KB891711.EXE

"Kevin Moore" wrote in message
...
Ken, have you checked the ScanDefrag logs to see what has
changed and/or notified the programs authors ??

If you are still interested, Kevin, this is what I know now:

The collective log of ScanDefrag for the period of time during which I had
difficulty shows this (edited to show failing section):

Attempting to terminate process: MMTASK.TSK...
Timeout waiting for process to terminate: MMTASK.TSK
Attempting to terminate process: MPREXE.EXE...
Protected process skipped: MPREXE.EXE
Attempting to terminate process: STATEMGR.EXE...
Protected process skipped: STATEMGR.EXE
Attempting to terminate process: MSTASK.EXE...
Process terminated successfully: MSTASK.EXE
Attempting to terminate process: VSMON.EXE...
Process terminated successfully: VSMON.EXE
Attempting to terminate process: ISAFE.EXE...
Process terminated successfully: ISAFE.EXE
Attempting to terminate process: KB891711.EXE...
Timeout waiting for process to terminate: KB891711.EXE

Neither MMTASK nor KB891711 terminated correctly and the computer froze,
never completing the ScanDefrag program.

Two hours later, after lunch and proclaiming a pox on all things Microsoft,
I unchecked KB891711 from the startup list and tried ScanDefrag again. This
time MMTASK terminated properly and nothing showed for KB891711 because it
was never started. And ScanDefrag finished up just fine. I was also able
to shut down the computer and restart it again without difficulty, both of
which had been failing before.

HTH

Ken Bland

"Bill Leary" wrote in message
...

By "Scandefrag" do you mean the disk defragmenter from the Tools tab off
the
Properties of a drive?

If so...

I can't get it to run without failing and returning many
error messages, although Scandisk is okay in Safe Mode.
The only recent additions I made are these two patches, which
loaded and installed without error.

I hadn't had used it, but since you ask, I've just tried it and it seems
to run
normally.

- Bill


No, Bill, I am referring to the ScanDefrag program written and maintained by
three or four faithful programmers here who realized that some (most?) of us
had difficulty when a certain failure caused an automatic scandisk to start
with power-on. Scandisk could be run in Safe Mode all right, but it was a
nuisance, and ScanDefrag solved the problem without requiring Safe Mode. I
believe you can read about and download ScanDefrag he

http://www.blueorbsoft.com/scandefrag/

Ken Bland

"Chris" wrote in message
...
Many thanks for all the inputs. As for me I have to say that I have no Nav
installed. I am using the free edition of AVG which for itself causes the
error as follows: C:\window\applicationData\AVG 7\log folder contains
incorrect info about 'emc.log'. something about the size being different
than
what is recorded. At any rate regarding the KB891711.EXE I simply rolled
back
the restor point. Although the said file is still in the add/remove
programs
and also in the startup folder and checked which I unchecked. So, what
does
this mean? the patch has created restore point but after choosing it
successfully the file still remains :-). I am baffled. Once again I have
no
Nav.

There are others here whose knowledge regarding system restore exceeds my
own, but I *think* if you restored to a point before these patches were
installed, they're not installed now. This troublesome one may well be in
the Add/Remove list and I suppose it could be in the startup list also, but
if it is I suspect you should have received some sort of "missing program"
message. As far as my computer knows, KB891711 is still here, but it's not
allowed to start up with power on. NAV may be causing some conflict, but I
don't use it so that's out of the picture for me.

Believe me, I am no expert here but I am learning a few things about this
particular patch.

Ken Bland

Get rid of OE.

John

Jack E Martinelli wrote:

Yes, it's being launched by HKLM\...\RunServices.

Ken, have you furnished this info to the ScanDefrag Team ?
See the program Readme and...

ScanDefrag program Help Email ScanDefrag Team

--
Ken Bland wrote:

The collective log of ScanDefrag for the period of time during which
I had difficulty shows this (edited to show failing section):

-------------------- snip ----------------------------

What has OE got to do with it?

....Alan

--
Alan Edwards, MS MVP W95/98 Systems
http://dts-l.org/index.html

In microsoft.public.windowsme.general, John John
wrote:

Get rid of OE.

John

Jack E Martinelli wrote:

Yes, it's being launched by HKLM\...\RunServices.

Microsoft Security Bulletin MS05-002
Vulnerability in Cursor and Icon Format Handling Could Allow Remote Code
Execution (891711)

Vulnerability Details

Cursor and Icon Format Handling Vulnerability - CAN-2004-1049:

A remote code execution vulnerability exists in the way that cursor,
animated cursor, and icon formats are handled. An attacker could try to
exploit the vulnerability by constructing a malicious cursor or icon
file that could potentially allow remote code execution if a user
visited a malicious Web site or viewed a malicious e-mail message. An
attacker who successfully exploited this vulnerability could take
complete control of an affected system.

Mitigating Factors for Cursor and Icon Format Handling Vulnerability -
CAN-2004-1049:
•

In a Web-based attack scenario, an attacker would have to host a Web
site that contains a Web page that is used to exploit this
vulnerability. An attacker could also attempt to compromise a Web site
to have it serve up a Web page with malicious content attempting to
exploit this vulnerability. An attacker would have no way to force users
to visit a Web site. Instead, an attacker would have to persuade them to
visit the Web site, typically by getting them to click a link that takes
them to the attacker's site or a site compromised by the attacker.
•

An attacker who successfully exploited this vulnerability could gain the
same user rights as the local user. Users whose accounts are configured
to have fewer user rights on the system could be less impacted than
users who operate with administrative user rights.
•

By default, Outlook Express 6, Outlook 2002, and Outlook 2003 open HTML
e-mail messages in the Restricted sites zone. Additionally, Outlook 2000
opens HTML e-mail messages in the Restricted sites zone if the Outlook
E-mail Security Update has been installed. Outlook Express 5.5 Service
Pack 2 opens HTML e-mail messages in the Restricted sites zone if
Microsoft Security Bulletin MS04-018 has been installed. The Restricted
sites zone helps reduce attacks that could attempt to exploit this
vulnerability.

The risk of attack from the HTML e-mail vector can be significantly
reduced if you meet all the following conditions:
•

Apply the update that is included with Microsoft Security Bulletin
MS03-040 or a later Cumulative Security Update for Internet Explorer.
•

Use Internet Explorer 6 or later.
•

Use the Microsoft Outlook E-mail Security Update, use Microsoft Outlook
Express 6 or later, or use Microsoft Outlook 2000 Service Pack 2 or
later in its default configuration.
•

Microsoft Windows XP Service Pack 2 is not affected by this vulnerability.
Top of sectionTop of section

Workarounds for Cursor and Icon Format Handling Vulnerability -
CAN-2004-1049:

Microsoft has tested the following workarounds. While these workarounds
will not correct the underlying vulnerability, they help block known
attack vectors. When a workaround reduces functionality, it is
identified below.
•

Install the Outlook E-mail Security Update if you are using Outlook 2000
SP1 or earlier.

By default, Outlook Express 6, Outlook 2002 and Outlook 2003 open HTML
e-mail messages in the Restricted sites zone. Additionally, Outlook 2000
opens HTML e-mail messages in the Restricted sites zone if the Outlook
E-mail Security Update has been installed.

Outlook Express 5.5 Service Pack 2 opens HTML e-mail messages in the
Restricted sites zone if Microsoft Security Bulletin MS04-018 has been
installed. Customers who use any of these products could be at a reduced
risk from an e-mail-borne attack that tries to exploit this
vulnerability unless the user clicks a malicious link in the e-mail message.
•

Read e-mail messages in plain text format if you are using Outlook 2002
or later, or Outlook Express 6 SP1 or later, to help protect yourself
from the HTML e-mail attack vector.

Microsoft Outlook 2002 users who have applied Office XP Service Pack 1
or later and Microsoft Outlook Express 6 users who have applied Internet
Explorer 6 Service Pack 1 can enable this setting and view e-mail
messages that are not digitally signed or e-mail messages that are not
encrypted in plain text only.

Digitally signed e-mail messages or encrypted e-mail messages are not
affected by the setting and may be read in their original formats. For
more information about enabling this setting in Outlook 2002, see
Microsoft Knowledge Base Article 307594.

For information about this setting in Outlook Express 6, see Microsoft
Knowledge Base Article 291387.

Impact of Workaround: E-mail messages that are viewed in plain text
format will not contain pictures, specialized fonts, animations, or
other rich content. In addition:
•

The changes are applied to the preview pane and to open messages.
•

Pictures become attachments so that they are not lost.
•

Because the message is still in Rich Text or HTML format in the store,
the object model (custom code solutions) may behave unexpectedly.

John

Alan Edwards wrote:

What has OE got to do with it?

...Alan

"Justin Thyme" wrote in message
...
"Bill Leary" wrote in message
...

By "Scandefrag" do you mean the disk defragmenter from the Tools tab
off the Properties of a drive?


No, Bill, I am referring to the ScanDefrag program

Yes, I saw the later messages and figured that out. Sorry to have wasted your
time on that.

But...

written and maintained by three or four faithful programmers here who realized
that some (most?) of us had difficulty when a certain failure caused an
automatic
scandisk to start with power-on. Scandisk could be run in Safe Mode all
right,
but it was a nuisance, and ScanDefrag solved the problem without requiring
Safe
Mode. I believe you can read about and download ScanDefrag he

http://www.blueorbsoft.com/scandefrag/

.... is quite interesting. Thanks for the pointer.

- Bill

On Sat, 12 Mar 2005 15:07:49 -0500, "Jack E Martinelli"

Yes, it's being launched by HKLM\...\RunServices.

Nowhere in this article...

http://www.microsoft.com/technet/sec.../MS05-002.mspx

....does it mention this is a kludge that has to run underfoot.

What's the story here? Will they come up with a definitive fix for
the broken code, or is underfootware becoming the "new darkness"
standard for patches?



---------------- ----- ---- --- -- - - - -
Cats have 9 lives, which makes them
ideal for experimentation!
---------------- ----- ---- --- -- - - - -

891711 is definitely malware. I've been posting on this woefully misguided
and poorly tested patch since it came out on January 25th. Microsoft needs
to wake up and smell the coffee. In the meantime, all the poor saps who
installed it and have problems simply need to uninstall it.

"Chris" wrote in message
news
Gentlemen, I was browsing and all of a sudden my browser freezes and
nothing
could get me out. I had to shut down and reboot. Since I had Dr. Watson
on,
by opening it I get the following message: Windows KB891711 component has
altered Windows system files.

Module Name: KB891711.EXE
Description: Windows KB891711 component
Version: 4.10.2222
Product: Microsoft(R) Windows(R) Operating System
Manufacturer: Microsoft Corporation

Any idea what the heck this thing is?

Dr. Watson also has been reporting for a while that : If the Taskbar is
behaving strangely, try exiting Multimedia background task support module.

Module Name: mmtask.tsk
Description: Multimedia background task support module
Version: 4.90.3000
Product: Microsoft Windows
Manufacturer: Microsoft Corporation

Appreciate a response!