Noticing Counter Measures

HowardD · Jan 13, 2005

On Jan 10, we ran into our first case of loading MS-
AntiSpy on a PC that already had a downloader installed
on it and the downloader had apparently already updated
itsself to prevent the Real Time Protection from running.

This morning on the 13th, 3 out of 3 PCs we've installed
MSAS on so far are having this same problem. You can
download and install AS fine, even run a scan and it
detects and removes spyware, but after the scan, the
realtime protection was deactivated. Actually, we just
ran into one that prevents the scanning from even
happening.

Ron Kinner · Jan 13, 2005

Did you try running in Safe Mode?

Which downloader was it by the way? If you still have it
and want to get rid of it run HijackThis and SCAN your
system then SAVE LOG and send me the log.

Ron Kinner

rkinner AT att DOT net

or post to the HP forum with Hijack in the subject

http://forums1.itrc.hp.com/service/forums/familyhome.do?
familyId=116

Guest · Jan 13, 2005

Thanks for the offer. I'm familiar with Hijack this and
will be able to get it off eventually. Didn't see
anything suspicous in there. There were the following
processes running: TSA2.exe, TSA.exe and GCCRNR.EXE I
did kill these using MSAS's advanced tools. Not as much
spyware came back after that.

I did run the MSAS in safe mode, along with an update
spybot and adaware in safe mode.

The spyware that kept getting reinstalled was a VX2.eserv
variant and eUniverse.

Kent W. England · Jan 15, 2005

HowardD wrote on 13-Jan-2005 8:23 AM:

On Jan 10, we ran into our first case of loading MS-
AntiSpy on a PC that already had a downloader installed
on it and the downloader had apparently already updated
itsself to prevent the Real Time Protection from running.

This morning on the 13th, 3 out of 3 PCs we've installed
MSAS on so far are having this same problem. You can
download and install AS fine, even run a scan and it
detects and removes spyware, but after the scan, the
realtime protection was deactivated. Actually, we just
ran into one that prevents the scanning from even
happening.

There will always be the possibility of counter-measures, but I expect
this to improve, probably after the beta. Think SP1 when most MS tools
work well for the first time.

That said, if you can remove the infection and then get MSAS installed
and providing real-time protection, you have a good chance of preventing
the infection that was disabling the anti-spyware real-time protection.

Big problem!	6	Feb 13, 2005
no real-time or administrator options listed, can't turn on/off	3	Nov 14, 2007
Claria/Gain/Gator Test	4	Jul 5, 2005
is there a way to be sure your computer doesn't have a virus?	7	May 30, 2011
MSAS never stops scanning	7	May 22, 2005
It doesn't do anything.	2	Jan 7, 2005
Huntbar wants to install-over and over	1	Jan 11, 2005
great product + need more features + questions	1	Feb 5, 2005

Noticing Counter Measures

HowardD

Ron Kinner

Guest

Kent W. England

Ask a Question

Similar Threads