java forums...

From Sun (Oracle) Java's website:
_
If you have an older version of a signature file in place for your anti-virus client software or your specific anti-virus client software vendor may have failed to include into their latest signature file that the current version of Java is not a virus, it may therefore result in a false-positive state, where you are led to believe that you may have downloaded a virus with your latest version of Java software. _


----------



## ninny (Dec 12, 2005)

Kari said:


> I find that very, very difficult to believe. Sun (Oracle) Java updates do not contain viruses otherwise IT people like myself (we do 100's of Java updates per month) would be posting our collective wrath on the Sun Java forums...
> 
> From Sun (Oracle) Java's website:
> _
> If you have an older version of a signature file in place for your anti-virus client software or your specific anti-virus client software vendor may have failed to include into their latest signature file that the current version of Java is not a virus, it may therefore result in a false-positive state, where you are led to believe that you may have downloaded a virus with your latest version of Java software. _




"When a browser runs an applet, the Java Runtime Environment (JRE) stores the downloaded files into its cache folder for quick execution later and better performance. Both legitimate and malicious applets, malicious Java class files are stored in the Java cache directory and your anti-virus may detect them as threats. For more specific information about Java exploits, please refer to Virus found in the Java cache directory."

"Malicious applets have been discovered in the Java cache directory. Anti-virus programs have detected such malicious applets in the following directory:
C:\Documents and Settings\<username>\Application Data\Sun\Java\Deployment\cache\6.0\"

http://java.com/en/download/help/cache_virus.xml


The two alerts I got from MSE were:

Exploit:Java/Midesq.A
Exploit:Java/CVE-2010-0840.Z

Both were considered SEVERE threats by MSE.

.


----------



## Kari (Mar 24, 2008)

ninny said:


> "When a browser runs an applet, the Java Runtime Environment (JRE) stores the downloaded files into its cache folder for quick execution later and better performance. Both legitimate and malicious applets, malicious Java class files are stored in the Java cache directory and your anti-virus may detect them as threats. For more specific information about Java exploits, please refer to Virus found in the Java cache directory."
> 
> "Malicious applets have been discovered in the Java cache directory. Anti-virus programs have detected such malicious applets in the following directory:
> C:\Documents and Settings\<username>\Application Data\Sun\Java\Deployment\cache\6.0\"
> ...



Lets be clear here so as not confuse people.

What you are saying above is NOT caused by a Java Update as you originally posted. The Java Updates themselves are fine, it is the applets that your browser downloads and stores that are the cause. In other words, you go to an unsafe website and it downloads a malicious applet that your anti-virus aoftware detects as a virus, this is the issue you are referring to above.

*Viruses found in this cache directory are not associated with the Java that was downloaded and installed on the system.*_ A cache directory is a a temporary storage location. When the browser runs an applet or application, Java stores files into its cache directory for better performance.
_


----------



## Kung (Jan 19, 2004)

Agree w/Kari 100%. We (civil service) have to monitor Java very closely because certain versions do and do NOT run with certain pieces of software...so I'm very familiar with Java. I'm like him - we do 100's of updates on Java and many other pieces of software every week/month.

Yes, I've found tons of viruses in that folder. HOWEVER, it is *NOT *Java that is causing viruses. What is happening is that viruses find VULNERABILITIES with Java (and with many other programs, including Microsoft programs themselves), and exploit them. 

If you search on the first exploit, Java/Midesq.A, and go to Microsoft's page, you'll see that it confirms this.

You COULD completely remove Java from your computer (which is darn near impossible because TONS of sites use it, as well as many desktop apps) to avoid Java exploits, but considering literally MILLIONS of websites and thousands of apps use it, that's impossible, for the most part. Those updates Java issues are FIXING those exploits...so be GLAD it asks you to update so often.


----------



## mikellmikell (Nov 9, 2005)

well I have the key and put it in and it says that it's the same as another computers. I've been usung this for over a year and doing updates and all. I'm going to try to call but don't hold out much hope. Going to clear the hard drive tonight to send it back to Tiger direct if all else fails.


----------



## Kung (Jan 19, 2004)

The key question is - where did you get the key?


----------



## mikellmikell (Nov 9, 2005)

The key is on the bottom of the computer but as I confirmed it it's for XP??? So how do I tell if this thing has XP on it too. I wouldn't mind at all going to xp


----------



## Kung (Jan 19, 2004)

Start->Settings->Control Panel; then click on 'System' and it should tell ya.

Or Start, Run, type cmd. The black window should pop up. Type *winver*.


----------



## mikellmikell (Nov 9, 2005)

Did that and it says windows 7 but the sticker is for XP. It's been over a year and nobody can tell me anything or help other than I have a pirated version. It was on it when purchased and updates and everything worked for over a year.


----------



## Kung (Jan 19, 2004)

Well, next step is to see if you can call up your original sales receipt, and see if it specifically states "Windows 7" installed or something like that.


----------



## Kari (Mar 24, 2008)

Mike:

If your original copy was legit then someone else used your product key to validate their version of software, this could cause your validation to fail the next time...like you are experiencing now.

As Kung mentioned, find your receipt then call MS Support. Most times if you have convincing and compelling proof such as the original purchase receipt, they will sort it out and give you a new validation key. Keep in mind this may take some hours/days if they need to resolve with the reseller first.


----------



## Kung (Jan 19, 2004)

Yup, what he said. I meant to go into further detail but had a minor emergency here. LOL

For the most part, especially if you have proof, MS support is pretty cool. I've called them a few times myself and I have yet to have them tell me to go you-know-what myself if I have anything approaching proof.


----------



## mikellmikell (Nov 9, 2005)

Well the proof I have is for XP but the computer is 7 so I need to figure out if XP is still on it and get rid of 7 that wouldn't bother me a bit. I have the recept but it's been over a year .


----------



## Kung (Jan 19, 2004)

Shouldn't matter. As a matter of fact, if you bought it from Tiger Direct, they should be able to look it up for you, and send you a copy of the receipt; and then go from there.


----------

