A little worried

Amp34 · 9 Dec 2006 at 13:40

I woke up this morning and found a program log on my PC named "msxml4-KB927978-enu". It seems to have activated last night and looks rather suspicious, It has command likes such as enable cloaking and looks like it has acessed a lot of important windows.

I am scanning for viruses etc at the moment just to be on the safe side.

Anyone have any ideas what it is?

Actually just looking up Verbose it seems to be something to do with server 2003, this is a csingle connected computer running vista and XP so still it doesnt make sense.

Amp34 · 9 Dec 2006 at 13:41

Here is some of the command log:

Code:

=== Verbose logging started: 08/12/2006  22:50:57  Build type: SHIP UNICODE 3.01.4000.2435  Calling process: C:\WINDOWS\system32\msiexec.exe ===
MSI (c) (B8:D0) [22:50:57:234]: Resetting cached policy values
MSI (c) (B8:D0) [22:50:57:234]: Machine policy value 'Debug' is 0
MSI (c) (B8:D0) [22:50:57:234]: ******* RunEngine:
           ******* Product: h:\e2512c3f70aeb7acd47515\msxml.msi

Amp34 · 9 Dec 2006 at 13:43

For some reason the forum wont let me put all of this in the same post but here is the part just after the code above:

Code:

           ******* Action: 
           ******* CommandLine: **********
MSI (c) (B8:D0) [22:50:57:234]: Client-side and UI is none or basic: Running entire install on the server.
MSI (c) (B8:D0) [22:50:57:234]: Grabbed execution mutex.
MSI (c) (B8:D0) [22:50:57:296]: Cloaking enabled.
MSI (c) (B8:D0) [22:50:57:296]: Attempting to enable all disabled priveleges before calling Install on Server
MSI (c) (B8:D0) [22:50:57:296]: Incrementing counter to disable shutdown. Counter after increment: 0
MSI (s) (38:F8) [22:50:57:296]: Grabbed execution mutex.
MSI (s) (38:08) [22:50:57:296]: Resetting cached policy values
MSI (s) (38:08) [22:50:57:296]: Machine policy value 'Debug' is 0
MSI (s) (38:08) [22:50:57:296]: ******* RunEngine:
           ******* Product: h:\e2512c3f70aeb7acd47515\msxml.msi

Edit: the path line "h:\e2512c3f70aeb7acd47515\msxml.msi" pionts to the folder the text document was found in but there is only the text document there now.

touch · 9 Dec 2006 at 13:45

edit: im a retard

Amp34 · 9 Dec 2006 at 13:47

So how did it get onto my computer? Is it a new patch or something for XP? And i assume by that it is safe? :confused:

Memphis · 9 Dec 2006 at 14:00

http://support.microsoft.com/kb/927978/en-us

You don't have automatic updates on do you?

And yes, it's safe.

Amp34 · 9 Dec 2006 at 14:13

Yeah I went into xp for the first time in a couple of months last night and it installed some updates. Thanks for alleviating my fears, its just some of the things in the log seemed a bit suspicious, and updates dont normally leave logs.