This took me a while to find. Everytime Microsoft AntiSpyware would run, it
would hang and my machine would be out of virtual memory. I always had to
reboot.

Today I ran it by hand and it was running great so I went away. When I came
back it was out of virtual memory while scanning the registry, in particular,
this key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon\Notify\Guardian

So I ran it again, with the task manager window up and the "Performance" tab
clicked. It went very smoothly till it hit the above registry key, then
boom, virtual memory usage started skyrocketing. I killed Microsoft
AntiSpyware before the machine was crippled, and although it took a minute or
so, it died and virtual memory usage went back down to normal.

This key was familiar to me. Some VX2 infection of a long time ago. I
searched for this registry key on the internet and verified that it was
related to a spyware/adware problem that had at one time infected my
computer. I believe I left this key there, but had set its permissions so it
could not be deleted. That is, for every group/user I checked "deny" in the
permissions.

I guess this caused Microsoft AntiSpyware to start using a ton of virtual
memory.

Good catch sbq0;
I think it would be worthwhile to report this one to Ms even though it's late in
the Beta1 cycle. It's unusual enough that they might not have seen it before.
If you can't use the report function in Beta1, let us know. Bill Sanderson can
work some magic with that. Thanks.

--
Regards, Dave


sbq0 wrote:
> This took me a while to find. Everytime Microsoft AntiSpyware would run, it
> would hang and my machine would be out of virtual memory. I always had to
> reboot.
>
> Today I ran it by hand and it was running great so I went away. When I came
> back it was out of virtual memory while scanning the registry, in particular,
> this key:
>
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
> NT\CurrentVersion\Winlogon\Notify\Guardian
>
> So I ran it again, with the task manager window up and the "Performance" tab
> clicked. It went very smoothly till it hit the above registry key, then
> boom, virtual memory usage started skyrocketing. I killed Microsoft
> AntiSpyware before the machine was crippled, and although it took a minute or
> so, it died and virtual memory usage went back down to normal.
>
> This key was familiar to me. Some VX2 infection of a long time ago. I
> searched for this registry key on the internet and verified that it was
> related to a spyware/adware problem that had at one time infected my
> computer. I believe I left this key there, but had set its permissions so it
> could not be deleted. That is, for every group/user I checked "deny" in the
> permissions.
>
> I guess this caused Microsoft AntiSpyware to start using a ton of virtual
> memory.

You're correct about what is happening, I believe. In some cases, in fact,
spyware uses this technique to make removal more difficult. The current
beta1 product is vulnerable in this way, I'm afraid. Take ownership of such
keys, and set permissions such that an administrator can read and delete
them, and the scan should proceed normally.

--

"sbq0" <(E-Mail Removed)> wrote in message
news:3F0B5C19-A44E-4F44-B167-(E-Mail Removed)...
> This took me a while to find. Everytime Microsoft AntiSpyware would run,
> it
> would hang and my machine would be out of virtual memory. I always had to
> reboot.
>
> Today I ran it by hand and it was running great so I went away. When I
> came
> back it was out of virtual memory while scanning the registry, in
> particular,
> this key:
>
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
> NT\CurrentVersion\Winlogon\Notify\Guardian
>
> So I ran it again, with the task manager window up and the "Performance"
> tab
> clicked. It went very smoothly till it hit the above registry key, then
> boom, virtual memory usage started skyrocketing. I killed Microsoft
> AntiSpyware before the machine was crippled, and although it took a minute
> or
> so, it died and virtual memory usage went back down to normal.
>
> This key was familiar to me. Some VX2 infection of a long time ago. I
> searched for this registry key on the internet and verified that it was
> related to a spyware/adware problem that had at one time infected my
> computer. I believe I left this key there, but had set its permissions so
> it
> could not be deleted. That is, for every group/user I checked "deny" in
> the
> permissions.
>
> I guess this caused Microsoft AntiSpyware to start using a ton of virtual
> memory.

I agree--good catch. I think this is known, however. What I don't know is
how they can handle this better with beta2--it'll be interesting to see.
--

"Dave M" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
> Good catch sbq0;
> I think it would be worthwhile to report this one to Ms even though it's
> late in the Beta1 cycle. It's unusual enough that they might not have
> seen it before. If you can't use the report function in Beta1, let us
> know. Bill Sanderson can work some magic with that. Thanks.
>
> --
> Regards, Dave
>
>
> sbq0 wrote:
>> This took me a while to find. Everytime Microsoft AntiSpyware would run,
>> it
>> would hang and my machine would be out of virtual memory. I always had
>> to
>> reboot.
>>
>> Today I ran it by hand and it was running great so I went away. When I
>> came
>> back it was out of virtual memory while scanning the registry, in
>> particular,
>> this key:
>>
>> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
>> NT\CurrentVersion\Winlogon\Notify\Guardian
>>
>> So I ran it again, with the task manager window up and the "Performance"
>> tab
>> clicked. It went very smoothly till it hit the above registry key, then
>> boom, virtual memory usage started skyrocketing. I killed Microsoft
>> AntiSpyware before the machine was crippled, and although it took a
>> minute or
>> so, it died and virtual memory usage went back down to normal.
>>
>> This key was familiar to me. Some VX2 infection of a long time ago. I
>> searched for this registry key on the internet and verified that it was
>> related to a spyware/adware problem that had at one time infected my
>> computer. I believe I left this key there, but had set its permissions
>> so it
>> could not be deleted. That is, for every group/user I checked "deny" in
>> the
>> permissions.
>>
>> I guess this caused Microsoft AntiSpyware to start using a ton of virtual
>> memory.
>
>