MS Security Essentials or ATi Catalyst bad update? or Malware infection?

[IanM]

• Windows 7 Home - 64bit retail edition installed & registered
• Microsoft Security Essentials
• ATi Catalyst 10.7 (for 5850 Toxic edition)
• DEP on (Metro 2033 added to the exceptions)

Very unsettling set of events with my PC this morning. I'm not sure if there was a conflict with the updates, or a bad update either from Microsoft or ATi, or possibly even a malware problem that has circumvented the Security Essentials application? I have noticed in the past that Windows Updates will fail if it's running an automatic update or check whilst you have manually started an update, so I'm hoping that this problem isn't anything malicious:

Using my standard user account:

1) It started with some random crashes of Firefox, 3-4 times within a couple of hours, and that has never happened before. Then everything stopped responding apart from the mouse pointer so I had to force a reset and reboot.

2) Then I see Security Essentials is trying to update, but the update fails. I tried manually updating from 'Windows Update' and saw that it downloaded a 59MB update, but the install failed again twice.

3) I also noticed optional 5800 series driver update (I've never seen that appear in Windows Update before!) I didn't select it as I have CCC 10.7 downloaded, installed and working fine from the AMD website.

4) So I did a reboot again, now the Security Essentials does complete and immediately there is a new 350kb update - this one won't install either as it says it's out of date and not needed.

5) Another reboot and my desktop/taskbar has turned into some hideous Windows 95 loolalike. No other themes or aero mode are selectable, so I tried to open Catalyst Control Centre and that is disabled.
​

Switched to using the admin user account:

6) Reboot and it appear that the Catalyst driver is just gone! WTF? Check updates and that 59MB Security Essentials update is back! Guess what? It failed to install again...

7) I uninstalled the remaining CCC components, and rebooted.

8) I ran the update for the 5800 series driver and rebooted. Security Essentials didn't start and won't run

9) Another reboot, Security Essentials starts up, needs the 59MB update again. It offers then refuses to install the 350kb again

10) Reboot and Blue Screen of Death!

11) Reboot and now there is a 1.4MB update for Security Essentials??? At this point I was getting really worried about possible malware/virus infection. I have got a 2nd instance of Windows 7 installed (just using the 30 day trial to test drivers & apps) I booted into the alternative install and ran a scan with Avira, only a warning about Hyberfil.sys being locked so the system looks clean.

12) I have installed the 1.4MB Security Essentials update and rebooted for the umpteenth time, and now things appear to be running normally
​

Questions:

• Can Windows Update just ignore my decison not to install an optional update for the Catalyst driver? I don't know what the hell happened there, I didn't need the new driver and now I don't have Catalyst Control Centre any more (I guess I can reinstall it seperately but I'm a bit wary after these problems)

• Security Essentials appears to always automatically install updates, even though I have Windows Update set to "check for updates, but let me choose when to download and install"

• Did anyone else notice this 59MB Security Essentials update followed by 1-2 smaller updates? or have problems with today's updates?

 

[rflcptr]

What did the Blue Screen say?

 

[IanM]

didn't get a chance to see, it reset too quickly

 

[bigdogchris]

Seeing that you have in any shape or form adjusted DEP, it makes me believe that you have done other 'tweaks' that may be causing problems. ie. page file adjustment, disabled indexing etc. If that's the case, there could be any number of issues that could be wrong with it. What types of changes have you made?

The 59MB Security Essentials update is the definition file. On Windows Update you get the whole thing. The 1.9 MB update would just be the partial definition update. It used to say how big the files were in the beta but I don't think it does anymore (I stopped using MSE). Why it keeps popping up is probably because the update is not taking for some reason.

 

[IanM]

What types of changes have you made?

I don't think I changed anything except enabling DEP for added security, and unchecking Games in Turn Off Windows Programs and Features. I'm using an SSD so it haven't really felt the need to go looking for a lot of performance tweaks. Page file was left as default (Windows just has it set as 8GB reserved on the system drive)

I''m not sure what's going on with Indexing - it's unchecked in Windows Programs and Features, however I just looked under Control Panel -> Indexing Options and it looks like Indexing is enabled, but Start Menu & Users are the only folders indexed. It should say "Indexing is not running." if it is completely disabled? Confusing.

Aside from that, I created an admin accont initially to install stuff, but I use the computer the rest of the time from the standard account.