New user of MSAS: a few questions to pose

[Pete]

Hi, I've recently downloaded and installed MSAS, since for
a long time I've managed without any antispyware. The last
time I ever used any was about 2 yrs ago, when I gave up on
Adaware because it kept finding 100s of definitions at a
time and I eventually ended up deleting things I shouldn't
have and so corrupted my Registry. I'm therefore terribly
wary of ANY utility that claims to be antispyware. However,
some recent and very regular but unknown input/output
activity from my PC, in the direction of my router, caused
me a rethink and hence I've installed MSAS Beta.

I've fully configured MSAS and run a full scan three times,
rebooting at least once, but MSAS has found absolutely
nothing that it regards as spyware. I accept the point that
MSAS is not designed to find cookies, tracking cookies or
data-mining objects, but I'm still puzzled by the zero
result. Mind you, my last hard disk reformat and complete
reinstall was only about 6 weeks ago, I install only bona
fide applications and utilities, and am very strict with
myself as to the kinds of websites I visit and the links I
click on. I also run a tight ship as regards antivirus
(AVG7) and software firewall (Zone Alarm), and I use
Firefox for 99.9% of the time. My ADSL router also has NAT
firewalling, which keeps out most unwanted inward connections.

Before I installed MSAS, I ran Netstat and it turned up a
couple of suspicious, but blocked,outward attempts. I
haven't got the names of these to hand right at present but
I'll post them here very shortly. The point is that someone
on another forum maintained that those two attempts were
known blacklisted spyware processes. And yet MSAS hasn't
now picked them up. Either they weren't genuine spyware or
perhaps those two processes happen to hide themselves well.

In the meantime, I've a couple of questions to pose:

1) Is anyone on this forum familiar with the popular
antivirus client AVG7, as AVG has been known to
occasionally (and legitimately, it seems) modify one or two
files in Windows' shell area. I notice that MSAS's
background agents will monitor any changes to Windows'
system files, so I'm wondering whether a problem might now
arise with updating AVG. If AVG is stopped from changing a
system file, eg. AVG needs to make a change to protect the
boot area, then maybe AVG will hang. What d'ya think?

2) When configuring MSAS to deep-scan folders and, in MSAS,
I open out all devices and partitions on my PC in order to
check(tick) them, I'm unable to see all of them. This
appears to be a bug in the way that that particular
configuration box is displayed. The area just above where
A: is shown is cut off and I suspect there's a further
checkable box there that I can't get to. Also, the various
partition letters are skewed with respect to their
checkable boxes, so it's difficult to actually know which
ones I'm approving. Does anyone else have this problem? I'm
viewing on a 20" monitor, running at 1600 X 1200, under
Firefox, and with a customised Firefox font.

Watch this posting, as I'll be back shortly with the names
of those two processes that Netstat showed. I'll want your
opinion of them.

 

[Pete]

These are what Netstat picked up. Not processes, more
addresses:

246.70-85-60.reverse.theplanet.com:http TIMEWAIT
lita.questionmarket.com:http TIMEWAIT
homer.nameintel.com:http TIMEWAIT

Are any of these genuine spyware? I don't recognise any of
them, myself.

 

[Bill Sanderson]

1) Is anyone on this forum familiar with the popular
antivirus client AVG7, as AVG has been known to
occasionally (and legitimately, it seems) modify one or two
files in Windows' shell area. I notice that MSAS's
background agents will monitor any changes to Windows'
system files, so I'm wondering whether a problem might now
arise with updating AVG. If AVG is stopped from changing a
system file, eg. AVG needs to make a change to protect the
boot area, then maybe AVG will hang. What d'ya think?

I'm running Microsoft Antispyware on about a dozen machines also running
AVG7, and haven't seen any interactions between them.

2) When configuring MSAS to deep-scan folders and, in MSAS,
I open out all devices and partitions on my PC in order to
check(tick) them, I'm unable to see all of them. This
appears to be a bug in the way that that particular
configuration box is displayed. The area just above where
A: is shown is cut off and I suspect there's a further
checkable box there that I can't get to. Also, the various
partition letters are skewed with respect to their
checkable boxes, so it's difficult to actually know which
ones I'm approving. Does anyone else have this problem? I'm
viewing on a 20" monitor, running at 1600 X 1200, under
Firefox, and with a customised Firefox font.

There are a number of such UI issues--the UI wil change significantly with
beta2. Recheck this issue then, please?

 

[Pete]

Bill,

Am glad to hear that you yourself have not encountered any
problems of compatibility of MSAS with AVG7. Certainly,
when I first installed and updated AVG7, I recall that it
made some changes to the following Win2K system files:

C:\winnt\system32\shell32.dll
C:\winnt\system32\kernel32.dll
C:\winnt\system32\ntoskml.exe
C:\winnt\system32\user32.dll

I know this because AVG tells you what it does when it
updates or scans.

One would think that, if MSAS's 'agents' are left working
in the background and some more changes like this were
performed by AVG, the changes would get flagged by MSAS and
AVG immediately stopped.

As for MSAS's user interface, yes, I sincerely hope
Microsoft will improve it with Beta2.

Any comment on those three Netstat addresses I posted? See
my second posting of this subject.

 

[Bill Sanderson]

I looked at those and don't know enough to say what they really are. I
don't see any reason to believe that they are spyware related, on the
surface.

Did you have any instances of a web browser open at the time?

I am really having trouble crediting your discussion of AVG modifying Window
system files. Such files are protected by System File Protection, and I
can't imagine any reason why an antivirus would modify them anyway--this
just doesn't make sense to me--nor does it match anything I've ever
observed.

--

 

[Pete]

Bill,

Re the system files that I thought AVG had modified, all I
can say is that on the first occasion that I downloaded an
update to AVG7, it specifically zoomed through the system
files first and listed its effects on them. Against the
files I mentioned in my posting, AVG wrote 'Changed'. All
other system files were tagged 'OK'. Whenever I now run an
AVG scan, I still see those files listed as 'changed'. But
perhaps you're right - AVG might not have been responsible
for the 'changes'.