Microsoft AntiSpyware

[Guest]

There was a post in here the other day asking if anyone has tested
Microsoft's AntiSpyware program.

I have been using the program on my home machine and 5 of my office's 20
machines since it's release. Today a number of users were hit with massive
spyware attacks. 5 machines had MS AntiSpy installed. The others had only
Spybot installed. The machines with Spybot are updated and scanned frequently
so they were pretty much clean prior to this.

I ran Spybot on the first machine. Spybot locked up while trying to remove
the threats. None were removed. I ran Spybot in Safe Mode and was able to
remove some but not all in the long list of threats, although they all
immediately reinfected the system on reboot. These were mainly new spyware
programs that I have never seen. Virtual Bouncer and People on Page were the
only old, known threats and Spybot has never been able to remove them before
anyway.

It was not easy but after turning off most of the spyware in Task Manager, I
installed MS AntiSpy. After updating it, I went back into safe mode and ran a
Quick Scan. A ton of problems were found (54) and all but 2 were removed. I
chose Remove instead of the recommended Quarantine on those two. After
reboot, I ran another Quick Scan. The last two problems were found and
quarantined. Finally, I ran a Deep Scan and no threats remained.

The results were the same on all remaining machines.

I read a post saying that the SpyWare makers were gearing up for this attack
and I thank the Microsoft AntiSpyware Team for helping me look like a hero
today.

Good job !!!

HJ

 

[Pop]

There was a post in here the other day asking if anyone has tested
Microsoft's AntiSpyware program.

I have been using the program on my home machine and 5 of my office's
20 machines since it's release. Today a number of users were hit with
massive spyware attacks. 5 machines had MS AntiSpy installed. The
others had only Spybot installed. The machines with Spybot are
updated and scanned frequently so they were pretty much clean prior
to this.

I ran Spybot on the first machine. Spybot locked up while trying to
remove the threats. None were removed. I ran Spybot in Safe Mode and
was able to remove some but not all in the long list of threats,
although they all immediately reinfected the system on reboot. These
were mainly new spyware programs that I have never seen. Virtual
Bouncer and People on Page were the only old, known threats and
Spybot has never been able to remove them before anyway.

It was not easy but after turning off most of the spyware in Task
Manager, I installed MS AntiSpy. After updating it, I went back into
safe mode and ran a Quick Scan. A ton of problems were found (54) and
all but 2 were removed. I chose Remove instead of the recommended
Quarantine on those two. After reboot, I ran another Quick Scan. The
last two problems were found and quarantined. Finally, I ran a Deep
Scan and no threats remained.

The results were the same on all remaining machines.

I read a post saying that the SpyWare makers were gearing up for this
attack and I thank the Microsoft AntiSpyware Team for helping me look
like a hero today.

Good job !!!

HJ

Soooooo, what are thge names of the spyware that MS caught which the others
couldn't?

MS's stuff is BETA: Do you know what that means? And you STILL deleted
rather than quanrantined files? Woof, you're a brave soul, or very sorry by
now.

Pop

 

[Guest]

Pop,

I had too much going on to write it all down. Next time I will try to keep
track of it. Beta or not, it works and risk is part of the job. I'd rather
reimage a machine than spend 5 hours trying to figure out how to safely
remove this garbage. Before the release of this program, I used to spend 80%
of my time dealing with spyware. So far the beta is a 100% in my opinion.

HJ

 

[Wesley Vogel]

Banking Trojan disables MS Anti-Spyware
http://www.theregister.co.uk/2005/02/09/banking_trojan/

[[Troj/BankAsh-A will attempt to disable the beta version of Microsoft
AntiSpyware. The Trojan may also attempt to deny access to a number of
security-related and anti-virus websites.]]

[[Troj/BankAsh-A will attempt to disable or kill the Microsoft AntiSpyware
application. The Trojan will delete the following registry entry, if it
exists: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\gcasServ

The Trojan will also attempt to terminate the following Microsoft
AntiSpyware related processes:

GCASCLEANER GCASDTSERV GCASINSTALLHELPER
GCASNOTICE GCASSERV GCASSERVALERT GCASSWUPDATER
GCIPTOHOSTQUEUE GIANTANTISPYWAREMAIN
GIANTANTISPYWAREUPDATER

Troj/BankAsh-A will try to suppress warning messages that Microsoft
AntiSpyware may display and will delete all files within the folder named
"C:\Program Files\Microsoft AntiSpyware".

Troj/BankAsh-A may attempt to deny access to a number of websites by
modifying the HOSTS file found in the Windows folder or the
"%SYSTEM%\drivers\etc" folder.

Troj/BankAsh-A may download and run updates of itself.

Troj/BankAsh-A will attempt to unregister and delete a DLL named
IEHELPER.DLL from the Windows system folder. ]]
Troj/BankAsh-A
http://www.sophos.com/virusinfo/analyses/trojbankasha.html

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In

 

[Kui Tang]

In case you haven't heard, MS AntiSpyware removed Internet Explorer itself.
Some fools actually had to buy a new computer! Go Firefox! Go Thunderbird!
Go Penguin!

=============================================

 

[Mike Hall \(MS-MVP\)]

Go home..

--
Mike Hall
MVP - Windows Shell/user

 

[Kimberlee]

LOL!
My sentiments exactly.
Thanks for the chuckle, Mike.
~K

 

[Guest]

i run anti spy and it picks up nothing but i run anaother anti sty software
and i get al type of pickups