none
Latest Windows 7 "Malicious Software Removal Tool" installation failure RRS feed

  • Question

  • I seem to be unable to install the November version of the Win 7
    Malicious Software Removal Tool via Windows Update. 
    I keep getting "unknown error 800B0109", even after rebooting and
    after powering off and restarting. 
    Can't find any useful info on cause or remedies except: 
    0x800B0109 = A certificate chain processed, but terminated in a root
    certificate which is not trusted by the trust provider.
    Which is a little odd for Microsoft's MSRT.

    Tuesday, November 12, 2019 11:11 PM

All replies

  • I'm seeing this on many WSUS-managed Win 7 and Server 2008 R2 systems.

    Edit: Below is a screenshot; the latest servicing stack update (SSU) doesn't help this, either. MS obviously messed something up.


    Jim


    • Edited by _Jim_ Wednesday, November 13, 2019 1:06 AM
    Tuesday, November 12, 2019 11:59 PM
  • Same issue. Windows 7. All updates went through except the Malicious Software Removal Tool. Error 800B0109.

    Sort of relieved I'm not the only one.

    EDIT:
    I downloaded it manually and ran it, which seemed to work fine. Didn't get rid of it as an Important Update in Windows Update, but the effect should be the same.
    • Edited by gyllenborg Wednesday, November 13, 2019 12:53 AM
    Wednesday, November 13, 2019 12:45 AM
  • From what we see the chaining issue is a bit missleading. If you check the file manually the chain looks ok.  The problem seems to be the WUA agent not detecting the file as Microsoft signed.

    This month it is only signed with the SHA2565 cert not the SHA1. 

    If you add the SHA256 cert into the trusted publishers store, WUA can move it and it will run.  Still interesting why WUA thinks it isn't signed by MS.

    Wednesday, November 13, 2019 1:54 AM
  • If you add the SHA256 cert into the trusted publishers store, WUA can move it and it will run.

    Thanks JT - isn't this what the SSU should be doing?

    Jim

    Wednesday, November 13, 2019 2:11 AM
  • I'm not a computer pro and I don't know what this means.   Can you please explain step by step how to add the SHA256 cert into the trusted publishers store.   What is the SHA256 cert and where do I find it?   What is a trusted publishers store and how do I access it?
    Wednesday, November 13, 2019 3:16 AM
  • From what we see the chaining issue is a bit missleading. If you check the file manually the chain looks ok.  The problem seems to be the WUA agent not detecting the file as Microsoft signed.

    This month it is only signed with the SHA2565 cert not the SHA1. 

    If you add the SHA256 cert into the trusted publishers store, WUA can move it and it will run.  Still interesting why WUA thinks it isn't signed by MS.

    "If you add the SHA256 cert into the trusted publishers store, WUA can move it and it will run."

    Sorry if this question is dumb but which SHA256 certificate ? Where do we find the certificate and what do we do to "add the SHA256 cert into the trusted publishers store" please ?

    Wednesday, November 13, 2019 3:25 AM
  • It was supposed to be included in KB4474419 which we have installed. 

    https://support.microsoft.com/en-au/help/4474419/sha-2-code-signing-support-update

    Wednesday, November 13, 2019 3:25 AM
  • I'm not a computer pro and I don't know what this means.   Can you please explain step by step how to add the SHA256 cert into the trusted publishers store.   What is the SHA256 cert and where do I find it?   What is a trusted publishers store and how do I access it?
    I am a computer professional and I don't know what the poster means either. 
    Wednesday, November 13, 2019 3:26 AM
  • It was supposed to be included in KB4474419 which we have installed. 

    https://support.microsoft.com/en-au/help/4474419/sha-2-code-signing-support-update

    Supposed to be but apparently isn't. But your post above says "If you add the SHA256 cert into the trusted publishers store, "

    All we are asking for are step by step instructions on how to do what you suggested please ?

    Wednesday, November 13, 2019 3:36 AM
  • It may be wiser for MS to correct the problem, if they do it soon. They have the resources and it looks as though they have the responsibility.
    • Proposed as answer by TheDukeUK Wednesday, November 13, 2019 4:02 AM
    Wednesday, November 13, 2019 3:42 AM
  • It was supposed to be included in KB4474419 which we have installed. 

    https://support.microsoft.com/en-au/help/4474419/sha-2-code-signing-support-update

    Indeed I've had to deal with that a bit on some one-offs, but our entire fleet has that (and newer) SSUs installed.

    I saw on another site post that it was a sequencing problem, but that usually means that the current SSU needs to be installed first. Ironically, the SSU this month isn't offered until after other updates are installed, and installing it manually first still doesn't fix the installation on this WSRT.

    I agree with 'ronks' in that Microsoft needs to fix it.

    P.S. Their failure rate on QA issues is moving from embarrassing to comical.


    Jim

    Wednesday, November 13, 2019 4:07 AM
  • Actually if you download 5.77 from here, run it and then check for updates the MSRT does get removed from important updates.

    https://www.microsoft.com/en-us/download/details.aspx?id=9905

    Wednesday, November 13, 2019 4:15 AM
  • Actually if you download 5.77 from here, run it and then check for updates the MSRT does get removed from important updates.

    https://www.microsoft.com/en-us/download/details.aspx?id=9905

    That is probably the fastest way around it if you have only a handful of clients.

    You can use that file to get the code signing certificate, by right clicking, properties, Digital Signatures, Details, View certificate, Install Certificate, Local Computer Store, Place all certificates in the following store: Trusted Publishers, Next, Finish.

    • Proposed as answer by Philip Kiff Wednesday, November 13, 2019 3:28 PM
    Wednesday, November 13, 2019 4:40 AM
  • Same here!

    MalWareRemovalTool (November KB890830) isn´t downloaded from our local WSUS to Server 2008 R2 and Windows 7. All other Patches from November 2019 Patchday are installed without a problem

    Regards

    Juergen

    Events on Server 2008 R2:

    Log Name:      Application
    Source:        Windows Error Reporting
    Date:          2019-11-13 12:19:56
    Event ID:      1001
    Task Category: None
    Level:         Information
    Keywords:      Classic
    User:          N/A
    Computer:      XXXXXXXXXXXXX
    Description:
    Fault bucket , type 0
    Event Name: WindowsUpdateFailure3
    Response: Not available
    Cab Id: 0
    Problem signature:
    P1: 7.6.7601.24436
    P2: 800b0109
    P3: 3D32A935-CC15-4A08-BD30-9075962D7681
    P4: Download
    P5: 201
    P6: 0
    P7: 0
    P8: AutomaticUpdates
    P9: {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}
    P10: 0
    Attached files:
    These files may be available here:

    Analysis symbol:
    Rechecking for solution: 0
    Report Id: 852f2ec8-0607-11ea-afc9-0050563212c0
    Report Status: 0
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Windows Error Reporting" />
        <EventID Qualifiers="0">1001</EventID>
        <Level>4</Level>
        <Task>0</Task>
        <Keywords>0x80000000000000</Keywords>
        <TimeCreated SystemTime="2019-11-13T11:19:56.000000000Z" />
        <EventRecordID>182168</EventRecordID>
        <Channel>Application</Channel>
        <Computer>XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX</Computer>
        <Security />
      </System>
      <EventData>
        <Data>
        </Data>
        <Data>0</Data>
        <Data>WindowsUpdateFailure3</Data>
        <Data>Not available</Data>
        <Data>0</Data>
        <Data>7.6.7601.24436</Data>
        <Data>800b0109</Data>
        <Data>3D32A935-CC15-4A08-BD30-9075962D7681</Data>
        <Data>Download</Data>
        <Data>201</Data>
        <Data>0</Data>
        <Data>0</Data>
        <Data>AutomaticUpdates</Data>
        <Data>{3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}</Data>
        <Data>0</Data>
        <Data>
        </Data>
        <Data>
        </Data>
        <Data>
        </Data>
        <Data>0</Data>
        <Data>852f2ec8-0607-11ea-afc9-0050563212c0</Data>
        <Data>0</Data>
      </EventData>
    </Event>




    • Edited by J. Juergen Wednesday, November 13, 2019 1:46 PM
    Wednesday, November 13, 2019 11:25 AM
  • so whats the official solution?

    manually importing certificates or installing the patch manually is not a solution.

    all other patches on windows 7 and Windows Server 2008 R2 are working. Same update also worked in Oktober. 

    Not Update for WSUS jet.

    Wednesday, November 13, 2019 1:11 PM
  • This worked for me and removed the update from Windows Update. It now added a new Servicing Stack Update which I shall run - KB4523206.
    Wednesday, November 13, 2019 4:13 PM
  • I already had KB4523206 installed, but Nov. 2019, KB890830 is still failing...
    Wednesday, November 13, 2019 4:26 PM
  • Same thing here. I did find this below. I really do not know what to do, I do not have the skill set to figure this out myself. I will follow this thread for more info. I am using w-7 sp-1

    Target Date

    Event

    Applies To

    March 12, 2019

    Stand Alone security updates kb4474419 and kb4490628 released to introduce SHA-2 code sign support.

     

    Windows 7 SP1,
    Windows Server 2008 R2 SP1


    • Edited by garyseven Wednesday, November 13, 2019 9:12 PM
    Wednesday, November 13, 2019 9:11 PM
  • Same issue with the November Update on Server 2008 R2.
    Thursday, November 14, 2019 2:43 AM
  • Hi All, 

    Thank you for your information in this thread. I noticed Microsoft released the following description about using Malicious Software Removal Tool. Please see the following capture. (Source: Remove specific prevalent malware with Windows Malicious Software Removal Tool)

    However, for legacy OS system, will need to install corresponding SSU to support SHA-2. Please see the description which recorded in 2019 SHA-2 Code Signing Support requirement for Windows and WSUS

    Customers who run legacy OS versions (Windows 7 SP1, Windows Server 2008 R2 SP1 and Windows Server 2008 SP2) are required to have SHA-2 code signing support installed on their devices to install updates released on or after July 2019. Any devices without SHA-2 support will not be able to install Windows updates on or after July 2019. To help prepare you for this change, we released support for SHA-2 signing in starting March 2019 and have made incremental improvements. Windows Server Update Services (WSUS) 3.0 SP2 will receive SHA-2 support to securely deliver SHA-2 signed updates. Please see the "Product update schedule" section for the SHA-2 only migration timeline.

    So the action recommended is to download and install corresponding stand alone update to check again.

    Bests, 


    Please remember to mark the replies as answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, November 14, 2019 9:15 AM
    Moderator
  • Hi Joy-Qiao,

    thanks for your reply. Manually downloading from https://support.microsoft.com/en-sg/help/890830/remove-specific-prevalent-malware-with-windows-malicious-software-remo doesn´t work, you`ll get a HTTP-404...

    We´ve rolled out all relevant Patches to support SHA-2 on W2K8R2 and Windows 7:

    https://support.microsoft.com/en-sg/help/4472027/2019-sha-2-code-signing-support-requirement-for-windows-and-wsus

    • Servicing stack update (SSU) (KB4490628). If you use Windows Update, the required SSU will be offered to you automatically. 
    • SHA-2 update (KB4474419) released September 10, 2019. If you use Windows Update, the required SHA-2 update will be offered to you automatically.

    There must be something wrong with signing in the "Malicious Software Removal Tool package" distributed to WSUS and WU Servers.... 

    see this:

    https://www.computerworld.com/article/3453322/patch-tuesday-arrives-with-access-error-1909-in-tow-and-a-promise-of-no-more-optional-patches-this.html

    https://www.askwoody.com/2019/november-2019-patch-tuesday-foibles/

    regards

    Juergen

    • Edited by J. Juergen Thursday, November 14, 2019 10:48 AM
    Thursday, November 14, 2019 9:50 AM
  • Great Job Microsoft

    KB452533 Digital Signature is issued from Microsoft Code Signing PCA 2010. This Patch is working over WSUS as expected. Has only SHA2 Cert Signature

    KB890830 (the delta one which windows Update wants to use) Digital Signature is issued from Microsoft Code Signing PCA 2011. This Patch is not working over WSUS as expected. Has only SHA2 Cert Signature

    So why are they using different CAs for signing their updates. Maybe this is the issue.

    Thursday, November 14, 2019 2:10 PM
  • Customers who run legacy OS versions (Windows 7 SP1, Windows Server 2008 R2 SP1 and Windows Server 2008 SP2) are required to have SHA-2 code signing support installed on their devices to install updates released on or after July 2019. Any devices without SHA-2 support will not be able to install Windows updates on or after July 2019......

    The tool ran fine in August, September, and October. So this info is obviously wrong.


    • Edited by Ken HDTV Friday, November 15, 2019 3:12 AM
    Friday, November 15, 2019 3:11 AM
  • Monday, November 18, 2019 6:03 AM
  • What to do in the end? I have windows sbs 2011
    Monday, November 18, 2019 8:13 PM
  • You can download it here: https://support.microsoft.com/en-us/help/890830/remove-specific-prevalent-malware-with-windows-malicious-software-remo
    It won´t be published on Windowsupdate.

    Due to certificate chain verification issues on pre-Win10, the MSRT package of November 2019 will not be offered via Windows Update.
    
    Please download the package from Download site to run on these platforms.


    Monday, November 18, 2019 8:56 PM
    • Edited by J. Juergen Tuesday, November 19, 2019 8:14 AM
    Tuesday, November 19, 2019 7:52 AM
  • it worked yesterday evening... sory...
    -> support
    Tuesday, November 19, 2019 8:21 AM
  • Other updates have also stopped downloading. Somewhere I saw that swears by some kind of certificate. What to do?
    Tuesday, November 19, 2019 7:41 PM
  • Hi ronks, 

    Any update?

    Bests, 


    Please remember to mark the replies as answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, December 5, 2019 8:17 AM
    Moderator