MSAS blocking agents

[Nocturnal]

Say MSAS blocks Downloadware trying to reinstall itself, does MSAS keep a
log of where exactly it caught Downloadware trying to reinstall itself from?
This way I could manually clean this crap out instead of having MSAS do it
and then it coming right back after a reboot. Any ideas?

 

[Alan]

First off, go to c:\windows\prefetch (XP) and see if any
files there contain downloadware in their filename. If
so, shred them using a FREE file shredder from
download.com. If you have Window Washer from Webroot
(webroot.com), you can create a new folder in the
prefetch folder and place all of the offending files
there, right-click on that folder, select Shred (Wash
with Bleach), and press Enter. If you are running 2000
or NT, search for *.pf in the c:\winnt folder.

If this doesn't help, try running a full system scan in
Safe Mode (F8 before Windows screen during bootup). You
might even want to use Ad-Aware (download.com) as well.

FYI: The reason behind the prefetch folder is to store
code that allows programs to startp quicker.
Unfortunately, spyware/malware, virus, etc. writers have
become wise to the existance of this folder and are
storing code there that is linked to another application,
such as IE. When the main app is launched, all the code
linked to it is also launched, causing the infection
to "reappear."

I'd like top see Microsoft add a checkpoint to one of the
Real-time Protection agents that checks the prefetch
folder and makes certain that no spyware/malware programs
are trying to store code there. I feel this will greatly
reduce the problmes many people are having trying to
remove these stubborn infections.

Alan

 

[Nocturnal]

Tried all of your solutions.

Tried scanning in safe mode with Ad-Aware, Spybot and MSAS. Nothing is
helping.

 

[Andre Da Costa]

Did you do a full system scan in safe mode with Microsoft AntiSpyware, also
run the following alternative AntiSpyware utilities:
Ad-Aware - http://www.lavasoftusa.com
Spybot - http://www.safer-networking.org/
CWShredder - http://www.intermute.com/products/cwshredder.html
Spy Sweeper - http://www.webroot.com
Ccleaner - http://www.ccleaner.com
--
Andre
Extended64 | http://www.extended64.com
Blog | http://www.extended64.com/blogs/andre
http://spaces.msn.com/members/adacosta
FAQ for MS AntiSpy http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm

 

[Ron Chamberlin]

Boot into Safe Mode (F8) at startup;
Empty your temporary files AND your Temporary Internet Files* C:\Documents
and Settings\Username\Local Settings\Temporary Internet Files folder ;
Run the scan while in safe mode;
If you are running SP2, open IE--->Tools--->Manage Add-ons, and uncheck any
BHO's that you don't recognize.

Ron Chamberlin
MS-MVP



*The .tif are Temporary Internet Files, and are stored in a different barn
than 'normal' temp files.
Here's how I kludge thru to them: Open Windows Explorer--->C:\Documents and
Settings. Then it's to the Tool Bar--->Folder Options--->View--->Hidden
Files and Folders and check the box "Show hidden files and folders" > Now
expand C:\Documents and Settings and under each user you will now see a
folder "Local Settings". Open that puppy and choose Temporary Internet
Files. I am not concerned about the cookies therein, but everything else
can go for now.