MS AntiSpyware Beta Available

[R. McCarty]

Microsoft has posted their AntiSpyware Software
Download at just over 6.0 Megabytes, Available Here:
http://www.microsoft.com/downloads/...a2-6a57-4c57-a8bd-dbf62eda9671&DisplayLang=en

 

[Ramesh [MVP]]

Thanks for posting this information. Just ran a scan in a test system here. SCRRUN.DLL (legit Scripting runtime) is detected as a RAT "Specrem".

--
Specrem
Type: RAT
Threat Level: Severe
Author: Antti Kirjavainen

Description: A Remote Administration Tool (RAT) is a Trojan type of software that when run, provides an attacker with the capability of remotely controlling a user's computer (victim) over the Internet. The attacker usually has full access to functions on the victim's computer. The victim's computer usually listens on the Internet for the attacker's commands.

--

Scrrun.dll - File Properties:

CompanyName: Microsoft Corporation
FileDescription: Microsoft (r) Script Runtime
FileVersion: 5.0.0.3715
InternalName: scrrun.dll
LegalCopyright: Copyright © Microsoft Corp. 1998
OriginalFilename: scrrun.dll
ProductName: Microsoft (r) Script Runtime
ProductVersion: 5.0.0.3715

FYI

--
Ramesh, Microsoft MVP
Windows XP Shell/User
http://windowsxp.mvps.org


Microsoft has posted their AntiSpyware Software
Download at just over 6.0 Megabytes, Available Here:
http://www.microsoft.com/downloads/...a2-6a57-4c57-a8bd-dbf62eda9671&DisplayLang=en

 

[Frank Saunders, MS-MVP]

Thanks for posting this information. Just ran a scan in a test system
here. SCRRUN.DLL (legit Scripting runtime) is detected as a RAT
"Specrem".

--
Specrem
Type: RAT
Threat Level: Severe
Author: Antti Kirjavainen

Description: A Remote Administration Tool (RAT) is a Trojan type of
software that when run, provides an attacker with the capability of
remotely controlling a user's computer (victim) over the Internet.
The attacker usually has full access to functions on the victim's
computer. The victim's computer usually listens on the Internet for
the attacker's commands.

--

Scrrun.dll - File Properties:

CompanyName: Microsoft Corporation
FileDescription: Microsoft (r) Script Runtime
FileVersion: 5.0.0.3715
InternalName: scrrun.dll
LegalCopyright: Copyright © Microsoft Corp. 1998
OriginalFilename: scrrun.dll
ProductName: Microsoft (r) Script Runtime
ProductVersion: 5.0.0.3715

FYI

It didn't do that on my machine, although I have version 5.6.0.8820

--
Frank Saunders, MS-MVP, IE/OE
Please respond in Newsgroup only. Do not send email
http://www.fjsmjs.com
Protect your PC
http://www.microsoft.com./athome/security/protect/default.aspx

 

[Joel Rubin]

Microsoft has posted their AntiSpyware Software
Download at just over 6.0 Megabytes, Available Here:
http://www.microsoft.com/downloads/...a2-6a57-4c57-a8bd-dbf62eda9671&DisplayLang=en

Well, the one program it really screamed about on my computer is
WinPCap.

http://winpcap.polito.it/

It's an open source port (free download of the source code, but, alas,
no free download of the ability to read a complicated "C" program) of
Unix PCap, the packet capture library. If it's spyware, I'm the one
doing the spying and my spying on my own computer is my business.

Say someone's web page is Javascript encrypted and, in the middle of
his web page, he calls the WMP stream mms://255.254.253.252/x.asf.

Well, at some point, my computer has to give the commands to get this
stream. And using a companion program to WinPCap, like Analyzer or URL
Snooper, I can see it giving this command.

 

[Joel Rubin]

Microsoft has posted their AntiSpyware Software
Download at just over 6.0 Megabytes, Available Here:
http://www.microsoft.com/downloads/...a2-6a57-4c57-a8bd-dbf62eda9671&DisplayLang=en

How does it compare with other free anti-spyware progies like the free
version of Ad Aware or Spybot Search & Destroy?

 

[David Candy]

Thinks Explorer.exe is spywear. The file it claims is a copy of Explorer.exe and has the same resources in it (string tables, menus) as the real Explorer.exe. It thinks it's something called little witch ftp server. I needed some files to test a For command on and copied the exes from Windows to c:\.

The other hit is something it claims is advertising spywear (I compiled this program myself from MS sample code that I modified - it's a/ deleted and b/ DOES not (or didn't) serve ads - it deleted selected text from web pages.

2 false hits from 2. That is a 100% error rate.

Plus the offensive behaviour of telling me I'm infected. You can only get infected if one is stupid.

 

[David Candy]

It seems really stupid and is just filename matching. Hope MS can get a refund from giant (who I've not ever heard of).

 

[David Elders]

Hardly.

Do you seriously expect MS to be able to correctly detect code that YOU
modified and that YOU compiled? They are many things but mind readers ain't
one of them. The only really stupid people out there are those that think
they're far too clever to get infected... there is no perfect user, no
perfect system set-up, no software that is guaranteed to keep you safe.

Their BETA [remember, that means its in development and they're throwing it
open to CONSTRUCTIVE criticism and feedback?] software is a step forward and
I for one welcome anyone trying to combat spam...

Jog on...


David





"David Candy" <.> wrote in message
Thinks Explorer.exe is spywear. The file it claims is a copy of Explorer.exe
and has the same resources in it (string tables, menus) as the real
Explorer.exe. It thinks it's something called little witch ftp server. I
needed some files to test a For command on and copied the exes from Windows
to c:\.

The other hit is something it claims is advertising spywear (I compiled this
program myself from MS sample code that I modified - it's a/ deleted and b/
DOES not (or didn't) serve ads - it deleted selected text from web pages.

2 false hits from 2. That is a 100% error rate.

Plus the offensive behaviour of telling me I'm infected. You can only get
infected if one is stupid.

 

[David Candy]

Well yes. All programs were compiled by someone. What you suggest is thatr all programs should be flagged as spywear.

--
----------------------------------------------------------
http://www.uscricket.com

Hardly.

Do you seriously expect MS to be able to correctly detect code that YOU
modified and that YOU compiled? They are many things but mind readers ain't
one of them. The only really stupid people out there are those that think
they're far too clever to get infected... there is no perfect user, no
perfect system set-up, no software that is guaranteed to keep you safe.

Their BETA [remember, that means its in development and they're throwing it
open to CONSTRUCTIVE criticism and feedback?] software is a step forward and
I for one welcome anyone trying to combat spam...

Jog on...


David





"David Candy" <.> wrote in message
Thinks Explorer.exe is spywear. The file it claims is a copy of Explorer.exe
and has the same resources in it (string tables, menus) as the real
Explorer.exe. It thinks it's something called little witch ftp server. I
needed some files to test a For command on and copied the exes from Windows
to c:\.

The other hit is something it claims is advertising spywear (I compiled this
program myself from MS sample code that I modified - it's a/ deleted and b/
DOES not (or didn't) serve ads - it deleted selected text from web pages.

2 false hits from 2. That is a 100% error rate.

Plus the offensive behaviour of telling me I'm infected. You can only get
infected if one is stupid.
--
----------------------------------------------------------
http://www.uscricket.com

It didn't do that on my machine, although I have version 5.6.0.8820

--
Frank Saunders, MS-MVP, IE/OE
Please respond in Newsgroup only. Do not send email
http://www.fjsmjs.com
Protect your PC
http://www.microsoft.com./athome/security/protect/default.aspx

 

[DILIP]

Bloated piece of junk it turned out to be. Adaware and Spybot have nothing
to be afraid of. Does MS plan on charging for such crap? LOL!