aniti spyware faked update

[Guest]

I have come across this on a few machines in the last few months after
installing microsoft antispyware beta to remove spyware after the install
when you click scan now it should offer the chance to update to latest
pattern files but if you click update it says you already have the latest
version even though i know it does not .if you check in the "about" tab it
does say the correct update version but it has somehow been faked.
also on the the same machines there is an alert that your internet security
settings arre trying to be lowered to be below the default settingsgiving the
option to block or allow (this sometimes only shows up if you run in safe
mode tho)
can anyone shed some light on this ie what registry keys may need to be
removed to stop this hijack of microsoft anti spyware?

 

[Bill Sanderson]

I suspect you are seeing bugs, rather than corruption due to a hack or
malware of some sort.

On the definitions issue:

Go to help, about, and see if the definition number is current. If it is,
press the Diagnostics button. Scroll down the list looking for a line
ending in a pair of number separated by a /

156/156 for example.

If these numbers are equal, all is well. If they are not equal, go back to
File, Check for updates, and repeat the above process until these numbers
come out equal.

This is a bug, not malware in action.

I've also seen the prompt you mention about lowering your default security
settings, and believe that it is also due to a bug, in a multi-user or
limited user scenario. I wouldn't worry about this one--both these issues
should go away with the release of beta2, by March 31 of this year.

 

[Guest]

ok thanks bill if i come across it again i will check for the ***/***
comparison the security setting problem was more worrying me because all the
machines that had it were riddled with spyware and trojans and i wondered if
system files or root kits had been installed/changed
one system did have a cloaking file that was changing the file was called
"rejoil.dll" and had 3 files that accompanied it with similar names safe mode
found the files and deleted manually

 

[Bill Sanderson]

Glad to hear that safe mode worked. There are some bugs that manage to
elude beta1 at this point. I believe beta2 will be more capable, and it'll
be out by March 31, we hear.

--

 

[Guest]

I ran SpyBot, freeware, and it picked up six that MS Spyware Beta 1 didnt. I
have been told that it is safer to run at least two programs to be sure.

 

[Bill Sanderson]

Usually, those will be cookies--but there's nothing wrong with that
rule--spyware definitions are probably converging over time--but they are
still different with different vendors.

--