M
Mark L. Ferguson
http://www.geocities.com/marfer_mvp/FAQ_MSantispy.txt
1) Known bugs/errors/unpopular features
a) Various mis-spellings and errata (e.g. "TxtFocus")
b) scan stops unexpectedly when clicking areas like "Microsoft AntiSpyware Beta1" graphic or some menu items
c) Win9x installs are not supported. (expected behavior)
d) Enterprise end user could block processes domain administrator wants to run (http://support.microsoft.com/kb/892375)
e) CoolWebSearch, VX2 versions not detected (http://www.intermute.com/products/cwshredder.html)
f) false positives
1) TAPICFG.EXE
2) EZCyberSearch
3) Network Essentials
4) Various false PC Spy (Commercial Key Logger)
5) Remote control software (VNC et.al.)
6) chktrust.exe part of .Net Framework.
7) spodrer.dll (sometimes real)
8) IE5 Toolbar Wallpaper from MS IE5 Web Accessories is falsely identified as GonnaSearch
9) Outlook Express Mail Store folders (QUARANTINE, don't delete, till you determine what is)
10) MessengerPlus
11) Weatherbug/AOL (only advanced features are spyware)
12) SearchSquire
13) script file and other comments identified as virus (iMesh)
14) tvenuax.dll (TruVoice file)
15) PCduo
16) eloglist.exe and psexec.exe from sysinternals
17) nProtect KeyCrypt 1.0
18) RadLight
19) Nullsoft Sex
20) Zipdll.dll
21) TimeSync from Blue Nomad for a PDA
22) Spybot Search & Destroy (some immunity registry entries)
23) beta.toolbar.msn.com as a browser hijacker homepage
24) SCRRUN.DLL (sometimes)
25) MediaTickets CDT domains
26) HelpHost.exe to go to remote host windows.microsoft.com
27) WINREP
28) Borland Database Engine
29) nsldapssl32v30.dll (Netscape and others)
30) moo.dll (MIRC)
31) Hummingbird DM Toolbar
32) StartNow Hyperbar
33) ?
g) DPI settings (not default) corrupt display
h) scan time settings (12:00 PM, et.al.) not correct.
i) Notification icons behave incorrectly
j) Non-english time display problems
k) Tracks Eraser failures
l) Multi-user installs not working (Limited User errors, Fast User Switching. etc)
m) Flying Alerts (Taskbar not at the bottom)
n) Script blocking not manageable
o) Abnormal Termination (Shell Execute hooks, et.al.)
p) No "Failed Install" notice
q) Tracking Cookies not deleted. (This feature is not included in the beta)
r) Accessibility features not included (for the beta)
s) Reactivate blocked items not working (There is a workaround. Copy out, delete original, copy back)
t) CPU usage 100% (under study for specific hardware causes)
u) network and firewall related problems (winsock): http://support.microsoft.com/kb/892350
v) Failure to launch UI under XP after apparently successful install
w) Script and batch files working directory defaults to ../system32 (on unblock instance only)
x) PrimalScript editor - edit runs file
y) "gcasDtServHolder" popup window
z) Hibernation slow or disabled on laptops
aa) Ignore closes the browser
bb) User Redirected Shell folders (My Docuuments, and others)
cc) 'Results of scan' (Show Summary) popup can't be disabled.
dd) terminal serve (Remote Desktop) into a computer, the MS AntiSpy(beta) icon will turn blue
ee) Firewall dead (see: http://support.microsoft.com/kb/892350 )
ff) ansi.sys disabled
gg) Network Connection folder icons no longer listed as 'connected' after doing a winsock fix. (toggle the checkboxes off, restart,
and on, in Firewall settings, advanced tab)
hh) Kaaza files lost
ii) proxy error on reporting (Sun Java instead of MS Java VM installed)
jj) Dell machines ask for setup disk on scan
kk) Shortcut 'hotkey' delayed opening.
ll) ?
2) FAQ's
a) "I like it" (Thanks for testing the beta and providing feedback.)
b) bug reports? (Yes, file in this newsgroup. Please title the message so it is Obvious it is a bug, error, or false positive)
c) Deployable via SUS, Enterprise? (This is still under consideration)
d) MS AntiSpyware cannot start with error 101 (Use the Update feature in Add/Remove, "Change")
e) Giant Software owners (see page http://www.giantcompany.com/commonQuestions.htm#gen_beta for More information about general
questions for currently licensed customers of Giant Software
f) Group Policy options available? (Under consideration)
g) about:blank issues (Click Tools, Suspected Spyware Report, and submit it to Spynet)
h) Uninstall MAS? (Add/Remove app in Control Panel)
i) "Is there a tutorial for this software?" (Tutorial - How to use the Microsoft AntiSpyware Beta to remove Spyware:
http://www.bleepingcomputer.com/forums/tutorial98.html)
j) "Is the Security Center going to include this?" (probably)
k) ?
3) Remarks
a) "it doesn't work!! (It's a "Beta")
b) "Will it be free, or not?" (Not announced yet)
c) "My software is falsely accused of spying!" (http://support.microsoft.com/kb/892340 MAS incorrectly identifies a program as a
spyware threat)
d) "The error.log file gets too big!" (It's a "Beta")
e) "It's NOT a Bug!" (many spywarw removals will expose relic damage)
f) Various other rants and trolling (yawn)
created by Mark L. Ferguson (NOT an MS-MVP)
free for re-publication
(If you would like to post reply comments or additions, anything but a rant is fine.)
marfers notes for windows xp http://www.geocities.com/marfer_mvp/chatNotes.htm
..
1) Known bugs/errors/unpopular features
a) Various mis-spellings and errata (e.g. "TxtFocus")
b) scan stops unexpectedly when clicking areas like "Microsoft AntiSpyware Beta1" graphic or some menu items
c) Win9x installs are not supported. (expected behavior)
d) Enterprise end user could block processes domain administrator wants to run (http://support.microsoft.com/kb/892375)
e) CoolWebSearch, VX2 versions not detected (http://www.intermute.com/products/cwshredder.html)
f) false positives
1) TAPICFG.EXE
2) EZCyberSearch
3) Network Essentials
4) Various false PC Spy (Commercial Key Logger)
5) Remote control software (VNC et.al.)
6) chktrust.exe part of .Net Framework.
7) spodrer.dll (sometimes real)
8) IE5 Toolbar Wallpaper from MS IE5 Web Accessories is falsely identified as GonnaSearch
9) Outlook Express Mail Store folders (QUARANTINE, don't delete, till you determine what is)
10) MessengerPlus
11) Weatherbug/AOL (only advanced features are spyware)
12) SearchSquire
13) script file and other comments identified as virus (iMesh)
14) tvenuax.dll (TruVoice file)
15) PCduo
16) eloglist.exe and psexec.exe from sysinternals
17) nProtect KeyCrypt 1.0
18) RadLight
19) Nullsoft Sex
20) Zipdll.dll
21) TimeSync from Blue Nomad for a PDA
22) Spybot Search & Destroy (some immunity registry entries)
23) beta.toolbar.msn.com as a browser hijacker homepage
24) SCRRUN.DLL (sometimes)
25) MediaTickets CDT domains
26) HelpHost.exe to go to remote host windows.microsoft.com
27) WINREP
28) Borland Database Engine
29) nsldapssl32v30.dll (Netscape and others)
30) moo.dll (MIRC)
31) Hummingbird DM Toolbar
32) StartNow Hyperbar
33) ?
g) DPI settings (not default) corrupt display
h) scan time settings (12:00 PM, et.al.) not correct.
i) Notification icons behave incorrectly
j) Non-english time display problems
k) Tracks Eraser failures
l) Multi-user installs not working (Limited User errors, Fast User Switching. etc)
m) Flying Alerts (Taskbar not at the bottom)
n) Script blocking not manageable
o) Abnormal Termination (Shell Execute hooks, et.al.)
p) No "Failed Install" notice
q) Tracking Cookies not deleted. (This feature is not included in the beta)
r) Accessibility features not included (for the beta)
s) Reactivate blocked items not working (There is a workaround. Copy out, delete original, copy back)
t) CPU usage 100% (under study for specific hardware causes)
u) network and firewall related problems (winsock): http://support.microsoft.com/kb/892350
v) Failure to launch UI under XP after apparently successful install
w) Script and batch files working directory defaults to ../system32 (on unblock instance only)
x) PrimalScript editor - edit runs file
y) "gcasDtServHolder" popup window
z) Hibernation slow or disabled on laptops
aa) Ignore closes the browser
bb) User Redirected Shell folders (My Docuuments, and others)
cc) 'Results of scan' (Show Summary) popup can't be disabled.
dd) terminal serve (Remote Desktop) into a computer, the MS AntiSpy(beta) icon will turn blue
ee) Firewall dead (see: http://support.microsoft.com/kb/892350 )
ff) ansi.sys disabled
gg) Network Connection folder icons no longer listed as 'connected' after doing a winsock fix. (toggle the checkboxes off, restart,
and on, in Firewall settings, advanced tab)
hh) Kaaza files lost
ii) proxy error on reporting (Sun Java instead of MS Java VM installed)
jj) Dell machines ask for setup disk on scan
kk) Shortcut 'hotkey' delayed opening.
ll) ?
2) FAQ's
a) "I like it" (Thanks for testing the beta and providing feedback.)
b) bug reports? (Yes, file in this newsgroup. Please title the message so it is Obvious it is a bug, error, or false positive)
c) Deployable via SUS, Enterprise? (This is still under consideration)
d) MS AntiSpyware cannot start with error 101 (Use the Update feature in Add/Remove, "Change")
e) Giant Software owners (see page http://www.giantcompany.com/commonQuestions.htm#gen_beta for More information about general
questions for currently licensed customers of Giant Software
f) Group Policy options available? (Under consideration)
g) about:blank issues (Click Tools, Suspected Spyware Report, and submit it to Spynet)
h) Uninstall MAS? (Add/Remove app in Control Panel)
i) "Is there a tutorial for this software?" (Tutorial - How to use the Microsoft AntiSpyware Beta to remove Spyware:
http://www.bleepingcomputer.com/forums/tutorial98.html)
j) "Is the Security Center going to include this?" (probably)
k) ?
3) Remarks
a) "it doesn't work!! (It's a "Beta")
b) "Will it be free, or not?" (Not announced yet)
c) "My software is falsely accused of spying!" (http://support.microsoft.com/kb/892340 MAS incorrectly identifies a program as a
spyware threat)
d) "The error.log file gets too big!" (It's a "Beta")
e) "It's NOT a Bug!" (many spywarw removals will expose relic damage)
f) Various other rants and trolling (yawn)
created by Mark L. Ferguson (NOT an MS-MVP)
free for re-publication
(If you would like to post reply comments or additions, anything but a rant is fine.)
marfers notes for windows xp http://www.geocities.com/marfer_mvp/chatNotes.htm
..