Why can't the antispyware block the spyware completely.
I run scans daily, it removes the agents and as soon as
it finishes they come back. In effect the AntiSpyware
serves no purpose.

>-----Original Message-----
>Why can't the antispyware block the spyware completely.
>I run scans daily, it removes the agents and as soon as
>it finishes they come back. In effect the AntiSpyware
>serves no purpose.

Hi

This is a ongoing battle between advertisment/spyware and
anti spyware solutions. For every step antispyware takes
you will directly have new variants from Ad/spy companys.
This is a never ending loop there fore you probably needs
at least 2 antispyware programs with todays situation.

I recommend MSAS and Adaware (in below link)

- Send a spyware report to MS about to make this product
better, menu tools.

- Follow this for removal:

http://aumha.org/a/quickfix.php

--
plun

No one application ever does the complete job. I would recommend
SpywareBlaster http://www.javacoolsoftware.com/ along with Adaware SE,
Spybot Search and Destroy & CWShredder

--
Peter.
Toronto, Canada.
XP Home SP2.
P4 @ 3.0ghz, 160gb HDD, 1.0gb DDR.
"Henry" <(E-Mail Removed)> wrote in message
news:17c901c51e44$776711a0$(E-Mail Removed)...
> Why can't the antispyware block the spyware completely.
> I run scans daily, it removes the agents and as soon as
> it finishes they come back. In effect the AntiSpyware
> serves no purpose.

MSAS is finding and removing "A", but MSAS is not finding (or removing)
process "B".
After MSAS removes "A", process "B" restores "A".
In some cases, "A" is started each time the computer boots; and when "A"
starts, it then starts "B".
In those cases, if you boot into SAFE MODE (pump the F8 key as the
machine boots) and run a couple of scans with MSAS, the problem will be
cured.
Otherwise you must find the process or module that keeps restoring "A"
and kill it and any processes associated with "A" prior to running a scan.

--
Bob Dietz


Henry wrote:
> Why can't the antispyware block the spyware completely.
> I run scans daily, it removes the agents and as soon as
> it finishes they come back. In effect the AntiSpyware
> serves no purpose.

Bob Dietz wrote:
> MSAS is finding and removing "A", but MSAS is not finding (or removing)
> process "B".
> After MSAS removes "A", process "B" restores "A".
> In some cases, "A" is started each time the computer boots; and when "A"
> starts, it then starts "B".
> In those cases, if you boot into SAFE MODE (pump the F8 key as the
> machine boots) and run a couple of scans with MSAS, the problem will be
> cured.

Well, for newbies and normal users this "safe mode" is
something totally unknown.

Maybe MS should make a restart function to safe mode within
MSAS to
make it easier for them. And also a twice scan function ???


Ive heard a lot "damned computer" when users misses F8 when
boot is done and OS starts.

Or maybe to have default startup process wich halts on this


> Otherwise you must find the process or module that keeps restoring "A"
> and kill it and any processes associated with "A" prior to running a scan.

MSAS must be able to do this in normal mode.

--
plun

plun wrote:
> Bob Dietz wrote:
>
>> MSAS is finding and removing "A", but MSAS is not finding (or
>> removing) process "B".
>> After MSAS removes "A", process "B" restores "A".
>> In some cases, "A" is started each time the computer boots; and when
>> "A" starts, it then starts "B".
>> In those cases, if you boot into SAFE MODE (pump the F8 key as the
>> machine boots) and run a couple of scans with MSAS, the problem will
>> be cured.
>
>
> Well, for newbies and normal users this "safe mode" is something totally
> unknown.
>
> Maybe MS should make a restart function to safe mode within MSAS to
> make it easier for them.

If that's possible, that is _exactly_ what should be done.


> And also a twice scan function ???

I've read the scan twice suggestion so many times here that I threw it
in. But I cannot personally attest to it's accomplishing anything more
than a single scan.

> Ive heard a lot "damned computer" when users misses F8 when
> boot is done and OS starts.

The phrase I use is even less polite.

> Or maybe to have default startup process wich halts on this
>
>
>> Otherwise you must find the process or module that keeps restoring "A"
>> and kill it and any processes associated with "A" prior to running a
>> scan.
>
>
> MSAS must be able to do this in normal mode.

One wishes that MSAS could do it all in normal mode, but I think that's
an unrealistic expectation in the near term.

> --
> plun
>
>
>
>
>

Bob Dietz wrote:
> plun wrote:
>> Well, for newbies and normal users this "safe mode" is something
>> totally unknown.
>>
>> Maybe MS should make a restart function to safe mode within MSAS to
>> make it easier for them.
>
>
> If that's possible, that is _exactly_ what should be done.

Bill, did you see this ?


>> And also a twice scan function ???
>
>
> I've read the scan twice suggestion so many times here that I threw it
> in. But I cannot personally attest to it's accomplishing anything more
> than a single scan.

No it´s a waste with time.

>> Ive heard a lot "damned computer" when users misses F8 when
>> boot is done and OS starts.
>
>
> The phrase I use is even less polite.


%&"##¤%&/((/&&


>> Or maybe to have default startup process wich halts on this
>>
>>
>>> Otherwise you must find the process or module that keeps restoring
>>> "A" and kill it and any processes associated with "A" prior to
>>> running a scan.
>>
>>
>>
>> MSAS must be able to do this in normal mode.
>
>
> One wishes that MSAS could do it all in normal mode, but I think that's
> an unrealistic expectation in the near term.

It´s beacuse of this I really thinks its important for
novice/normal users to
be guided, Instructions and a Forum, through this mess with
for example Aumha.org, excellent site. I was glad when I
found it.

This is an example how to solve a users problem, excellent

http://aumha.net/viewtopic.php?t=11064

We are going from a situation with no spywareprotection for
many users and we indeed have a situation with a lot of
heavily compromised Windows PC,s.

I also dont believe in "shortcuts" in this challenge, for
some its maybe is easy to just remove some junk but its
better in long term to try to do a complete clean house of
a PC with different tools.

--
plun

"plun" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>
> Well, for newbies and normal users this "safe mode" is something totally
> unknown.
>
> Maybe MS should make a restart function to safe mode within MSAS to
> make it easier for them. And also a twice scan function ???

I don't know what the plan is, but this issue is pretty crystal clear. If
they can't automate the process, I hope there will at least be some clear
guidance in the help file, or a screen that pops (and allows printing)
explaining that safe mode is necessary.

> Ive heard a lot "damned computer" when users misses F8 when
> boot is done and OS starts.
>
> Or maybe to have default startup process wich halts on this
>

I think if you hold just the CTRL key?

>
>> Otherwise you must find the process or module that keeps restoring "A"
>> and kill it and any processes associated with "A" prior to running a
>> scan.
>
> MSAS must be able to do this in normal mode.

Yes--that's the goal, and I think the gears are there to do it, but it isn't
working for all bugs.

"Bob Dietz" <rbdietz_1999*nospam*@yahoo*dot*com> wrote in message
news:(E-Mail Removed)...
>
> I've read the scan twice suggestion so many times here that I threw it in.
> But I cannot personally attest to it's accomplishing anything more than a
> single scan.
>

I can't say that I have observed a first-hand instance where, in fact, a
second scan turned up something that the first scan did not. When scanning
with an antivirus, and I discover a virus, scanning until one comes through
clean has certainly been my practice, though.

And, we have several testimonies in these groups in relation to newdotnet
removal, that the residual startup entry is, in fact, removed, by a
succeeding scan--so that appears to be one clear case where the second scan
is useful.

I'm reading it, but I'm not the important one--'cause I don't work for
Microsoft.

I don't know the mechanisms that they have in place to gather and make use
of the feedback they are getting here, but I believe these messages are read
and the feedback is used.

The safe mode issue seems obvious to me--in fact, so obvious, that perhaps
it is a bug--otherwise surely they'd have had some form of notification to
the user that this is needed--I don't know how long Giant's product was out,
but a good while--and the reviewers didn't mention needing this procedure.

I don't think I started the scan twice recommendation, but I'll plead guilty
to parroting it. As I mentioned--it is my practice when cleaning viruses,
and I don't think it is too unreasonable a practice--it is nice to be sure
that the machine comes through clean when you think you are done.

I just read the "start in safe mode" instructions in help, and they don't
seem too tough--the machine sits at the list of OS's for some period of
time--the default is 30 seconds. I reduce that to 7 seconds on mine. If
you've reduced it to a low value, this is the price that you pay.

Here's a question for you--in regards to the expert handholding stuff. The
goal of Microsoft Antispyware is to do the job on its own. However, there
are always going to be bugs that it cannot handle at the current definition
level, and perhaps not without new code. So the expert assistance stuff
will continue to be around I think. We've floated the idea of an additional
newsgroup in this group for such cleaning dialogs, but I don't recall that I
got much response--it was part of a thread, not a general announcement or
poll.

What about the tools available within the product to be used in the context
of expert help? We don't have HijackThis, but the system explorers should
be able to see the same items. What needs to be done with the current tools
within the product to make them more easily used for cleaning with expert
assistance? The kinds of things I can think of are:

Let you cut and paste the left pane--i.e. all the startup items including
full detail, rather than just the detail of the highlighted single item.

Number those items in some repeatable way, so that they can be posted, and
an expert can say--block 6,7 and 9--and those numbers will correspond
repeatably on the next run of the system explorers.


--
FAQ for Microsoft Antispyware:
http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm

"plun" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
> Bob Dietz wrote:
>> plun wrote:
>>> Well, for newbies and normal users this "safe mode" is something totally
>>> unknown.
>>>
>>> Maybe MS should make a restart function to safe mode within MSAS to
>>> make it easier for them.
>>
>>
>> If that's possible, that is _exactly_ what should be done.
>
> Bill, did you see this ?
>
>
>>> And also a twice scan function ???
>>
>>
>> I've read the scan twice suggestion so many times here that I threw it
>> in. But I cannot personally attest to it's accomplishing anything more
>> than a single scan.
>
> No it´s a waste with time.
>
>>> Ive heard a lot "damned computer" when users misses F8 when
>>> boot is done and OS starts.
>>
>>
>> The phrase I use is even less polite.
>
>
> %&"##¤%&/((/&&
>
>
>>> Or maybe to have default startup process wich halts on this
>>>
>>>
>>>> Otherwise you must find the process or module that keeps restoring "A"
>>>> and kill it and any processes associated with "A" prior to running a
>>>> scan.
>>>
>>>
>>>
>>> MSAS must be able to do this in normal mode.
>>
>>
>> One wishes that MSAS could do it all in normal mode, but I think that's
>> an unrealistic expectation in the near term.
>
> It´s beacuse of this I really thinks its important for novice/normal users
> to
> be guided, Instructions and a Forum, through this mess with for example
> Aumha.org, excellent site. I was glad when I found it.
>
> This is an example how to solve a users problem, excellent
>
> http://aumha.net/viewtopic.php?t=11064
>
> We are going from a situation with no spywareprotection for many users and
> we indeed have a situation with a lot of heavily compromised Windows PC,s.
>
> I also dont believe in "shortcuts" in this challenge, for some its maybe
> is easy to just remove some junk but its better in long term to try to do
> a complete clean house of a PC with different tools.
>
> --
> plun
>
>
>
>