New Highjack program not detected by MS-Anti spy.

[Guest]

I ran a program from a demo program from website and ended up with a few
malware programs on my machine. MS Anti spy detected some and deleted them
but there is a browser highjack program that it doesn't get detect and opens
browser windows to sites like
http://www.coupon-online.com/normal/XBDYUS.html. I have tried adaware
highjack this and spybot search and destroy to no avail.

I tried to send a Microsoft Suspected Spyware Reporting Tool report to MS
but got the error "An error occurred submitting the scan results. Please
check you Internet proxy settings and try a gain."

Any suggestions.

XP Pro SP2
IE 6.0
Microsoft AntiSpyware Version: 1.0.615
This version expires on: 12/31/2005
Spyware Definition Version: 5775 (11/12/2005 4:36:57 PM)

 

[Mikolaj]

I ran a program from a demo program from website and ended up with a few

malware programs on my machine. MS Anti spy detected some and deleted
them
but there is a browser highjack program that it doesn't get detect and
opens
browser windows to sites like
http://www.coupon-online.com/normal/XBDYUS.html. I have tried adaware
highjack this and spybot search and destroy to no avail.

I tried to send a Microsoft Suspected Spyware Reporting Tool report to MS
but got the error "An error occurred submitting the scan results. Please
check you Internet proxy settings and try a gain."

Any suggestions.

XP Pro SP2
IE 6.0
Microsoft AntiSpyware Version: 1.0.615
This version expires on: 12/31/2005
Spyware Definition Version: 5775 (11/12/2005 4:36:57 PM)

Check the firewall, if you use any - it should allow MSAS processes to
access the Internet. These processes are:

1. MicrosoftAntiSpywareMain.exe (the primary Microsoft AntiSpyware
application)

2. gcasDtServ.exe (provides access to SpyNet for reporting unknown
applications)

3. MicrosoftAntiSpywareUpdater.exe (provides functionality to update the
latest spyware definitions)

4. gcasServAlert.exe (provides access to SpyNet for reporting unknown
applications)

5. gcasSWUpdater.exe - should be also allowed to access the Internet for
updates

 

[Dave M]

Just a small correction to what Mikolaj wrote;
MicrosoftAntiSpywareMain.exe = GiantAntiSpywareMain.exe
MicrosoftAntiSpywareUpdater.exe = GiantAntiSpywareUpdater.exe

hummm... wonder if he has a pre-release of Beta2

 

[Guest]

I believe port 80 is always open for http traffic and the hijack software is
just opening up web pages via that port. I run Microsoft firewall and added
those exes yourself and Dave suggested to no effect. I think it's just a case
of the signature of this hijack program not being detected. The reporting
tool is also not working.

Last night very late after some heavy keyboard pounding I installed Webroot
Spy Sweeper and it cleaned out the hijack program and a few more programs not
picked up by other anti-spyware programs.

I think the MS Anti spyware software beta product is excellent for a beta.

Thanks for the help!

ZoOnI

 

[Dave M]

Thanks for getting that info about the SpyNet reporting failure back to us, hope
they pick it up in this forum.

 

[Mikolaj]

Just a small correction to what Mikolaj wrote;

MicrosoftAntiSpywareMain.exe = GiantAntiSpywareMain.exe
MicrosoftAntiSpywareUpdater.exe = GiantAntiSpywareUpdater.exe

hummm... wonder if he has a pre-release of Beta2

You're right about the names, but not about the pre-release of Beta 2
(unfortunatelly) Just Zone Alarm shows slightly different names than
exec files

 

[Dave M]

Awww... Darn... I'd hoped you'd let a "cat out of the bag"

 

[Guest]

I'm commenting to the reporting tool also. I get the same error without a
firewall running. It appears to be a software failure.

 

[Bill Sanderson]

If you get this message related to the suspected spyware report, and are not
behind a proxy or have your proxy settings correctly defined for Internet
Explorer--this is a bug. It is known and won't be present in beta2.

--