ishost trojan not detected by defender

[Guest]

why would anyone pay for onecare and defender when it allows high risk
trojans like ishost to run unchecked on peoples systems?

No we are being told that if we don't run at least 3 different defence
programs we are dumb?

I thought microsoft was supposed to be the best in the world? They are one
of the worst i'm sorry to tell you. Don't trust windows defender to protect
your valuables. If you do you are going to lose everything.

There are 400k programs that do a far better job than defender does.

What a ripoff

 

[Guest]

So what has this to do with Windows Defender?

Ishost Trojan is a virus, Windows Defender in anti-spyware.

Have you scanned your system using a recently updated anti-virus program?

Can you tell me what antivirus product you are running?

What AV software identified a file(s) as having the Ishost Trojan

In this case, the diagnosis is the same as the fix. First run a virus scan.
If you don't have any antivirus software installed---and shame on you if you
don't--try Ewido, which scans for both virus and spyware.

Once you PC is clean, make sure your Windows security patches and settings
are up-to date.

 

[Guest]

ok i've found a cleaner for this known spyware. go to http://free.prevx.com/
and get their free 30 day trial.

onecare couldn't detect it either. C'mon microsoft, get it together

 

[Guest]

If you would kindly extracted your narrow mind from your broad posterior for
a few moments, you would realize that anti-threat detection (of all sorts) is
not an exact science. EVERY SINGLE PRODUCT on the market misses a few things
from time to time. Check Virus Total for this week's statistics.

Whereas I have been testing Prevx on a couple of systems for the past two
months, I am not extoling its virtues as the solution to the world's
problems. I like it because it provides real-time insight to applications
being run. (I genuinely enjoy the "noise". It lowers paranoia. Most will
not like being "bothered".)

Sofar Prevx looks quite promising, but I still have ewido and
Defender/OneCare installed as co-resident threat scans on most of my
production systems. I also hold a-squared, NOD32, BitDefender, Kaspersky,
and others in high regard and have expereince with each in various
environments -- all good.

One vendor that has fallen from grace -- MY grace anyway -- is Symantec. I
express my bias often and loudly on this matter.

My personal "solution" is that I would NEVER depend on a single "solution".
I run multiple resident anti-threat tools and conduct daily on-line threat
scans using a number of different tools from the Internet Security page in my
sig.

 

[Richard Urban]

Using only one anti spyware program is like trying to protect your home from
multiple intruders - with a gun that has only one bullet!

--
Regards,

Richard Urban
Microsoft MVP Windows Shell/User
(For email, remove the obvious from my address)

Quote from George Ankner:
If you knew as much as you think you know,
You would realize that you don't know what you thought you knew!

 

[Guest]

many people claim to have tried multiple programs to detect various threats
with no results until they discovered an obscure program no one's ever heard
of before. So it doesn't make one lick of sense to tell people to use
multiple programs and then they'll be safe.

 

[Guest]

as i told scott the anti-intelligence-bot it is mindless to claim that
running multiple security programs is the answer to windows security woes,
because as many people have found multiple programs still do not detect
various deadly threats.

So the only answer is for microsoft to hire someone who is intelligent who
can stay one step ahead of all the monkeys at the keyboards.

 

[plun]

So the only answer is for microsoft to hire someone who is intelligent who

can stay one step ahead of all the monkeys at the keyboards.

Hi

Well... I believe the mouse is the problem not the keyboard...
Stay ahead of "happy clickers"....hmm ? mission impossible.

Nevertheless to be serious it seems that MS uses a tactic against some
malware types that users can "sit with the shit"....

Or that some types are difficult to remove so therefore it´s better
to not detect them to avoid PC Safety calls...

Ishost has a lot of variants and it´s the same with Vundo and Smitfraud
infests.

About One Care mentioned earlier I cannot see any reason to use it with
MS lack of update descriptions... "MS secrets".

regards
plun

 

[NoOp]

ok i've found a cleaner for this known spyware. go to http://free.prevx.com/
and get their free 30 day trial.

onecare couldn't detect it either. C'mon microsoft, get it together

We'll I'm certainly "impressed". Tried Prevx and it promptly identified
my Japanese keyboard dll's as "malware" and put them all in "jail". Yet
they are issued directly from Microsoft, and on Prevx's own site they
state the following for kbd101.dll:

http://info.prevx.com/pxparall.asp?...&PX5=693dfe6b102f8f161ba500f6bc36a20066b523e3

KBD101.DLL
Determination: Good

DEFINITION OF: KBD101.DLL

* Safety Rating: Safe
* First seen: Jul 11 2005 (GMT)
* Last seen: Jul 11 2005 (GMT)
* File Size: 6,928 bytes

 

[Guest]

if microsoft paid people for any security threats they find then they would
be shown every possible threat in one week. People are so desperate for cash
that they will gladly tell microsoft about every possible type of threat.
People will spend every moment of their day trying to think of a threat that
microsoft would pay them for. Of course that would mean less cash for
microsoft to horde so it probably will never happen.

 

[Bill Sanderson MVP]

Just in case there's someone reading these lists who isn't entirely
motivated by cash, here are submission addresses for malware for Microsoft:

Samples sent to the following addresses will be automatically processed into
the Microsoft Antimalware Team queue:


a.. (e-mail address removed) (virus/worm/trojan/etc samples)
b.. (e-mail address removed) (spyware samples)
For those who might wonder, such samples are shared by Microsoft with their
antivirus/antimalware partners.


--

 

[NoOp]

Just in case there's someone reading these lists who isn't entirely
motivated by cash, here are submission addresses for malware for Microsoft:

Samples sent to the following addresses will be automatically processed into
the Microsoft Antimalware Team queue:


a.. (e-mail address removed) (virus/worm/trojan/etc samples)
b.. (e-mail address removed) (spyware samples)
For those who might wonder, such samples are shared by Microsoft with their
antivirus/antimalware partners.

I can't, Prevx jailed my KBD101.DLLs...

 

[Guest]

drag them to the holding cell and double click on them to reinstall them.

 

[Guest]

http://www.castlecops.com/f195-Prevx_1_Beta.html

go to that address to find out all about the prevx program

 

[Guest]

http://www.windll.com/library-k_000.php

there's the address to replace any microsoft
dll files

 

[NoOp]

drag them to the holding cell and double click on them to reinstall them.

Oh I don't think that you understand. After Prevx falsly identified
those dll's as malware I _uninstalled_ Prevx... problem solved.

 

[Guest]

yes only use it to find the spyware etc that all the others fail to find, and
be careful not to delete everything it finds. Then uninstall it. Some people
have to do the same with defender as it isn't compatable with all their
software.

You could always report your difficulty to their help desk like I did at
microsoft. Then they'll tell you to come to a forum like this, where you'll
be told by others that you're a fool for having any expectations whatsoever
about the program.

 

[Bill Sanderson MVP]

I'll confess to having been guilty of referring folks to one non-Microsoft
site for older beta versions, but this is bad advice.

Get Microsoft code from Microsoft, and not from a third-party site.

If the pieces you are missing are a part of the OS, use sfc -scannow, or a
repair install, to replace them, or expand them manually from the CD.

--

 

[Tom Emmelot]

Hi Bill,

And when your time is up you should know of this is the reason that you
are in a dark place where you have to work without any MS programs!

Regards >*< TOM >*<

Bill Sanderson MVP schreef:

 

[NoOp]

I'll confess to having been guilty of referring folks to one non-Microsoft
site for older beta versions, but this is bad advice.

Get Microsoft code from Microsoft, and not from a third-party site.

If the pieces you are missing are a part of the OS, use sfc -scannow, or a
repair install, to replace them, or expand them manually from the CD.

Wouldn't think of gettng them elswhere. BTW, I was joking about Prevx;

I can't, Prevx jailed my KBD101.DLLs...

yes it did falsly identify the dll's as malware, but I did manage to
have it restore them before I _uninstalled the program_.

I wasn't impressed with Prevx. Once installed it automatically started
the scan and then took action (Jailed) with what it perceived to be
malware without giving an option beforehand to intervene. After it
"Jailed" (Prevx term) the dll's I then had to click on each one, which
then brought up a separate web page for each dll telling it was fine.
Then figure out how to restore them. Anyway, experiment's over