Protecting Windows XP against intrusions

"NY" wrote

.....

Some interesting stats to consider:

8 of the top ten online threats in 2015 were from Flash.
One was connected with IE and one with Silverlight.
In 2016, 6 are from Flash, two from IE, one from
Silverlight and one from Windows:

https://www.recordedfuture.com/top-v...bilities-2016/

The Windows bug applies to all versions from XP up.
(Though Microsoft are actually too cheap to even acknowledge
the XP threat because XP is no longer supported unless you've
paid them a gigantic sum of money and happen to be a
corporation or gov't.)

The Windows bug requires that you run software on your
system in order for the attack to work.

All of that is to say
that the average person running Win7 or Win10, with a
browser using Flash, is at far greater risk than you on XP
if you just avoid Flash, Silverlight, Java, etc. And if you
also disable script or use something like NoScript to limit it,
you're all but invulnerable. HTML alone is not a security risk.
Your friends probably won't deal with things like NoScript,
but they can install anti-virus, avoid IE and disable or not
install browser plugins for Flash or other high risks.

On Wed, 7 Dec 2016 23:06:31 -0500, "Mayayana"
wrote:

"NY" wrote

....

Some interesting stats to consider:

8 of the top ten online threats in 2015 were from Flash.
One was connected with IE and one with Silverlight.
In 2016, 6 are from Flash, two from IE, one from
Silverlight and one from Windows:

https://www.recordedfuture.com/top-v...bilities-2016/

The Windows bug applies to all versions from XP up.
(Though Microsoft are actually too cheap to even acknowledge
the XP threat because XP is no longer supported unless you've
paid them a gigantic sum of money and happen to be a
corporation or gov't.)

The Windows bug requires that you run software on your
system in order for the attack to work.

All of that is to say
that the average person running Win7 or Win10, with a
browser using Flash, is at far greater risk than you on XP
if you just avoid Flash, Silverlight, Java, etc. And if you
also disable script or use something like NoScript to limit it,
you're all but invulnerable. HTML alone is not a security risk.
Your friends probably won't deal with things like NoScript,
but they can install anti-virus, avoid IE and disable or not
install browser plugins for Flash or other high risks.


Well put. (cross posted to the also relevant groups)
[]'s
--
Don't be evil - Google 2004
We have a new policy - Google 2012

On Wed, 07 Dec 2016 23:06:07 -0200, Shadow wrote:

On Tue, 6 Dec 2016 18:51:11 -0000, "NY" wrote:

I realise that XP didn't suddenly become any less secure the day after MS
withdrew support, but since that date presumably various backdoors have been
found which make XP less secure than it used to be.

Think about it. If it had that many backdoors, there would be
a massive botnet established on the 10-15% of computers that still run
XP. And yet ....
Firewall + uninstall Flash and Java + install NoScript on your
Firefox (or Palemoon 2.65) browser.
Xpy is useful for closing a lot of useless and dangerous
"features".
Do a Malware scan from a LiveCD AV (Kaspersky Rescue Disk is
good) once a week.
Keep any software you download for a week, then upload it to
Jotti or Virustotal before installing. You will avoid the zero-days.
I just removed 240 "malwares" from a friend's Win 7 computer
(most were duplicates in the restore folder, but it's still a lot)
--- Brains. The most important, but something you can't install on a
customer's PC....

When my old desktop computer died I had to buy a new one, but I bought
it without an OS installed, and just restored the Acronis backups from
the old one, which had Windows XP. That saved me an enormous amount of
setup time -- finding all the discs with the original programs could
take a long time for a start. Yes, I should ber better organised, and
have them all neatly stored in one place, but I'm not and I don't. So
I still use XP.

I still use Pegassus Mail for e-mail, which I've set to text-only,
which cuts the risk of infection a great deal, to judge by the amount
of malware that doesn't make it to my inbox, and even when it does,
gets deleted unread.

I use NoScript as well -- apart from anything else, it saves bandwidth
-- many news sites have videos that play automatically and can consume
enormous quantities of data while you're not looking and just reading
the story.

So in the 12 or more years that I've been using XP I haven't had a
virus infection yet, despite the fact that I get about 10 malware
e-mails a day.


--
Steve Hayes
http://www.khanya.org.za/stevesig.htm
http://khanya.wordpress.com

On Fri, 09 Dec 2016 07:14:28 +0200, Steve Hayes
wrote:

So in the 12 or more years that I've been using XP I haven't had a
virus infection yet, despite the fact that I get about 10 malware
e-mails a day.

I know a malware researcher that would be interested in those
emails, if it's really 5 per day, I'll send his address, assuming
your email is valid. I used to supply him, but my ISP adopted
Kaspersky and nothing gets through anymore.

BTW, try WSUS offline

http://www.wsusoffline.net/docs/

The last version supporting XP:

http://download.wsusoffline.net/wsusoffline921.zip

It takes a while to download everything, but you can keep it
on a DVD to update any XP you install to the latest patches on an
offline machine.
PS Posting here, because you appear to read this forum, but
could you move it over to the XP forums ?
alt.comp.os.windows-xp,alt.windows-xp
TIA
[]'s


--
Don't be evil - Google 2004
We have a new policy - Google 2012

On Fri, 16 Dec 2016 11:26:19 -0200, Shadow wrote:

On Fri, 09 Dec 2016 07:14:28 +0200, Steve Hayes
wrote:

So in the 12 or more years that I've been using XP I haven't had a
virus infection yet, despite the fact that I get about 10 malware
e-mails a day.

I know a malware researcher that would be interested in those
emails, if it's really 5 per day, I'll send his address, assuming
your email is valid. I used to supply him, but my ISP adopted
Kaspersky and nothing gets through anymore.

I'd be glad to send them to him, but they might not get though my ISP
either -- they seem to be stricter on outgoing e-mails than on
incoming ones.

The e-mail I use here, though valid, is not one I check very often.


BTW, try WSUS offline

http://www.wsusoffline.net/docs/

The last version supporting XP:

http://download.wsusoffline.net/wsusoffline921.zip

It takes a while to download everything, but you can keep it
on a DVD to update any XP you install to the latest patches on an
offline machine.
PS Posting here, because you appear to read this forum, but
could you move it over to the XP forums ?
alt.comp.os.windows-xp,alt.windows-xp

Follow-ups set.
--
Steve Hayes
http://www.khanya.org.za/stevesig.htm
http://khanya.wordpress.com

In message , Steve Hayes
writes:
On Fri, 16 Dec 2016 11:26:19 -0200, Shadow wrote:

On Fri, 09 Dec 2016 07:14:28 +0200, Steve Hayes
wrote:

So in the 12 or more years that I've been using XP I haven't had a
virus infection yet, despite the fact that I get about 10 malware
e-mails a day.

I know a malware researcher that would be interested in those
emails, if it's really 5 per day, I'll send his address, assuming
your email is valid. I used to supply him, but my ISP adopted
Kaspersky and nothing gets through anymore.

I'd be glad to send them to him, but they might not get though my ISP
either -- they seem to be stricter on outgoing e-mails than on
incoming ones.

(Same here - probably because I collect and send via different
providers.)

The e-mail I use here, though valid, is not one I check very often.


BTW, try WSUS offline

http://www.wsusoffline.net/docs/

The last version supporting XP:

http://download.wsusoffline.net/wsusoffline921.zip

It takes a while to download everything, but you can keep it
on a DVD to update any XP you install to the latest patches on an
offline machine.
PS Posting here, because you appear to read this forum, but
could you move it over to the XP forums ?
alt.comp.os.windows-xp,alt.windows-xp

Follow-ups set.

You left out microsoft.public.windowsxp.general, which I _think_ is the
busiest XP 'group still going. (It's also not an alt. 'group, which
means even Google Groups carries it. [Or rather, has a chance of doing
so, and do in this case.])
--
J. P. Gilliver. UMRA: 1960/1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf

A man does not have to be an angel in order to be saint.
Albert Schweitzer (1875-1965)

(For some reason, these posts have reappeared on my system/server.)

In message , Steve Hayes
writes:
On Wed, 07 Dec 2016 23:06:07 -0200, Shadow wrote:

On Tue, 6 Dec 2016 18:51:11 -0000, "NY" wrote:

I realise that XP didn't suddenly become any less secure the day after MS
withdrew support, but since that date presumably various backdoors have been
found which make XP less secure than it used to be.

(There is the POS hack [or hacks].)

Think about it. If it had that many backdoors, there would be
a massive botnet established on the 10-15% of computers that still run
XP. And yet ....

Indeed!

Firewall + uninstall Flash and Java + install NoScript on your
Firefox (or Palemoon 2.65) browser.
Xpy is useful for closing a lot of useless and dangerous
"features".
Do a Malware scan from a LiveCD AV (Kaspersky Rescue Disk is
good) once a week.
Keep any software you download for a week, then upload it to
Jotti or Virustotal before installing. You will avoid the zero-days.
I just removed 240 "malwares" from a friend's Win 7 computer
(most were duplicates in the restore folder, but it's still a lot)
--- Brains. The most important, but something you can't install on a
customer's PC....

(-:

When my old desktop computer died I had to buy a new one, but I bought
it without an OS installed, and just restored the Acronis backups from
the old one, which had Windows XP. That saved me an enormous amount of

That is interesting. I thought even XP had hardware-change detection to
prevent it just being "cloned". Did/do you have a volume-licenced
install? If not, did you have to reactivate with the activation server,
and if so how did that go?

setup time -- finding all the discs with the original programs could
take a long time for a start. Yes, I should ber better organised, and

Indeed! And even if you could find all the discs (and downloaded
installers), even _remembering_ how to change all the settings so that
everything runs as I'm used to would be a pain for me.

have them all neatly stored in one place, but I'm not and I don't. So
I still use XP.

So do I, and _without_ the weekly scan or wait-a-week. (Not that I'm
recommending anyone _not_ do those.)

I still use Pegassus Mail for e-mail, which I've set to text-only,
which cuts the risk of infection a great deal, to judge by the amount
of malware that doesn't make it to my inbox, and even when it does,
gets deleted unread.

I use Turnpike, which _can_ interpret HTML, but only the text-formatting
aspects (no scripts or other code). (Actually it displays buttons so I
can select the plain-text or HTML version, for _some_ emails - which of
course only works if the sender's software includes both, but lots do).
Can Pegasus not be set to display "safe" HTML in a similar manner?

I use NoScript as well -- apart from anything else, it saves bandwidth
-- many news sites have videos that play automatically and can consume
enormous quantities of data while you're not looking and just reading
the story.

Unfortunately, a lot of sites won't function properly without it )-:.
(It even needs a more up-to-date browser in some cases. My main browser
is Firefox 26, but I keep a Chrome - last XP-compatible version - to get
at some sites. Even Google maps.) I don't look at a lot of news sites.

So in the 12 or more years that I've been using XP I haven't had a

I don't think I _ever_ have, even back in '98[SElite] days.

virus infection yet, despite the fact that I get about 10 malware
e-mails a day.

0 to 2 here, I'd say. (Usually at least one phishing one, but that's
OS-independent of course.)

--
J. P. Gilliver. UMRA: 1960/1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf

A man does not have to be an angel in order to be saint.
Albert Schweitzer (1875-1965)

On Sat, 17 Dec 2016 10:58:12 +0000, "J. P. Gilliver (John)"
wrote:

Follow-ups set.

You left out microsoft.public.windowsxp.general, which I _think_ is the
busiest XP 'group still going. (It's also not an alt. 'group, which
means even Google Groups carries it. [Or rather, has a chance of doing
so, and do in this case.])

Thanks, I've now subscribed to it. I was subscribed tomn

microsoft.public.windowsxp.basics



--
Steve Hayes
http://www.khanya.org.za/stevesig.htm
http://khanya.wordpress.com

(There is 7 relevance!)

In message , Shadow
writes:
On Sat, 17 Dec 2016 11:22:04 +0000, "J. P. Gilliver (John)"
wrote:

When my old desktop computer died I had to buy a new one, but I bought
it without an OS installed, and just restored the Acronis backups from
the old one, which had Windows XP. That saved me an enormous amount of

That is interesting. I thought even XP had hardware-change detection to
prevent it just being "cloned". Did/do you have a volume-licenced
install? If not, did you have to reactivate with the activation server,
and if so how did that go?

Although I have a legit multi-license XP Pro, given the latest
M$ "telemetry-gathering" (AKA malware behavior) tendencies, I'd rather
not activate online.
I use Xpy
https://sourceforge.net/projects/xpy/files/
To disable the update service and "claim XP as registered".

Thanks for that link. (Can it do similar for 7?)

Looks like a very useful resource.

It's also useful for disabling unnecessary services and
tweaking the interface.

Ah, like 98lite and TweakUI? The documentation is a little scant, to say
the least (no criticism, since it's free!). I get the impression it's
more aimed at turning things off than tweaking - is that right? Also, if
I just run it, will it just present me options, and not actually change
anything? Looking at the history etc., I see it started out
command-line, but is it graphical now? (As you can probably tell, I'm a
bit wary of trying it, so thought I'd ask you who know it.)

I see it works on 7 and later! (Though not developed beyond 2013/4.)

setup time -- finding all the discs with the original programs could
take a long time for a start.

Win 7 group removed. They don't like dinosaurs.
Downloading microsoft.public.windowsxp.general
Almost 2 million headers. Agghhh !
[]'s
I told you it was busy (-:! It's manageable, though. [I suggest you set
am expiry time of 3 days for posts you don't mark as keep - that keeps
it manageable.]
--
J. P. Gilliver. UMRA: 1960/1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf

Can a blue man sing the whites?

In message , Paul
writes



A big question would be, how easy is it to get Windows
Update to even work. All the OSes except Win10, have
the wuauserv looping bug, which is caused by the
server file manifest contents. I don't expect the
POS people got a free lunch, and they probably
suffer just as much as the rest of us.

Paul

I was actually going to raise the wuauserv problem elsewhere. My main PC
has recently acquired this beast.

Process Explorer shows that it's actually one of its components,
wuaueng.dll0xa4f42, that is grabbing 99.99% of the processor time. The
unbelievably complicated fix didn't work for me.

Fortunately, you can use Process Explorer to kill it, and thereafter,
the PC works normally. As a manual Windows Update simply goes on and on
'checking the computer', it is impossible to get the monthly security
updates.

However, one day, after booting up, I found that I was being told that
there were updates available - and after some time doing nothing, and a
couple of reboots, they eventually started downloading, and got
installed.

After this, for the next month I had no re-occurrence of the
wuaueng.dll0xa4f42 problem - but last week, it started again. I'm
guessing that if I managed to do another Windows Update it would
disappear (at least for a while) - but, of course, I can't do one.

To hopefully get rid of the problem (at least for a while), I'm thinking
of doing a fresh installation of XP. [To be honest, the PC could do with
an early spring clear-out.] In the meantime, any suggestions (preferably
in microsoft.public.windowsxp.general) would be welcome.


--
Ian

Ian Jackson wrote:
In message , Paul
writes



A big question would be, how easy is it to get Windows
Update to even work. All the OSes except Win10, have
the wuauserv looping bug, which is caused by the
server file manifest contents. I don't expect the
POS people got a free lunch, and they probably
suffer just as much as the rest of us.

Paul

I was actually going to raise the wuauserv problem elsewhere. My main PC
has recently acquired this beast.

Process Explorer shows that it's actually one of its components,
wuaueng.dll0xa4f42, that is grabbing 99.99% of the processor time. The
unbelievably complicated fix didn't work for me.

Fortunately, you can use Process Explorer to kill it, and thereafter,
the PC works normally. As a manual Windows Update simply goes on and on
'checking the computer', it is impossible to get the monthly security
updates.

However, one day, after booting up, I found that I was being told that
there were updates available - and after some time doing nothing, and a
couple of reboots, they eventually started downloading, and got installed.

After this, for the next month I had no re-occurrence of the
wuaueng.dll0xa4f42 problem - but last week, it started again. I'm
guessing that if I managed to do another Windows Update it would
disappear (at least for a while) - but, of course, I can't do one.

To hopefully get rid of the problem (at least for a while), I'm thinking
of doing a fresh installation of XP. [To be honest, the PC could do with
an early spring clear-out.] In the meantime, any suggestions (preferably
in microsoft.public.windowsxp.general) would be welcome.

You don't understand the source of the problem.

The source of the problem is the manifest file on the Microsoft server.

After every Patch Tuesday, it has new patches. The new patches
need to have "supersedence" calculation done. Wuaueng figures out
whether the patch supersedes some other patch. In the case
of MRT 890830, which is a recurring patch, the current month
supersedes all other months and years that the patch
was presented. The algorithm goes ballistic when it sees
an item like that. Similarly, patches that change a kernel
file, GDIplus, and the like, there are a *lot* of patches
to those files. The supersedence tree for the files is very
very deep. Requiring 24 hours of wasted CPU cycles to work out.

You can manually patch items with imagined supersedence issues.
For example, my favorite recipe on WinXP is to patch Internet Explorer
to the latest Cumulative Update for Internet Explorer. That used
to reduce the time spent looping by a bit.

There is no actual code patch for the behavior, and OSes such
as WinXP and Vista only have "bandaid" manual procedures for
supersedence. And really, it's an architectural problem.

Another data point - I've noticed recently while using
MBSA 2.3 (the manual equivalent of Windows Update), that
the manifest file has stopped growing. Now I know that
Win7 and Win8 are having their patch delivery vehicle
changed, but that doesn't explain why the manifest file
is not growing at the moment. They are screwing around
with it at the moment, but I don't know what the fallout
of these changes will be. I cannot imagine them back-porting
the delivery vehicle changes to WinXP POS subsystem.

Even the Windows Insider OS update system is shut off
right now. As they are making changes to the Delta Updater
and for some reason just decided to turn things off. Which
again, makes no sense. But, this is Microsoft after all.

Microsoft has been "limping along on one leg" for years.
And it shows. They just don't know how to fix it. The
new methods aren't a fix. All they do is reduce the
number of entries added per month.

Paul

In message , Paul
writes
Ian Jackson wrote:
In message , Paul
writes


A big question would be, how easy is it to get Windows
Update to even work. All the OSes except Win10, have
the wuauserv looping bug, which is caused by the
server file manifest contents. I don't expect the
POS people got a free lunch, and they probably
suffer just as much as the rest of us.

Paul
I was actually going to raise the wuauserv problem elsewhere. My
main PC has recently acquired this beast.
Process Explorer shows that it's actually one of its components,
wuaueng.dll0xa4f42, that is grabbing 99.99% of the processor time. The
unbelievably complicated fix didn't work for me.
Fortunately, you can use Process Explorer to kill it, and
thereafter, the PC works normally. As a manual Windows Update simply
goes on and on 'checking the computer', it is impossible to get the
monthly security updates.
However, one day, after booting up, I found that I was being told
that there were updates available - and after some time doing
nothing, and a couple of reboots, they eventually started
downloading, and got installed.
After this, for the next month I had no re-occurrence of the
wuaueng.dll0xa4f42 problem - but last week, it started again. I'm
guessing that if I managed to do another Windows Update it would
disappear (at least for a while) - but, of course, I can't do one.
To hopefully get rid of the problem (at least for a while), I'm
thinking of doing a fresh installation of XP. [To be honest, the PC
could do with an early spring clear-out.] In the meantime, any
suggestions (preferably in microsoft.public.windowsxp.general) would
be welcome.

You don't understand the source of the problem.

It's actually wuaueng.dll+0xa4f42 (I missed out the +).
https://www.google.co.uk/?gws_rd=ssl#q=wuaueng.dll%2B0xa4f42
It runs at boot-up, and can be seen in Task Manger as a svchost.exe
process taking up nearly 100% of the processor time. Process Explorer
shows that the culprit is wuaueng.dll+0xa4f42, which presumably IS
something to do with Windows Update getting tied in knots. It's a real
killer - and the only way to stop it paralysing the PC is to kill it.
[Turning automatic updates on or off makes no difference. It runs
regardless.]

Unfortunately, most of the rest of your reply (left unsnipped for
completeness) is well beyond my present comprehension.

The source of the problem is the manifest file on the Microsoft server.

After every Patch Tuesday, it has new patches. The new patches
need to have "supersedence" calculation done. Wuaueng figures out
whether the patch supersedes some other patch. In the case
of MRT 890830, which is a recurring patch, the current month
supersedes all other months and years that the patch
was presented. The algorithm goes ballistic when it sees
an item like that. Similarly, patches that change a kernel
file, GDIplus, and the like, there are a *lot* of patches
to those files. The supersedence tree for the files is very
very deep. Requiring 24 hours of wasted CPU cycles to work out.

You can manually patch items with imagined supersedence issues.
For example, my favorite recipe on WinXP is to patch Internet Explorer
to the latest Cumulative Update for Internet Explorer. That used
to reduce the time spent looping by a bit.

There is no actual code patch for the behavior, and OSes such
as WinXP and Vista only have "bandaid" manual procedures for
supersedence. And really, it's an architectural problem.

Another data point - I've noticed recently while using
MBSA 2.3 (the manual equivalent of Windows Update), that
the manifest file has stopped growing. Now I know that
Win7 and Win8 are having their patch delivery vehicle
changed, but that doesn't explain why the manifest file
is not growing at the moment. They are screwing around
with it at the moment, but I don't know what the fallout
of these changes will be. I cannot imagine them back-porting
the delivery vehicle changes to WinXP POS subsystem.

Even the Windows Insider OS update system is shut off
right now. As they are making changes to the Delta Updater
and for some reason just decided to turn things off. Which
again, makes no sense. But, this is Microsoft after all.

Microsoft has been "limping along on one leg" for years.
And it shows. They just don't know how to fix it. The
new methods aren't a fix. All they do is reduce the
number of entries added per month.

As I said, any advice on a fix would be appreciated (to avoid upsetting
the W7 purists, preferably in an XP newsgroup).
--
Ian

"Ian Jackson" wrote


| It's actually wuaueng.dll+0xa4f42 (I missed out the +).
| https://www.google.co.uk/?gws_rd=ssl#q=wuaueng.dll%2B0xa4f42
| It runs at boot-up, and can be seen in Task Manger as a svchost.exe
| process taking up nearly 100% of the processor time. Process Explorer
| shows that the culprit is wuaueng.dll+0xa4f42, which presumably IS
| something to do with Windows Update getting tied in knots. It's a real
| killer - and the only way to stop it paralysing the PC is to kill it.
| [Turning automatic updates on or off makes no difference. It runs
| regardless.]

I don't get what you're talking about with that number
after the name. I don't find anything about it in a search.
In any case, you can certainly turn off updates in XP or
7. Just open the Services applet and disable "automatic
updates" as well as "background intelligent transfer service".

In XP you can also tame the beast by taking full control
over all files. You can remove System File Protection
altogether. (Assuming you don't mind losing the useless
PCHealth and the nearly useless Windows help.) Just run
the following in the Run window:

rundll32.exe setupapi.dll,InstallHinfSection
DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

That's all one line. Substitute a space for the return,
like so: InstallHinfSection DefaultUninstall

Once done, you can delete or disable anything
without it being replaced, and you can delete the
secret backup folder that's used to replace any
file you choose to delete. (I can't remember the
name of that folder offhand. I removed it many
years ago.)
I've actually renamed the WU executables for
good measure, to NOwuauclt.exe and NOwuauclt1.exe.

In message , Mayayana
writes
"Ian Jackson" wrote


| It's actually wuaueng.dll+0xa4f42 (I missed out the +).
| https://www.google.co.uk/?gws_rd=ssl#q=wuaueng.dll%2B0xa4f42
| It runs at boot-up, and can be seen in Task Manger as a svchost.exe
| process taking up nearly 100% of the processor time. Process Explorer
| shows that the culprit is wuaueng.dll+0xa4f42, which presumably IS
| something to do with Windows Update getting tied in knots. It's a real
| killer - and the only way to stop it paralysing the PC is to kill it.
| [Turning automatic updates on or off makes no difference. It runs
| regardless.]

I don't get what you're talking about with that number
after the name. I don't find anything about it in a search.

Clicking on that link returns 'about 173 results' in Google.

In any case, you can certainly turn off updates in XP or
7. Just open the Services applet and disable "automatic
updates"

AS I said, it makes no difference.

as well as "background intelligent transfer service".

Now that is somewhere I know naught of. I'll investigate.

In XP you can also tame the beast by taking full control
over all files. You can remove System File Protection
altogether. (Assuming you don't mind losing the useless
PCHealth and the nearly useless Windows help.) Just run
the following in the Run window:

rundll32.exe setupapi.dll,InstallHinfSection
DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

That's all one line. Substitute a space for the return,
like so: InstallHinfSection DefaultUninstall

Once done, you can delete or disable anything
without it being replaced, and you can delete the
secret backup folder that's used to replace any
file you choose to delete. (I can't remember the
name of that folder offhand. I removed it many
years ago.)
I've actually renamed the WU executables for
good measure, to NOwuauclt.exe and NOwuauclt1.exe.

OK, Thanks. I'll have a play.


--
Ian

Ian Jackson wrote:


OK, Thanks. I'll have a play.


1) WinXP: Turn off Windows Update. There are five policy
levels and you can turn it off. It should not
be spinning its wheels on its own then.

2) Download MBSA 2.3.

Do a scan for security updates on the current computer.
The dialog looks like this.

http://s12.postimg.org/4df2ka8bh/mbsa.gif

3) For each missing security patch, use

http://catalog.update.microsoft.com

and download the patch. The resulting file should
end in .msu. You double-click them to install.
The file extension should cause "wusa.exe" to run,
read the contents of .msu and install it.

Some downloads are in .cab format, and I don't really
know how to do one of those on WinXP. On later OSes,
you use "dism.exe" for those. Not sure on WinXP.
The wsusoffline.com package seems to download a lot of
them in .cab format, and examining the logic in the WinXP
version of wsusoffline might tell you how to handle such
a case.

The .msu files are a piece of cake.

4) Save rebooting for after the last one in the
set is done.

Any time this procedure gets stuck, that's just the
Windows Update service going into a loop again. You can
stop it from the command line, or reboot. Disconnecting
the network cable may help for those people who refuse to
turn off Windows Update while doing this style of patching.
I think you understand what to look for on your system
in any case, as you know it's in a SVCHOST, and it's
related to Windows Update preparing to run.

5) Once the system is patched, you can now enter Windows Update,
and the supersedence on security updates should no longer
delay the presentation of the "optional list" of updates.
The optional ones including Ruble or Euro font changes,
time zone changes for PagoPago, security certificates, and so on.

HTH,
Paul