Geniun application verification

[Nicolas LE DREFF]

Hi there. Excuse me for my english but I'm french.
I installed MSAS as well but it won't remove my spyware
(downloadsoftware.com and spotresult).
As I try to indentify which running process is the spy, I
wonder if there is a way to identify geniun application.
I mean, some spy name theyr process the same as geniun
microsoft application to fool us. I have few processes I
know where they come from, but some others, placed in the
system32 folder are suspect and I don't want to remove
some critical files. Is there a tool that would spot them
or at least tell us which one is geniun and nessecery for
windows
Thanks
Nicolas LE DREFF

 

[OldBoy]

Your english seems perfect to me (being Dutch)
You wil find a list of 225 shell extensions at http://mrxernon.tripod.com/

Gr. Jan

 

[JoeM]

To be safe. You can back up your computer with Ghost, and then try
removing the files and see if there was any damage done.
That is what I do. Helps me so I don't loose any sleep

 

[plun]

Hi there. Excuse me for my english but I'm french.
I installed MSAS as well but it won't remove my spyware
(downloadsoftware.com and spotresult).
As I try to indentify which running process is the spy, I
wonder if there is a way to identify geniun application.
I mean, some spy name theyr process the same as geniun
microsoft application to fool us. I have few processes I
know where they come from, but some others, placed in the
system32 folder are suspect and I don't want to remove
some critical files. Is there a tool that would spot them
or at least tell us which one is geniun and nessecery for
windows

Hi

This link can maybe help you. In french also

http://hijackthis.de/fr

You also have forums within link to help you with this.

About HijackThis:
http://www.bleepingcomputer.com/for...remove_Browser_Hijackers_&_Spyware-tut42.html

 

[Bill Sanderson]

Do you removal scans and testing in safe mode, rather than normal boot.

If you use Microsoft Antispyware's Advanced Tools, System Explorers--choose
BLOCK, rather than remove. This can be reversed if you have a problem.

MSCONFIG also can uncheck items you don't want to allow to start, and can
reverse that action later.

If in doubt about a particular file, right-click it and check the copyright
and other information--compare that to genuine Windows files.

Try submitting the suspect executable to virustotal:

www.virustotal.com

Microsoft Antispyware uses the MD5 hash to identify files--rather than the
names. This is quite effective, but not perfect--there are times where an
identical file--perhaps part of a freeware module of some sort--will be used
by a spyware creator and by legitimate software products.

 

[Robin Walker [MVP]]

I wonder if there is a way to identify geniun application.
I mean, some spy name theyr process the same as geniun
microsoft application to fool us. I have few processes I
know where they come from, but some others, placed in the
system32 folder are suspect and I don't want to remove
some critical files. Is there a tool that would spot them
or at least tell us which one is geniun and nessecery for
windows

The Windows application "sigverif" will give you a list of files in your
Windows system directories which have not been signed by Microsoft as being
an essential part of Windows. The list of unsigned files will include both
legitimate additions that you have made (such as printer drivers) and
suspect illegitimate viruses and spyware: you have to sort them out. But
this list is a much smaller list than the contents of the entire directory.