same every day

  • Thread starter Thread starter Tim
  • Start date Start date
T

Tim

I'm reacting to someone suggesting that a MSAS scan
doesn't need to be run every day, just perhaps once a
week or so, because of its strong real-time protection.
I scan every day, and get the same 2 hits - Network
Essentials (Broswer Modifier) and IEPlugin (Spyware). I
delete them, yet they are back the next day. Why isn't
the real-time protector preventing this? I've done a
safe-mode scan / deletion to no avail. Any advice?
 
Yup--I think that real-time protection isn't preventing this because it is
already in place.

1) If possible, submit a Tools, suspected spyware report from Microsoft
Antispyware. Detail your experience, including the names of the critters,
and the fact that you tried cleaning in safe mode. Did you also try
scanning with your updated antivirus in safe mode?

2) I'd go for cleaning via HijackThis logs in a specialized forum for this
purpose. One such forum can be found via the set of recommendations at this
link:

http://www.aumha.org/a/quickfix.htm

Go through the protocol, but in the end, I suspect you'll need to download
HijackThis, and run it according to the instructions with the download, and
post logs to the forums there. That's the current best method of cleaning
resistant stuff.

If you are adventurous, you can look into Tools, advanced tools, system
explorers, and block items which seem suspect or are not recognized by
Microsoft Antispyware, particularly in the IE, downkoaded ActiveX, and
startup programs.
 
If you are running XP, boot into Safe Mode and go to
c:\windows\prefetch and delete all the files there. It's
totally safe to delete all the files there, as the legit
one's will get placed there once the legit applications
that store their prefetch code there are launched.

Also, run a scan in Safe Mode just to make certain that
the infection si removed this time.

You might also want to submit a report to MS. Go to
Tools > Suspected Spyware Report... in MSAS.

You can also try to scan with Ad-Aware (download.com).

Alan
 
THanks, Bill - I'll try your suggestions. I understand
about real-time not dealing with something already
present. But does this mean MSAS is not altogether
deleting these when it does find them?
 
Yes it does - in its present Beta ie Beta1. However I`m
sure things will radically improve with Beta2.
 
Hmm - I think I'm missing a message in this thread, but I agree--Microsoft
Antispyware does sometimes indicate something has been successfully removed,
when it has not.

Here's one possible reason, though: Many current malware involve trojan
code on your machine--code which can pull in other code from sources across
the Internet. In this case, there are often multiple bugs involved, and
Microsoft Antispyware may be identifying one or more bugs, but missing the
root problem. And that missed bit may regenerate the original found item.
I'm not at all sure this is an accurate picture of what is happening in your
case, but it may help illustrate the complexities involved.

--
 
Back
Top