Bug in MS AntiSpyware

G

Guest

This took me a while to find. Everytime Microsoft AntiSpyware would run, it
would hang and my machine would be out of virtual memory. I always had to
reboot.

Today I ran it by hand and it was running great so I went away. When I came
back it was out of virtual memory while scanning the registry, in particular,
this key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon\Notify\Guardian

So I ran it again, with the task manager window up and the "Performance" tab
clicked. It went very smoothly till it hit the above registry key, then
boom, virtual memory usage started skyrocketing. I killed Microsoft
AntiSpyware before the machine was crippled, and although it took a minute or
so, it died and virtual memory usage went back down to normal.

This key was familiar to me. Some VX2 infection of a long time ago. I
searched for this registry key on the internet and verified that it was
related to a spyware/adware problem that had at one time infected my
computer. I believe I left this key there, but had set its permissions so it
could not be deleted. That is, for every group/user I checked "deny" in the
permissions.

I guess this caused Microsoft AntiSpyware to start using a ton of virtual
memory.
 
D

Dave M

Good catch sbq0;
I think it would be worthwhile to report this one to Ms even though it's late in
the Beta1 cycle. It's unusual enough that they might not have seen it before.
If you can't use the report function in Beta1, let us know. Bill Sanderson can
work some magic with that. Thanks.
 
B

Bill Sanderson

You're correct about what is happening, I believe. In some cases, in fact,
spyware uses this technique to make removal more difficult. The current
beta1 product is vulnerable in this way, I'm afraid. Take ownership of such
keys, and set permissions such that an administrator can read and delete
them, and the scan should proceed normally.
 
B

Bill Sanderson

I agree--good catch. I think this is known, however. What I don't know is
how they can handle this better with beta2--it'll be interesting to see.
--
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

THIS IS HOW TO GET RID OF VX2-ABETTERINTERNET, etc... 5
Warning about MS AntiSpyWare 7
MS Antispyware (Beta) 5
Microsoft AntiSpyware Beta 1 stops responding 6
antispyware beta not working 2
Microsoft AntiSpyware Beta - Severe Bug crashes PC 2
Resolution to MS Antispyware VM hang 8
While doing scan- Hangs when it gets to registry key 6

Top