? re. a scan result.

I got the following results from my most recent scan
(Sorry, I have to put in a URL to be copied and pasted.
If there is a way of putting in an image I don't know
what it is)

http://img257.echo.cx/img257/1699/msa2348fi.gif

1. Why is the recommendation to ignore, if this is
considered high risk? Quaranteen isn't an option when I
click down arrow beside 'ignore'.
2. Is there any way of knowing from what's here what
exactly the discovered threat is?
3. Would the way to handle this be to delete all restore
points?

IMO, you can ignore it.
BTW are you running system restore?

Chris 2 wrote in news:0d3701c54884$a8ee2730$a501280a@phx.gbl
>I got the following results from my most recent scan
> (Sorry, I have to put in a URL to be copied and pasted.
> If there is a way of putting in an image I don't know
> what it is)
>
> http://img257.echo.cx/img257/1699/msa2348fi.gif
>
> 1. Why is the recommendation to ignore, if this is
> considered high risk? Quaranteen isn't an option when I
> click down arrow beside 'ignore'.
> 2. Is there any way of knowing from what's here what
> exactly the discovered threat is?
> 3. Would the way to handle this be to delete all restore
> points?

Thanks for replying, but.....
WHY do you think it can be ignored when it's classed as
High threat level? And do you have any thoughts on what
MSA has found - i.e. what you're suggesting can be
ignored?
No I'm not doing system restore. Just wondered if
whatever has been found is located in one of the restore
files.

>-----Original Message-----
>IMO, you can ignore it.
>BTW are you running system restore?
>
>Chris 2 wrote in news:0d3701c54884$a8ee2730
$a501280a@phx.gbl
>>I got the following results from my most recent scan
>> (Sorry, I have to put in a URL to be copied and pasted.
>> If there is a way of putting in an image I don't know
>> what it is)
>>
>> http://img257.echo.cx/img257/1699/msa2348fi.gif
>>
>> 1. Why is the recommendation to ignore, if this is
>> considered high risk? Quaranteen isn't an option when I
>> click down arrow beside 'ignore'.
>> 2. Is there any way of knowing from what's here what
>> exactly the discovered threat is?
>> 3. Would the way to handle this be to delete all
restore
>> points?
>
>
>
>.
>

I have been thinking for a long time on how to respond to your
message......................

You are either a newbie or a geek trying to irritate me
(read as responding in a nice manner or be nasty, while waiting for the others
to comment on my/your posting)

see here

http://www.jrsoftware.org/isinfo.php



Chris 2 wrote in news:0d5601c54892$12cce490$a501280a@phx.gbl
> Thanks for replying, but.....
> WHY do you think it can be ignored when it's classed as
> High threat level? And do you have any thoughts on what
> MSA has found - i.e. what you're suggesting can be
> ignored?
> No I'm not doing system restore. Just wondered if
> whatever has been found is located in one of the restore
> files.
>
>>-----Original Message-----
>>IMO, you can ignore it.
>>BTW are you running system restore?
>>
>>Chris 2 wrote in news:0d3701c54884$a8ee2730
> $a501280a@phx.gbl
>>>I got the following results from my most recent scan
>>> (Sorry, I have to put in a URL to be copied and pasted.
>>> If there is a way of putting in an image I don't know
>>> what it is)
>>>
>>> http://img257.echo.cx/img257/1699/msa2348fi.gif
>>>
>>> 1. Why is the recommendation to ignore, if this is
>>> considered high risk? Quaranteen isn't an option when I
>>> click down arrow beside 'ignore'.
>>> 2. Is there any way of knowing from what's here what
>>> exactly the discovered threat is?
>>> 3. Would the way to handle this be to delete all
> restore
>>> points?
>>
>>
>>
>>.
>>

Ignored is the default setting. Click the down arrow and choose what you
want to do.
--

Andre
http://spaces.msn.com/members/adacosta
FAQ for MS AntiSpy http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm

"Chris 2" <anonymous@discussions.microsoft.com> wrote in message
news:0d3701c54884$a8ee2730$a501280a@phx.gbl...
>I got the following results from my most recent scan
> (Sorry, I have to put in a URL to be copied and pasted.
> If there is a way of putting in an image I don't know
> what it is)
>
> http://img257.echo.cx/img257/1699/msa2348fi.gif
>
> 1. Why is the recommendation to ignore, if this is
> considered high risk? Quaranteen isn't an option when I
> click down arrow beside 'ignore'.
> 2. Is there any way of knowing from what's here what
> exactly the discovered threat is?
> 3. Would the way to handle this be to delete all restore
> points?

Chris,
This may be related to the 'oops' in a recent round of definitions from
MWAS.
Update your defs and run another scan and report back OK?

Ron Chamberlin
MS-MVP

"Chris 2" <anonymous@discussions.microsoft.com> wrote in message
news:0d3701c54884$a8ee2730$a501280a@phx.gbl...
>I got the following results from my most recent scan
> (Sorry, I have to put in a URL to be copied and pasted.
> If there is a way of putting in an image I don't know
> what it is)
>
> http://img257.echo.cx/img257/1699/msa2348fi.gif
>
> 1. Why is the recommendation to ignore, if this is
> considered high risk? Quaranteen isn't an option when I
> click down arrow beside 'ignore'.
> 2. Is there any way of knowing from what's here what
> exactly the discovered threat is?
> 3. Would the way to handle this be to delete all restore
> points?
>

5709 to 5711 Ron?
--

Andre
http://spaces.msn.com/members/adacosta
FAQ for MS AntiSpy http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm

"Ron Chamberlin" <ronchambelrin@msnmsn.com> wrote in message
news:Om3sw5QSFHA.2216@CPMSFTNGSA04.privatenews.microsoft.com...
> Chris,
> This may be related to the 'oops' in a recent round of definitions from
> MWAS.
> Update your defs and run another scan and report back OK?
>
> Ron Chamberlin
> MS-MVP
>
> "Chris 2" <anonymous@discussions.microsoft.com> wrote in message
> news:0d3701c54884$a8ee2730$a501280a@phx.gbl...
>>I got the following results from my most recent scan
>> (Sorry, I have to put in a URL to be copied and pasted.
>> If there is a way of putting in an image I don't know
>> what it is)
>>
>> http://img257.echo.cx/img257/1699/msa2348fi.gif
>>
>> 1. Why is the recommendation to ignore, if this is
>> considered high risk? Quaranteen isn't an option when I
>> click down arrow beside 'ignore'.
>> 2. Is there any way of knowing from what's here what
>> exactly the discovered threat is?
>> 3. Would the way to handle this be to delete all restore
>> points?
>>
>
>
>

Chris--you may safely ignore this result.

Here's why:

Going by the MD5 hash in that result, I can say for certain that this is a
false positive. This false positive has been fixed in the 5711 definitions,
so one way to prove this to yourself is to update to 5711 and re-scan.

Check the signatures group for lots more information about this--the
developer who wrote the installer which uses that file has confirmed that
his file as distributed has that MD5 hash, and is spyware-free.

Additionally, as you're aware, the system restore restore points aren't a
problem unless you do use them to restore. It is possible go remove all but
the latest restore point, or all of them, but in this case, you needn't do
either.

If you do update to 5711 and re-scan and STILL see this issue, write
back--there are a number of folks having trouble with this definition
update.

On my own system, I saw this issue with 5709 definitions, updated to 5711,
and it was gone--so I know that it should be gone with 5711.

--
FAQ for Microsoft Antispyware:
http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm

"Chris 2" <anonymous@discussions.microsoft.com> wrote in message
news:0d3701c54884$a8ee2730$a501280a@phx.gbl...
>I got the following results from my most recent scan
> (Sorry, I have to put in a URL to be copied and pasted.
> If there is a way of putting in an image I don't know
> what it is)
>
> http://img257.echo.cx/img257/1699/msa2348fi.gif
>
> 1. Why is the recommendation to ignore, if this is
> considered high risk? Quaranteen isn't an option when I
> click down arrow beside 'ignore'.
> 2. Is there any way of knowing from what's here what
> exactly the discovered threat is?
> 3. Would the way to handle this be to delete all restore
> points?

You're right. Have had 2 clean scans since the false
positive. Thanks for the info.
>-----Original Message-----
>Chris,
>This may be related to the 'oops' in a recent round of
definitions from
>MWAS.
>Update your defs and run another scan and report back OK?
>
>Ron Chamberlin
>MS-MVP
>
>"Chris 2" <anonymous@discussions.microsoft.com> wrote in
message
>news:0d3701c54884$a8ee2730$a501280a@phx.gbl...
>>I got the following results from my most recent scan
>> (Sorry, I have to put in a URL to be copied and pasted.
>> If there is a way of putting in an image I don't know
>> what it is)
>>
>> http://img257.echo.cx/img257/1699/msa2348fi.gif
>>
>> 1. Why is the recommendation to ignore, if this is
>> considered high risk? Quaranteen isn't an option when I
>> click down arrow beside 'ignore'.
>> 2. Is there any way of knowing from what's here what
>> exactly the discovered threat is?
>> 3. Would the way to handle this be to delete all
restore
>> points?
>>
>
>
>
>.
>

Thank you very much Bill for the explanation. I'm glad
I did check back here, you've restored my hope that it
may in fact be possible to get useful information here!
Have done a couple more scans with clean results. I
thought my defs. were up to date previously, but possibly
not. Thanks again. Chris
>-----Original Message-----
>Chris--you may safely ignore this result.
>
>Here's why:
>
>Going by the MD5 hash in that result, I can say for
certain that this is a
>false positive. This false positive has been fixed in
the 5711 definitions,
>so one way to prove this to yourself is to update to
5711 and re-scan.
>
>Check the signatures group for lots more information
about this--the
>developer who wrote the installer which uses that file
has confirmed that
>his file as distributed has that MD5 hash, and is
spyware-free.
>
>Additionally, as you're aware, the system restore
restore points aren't a
>problem unless you do use them to restore. It is
possible go remove all but
>the latest restore point, or all of them, but in this
case, you needn't do
>either.
>
>If you do update to 5711 and re-scan and STILL see this
issue, write
>back--there are a number of folks having trouble with
this definition
>update.
>
>On my own system, I saw this issue with 5709
definitions, updated to 5711,
>and it was gone--so I know that it should be gone with
5711.
>
>--
>FAQ for Microsoft Antispyware:
>http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm
>
>"Chris 2" <anonymous@discussions.microsoft.com> wrote in
message
>news:0d3701c54884$a8ee2730$a501280a@phx.gbl...
>>I got the following results from my most recent scan
>> (Sorry, I have to put in a URL to be copied and pasted.
>> If there is a way of putting in an image I don't know
>> what it is)
>>
>> http://img257.echo.cx/img257/1699/msa2348fi.gif
>>
>> 1. Why is the recommendation to ignore, if this is
>> considered high risk? Quaranteen isn't an option when I
>> click down arrow beside 'ignore'.
>> 2. Is there any way of knowing from what's here what
>> exactly the discovered threat is?
>> 3. Would the way to handle this be to delete all
restore
>> points?
>
>
>.
>