Antispy Does Not Actually Remove Spyware

[6th-Element]

I have run the MS Antispy application countless times but
it does not actually remove any of the spuware on my
computer. After rebooting the machine all of the spyware
returns.

Granted i have numerous issues as a result of the spyware
infecting my computer. Such as my Windows XP Security
Center has been disabled and i can not change any of the
security center settings. Currently i am waiting for a CD
copy of the Windows XP SP2 to arrive so that i can attempt
reinstalling XP SP2. Any other suggestions on how i can
gain control over my XP security center?

 

[A McGuire]

Boy, sounds like you got pretty infested. No spyware will catch every
threat, so I recommend looking at additional products - known products such
as Spybot S&D, Spyware Guard, Spyware Doctor, Spyware Blaster, Ad-Aware,
etc. I would do this while disconnected from your broadband - after
installed of course

Is your firewall enabled? Popup blocker working? I would do full scans
with each product. Keep in mind, the MS Product will not remove cookies.
You should empty your temporary Internet files and delete any offline
content in Internet Explorer (Tools -> Options).

Hope this helps.

 

[6th-Element]

Thanks For The Reply. I have tried every combo of being
disconnected from internet, rebooting, deleting cookies
and internet content and the spyware still returns upon
restarting machine. Even with the computer disconnected
from the internet.

 

[6th-Element]

Spyware has disable my MS security center (firewall, etc.)
and i can not restart or configure it. I am desperatly
waiting for my XP SP2 CD to arrive in the mail so that i
can reinstall all of the MS security center.

Thanks

 

[A McGuire]

If you have a clean computer, there should be documentation on how to
reconfigure or reset your firewall from the command line.

Best of luck.

 

[Bullwinkle. J. Moose]

Sound like you have spyware/viruses etc in memory and they save themselves
on exiting windows. I suggest you run your anti spyware programs from safe
position. That way most of your processes will not be loaded and you have a
chance to get rid of them permanently.

You need to run several different programs such as AVG, Ad-aware, and
Spybot. Also check in your start up module "msconfig" and uncheck item
after item to find out which are causing the problem.

Remember msantispy is only a beta and cannot be relied upon to do the job
you need.

Probably in the future when finally released as a full program it still
won't catch all the spyware and other problems.

Keep trying and good luck.

 

[A McGuire]

I wasn't very clear: use your clean computer to do your research!

 

[Bill Sanderson]

Here are instructions from Microsoft on how to fix this:

http://support.microsoft.com/kb/892350

If you are not yet on Service Pack 2, please read carefully. The
instructions you need are in a part of a second document this one links to,
I believe.

 

[Bob Dietz]

I have run the MS Antispy application countless times but
it does not actually remove any of the spuware on my
computer. After rebooting the machine all of the spyware
returns.

Granted i have numerous issues as a result of the spyware
infecting my computer. Such as my Windows XP Security
Center has been disabled and i can not change any of the
security center settings. Currently i am waiting for a CD
copy of the Windows XP SP2 to arrive so that i can attempt
reinstalling XP SP2. Any other suggestions on how i can
gain control over my XP security center?

Try running the scans in SAFE MODE.
* To get into SAFE MODE:
* Reboot your computer.
* As the computer reboots
* (before any "Windows" screen appears)
* tap the F8 key until the boot menu appears.
* Choose SAFE MODE on the boot menu.

Run the scan more than once - until the scan comes up clean.
Reboot your computer.
Let us know how things stand at that point.

 

[Bill Sanderson]

Good advice. I'd add:

Use the System explorers to go through the startup items, Downloaded
ActiveX, IE BHOs, and Shell Execute Hooks looking for items marked as
unknown.

Not all such items will be bad--but look for ones in generic
locations--system32, for example, or locations indicating they are part of
an ad-ware install.

Do a scan with an antivirus app with current definitions. Perhaps an online
scan with one of these:

http://housecall.antivirus.com
http://security.symantec.com

If you see things with names that appear to be composed of randomly selected
letters, consider blocking them to see what the effect is. If you can find
the executables that look suspicious on your machine--remember to enable
seeing system or hidden files in your chosen tools--submit them to
virustotal or viruscan.jotti.org to see whether they are ID'ed as spyware or
viruses by one or more vendors.

 

[plun]

Good advice. I'd add:

Use the System explorers to go through the startup items, Downloaded
ActiveX, IE BHOs, and Shell Execute Hooks looking for items marked as
unknown.

Not all such items will be bad--but look for ones in generic
locations--system32, for example, or locations indicating they are part of
an ad-ware install.

The antispyware community have invented HijackThis for this
purpose.

http://tomcoyote.com/hjt/

Most user need help with understanding what an incorrect
process, BHO, etc is.

Example:
http://forums.subratam.org/index.php?showtopic=3171

Without guidance this is a mess for most users to clean up.

Do a scan with an antivirus app with current definitions. Perhaps an online
scan with one of these:

http://housecall.antivirus.com
http://security.symantec.com

If you see things with names that appear to be composed of randomly selected
letters, consider blocking them to see what the effect is. If you can find
the executables that look suspicious on your machine--remember to enable
seeing system or hidden files in your chosen tools--submit them to
virustotal or viruscan.jotti.org to see whether they are ID'ed as spyware or
viruses by one or more vendors.

Maybe its better to write these steps in a better way to help.

My advice is to go to a antispyware forum, this NG is a joke
in helping users with
spywareproblem.

http://www.lavasoftsupport.com/index.php?showforum=119
or
http://forums.subratam.org/

--

 

[Bill Sanderson]

This forum isn't a general purpose spyware cleanup location--it's meant to
provide peer support to public beta testers of Microsoft Antispyware.

Yes, we can refer the users to third-party forums and third-party tools.
However, some of them are justifiably suspicious of such references.

If the cleaning can be done with Microsoft Antispyware with relatively
little additional help, that's what I'd recommend.

Otherwise we can and I have, recommended using HijackThis and a spyware
related forum.

Those forums will always be the best prospect of a fix with a brand new bug,
I suspect, but we need an automated mechanism from a trusted vendor and we
need it to work--push the button and be clean.

The vast majority of issues posted here can be solved without resorting to
HijackThis.

 

[plun]

This forum isn't a general purpose spyware cleanup location--it's meant to
provide peer support to public beta testers of Microsoft Antispyware.

.........

Yes, we can refer the users to third-party forums and third-party tools.
However, some of them are justifiably suspicious of such references.

Let other do the dirty/difficult job ?

If the cleaning can be done with Microsoft Antispyware with relatively
little additional help, that's what I'd recommend.
Ok

Otherwise we can and I have, recommended using HijackThis and a spyware
related forum.

If MS wants to be respected I think they need MVP:s who
guide users.

Those forums will always be the best prospect of a fix with a brand new bug,
I suspect, but we need an automated mechanism from a trusted vendor and we
need it to work--push the button and be clean.

again, with IE this is impossible. I dont think users can
accept to wait a week for
a "push the button" tool if they cant use IE. If all user
already was protected with
MSAS or Spywareblaster this was a small problem but with
todays situation this
is a real challenge for MS.

The vast majority of issues posted here can be solved without resorting to
HijackThis.

Yes but the minority with severe problem also wants help and
this is a key issue for MS I think.

--

 

[Bill Sanderson]

The intent is for this tool to be successful in cleaning what it finds.

The MVP's who specialize in spyware are involved in feeding examples to
Microsoft, along with their usual work helping people get clean.

The active protection checkpoints should help prevent a great many
infections, regardless of the browser involved.

This app can already clean a great deal of spyware--more than the
competition according to careful reviewers--and it is getting better.

I have no quarrel with the spyware forums nor with HijackThis--however, to
use these tools you must submit information to a forum you have to decide to
trust, and get feedback from forum staff who you have little way of gauging
the experience and knowledge of. It's true that these are public forums
where there is peer review of the advice given, and thats important, but
this is also a very labor intensive individual expert process--this just
isn't scalable in my opinion, to the problem dimensions at hand.

 

[plun]

The intent is for this tool to be successful in cleaning what it finds.

The MVP's who specialize in spyware are involved in feeding examples to
Microsoft, along with their usual work helping people get clean.

The active protection checkpoints should help prevent a great many
infections, regardless of the browser involved.

This app can already clean a great deal of spyware--more than the
competition according to careful reviewers--and it is getting better.

I have no quarrel with the spyware forums nor with HijackThis--however, to
use these tools you must submit information to a forum you have to decide to
trust, and get feedback from forum staff who you have little way of gauging
the experience and knowledge of. It's true that these are public forums
where there is peer review of the advice given, and thats important, but
this is also a very labor intensive individual expert process--this just
isn't scalable in my opinion, to the problem dimensions at hand.

My conclusion about above must be that (I´m reading from top
to bottom in NG)
it must be better to totally rebuild IE with all protections
built in.

Or is it about money ? make more profit beacuse of IE, this
really stinks.......

--

 

[6th-Element]

AWESOME! Thank You!!!

-----Original Message-----
Here are instructions from Microsoft on how to fix this:

http://support.microsoft.com/kb/892350

If you are not yet on Service Pack 2, please read carefully. The
instructions you need are in a part of a second document this one links to,
I believe.
--
FAQ for Microsoft Antispyware:
http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm




.

 

[Ron Chamberlin]

Hi Plun,

My advice is to go to a antispyware forum, this NG is a joke in helping
users with spywareproblem.>

Me thinks this NG was formed to solicit feedback on a Beta product.

microsoft.public.security.homeusers or microsof.public.security.virus would
be helpfu NG"s for removing spyware, or better yet, to learn some baout
prescriptive best guidance.

Ron Chamberlin
MS-MVP

 

[Bill Sanderson]

My conclusion about above must be that (I´m reading from top to bottom in
NG)
it must be better to totally rebuild IE with all protections built in.

Or is it about money ? make more profit beacuse of IE, this really
stinks.......

Well - you can let me know your opinion on the money angle after it
releases.

I think it isn't really fair to blame the whole issue of spyware on IE. A
great many of the critters being removed in these groups are installed by
the users themselves. Take a look at the list of checkpoints Microsoft
Antispyware monitors. Out of 59, I count 19 as being related to IE on a
quick count.

 

[plun]

Well - you can let me know your opinion on the money angle after it
releases.

It must be a free tool.

I think it isn't really fair to blame the whole issue of spyware on IE. A
great many of the critters being removed in these groups are installed by
the users themselves. Take a look at the list of checkpoints Microsoft
Antispyware monitors. Out of 59, I count 19 as being related to IE on a
quick count.

I have checked several antispyware forums and absolute
majority with problem is related to IE.I also checked my
Spywareblaster definitions and mostly is ActiveX related
to IE. Klick and run.

IE-Spyad gives more information about this:

https://netfiles.uiuc.edu/ehowes/www/resource.htm

About Spywareblaster:
http://www.javacoolsoftware.com/

--

 

[Wiz]

Have you thought about turning off the Windows XP System Restore, then
running your spyware and virus scans/repairs? If you haven't, I recommend
that you do so. Turning it off empties out the super-hidden files that are
backed up for use in the event that registered system files are deleted, or
modified improperly. Symantec always recommends turning off system restore
before cleaning virus infections, and the like.

After your computer is totally clean from infestations you can turn it back
on.

--

Sincerely, Bob 'Wiz' Feinberg
http://www.wizcrafts.com
http://www.wizcrafts.net
http://www.wizcrafts.info