Anti-Spyware instaling spyware???

[Guest]

I just downloaded and installed the new spyware. I have been using Spybot up
till now. After my first scan with the spyware it found 9 files and removed
them. After the rebooted I found my home page has been changed to MSN. Also I
get hit with 4 pop up add for Netflix, home business, even PSP and home
loans. I run my scan again and it finds 3. They are removed and I reboot.
Again my home page is MSN and I still get pop-up ads. However, the all have a
ring of colorful rings as an icon next to the title (I have one now as I'm
typing this. I can see this little ring of colored rings next to the title
"The Best Offers" down in my tool bar).
My question is does Microsoft add ad-ware the this anti-spyware to make it a
free download? I haven't had these pop-ups before I downloaded this program
and they are the only ones I get now. Plus they are not recognized by the
spyware.
Anybody have any ideas?

 

[Bill Sanderson]

No--what you are seeing, with the exception of the home page set to MSN, is
not the product of using Microsoft Antispyware. There's no adware, nor ads,
in Microsoft Antispyware--it isn't that kind of free product--it is not, in
fact, free--it is an additional benefit of the $ that you paid for your
valid license for Windows.

The "best offers" adware you are seeing is a product of Direct Revenue. Do
you have Kazaa on your machine? This has been distributed by that mechanism
in the past.

You can read something about this in the October 2 entry here:

http://blogs.zdnet.com/Spyware/index.php?cat=1


These folks claim that the only safe way to uninstall their software is to
use the uninstall program here:

http://www.bestoffersnetworks.com/software/support.php

use this at your own risk--I don't have current information about the
relative safety of this uninstall routine, I'm afraid.

I would also recommend updating your antivirus and Microsoft
Antispyware--hint--definitions usually come out on Thursdays or
Fridays.--and restarting Windows in safe mode, by pressing the f8 function
key before the initial Windows screen appears. The do full, deep scans with
Microsoft Antispyware until a scan comes through clean--ditto with your
antivirus app.

The symptoms you are seeing are a result of incomplete cleaning--and/or
additional spyware being placed on your machine via trojans already in
place, and not cleaned properly by Microsoft Antispyware. Try the safe mode
scans--and lets see whether others here have a better recommendation about
how to get rid of bestoffers.

 

[Guest]

Pop-ups ARE NOT spyware, they are requests by the web page's HTML code that
requests a second (slave) window "pop-up" on the screen.

In order to change the default IE settings in MSAS, go to Tools > Advanced
Tools > Browser Hijack Settings Restore. Now select the item you want to
change, click the "Change restore setting to a new URL..." hyperlink, type in
the page you want to use, and press Enter. Do this for every setting you
want to change. The reason they did this was to assure that if someone's
browser had been hijacked BEFORE installing MSAS that the settings could be
changed to ones that are known to be safe. Imagine the horror if they used
the settings that CoolWebSearch or ABetterInternet hijacked your browser to
for its restore settings. You'd be restoring the browser to what it was when
it was hijacked, which is totally asinine if you ask me!

Alan

 

[Dave M]

BestOffers EULA is on the referenced website.
I ran it through Javacool Software's free EULAnalyzer...at
http://www.majorgeeks.com/EULAlyzer_d4759.html
Just gimme the software darn it... I aint got no time to read all that stuff...
Amazing what busy people will agree to.

 

[Bill Sanderson]

Thanks, Alan--I knew there was a piece of that question that I forgot to get
to...

--

 

[Guest]

Just noticed this post so thought Id add a comment, The Best Offers pop ups
are thanks to Aurora and are not a result of html code in pages they visit,
The information on the pages they view are sent to Direct Revenue which then
return pop ups that relate to the theme or based on keywords they type into
search engines, just use Ad-Aware SE and the VX2 cleaner plug to remove that
bad boy

Andy

 

[plun]

Hi Andy

Have you tested standard Adaware for Aurora removal ?

Aurora was included in latest defs.

?

regards
plun


AndyManchesta laid this down on his screen :

 

[Guest]

Hey Plun

I've not tried it but did notice they were moving it away from the VX2
family and starting to detect it as ABI.Aurora,

I think it would need a reboot to remove the junk with it having one part
running as a service and another hooked to explorer.exe plus the random named
file running on the system, Ad-Aware would have to stop explorer.exe then
remove all the files and the service and restart explorer.exe as it may have
problems if it just deletes the files, The random named file in system32 does
make things difficult as it will just create a new random named entry if its
stopped then it will replace other parts that are missing when they go
online,

I will test it but think the VX2 cleaner plugin would be the easiest option
as its all removed on reboot leaving just a few registry entries when the
system restarts which can then be removed in the second scan

Andy