ms spyware and direcway dw4000

[tom brannan]

After running the spyware and finding that it created more
problems than not, I removed the spyware and then had the
FW/ICS problems. I ran the solutions for that from the
infor in the newsgroups, but thus lost the ability to
connect to the internet from the computer acting as the
gateway. Tried several suggestion and finally as a last
resort uninstalled and reinstalled the Direcway software. I
got back my capabilities imedaletly. I won't use the MS
spyware product as they put a product out on the market
(even if it is beta) that caused so much problems.

 

[John]

Without any details on what was removed, it is hard to say if MSAS caused
your problem for no reason or caused a problem because you were compromised
already. We need to see what you allowed MSAS to remove so that if it is
going to cause DirectWay users problems, MS can fix that. Please run again
and let us know what you find. You would be helping all the other DirectWay
users out there!

 

[Bill Sanderson]

When an item is removed from the Winsock LSP stack, two things need to
happen to get the machine back to the original functionality.

1) The stack needs to be restored to the original default conditions--thats
what got Tom back to where the firewall, etc, were working again, and 2) you
need to reinstall any legitimate applications which have hooked the Winsock
LSP Stack.

This is clearly stated in the Microsoft KB document that we've been citing
most recently in this group, although early on in the beta we were quoting
less formal advice, and might have missed the advice to reinstall
third-party programs.

http://support.microsoft.com/default.aspx?scid=kb;en-us;892350

There's no easy way to describe just what software might need to be
reinstalled after such an event--things that make use of networking--ranging
from VPN clients, to Internet Security applications are what we've heard
of--and now we can add Direcway.

The original item removed could have been a piece of spyware, or it could
have been a false positive--possibly a piece of Direcway's software, in
fact. So your advice that we need to see what was remove is excellent,
although the repair process is the same regardless. If there's a false
positive involved that broke things unnecessarily, that can be fixed.

Additionally, you can bet that this experience is not what Microsoft wants
the users to have with this product, and that they will try to improve on
this if possible.

 

[Bill Sanderson]

Tom - I wrote a long reply to John, all of which is also relevant to you--I
just happened to start writing while reading his reply.

It would be helpful to know what was removed on your machine.

There's a file called cleaner.log in \program files\Microsoft Antispyware\
which logs cleaning operations. What the content of this file might
clarify, and I can't promise that I can interpret it accurately--is whether
what was cleaned was, in fact spyware which hooked the Winsock LSP stack, or
a false positive--perhaps a portion of some other network-related program
which was mistaken for spyware.

If the issue was a false positive, that can get fixed.

In addition, as I mentioned to John--this experience is not what Microsoft
wants folks to have with the product, and I know they will try to improve on
this particular aspect of its operation.

I'm sorry that the process was so tough on your machine, and want to thank
you for spending the time to share the experience and help make the product
better for others.

 

[John]

Sounded like he tried the recommended LSP solutions but he didn't say
specifically. That's why I suggested he take another shot at it and
document his steps this time.

The LSP recommendations are getting lost beyond the standard 300 headers
downloaded in an nntp client or the 20 headers shown on the web page. Too
bad we can't anchor an FAQ to the top so that each person can read what has
been discovered thus far. That would go A LONG WAY toward sorting out the
new problems from the "Holy Cow! Can't you read the Entire Forum first
before you post your repeat???" type of problem we are seeing in all of
these groups.

Suggestion - get an FAQ going where posters can find the answers more
readily since most people are unaccustomed to using find/search in any
productive manner.

Thanks,

John

 

[Mark L. Ferguson]

Yeah, someone should do that :/

 

[John]

Mark,

While your FAQ in your signature is helpful, most people on these ngs are
not going to see that link at all or after they have already wasted a lot of
time for themselves and others. We really need a post that can be pinned to
the top of each ng listing so that every person sees the information that
has been collected thus far. We are really wasting the best benefit of
these ngs by not providing a good central OBVIOUS location for solutions to
be found.

HOWEVER, I guess MS didn't implement these ngs for that but for people to
post what they have found that doesn't work right or at all.

Should probably post a new post with your FAQ link in it at least once a day
in every NG here in the anitspyware section.