can't submit suspected spyware report because of xml parsing error

[Guest]

When I attempt to do so, I get the following diagnostic. I copied it into ms
word first, so some translation may have been done.

XML Parsing Error: not well-formed
Location: file:///C:/Program%20Files/Microsoft%20AntiSpyware/MSSSRT.xml
Line Number 36, Column 92:<StartupFileRegistry ex="0"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="� �#
�L"h&apos;�9Ӝ�3r� WC" dat="\Program
Files\ISTsvc\istsvc.exe:C:\WINDOWS\jbxvf.exe" nam="" pub="" md5="" ver=""
sz="" is="0" gfp=""></StartupFileRegistry>


How do I get past this error?

 

[Bill Sanderson]

At this point, I don't know of a solution to this kind of error. This is a
limitation of the technique used to create the report.

I'd go for cleaning your system using a different product at this point.

You could try Symantec's automated removal tool as a start:

http://securityresponse.symantec.com/avcenter/venc/data/adware.istbar.html

 

[Guest]

--
Thuse in LA

At this point, I don't know of a solution to this kind of error. This is a
limitation of the technique used to create the report.

I'd go for cleaning your system using a different product at this point.

You could try Symantec's automated removal tool as a start:

http://securityresponse.symantec.com/avcenter/venc/data/adware.istbar.html

Bill S.,

I ran the symantec tool to look for IST, and it said it didn't find
anything. The spyware scan did report getting rid of IST earlier. The
symantec tool did do a lot of work, and I also cleaned out all cookies and
temporary internet files. I decided to to try submitting a spyware report
again. Here is the text of what I wanted to send:

[Start of intended spyware report]

I've run through the spyware stuff, and it seems to work OK. However, I'm
still getting some popups. Here is the url for a recent one:

http://www.inqwire.com/homepage.pre...no&float=yes&poponlpt=no&floatonlpt=yes&cb=70

There are also ones that have something like oindaserv etc in their url. I
can't figure out how to copy the url automatically, so I'll try to write some
of it in by hand:

http://ad.oinadserver.com/rw?iframe3?AAAAAAUJ . .

It goes on until it runs off the screen, and I may not have copied it
exactly correctly.

How do I get rid of thess types of pop-up?
Are they associated with spyware, or are they symptoms of another disease?

'Thuse
[End of intended spyware report.]


The scan report didn't get submitted. Here is the new (second format) of
error diagnostic.

"An error occurred submitting the scan results. Please check you [sic]
Internet proxy settings and try again."

1. How do I check proxy settings?
2. Do you thing the popups identified above are due to spyware, or is this
due to some other type of attack?
3. Do you know how to get rid of these classes of problems?
4. Are you a Microsoft Customer Service type, or a non-MS guy just
responding to a question for help?

'Thuse

 

[Bill Sanderson]

[Start of intended spyware report]

I've run through the spyware stuff, and it seems to work OK. However, I'm
still getting some popups. Here is the url for a recent one:

http://www.inqwire.com/homepage.pre...no&float=yes&poponlpt=no&floatonlpt=yes&cb=70

There are also ones that have something like oindaserv etc in their url.
I
can't figure out how to copy the url automatically, so I'll try to write
some
of it in by hand:

http://ad.oinadserver.com/rw?iframe3?AAAAAAUJ . .

It goes on until it runs off the screen, and I may not have copied it
exactly correctly.

How do I get rid of thess types of pop-up?
Are they associated with spyware, or are they symptoms of another disease?

'Thuse
[End of intended spyware report.]


The scan report didn't get submitted. Here is the new (second format) of
error diagnostic.

"An error occurred submitting the scan results. Please check you [sic]
Internet proxy settings and try again."

1. How do I check proxy settings?
2. Do you thing the popups identified above are due to spyware, or is
this
due to some other type of attack?
3. Do you know how to get rid of these classes of problems?
4. Are you a Microsoft Customer Service type, or a non-MS guy just
responding to a question for help?

This error (the proxy message) is a bug in the beta1 product. I know that
the developers have a repro on this bug, and that it is fixed in beta2.
However, last word on beta2 is that the ETA is 1HCY06.--i.e. before June of
2006.

My guess is that you are seeing effects of still having spyware in place.

I've been successful at cleaning spyware in person when I've encountered it.
However, the amount of in-person experience I've had is rather limited, and
I'm not at all the best person to help you fix this kind of issue via
newsgroups--but more on that later.

I'm not a Microsoft employee--there are one or two of those that post here,
but the most recent such post was months ago, I believe. When they say the
beta product is unsupported, they mean that. However. there are a number of
regulars here, including me, that can give sound advice, and know the
limitations and the foibles of the beta1 product better than we'd like.
Several of us, including me, are recognized with the MVP award by Microsoft.


So--what's your best route to getting clean? Unless one of the other
regulars here spots your issue and knows the answer--Andy Manchesta might
well--I'd recommend going to a third-party forum and using the HijackThis
tool to get your system clean. HijackThis is a tool which creates easy to
read text logs of areas where spyware, virurses, and adware can connect to
Windows--and enables a skilled helper, in a peer-monitored environment, to
tell you which entries to remove and which are safe and should be left.
This is an art, not a science, and although several people here have these
skills, this isn't the best place to post such a log.

Here's a list of forums that do this kind of work:
-----------------------------------------------------------------
Appendix 2. Forums where you can get expert advice for Hijack This! logs.
NOTE: Registration is REQUIRED before posting a log
NOTE: Web sites NOT listed in any particular order


http://aumha.net/viewforum.php?f=30
http://www.bleepingcomputer.com/forums/forum22.html
http://www.dslreports.com/forum/security
http://castlecops.com/forum67.html
http://www.wilderssecurity.com/forumdisplay.php?f=24
http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Her...
http://gladiator-antivirus.com/forum/index.php?showforum=170
http://forum.iamnotageek.com/f-130.html
http://forums.maddoktor2.com/index.php?showforum=17
http://www.spywarewarrior.com/viewforum.php?f=5
http://forums.spywareinfo.com/index.php?showforum=18
http://forums.techguy.org/f54-s.html
http://forums.tomcoyote.org/index.php?showforum=27
http://forums.subratam.org/index.php?showforum=7
http://boards.cexx.org/viewforum.php?f=1
http://www.malwarebytes.biz/forums/index.php?showforum=5

I've had some contact with folks from the first 5 of these and several of
the others. Lots of good choices for places to get this work done.

I'd be interested to hear how this goes if you try this route--or what your
feelings are about it, if you feel some trepidation.

 

[Guest]

Bill,

Thanks for the response. I'll see if I have enough nerve to try what you
suggest tomorrow. In the meantime, do you know an email address where I can
send the following message? Is there any chance that someone in their beta
organization scans these notes?

Dear Microsoft

Your spyware program has a useful feature where we users can send you
suspected spyware incidents that apparently have gotten past your present
system. Unfortunately, this feedback feature is first required to do a scan
on the user's computer (which is reasonable) but fails if the scan does not
fit some format requirement. It appears that the spyware guys may have
figured this out, and are closing down the feedback feature by storing
illegal data that the scan feature can't deal with.

The fix is easily described, if not easy to implement. The scan feature
needs a "continue on error" capability to continue the scan as far as it can,
and then transmit it to Microsoft, even if it requires changes that may make
the scan file less valuable. You'll still get notice that a new supsected
spyware feature may have been discovered, even if you don't get all the
evidence.

An email address where one could send a message of this type, even if it is
not acknowledged, is better than what you have now. Making the spyware
report robust is a better solution.

'Thuse


--
Thuse in LA

[Start of intended spyware report]

I've run through the spyware stuff, and it seems to work OK. However, I'm
still getting some popups. Here is the url for a recent one:

http://www.inqwire.com/homepage.pre...no&float=yes&poponlpt=no&floatonlpt=yes&cb=70

There are also ones that have something like oindaserv etc in their url.
I
can't figure out how to copy the url automatically, so I'll try to write
some
of it in by hand:

http://ad.oinadserver.com/rw?iframe3?AAAAAAUJ . .

It goes on until it runs off the screen, and I may not have copied it
exactly correctly.

How do I get rid of thess types of pop-up?
Are they associated with spyware, or are they symptoms of another disease?

'Thuse
[End of intended spyware report.]


The scan report didn't get submitted. Here is the new (second format) of
error diagnostic.

"An error occurred submitting the scan results. Please check you [sic]
Internet proxy settings and try again."

1. How do I check proxy settings?
2. Do you thing the popups identified above are due to spyware, or is
this
due to some other type of attack?
3. Do you know how to get rid of these classes of problems?
4. Are you a Microsoft Customer Service type, or a non-MS guy just
responding to a question for help?

This error (the proxy message) is a bug in the beta1 product. I know that
the developers have a repro on this bug, and that it is fixed in beta2.
However, last word on beta2 is that the ETA is 1HCY06.--i.e. before June of
2006.

My guess is that you are seeing effects of still having spyware in place.

I've been successful at cleaning spyware in person when I've encountered it.
However, the amount of in-person experience I've had is rather limited, and
I'm not at all the best person to help you fix this kind of issue via
newsgroups--but more on that later.

I'm not a Microsoft employee--there are one or two of those that post here,
but the most recent such post was months ago, I believe. When they say the
beta product is unsupported, they mean that. However. there are a number of
regulars here, including me, that can give sound advice, and know the
limitations and the foibles of the beta1 product better than we'd like.
Several of us, including me, are recognized with the MVP award by Microsoft.


So--what's your best route to getting clean? Unless one of the other
regulars here spots your issue and knows the answer--Andy Manchesta might
well--I'd recommend going to a third-party forum and using the HijackThis
tool to get your system clean. HijackThis is a tool which creates easy to
read text logs of areas where spyware, virurses, and adware can connect to
Windows--and enables a skilled helper, in a peer-monitored environment, to
tell you which entries to remove and which are safe and should be left.
This is an art, not a science, and although several people here have these
skills, this isn't the best place to post such a log.

Here's a list of forums that do this kind of work:
-----------------------------------------------------------------
Appendix 2. Forums where you can get expert advice for Hijack This! logs.
NOTE: Registration is REQUIRED before posting a log
NOTE: Web sites NOT listed in any particular order


http://aumha.net/viewforum.php?f=30
http://www.bleepingcomputer.com/forums/forum22.html
http://www.dslreports.com/forum/security
http://castlecops.com/forum67.html
http://www.wilderssecurity.com/forumdisplay.php?f=24
http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Her...
http://gladiator-antivirus.com/forum/index.php?showforum=170
http://forum.iamnotageek.com/f-130.html
http://forums.maddoktor2.com/index.php?showforum=17
http://www.spywarewarrior.com/viewforum.php?f=5
http://forums.spywareinfo.com/index.php?showforum=18
http://forums.techguy.org/f54-s.html
http://forums.tomcoyote.org/index.php?showforum=27
http://forums.subratam.org/index.php?showforum=7
http://boards.cexx.org/viewforum.php?f=1
http://www.malwarebytes.biz/forums/index.php?showforum=5

I've had some contact with folks from the first 5 of these and several of
the others. Lots of good choices for places to get this work done.

I'd be interested to hear how this goes if you try this route--or what your
feelings are about it, if you feel some trepidation.

 

[Dave M]

Hi thuse;

Bill gives some excellent resources, might I recommend one in particular that he
has also listed. CastleCops has a new self-directed Spyware removal service
that is followed by a guided (human help) HijackThis removal if all else fails.
This is a very fine approach, since all users will have been through the same
automated tools prior to requesting external human intervention. And in the end
you know that your spyware is going to be eliminated if you stick with their
program. While it's new, I've reviewed this procedure and it looks very
promising. The problem with HijackThis is it requires expert advice as Bill
indicated... and that expert advice is heavily taxed these days with new
exploits appearing daily if not hourly, so queues waiting for human support have
grown large. CastleCops (in particular, negster22) put a lot of work into this
site, if you do choose to use it come back and let us benefit from your
experience:

http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction

--
Regards, Dave

[Start of intended spyware report]

I've run through the spyware stuff, and it seems to work OK. However, I'm
still getting some popups. Here is the url for a recent one:

http://www.inqwire.com/homepage.pre...no&float=yes&poponlpt=no&floatonlpt=yes&cb=70

There are also ones that have something like oindaserv etc in their url.
I
can't figure out how to copy the url automatically, so I'll try to write
some
of it in by hand:

http://ad.oinadserver.com/rw?iframe3?AAAAAAUJ . .

It goes on until it runs off the screen, and I may not have copied it
exactly correctly.

How do I get rid of thess types of pop-up?
Are they associated with spyware, or are they symptoms of another disease?

'Thuse
[End of intended spyware report.]


The scan report didn't get submitted. Here is the new (second format) of
error diagnostic.

"An error occurred submitting the scan results. Please check you [sic]
Internet proxy settings and try again."

1. How do I check proxy settings?
2. Do you thing the popups identified above are due to spyware, or is
this
due to some other type of attack?
3. Do you know how to get rid of these classes of problems?
4. Are you a Microsoft Customer Service type, or a non-MS guy just
responding to a question for help?

This error (the proxy message) is a bug in the beta1 product. I know that
the developers have a repro on this bug, and that it is fixed in beta2.
However, last word on beta2 is that the ETA is 1HCY06.--i.e. before June of
2006.

My guess is that you are seeing effects of still having spyware in place.

I've been successful at cleaning spyware in person when I've encountered it.
However, the amount of in-person experience I've had is rather limited, and
I'm not at all the best person to help you fix this kind of issue via
newsgroups--but more on that later.

I'm not a Microsoft employee--there are one or two of those that post here,
but the most recent such post was months ago, I believe. When they say the
beta product is unsupported, they mean that. However. there are a number of
regulars here, including me, that can give sound advice, and know the
limitations and the foibles of the beta1 product better than we'd like.
Several of us, including me, are recognized with the MVP award by Microsoft.


So--what's your best route to getting clean? Unless one of the other
regulars here spots your issue and knows the answer--Andy Manchesta might
well--I'd recommend going to a third-party forum and using the HijackThis
tool to get your system clean. HijackThis is a tool which creates easy to
read text logs of areas where spyware, virurses, and adware can connect to
Windows--and enables a skilled helper, in a peer-monitored environment, to
tell you which entries to remove and which are safe and should be left.
This is an art, not a science, and although several people here have these
skills, this isn't the best place to post such a log.

Here's a list of forums that do this kind of work:
-----------------------------------------------------------------
Appendix 2. Forums where you can get expert advice for Hijack This! logs.
NOTE: Registration is REQUIRED before posting a log
NOTE: Web sites NOT listed in any particular order


http://aumha.net/viewforum.php?f=30
http://www.bleepingcomputer.com/forums/forum22.html
http://www.dslreports.com/forum/security
http://castlecops.com/forum67.html
http://www.wilderssecurity.com/forumdisplay.php?f=24
http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Her...
http://gladiator-antivirus.com/forum/index.php?showforum=170
http://forum.iamnotageek.com/f-130.html
http://forums.maddoktor2.com/index.php?showforum=17
http://www.spywarewarrior.com/viewforum.php?f=5
http://forums.spywareinfo.com/index.php?showforum=18
http://forums.techguy.org/f54-s.html
http://forums.tomcoyote.org/index.php?showforum=27
http://forums.subratam.org/index.php?showforum=7
http://boards.cexx.org/viewforum.php?f=1
http://www.malwarebytes.biz/forums/index.php?showforum=5

I've had some contact with folks from the first 5 of these and several of
the others. Lots of good choices for places to get this work done.

I'd be interested to hear how this goes if you try this route--or what your
feelings are about it, if you feel some trepidation.

 

[Dave M]

Some good suggestions thuse, although I believe the support feedback feature
problem has affected 50% of the people attempting it since day 1 of the Beta, so
I don't think that's a conspiracy. You might try this e-mail or link, if I can
get it to post right

(e-mail address removed)

<a href="mailto:[email protected]">
--
Regards, Dave

Bill,

Thanks for the response. I'll see if I have enough nerve to try what you
suggest tomorrow. In the meantime, do you know an email address where I can
send the following message? Is there any chance that someone in their beta
organization scans these notes?

Dear Microsoft

Your spyware program has a useful feature where we users can send you
suspected spyware incidents that apparently have gotten past your present
system. Unfortunately, this feedback feature is first required to do a scan
on the user's computer (which is reasonable) but fails if the scan does not
fit some format requirement. It appears that the spyware guys may have
figured this out, and are closing down the feedback feature by storing
illegal data that the scan feature can't deal with.

The fix is easily described, if not easy to implement. The scan feature
needs a "continue on error" capability to continue the scan as far as it can,
and then transmit it to Microsoft, even if it requires changes that may make
the scan file less valuable. You'll still get notice that a new supsected
spyware feature may have been discovered, even if you don't get all the
evidence.

An email address where one could send a message of this type, even if it is
not acknowledged, is better than what you have now. Making the spyware
report robust is a better solution.

'Thuse

[Start of intended spyware report]

I've run through the spyware stuff, and it seems to work OK. However, I'm
still getting some popups. Here is the url for a recent one:

http://www.inqwire.com/homepage.pre...no&float=yes&poponlpt=no&floatonlpt=yes&cb=70

There are also ones that have something like oindaserv etc in their url.
I
can't figure out how to copy the url automatically, so I'll try to write
some
of it in by hand:

http://ad.oinadserver.com/rw?iframe3?AAAAAAUJ . .

It goes on until it runs off the screen, and I may not have copied it
exactly correctly.

How do I get rid of thess types of pop-up?
Are they associated with spyware, or are they symptoms of another disease?

'Thuse
[End of intended spyware report.]


The scan report didn't get submitted. Here is the new (second format) of
error diagnostic.

"An error occurred submitting the scan results. Please check you [sic]
Internet proxy settings and try again."

1. How do I check proxy settings?
2. Do you thing the popups identified above are due to spyware, or is
this
due to some other type of attack?
3. Do you know how to get rid of these classes of problems?
4. Are you a Microsoft Customer Service type, or a non-MS guy just
responding to a question for help?

This error (the proxy message) is a bug in the beta1 product. I know that
the developers have a repro on this bug, and that it is fixed in beta2.
However, last word on beta2 is that the ETA is 1HCY06.--i.e. before June of
2006.

My guess is that you are seeing effects of still having spyware in place.

I've been successful at cleaning spyware in person when I've encountered it.
However, the amount of in-person experience I've had is rather limited, and
I'm not at all the best person to help you fix this kind of issue via
newsgroups--but more on that later.

I'm not a Microsoft employee--there are one or two of those that post here,
but the most recent such post was months ago, I believe. When they say the
beta product is unsupported, they mean that. However. there are a number of
regulars here, including me, that can give sound advice, and know the
limitations and the foibles of the beta1 product better than we'd like.
Several of us, including me, are recognized with the MVP award by Microsoft.


So--what's your best route to getting clean? Unless one of the other
regulars here spots your issue and knows the answer--Andy Manchesta might
well--I'd recommend going to a third-party forum and using the HijackThis
tool to get your system clean. HijackThis is a tool which creates easy to
read text logs of areas where spyware, virurses, and adware can connect to
Windows--and enables a skilled helper, in a peer-monitored environment, to
tell you which entries to remove and which are safe and should be left.
This is an art, not a science, and although several people here have these
skills, this isn't the best place to post such a log.

Here's a list of forums that do this kind of work:
-----------------------------------------------------------------
Appendix 2. Forums where you can get expert advice for Hijack This! logs.
NOTE: Registration is REQUIRED before posting a log
NOTE: Web sites NOT listed in any particular order


http://aumha.net/viewforum.php?f=30
http://www.bleepingcomputer.com/forums/forum22.html
http://www.dslreports.com/forum/security
http://castlecops.com/forum67.html
http://www.wilderssecurity.com/forumdisplay.php?f=24
http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Her...
http://gladiator-antivirus.com/forum/index.php?showforum=170
http://forum.iamnotageek.com/f-130.html
http://forums.maddoktor2.com/index.php?showforum=17
http://www.spywarewarrior.com/viewforum.php?f=5
http://forums.spywareinfo.com/index.php?showforum=18
http://forums.techguy.org/f54-s.html
http://forums.tomcoyote.org/index.php?showforum=27
http://forums.subratam.org/index.php?showforum=7
http://boards.cexx.org/viewforum.php?f=1
http://www.malwarebytes.biz/forums/index.php?showforum=5

I've had some contact with folks from the first 5 of these and several of
the others. Lots of good choices for places to get this work done.

I'd be interested to hear how this goes if you try this route--or what your
feelings are about it, if you feel some trepidation.

 

[Bill Sanderson]

Microsoft does read feedback posted in these groups--thanks for taking the
time to provide it. You can also try the alias that Dave M has posted--I
didn't know about that one.

The beta1 product has a pretty good collection of bugs and foibles. This is
a relatively unusual beta in that beta1, largely the product of the Giant
company, slightly modified and re-branded by Microsoft, is being provided as
a mechanism to help the public get their machines cleaned and protected by
the real-time protection.

Beta2 will be Microsoft from the start, and work on that is where the
priority is being given. Since beta2 won't be available before the
expiration of the current beta1 build, it is possible that some more bug
fixes might be made in the beta1 code--but I'm not sure where their
priorities will be on which ones to fix. Items relating to the suspected
spyware report seem an excellent choice to me, as does the 24 hour
clock/afternoon scan time bug.

--

Bill,

Thanks for the response. I'll see if I have enough nerve to try what you
suggest tomorrow. In the meantime, do you know an email address where I
can
send the following message? Is there any chance that someone in their
beta
organization scans these notes?

Dear Microsoft

Your spyware program has a useful feature where we users can send you
suspected spyware incidents that apparently have gotten past your present
system. Unfortunately, this feedback feature is first required to do a
scan
on the user's computer (which is reasonable) but fails if the scan does
not
fit some format requirement. It appears that the spyware guys may have
figured this out, and are closing down the feedback feature by storing
illegal data that the scan feature can't deal with.

The fix is easily described, if not easy to implement. The scan feature
needs a "continue on error" capability to continue the scan as far as it
can,
and then transmit it to Microsoft, even if it requires changes that may
make
the scan file less valuable. You'll still get notice that a new supsected
spyware feature may have been discovered, even if you don't get all the
evidence.

An email address where one could send a message of this type, even if it
is
not acknowledged, is better than what you have now. Making the spyware
report robust is a better solution.

'Thuse


--
Thuse in LA

[Start of intended spyware report]

I've run through the spyware stuff, and it seems to work OK. However,
I'm
still getting some popups. Here is the url for a recent one:

http://www.inqwire.com/homepage.pre...no&float=yes&poponlpt=no&floatonlpt=yes&cb=70

There are also ones that have something like oindaserv etc in their
url.
I
can't figure out how to copy the url automatically, so I'll try to
write
some
of it in by hand:

http://ad.oinadserver.com/rw?iframe3?AAAAAAUJ . .

It goes on until it runs off the screen, and I may not have copied it
exactly correctly.

How do I get rid of thess types of pop-up?
Are they associated with spyware, or are they symptoms of another
disease?

'Thuse
[End of intended spyware report.]


The scan report didn't get submitted. Here is the new (second format)
of
error diagnostic.

"An error occurred submitting the scan results. Please check you [sic]
Internet proxy settings and try again."

1. How do I check proxy settings?
2. Do you thing the popups identified above are due to spyware, or is
this
due to some other type of attack?
3. Do you know how to get rid of these classes of problems?
4. Are you a Microsoft Customer Service type, or a non-MS guy just
responding to a question for help?

This error (the proxy message) is a bug in the beta1 product. I know
that
the developers have a repro on this bug, and that it is fixed in beta2.
However, last word on beta2 is that the ETA is 1HCY06.--i.e. before June
of
2006.

My guess is that you are seeing effects of still having spyware in place.

I've been successful at cleaning spyware in person when I've encountered
it.
However, the amount of in-person experience I've had is rather limited,
and
I'm not at all the best person to help you fix this kind of issue via
newsgroups--but more on that later.

I'm not a Microsoft employee--there are one or two of those that post
here,
but the most recent such post was months ago, I believe. When they say
the
beta product is unsupported, they mean that. However. there are a number
of
regulars here, including me, that can give sound advice, and know the
limitations and the foibles of the beta1 product better than we'd like.
Several of us, including me, are recognized with the MVP award by
Microsoft.


So--what's your best route to getting clean? Unless one of the other
regulars here spots your issue and knows the answer--Andy Manchesta might
well--I'd recommend going to a third-party forum and using the HijackThis
tool to get your system clean. HijackThis is a tool which creates easy
to
read text logs of areas where spyware, virurses, and adware can connect
to
Windows--and enables a skilled helper, in a peer-monitored environment,
to
tell you which entries to remove and which are safe and should be left.
This is an art, not a science, and although several people here have
these
skills, this isn't the best place to post such a log.

Here's a list of forums that do this kind of work:
-----------------------------------------------------------------
Appendix 2. Forums where you can get expert advice for Hijack This! logs.
NOTE: Registration is REQUIRED before posting a log
NOTE: Web sites NOT listed in any particular order


http://aumha.net/viewforum.php?f=30
http://www.bleepingcomputer.com/forums/forum22.html
http://www.dslreports.com/forum/security
http://castlecops.com/forum67.html
http://www.wilderssecurity.com/forumdisplay.php?f=24
http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Her...
http://gladiator-antivirus.com/forum/index.php?showforum=170
http://forum.iamnotageek.com/f-130.html
http://forums.maddoktor2.com/index.php?showforum=17
http://www.spywarewarrior.com/viewforum.php?f=5
http://forums.spywareinfo.com/index.php?showforum=18
http://forums.techguy.org/f54-s.html
http://forums.tomcoyote.org/index.php?showforum=27
http://forums.subratam.org/index.php?showforum=7
http://boards.cexx.org/viewforum.php?f=1
http://www.malwarebytes.biz/forums/index.php?showforum=5

I've had some contact with folks from the first 5 of these and several of
the others. Lots of good choices for places to get this work done.

I'd be interested to hear how this goes if you try this route--or what
your
feelings are about it, if you feel some trepidation.

 

[Guest]

Thanks, Bill and Dave.

The procedures you suggested are beyond the scope of what I'd like to do on
my home machine. If I were managing a network they would be welcome, but it
will be less time consuming (if more irritating) to just kill the pop-ups
every time they appear. I think my time will be better spent nagging
Microsoft to extend the spyware program to get more of the new stuff out
there, and to make the support tools such as the spyware report feature more
robust. I'll use the email address that Dave provided.

I may do the IE tuning described in the earlier posts.

 

[Dave M]

Hi again, thuse;
Of course, we all understand that... It is your computer. I wouldn't expect the
nagging to do much good until they see fit to release Beta2 on their schedule.
Check back after the new year, by then we'll have either some new code, or we'll
be answering the same old questions.