Win Media Player 9 with worm?

It has been three times now:

after installing Windows Media Player 9 via online Windows Update, some system files had been modified and my computer popped up 'Windows File Protetion' message to warn about some system files replaced by unrecognized versions - after a certain number of responses to this message pop-up window (by clicking 'yes','no' or 'cancel) at different times, the computer would eventually die with the corrupped 'NTOSKRNL.EXE' file after a computer restart.

The operating system (windows 2000 professional) had been freshly installed and various patches applied online via Windows Update web site before installing this media player.

It is worth to note, During the installatin of this media player 9, I had unchecked all options relating to retrieving media information or sending the client id, etc.

Wondering if anyone else had the similar problem. Please be careful about installing this player.

PS, please refer to my previous topic titled 'Windows File Protection Popup' for some more information relating to a possible worm.

The following records existed in the \winnt\setupapi.log file, which confirm some systems files had been modified after installing the player 9:

[2004/05/05 18:38:20 192.49]
Munged cmdline: winlogon.exe
EXE name: \??\C:\WINNT\system32\winlogon.exe
The protected system file (c:\winnt\system32\chkdsk.exe) was successfully unprotected.
The protected system file (c:\winnt\system32\cipher.exe) was successfully unprotected.
The protected system file (c:\winnt\system32\dcomcnfg.exe) was successfully unprotected.
The protected system file (c:\winnt\system32\dllhst3g.exe) was successfully unprotected.
The protected system file (c:\winnt\system32\drwtsn32.exe) was successfully unprotected.
The protected system file (c:\winnt\system32\lodctr.exe) was successfully unprotected.
The protected system file (c:\winnt\system32\mobsync.exe) was successfully unprotected.
The protected system file (c:\winnt\system32\msiexec.exe) was successfully unprotected.
The protected system file (c:\winnt\system32\nddeapir.exe) was successfully unprotected.
The protected system file (c:\winnt\system32\ntvdm.exe) was successfully unprotected.
The protected system file (c:\winnt\system32\runas.exe) was successfully unprotected.
The protected system file (c:\winnt\system32\savedump.exe) was successfully unprotected.
The protected system file (c:\winnt\system32\smlogsvc.exe) was successfully unprotected.
The protected system file (c:\winnt\system32\sndrec32.exe) was successfully unprotected.
The protected system file (c:\winnt\system32\tftp.exe) was successfully unprotected.
The protected system file (c:\winnt\system32\tlntsess.exe) was successfully unprotected.
The protected system file (c:\winnt\system32\userinit.exe) was successfully unprotected.
The protected system file (c:\winnt\system32\winver.exe) was successfully unprotected.
The protected system file (c:\winnt\regedit.exe) was successfully unprotected.
The protected system file (c:\winnt\system32\at.exe) was successfully unprotected.
The protected system file (c:\winnt\system32\convert.exe) was successfully unprotected.
The protected system file (c:\winnt\system32\label.exe) was successfully unprotected.
The protected system file (c:\winnt\system32\osk.exe) was successfully unprotected.
The protected system file (c:\winnt\system32\rsh.exe) was successfully unprotected.
The protected system file (c:\winnt\system32\rsnotify.exe) was successfully unprotected.
The protected system file (c:\winnt\system32\stisvc.exe) was successfully unprotected.
The protected system file (c:\winnt\system32\subst.exe) was successfully unprotected.
The protected system file (c:\program files\windows media player\logagent.exe) was successfully

unprotected.
The protected system file (c:\program files\windows media player\mplayer2.exe) was successfully

unprotected.
[2004/05/05 18:39:06 192.137]
The protected system file (c:\winnt\hh.exe) was successfully unprotected.
The protected system file (c:\winnt\system32\autolfn.exe) was successfully unprotected.
The protected system file (c:\winnt\system32\conime.exe) was successfully unprotected.
The protected system file (c:\winnt\system32\dmremote.exe) was successfully unprotected.
The protected system file (c:\winnt\system32\label.exe) was successfully unprotected.
The protected system file (c:\winnt\system32\mmc.exe) was successfully unprotected.
The protected system file (c:\winnt\system32\mspaint.exe) was successfully unprotected.
The protected system file (c:\winnt\system32\odbcad32.exe) was successfully unprotected.
The protected system file (c:\winnt\system32\odbcconf.exe) was successfully unprotected.
The protected system file (c:\winnt\system32\rsvp.exe) was successfully unprotected.
The protected system file (c:\winnt\system32\scardsvr.exe) was successfully unprotected.
The protected system file (c:\winnt\system32\skeys.exe) was successfully unprotected.
The protected system file (c:\winnt\system32\tlntsvr.exe) was successfully unprotected.
The protected system file (c:\winnt\system32\chkdsk.exe) was successfully unprotected.
The protected system file (c:\winnt\system32\chkntfs.exe) was successfully unprotected.
The protected system file (c:\winnt\system32\convert.exe) was successfully unprotected.
The protected system file (c:\winnt\system32\dllhst3g.exe) was successfully unprotected.
The protected system file (c:\winnt\system32\faxsvc.exe) was successfully unprotected.
The protected system file (c:\winnt\system32\locator.exe) was successfully unprotected.
The protected system file (c:\winnt\system32\net1.exe) was successfully unprotected.
The protected system file (c:\winnt\system32\ntdsutil.exe) was successfully unprotected.
The protected system file (c:\winnt\system32\osk.exe) was successfully unprotected.
The protected system file (c:\winnt\system32\savedump.exe) was successfully unprotected.
The protected system file (c:\winnt\system32\shmgrate.exe) was successfully unprotected.
The protected system file (c:\winnt\system32\utilman.exe) was successfully unprotected.
The protected system file (c:\winnt\system32\dvdplay.exe) was successfully unprotected.
The protected system file (c:\winnt\system32\ntoskrnl.exe) was successfully unprotected.

• Patch 819639 seems confirming -thisVirus- ♀ (279 bytes) () 05/05/2004 postreply 04:15:14

• Turn out to be the Win32 Valla -Virus?- ♀ (121 bytes) () 05/05/2004 postreply 19:34:32