Windows 95/98/Me/NTPost your Windows 95 / 98 / ME and NT questions here. Please make sure you specify your OS version.
Mission Statement
WindowsBBS is an online community dedicated to easily accessible technical support for those using Microsoft operating systems and other Windows software.
Our goal is to become the leading resource for computer users that require assistance with their day-to-day computer usage, including full support for networking PC's, virus & malware removal, system upgrades and general support questions.
On Win9x systems, this family of related patch installs an executable called KB891711.EXE.
When I start a number of apps that load bits of GUI (icons, cursors?) in some particular way, this program causes a controlled bluescreen, with the following messages:
- "an error has occurred"
- Error: 0D : 0000 : 00010000
If I press any key, Windows reliably resumes working, without the "offending" application. So far, I noticed that KB891711.EXE breaks several apps. For example:
- the Trillian IM client bluescreens while starting, right at the point where it loads emoticons.
- the SIS system tray video settings object bluescreens by just HOVERING the cursor on it in the system tray, because doing so causes the application to LOAD the icons it needs to populate its menu.
I am sure this breaks a lot more.
KUDOS
to Microsoft for showing their committment to security:
- first they allow some new, improved, dynamic, and redundant way for apps to use bits of GUI
- when they discover it's imperfect and dangerous they take it away, irrespective of how many 3rd party apps are affected. Those MS security guys don't take no s%^# from anyone. (Although I am pretty sure MS apps are not affected, and if they were they got fixed with plenty of advance warning.).
Least you babble that Microsoft may have acted illegally, I suggest you go re-read the EULAs you accepted and shut up.
SOLUTION
I just dropped into msconfig and prevented KB891711.EXE from running on reboot. (It cannot be killed when running).
I'll run the risk brought by this vuln, and added this to my cahier des doleances.
Didn't find the information you thought to find? Check out these Similar Threads
Yours is the first problem I have heard of KB891711 causing problems, then again the update is barely two weeks old.
Have you ever adjusted the icon cache size, or used TweakUi to repair the icons? It deletes the ShellIconCache file when doing so, allowing it to be rebuilt.
i'm on Win98SE and i've already uninstalled a few days ago via Control Panel > Add/Remove Programs Applet this 'critical' (!) update after experiencing random BSODs attempting to open IE 6 ... NO more problems now!!!
I'll definitely give it a try. I was myself a bit surprised that no similar complaints had arisen over TWO FULL WEEKS, with lots of users having switched to automatic updates. But I doubt it's cache related. We'll see!
I only do manual updates, precisely because I am used to patches being pushed out causing more problems than the vulns they address. I am very extremely careful (say, paranoid) with
- mail
- hyperactive mail clients (eg closed port 80 AND inbox preview on Outlook &. co at least since 1998)
- ANY installs, incl. the Java, Active-X etc. menageries, all sorts of plugins etc., which I firebomb on a regular basis
- passive and active remote directory access
- removable media of any kind
- iffy files (I only consider .txt safe, and I do not use MS apps for it either)
- ALL thos damned "agent" apps that want to run at boot and call home to discuss their own business behind my back
- convoluted multimedia apps that ask for useless (for me) leeway to go online
+ I have two firewalls, AV, antitrojan etc and NEVER had a security problem in 17 years of computing on MS.
It may sound corny, but if you are indeed paranoid, the majority of probs do tend to come from MS patches. I normally wait months to install potentially intrusive ones, and read their reviews first. In my experience, oldish "cumulative" patches tend to be better managed. This was the first early patching I did in perhaps 5 years.
Last week I cleaned up a friends' stricken high power XP PC that had caught 30+ nasties (as counted by Norton, but there were more that it could not collar), I asked her to give me a demo of the goblins at work. I saw things I had only read about.
- IE popping open by itself and running like possessed to (dead) **** sites
- NAV getting into a tizzy, trying in vain to keep the barbarians at bay and yelling for help
- a dozen unknown, trembling, beady eyed critters poking their furry noses out of the system tray
- many specific commands (like task manager invoke) apparently disabled by goblins in self defense
- console "frozen" due to uncontrollable CPU overload (think 3 GHz doing Lord know what)
- the DSL "out" light on solid spraying Satan's semen at 800kbp...
Her kids are in for an earful.
I laughed so hard I almost fell off the chair and had to apologize! My 4-yr old WinME box doesn't do that...
Thanks for the links on that Giani . I found the annoyances.org link to be of the best informative on what it does, and why a Critical Update is now a new standard windows startup.
For those who check out that link, read the posts by Jack Gulley.
I suspect that the flashing which I and others mentioned in this thread is related (although the flashing which the thread starter was experiencing turned out to be a different issue)
would like to try starting 891711 manually after all other startups have fully loaded, as mentioned in the annoyances.org thread
Quote:
wait till Zone Alarm is FULLY loaded and manually click on the KB891711 program I have no problems
can anyone see any drawback to this workaround - ie, is there more to this M$ update than the background running of KB891711.EXE?
- hyperactive mail clients (eg closed port 80 AND inbox preview on Outlook &. co at least since 1998)
FYI, mail clients don't ever use port 80. Web based mail via the browser, such as yahoo mail, never uses port 80 either.
Mail servers use port 110 for pop (downloading messages) and port 25 for smtp (sending messages). The mail client on a computer initially connects to the pop server's port 110 to download messages, afterwhich the messages get downloaded using unassigned port above 1024. When sending messages, the mail client on a computer initially connects to the smtp server's port 25 and again used other ports to upload the messages that are being sent.
No workstation or home computer ever uses port 80 unless said computer is running a web server to serve webpages. (such as IIS or Apache)
???? TonyT - I think perhaps you have got the wrong thread?
the link in my post above should have taken you to a thread "Internet Explorer Flashes", check out posts #5, #6, #7, #8, #10 which describe behavour symptoms which I suspect may relate to 891711
I've disabled KB891711 using msconfig; and made a simple batch file to run on startup, cause a 15 second delay, then run KB891711
Since doing this the problem has not recurred. But the problem was sporadic anyway - could go for several days without trouble, then have a day when it happens almost all the time.
==
TonyT - off-topic, but since you raise the subject: FYI - email clients *do* use port 80 if you let them. They do this if an image has been included in HTML email as an external reference rather than being attached or incorporated, and the email client is set to read HTML email. OE preview pane, for example, will perfectly happily cause HTTP access to port 80 to pick up images - demo (77kB)
best wishes, HJ
(edit) apologies to Tony - it's not him with the wrong thread, it's HJ with the wrong end of the stick - confusing his quote with a very similar discussion about danger of images in emails, without re-reading this thread properly before posting. Mea culpa. The point about port 80, though, still stands.
Last edited by Hugh Jarss; 23rd March 2005 at 15:12.
after I disabled 891711 with msconfig, I paid a quick visit to WindowsUpdate to see what would happen
the answer: I wasn't offered any critical updates... so presumably WU decides based on whether you have the files, rather than whether you have the task running
KB891711 Microsoft has acknowledged that a security patch issued in January for its Windows 98 and Windows ME operating systems may cause performance issues for customers who have downloaded the update.
Have above installed on networked w98SE. Immediately after install, IE6 became extremely unstable. To allow continued use of the computer, have the KB891711.exe running process disabled in startup. To allow Microsoft updates, have a shortcut to load process back to active. Don't yet understand if having update "installed but not active" provides any protection.
Last edited by Dennis L; 31st March 2005 at 22:08.
891711 seems to be on offer again at Windows Update... ?reworked maybe - or perhaps just insisting on a restart after applying the patch...
...noticed that after the earlier application of 891711 (which didn't prompt for a restart) didn't leave 891711 showing as a running task until after the PC was rebooted...
I ALWAYS restart after ANY UPDATEs to ANYTHING. Whether it says to or not. The few minutes that it takes may well say a lot.
And as I stated in the recent post by Hugh Jarss I restart the machine BEFORE updating. ANd the longer the machine has been on and used I think it is better to restart.
Whether this helps or not I can not say 100% for sure but I have not had any problems YET. LOL
I also just update two 98SE machines ( apparentl again ) with 891711. SO time will tell
Why was this security bulletin updated on April 12, 2005?
After the release of the MS05-002 security bulletin, Microsoft became aware of an issue affecting customers deploying the Windows 98, 98SE and ME security update. In most cases, the issue caused machines to unexpectedly restart.
Microsoft has investigated this issue and has made available revised security updates for these platforms. These revised security updates are available from Windows Update and the Microsoft Download Center. Customers who have not yet applied the original version of these updates should visit Windows Update to receive the revised updates.
Customers who have already applied the original Windows 98, 98SE and ME security update are advised to install the current revision of the update from Windows Update.
. I found the annoyances.org link to be of the best informative on what it does, and why a Critical Update is now a new standard windows startup.
)
