S
Shalom B.
I downloaded the Microsoft AntiSpyware Package and had it installed on 3
of my machines at home to try it out and see what all the hype and fuss
was all about. I have a Direct Connect (P2P) client on one computer
(Windows XP SP2) and it picked up an ad delivery threat as follows
Grokster
Type: Adware Bundler
Threat Level: Moderate
Author: Grokster, LTD
Description: Grokster (free version) installs adware and spyware
including GAIN, CyDoor, My Search, WebRebates, and Relivant Knowledge.
But when i went ahead to remove this threat my PC went unresponsive
immediately, with CPU utilization at 100% and Page File usage shooting
from 240MB up to 1280 MB within a matter of minutes and 5 minutes later
I was out of virtual memory. Thinking it was a one-off thing (as the
application is still beta), i manually had to power my PC back on and
tried to remove the threat but the same happened again, thinking
something was definitely wrong and to rule out faults with my PC and its
configuration I set about installing the DC client on another PC and
using MS Anti-spyware to check for threats, sure enough, same story again.
Ok, so i went into the registry and located the key
(HKEY_LOCAL_MACHINE\SOFTWARE\Magnet) (thanks to MS Antispyware, it
supplies the key names as well as the values containing the malware
executable making life a bit easier) but permissions set on the key (by
the DC client installer i suppose) would not let me navigate or delete
the key, so i gave the Everyone group full permissions and after this MS
Antispyware was able to remove the threat from the registry fine but the
executable (magnet.exe) was still left behind untouched.
But when the scheduled scan ran later that day the threat had reappeared
and again my PC crashed and i found out the DC Client had rewritten all
the data back into the registry, my only way of not allowing the malware
executable to run was to leave the registry keys intact but remove the
executable from the DC Client's program files folder so as to not let it
be invoked.
The threat still is found each time a scan is run but i have ignored it.
Is anyone experiencing a problem like this? and could someone tell me
what magnet.exe does exactly?
I hope the guys at MSFT (or Giant) will read this and correct this bug too.
of my machines at home to try it out and see what all the hype and fuss
was all about. I have a Direct Connect (P2P) client on one computer
(Windows XP SP2) and it picked up an ad delivery threat as follows
Grokster
Type: Adware Bundler
Threat Level: Moderate
Author: Grokster, LTD
Description: Grokster (free version) installs adware and spyware
including GAIN, CyDoor, My Search, WebRebates, and Relivant Knowledge.
But when i went ahead to remove this threat my PC went unresponsive
immediately, with CPU utilization at 100% and Page File usage shooting
from 240MB up to 1280 MB within a matter of minutes and 5 minutes later
I was out of virtual memory. Thinking it was a one-off thing (as the
application is still beta), i manually had to power my PC back on and
tried to remove the threat but the same happened again, thinking
something was definitely wrong and to rule out faults with my PC and its
configuration I set about installing the DC client on another PC and
using MS Anti-spyware to check for threats, sure enough, same story again.
Ok, so i went into the registry and located the key
(HKEY_LOCAL_MACHINE\SOFTWARE\Magnet) (thanks to MS Antispyware, it
supplies the key names as well as the values containing the malware
executable making life a bit easier) but permissions set on the key (by
the DC client installer i suppose) would not let me navigate or delete
the key, so i gave the Everyone group full permissions and after this MS
Antispyware was able to remove the threat from the registry fine but the
executable (magnet.exe) was still left behind untouched.
But when the scheduled scan ran later that day the threat had reappeared
and again my PC crashed and i found out the DC Client had rewritten all
the data back into the registry, my only way of not allowing the malware
executable to run was to leave the registry keys intact but remove the
executable from the DC Client's program files folder so as to not let it
be invoked.
The threat still is found each time a scan is run but i have ignored it.
Is anyone experiencing a problem like this? and could someone tell me
what magnet.exe does exactly?
I hope the guys at MSFT (or Giant) will read this and correct this bug too.