D
D@annyBoy
..LOG
revised version 0.1g
READ THIS FIRST
If your problem is not listed here, post here with the Subject "MSAS FAQ -
Problem"
and try the section Known Bugs & Possible solutions
This will be posted to microsoft.private.security.spyware.general
on a regular basis until MSAS goes into Beta 2
===========================================
Third party applications to protect sytem from spyware
(Use them at your own risk)
Ad-Aware SE Personal version
http://www.lavasoft.de/support/download/
Spybot - Search & Destroy
http://www.safer-networking.org/en/index.html
Spyware Blaster
http://www.javacoolsoftware.com/spywareblaster.html
===========================================
Third party applications to analyse sytem from spyware
(Use them at your own risk)
a2hijackfree
http://www.hijackfree.com/en/
a-squared Free
http://www.emsisoft.com/en/software/free/
HijackThis
http://www.merijn.org/
===========================================
Third party applications to remove temp files
(Use them at your own risk)
CCleaner (Crap Cleaner)
http://www.ccleaner.com/
System Security Suite (3S)
http://www.igorshpak.net/
Index.dat Suite
http://freeware4u.com/modules/mydownloads/singlefile.php?lid=45
===========================================
+++++++++++++++++++++++++++++
DEFINITELY NOT FOR THE FAINT HEARTED
BHODemon
http://www.definitivesolutions.com/
+++++++++++++++++++++++++++++
===========================================
Commerical applications to analyse and protect system from spyware
System Mechanic 5 Professional
http://www.iolo.com/sm/index.cfm
===========================================
==================================================
On-line scans
http://virusscan.jotti.org/
Contributed by Andy Manchesta
http://www.pandasoftware.com/products/activescan/com/activescan_principal.htm
http://www.spywareinfo.com/xscan.php
http://download.zonelabs.com/bin/promotions/spywaredetector/offer5.html
Contributed by Google search
==================================================
(to be reviewed to check suitability of posting)
Welcome to Microsoft Windows AntiSpyware (Beta) Newsgroups
Viewing these Newsgroups with an NNTP Newsreader
Since these are private newsgroups, your server will require you to logon using
the following information:
Server: privatenews.microsoft.com
Account name: privatenews\spyware
Password: spyware
Note that the password is case-sensitive.
This news server contains the following news groups
(Personal comments for review)
microsoft.privat.security.spyware.announcements.
(Testers are advise to refrain from posting to this newsgroup.
This group is for Microsoft to make announcements relating to MSAS.
By posting, testers are doing a dis-service to every tester by cluttering this
newsgroups
with unnecessary posts.)
microsoft.privat.security.spyware.appcompany
(Post Application Compatibility)
microsoft.privat.security.spyware.general
(Post all General questions here)
microsoft.privat.security.spyware.install
(Post problems when encountering errors during and after Install)
microsoft.privat.security.spyware.networking
(post related Networking problems here)
microsoft.privat.security.spyware.onlinecommunity
(What's Online Community? Beats me !!!)
microsoft.privat.security.spyware.signatures
(Post Signatures problems here and check regularly for information on
signatures updates)
==========================================
(Ignore this section pending more investigation) -Quote
Additional applications required before attempts to remove spyware
WinsockXPFix.exe
http://www.iup.edu/house/resnet/winfix.shtm
LSP-Fix
http://www.cexx.org/lspfix.htm
(Ignore this section pending more investigation) -Quote
Read this before using the above
http://support.microsoft.com/kb/892350
==========================================
=========
Known BUGS
=========
Find them here
http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm
http://www.microsoft.com/athome/security/spyware/software/faq.mspx
(MSAS Beta 2 will provide numberous fixes)
no numbers assigned
If the task bar is set to the right or left of your screen,
Alert flies up the screen
(Fix by "Boris" bkortiak@tbsindustries)
Use the Alt-Tab Power Toy.
Alt-Tab to the alert, then Tab to DENY, or ALLOW
# The icon on the taskbar turns Blue when.......................................
# Cookies not included in this beta. Stay tuned for Beta 2.
# Don't run MSAS if you are running Kazza
# Tracks Eraser isn't working in this version
# Icon is missing in the taskbar
# This version expires on: 31-Jul-05
The next version should be out before the expiry date
# Security Bug
Fireup Internet Explorer
Tools | Internet Options | Security tab
select Restricted | click Sites button
enter www.microsoft.com | click Add button
MSAS notification window is a BUG
An internet Explorer Trusted Site Requires Approval
Trusted Sites are web sites that you trust not to damage your computer.
These sites automatically allow Internet Explorer to use lower security and will
be allowed to run scripts, potentially dangerous ones, on your computer.
(contributed by )
=============================================
Steve Dodson has said he wants to hear from folks with
#resistant Istbar infections
and request that posters email with a subject header including ISTBAR to
(e-mail address removed)
=============================================
==========
Common errors
==========
Q. MSAS expiry date error
A. You have the display format for dates set to other than the defaults. Or,
your current date and time are set wrong.
Check the date and time first.
Then go to control panel, Date, Time, Language, and Regional options
Choose Regional and Language options, and click on the Customize button on
the displayed page.
Click on the date tab. Find the short date format and long date format
dropdown controls, and reset each one to the topmost choice.
Q. Freezing when updating definitions.
A. Try Repairing MSAS
Control Panel | Add or Remove Programs
Select Microsoft AntiSpyware
Click here for support information
Click on Repair button
Q. Cannot enable System Explorers in Advanced Tools.
A. This is the current fix for the issue, direct from Microsoft
(and with attests here that it works!)
We believe we have a workaround which is better than
installing the VB6 SP.
Can we have users who experience this problem try the following:
1) Open up a command prompt (start - run - cmd)
2) Type in the following "regsvr32 msvbvm60.dll"
(without the quotes).
3) Close and re-open Windows AntiSpyware
Please let me know if this is working.
Steve Dodson [MSFT]
MCSE, CISSP
PSS Security
Q. If the task bar is set to the right, left or top of your screen, Alert flies
up the screen
A. Use the Alt-Tab Power Toy.
Alt-Tab to the alert, then Tab to DENY, or ALLOW
(Fix by "Boris" bkortiak@tbsindustries)
Q. After you run Microsoft Windows AntiSpyware (Beta), you have network-related
problems, or you receive an error message
A. http://support.microsoft.com/kb/892350
===========
Possible solutions
===========
=================================================
If you have identified a particular program that is demonstrating suspicious
behavior,
you can submit a report to Microsoft directly through Windows AntiSpyware
(Beta):
• In the main menu, click "Tools" and then "Suspected Spyware Report."
• Fill out a description of the problem and click "Create Report."
• After Windows AntiSpyware (Beta) does a scan of your computer, click "Submit
Report."
Restart in Safe Mode, open Microsoft AntiSpyware, on the scan page choose
scan options full system scan (check boxes below) click "Run Scan Now".
Go back to Advanced Tools Browser Restore check "Start Page" and click
"Restore" button at the bottom.
=================================================
=======================================
Get HijackThis.exe from
http://tomcoyote.org/hjt/hjt199//HijackThis.exe
Save it to C:\hjt (new folder) then Run it and select
Scan and Save Log. Note where you saved the log then
send it to me as an attachment. Put Hijack in the subject
so I'll know it's not spam.
Ron Kinner
Microsoft MVP 2004 & 2005
(e-mail address removed)
=======================================
Unable to run *.exe files
http://securityresponse.symantec.co....to.reset.shellopencommand.registry.keys.html
http://tinyurl.com/yrotz
Ron Kinner
Microsoft MVP 2004 & 2005
=================================================
Boot into Safe Mode (F8) at startup;
Empty your temporary files AND your Temporary Internet Files
and Settings\Username\Local Settings\Temporary Internet Files folder ;
Run the scan while in safe mode;
If you are running SP2, open IE---Tools---Manage Add-ons, and uncheck any
BHO's that you don't recognize.
Ron Chamberlin
MS-MVP
=================================================
Try Repairing MSAS
Control Panel | Add or Remove Programs
Select Microsoft AntiSpyware
Click here for support information
Click on Repair button
===========================
11:01 AM 11-May-05
revised version 0.1g
READ THIS FIRST
If your problem is not listed here, post here with the Subject "MSAS FAQ -
Problem"
and try the section Known Bugs & Possible solutions
This will be posted to microsoft.private.security.spyware.general
on a regular basis until MSAS goes into Beta 2
===========================================
Third party applications to protect sytem from spyware
(Use them at your own risk)
Ad-Aware SE Personal version
http://www.lavasoft.de/support/download/
Spybot - Search & Destroy
http://www.safer-networking.org/en/index.html
Spyware Blaster
http://www.javacoolsoftware.com/spywareblaster.html
===========================================
Third party applications to analyse sytem from spyware
(Use them at your own risk)
a2hijackfree
http://www.hijackfree.com/en/
a-squared Free
http://www.emsisoft.com/en/software/free/
HijackThis
http://www.merijn.org/
===========================================
Third party applications to remove temp files
(Use them at your own risk)
CCleaner (Crap Cleaner)
http://www.ccleaner.com/
System Security Suite (3S)
http://www.igorshpak.net/
Index.dat Suite
http://freeware4u.com/modules/mydownloads/singlefile.php?lid=45
===========================================
+++++++++++++++++++++++++++++
DEFINITELY NOT FOR THE FAINT HEARTED
BHODemon
http://www.definitivesolutions.com/
+++++++++++++++++++++++++++++
===========================================
Commerical applications to analyse and protect system from spyware
System Mechanic 5 Professional
http://www.iolo.com/sm/index.cfm
===========================================
==================================================
On-line scans
http://virusscan.jotti.org/
Contributed by Andy Manchesta
http://www.pandasoftware.com/products/activescan/com/activescan_principal.htm
http://www.spywareinfo.com/xscan.php
http://download.zonelabs.com/bin/promotions/spywaredetector/offer5.html
Contributed by Google search
==================================================
(to be reviewed to check suitability of posting)
Welcome to Microsoft Windows AntiSpyware (Beta) Newsgroups
Viewing these Newsgroups with an NNTP Newsreader
Since these are private newsgroups, your server will require you to logon using
the following information:
Server: privatenews.microsoft.com
Account name: privatenews\spyware
Password: spyware
Note that the password is case-sensitive.
This news server contains the following news groups
(Personal comments for review)
microsoft.privat.security.spyware.announcements.
(Testers are advise to refrain from posting to this newsgroup.
This group is for Microsoft to make announcements relating to MSAS.
By posting, testers are doing a dis-service to every tester by cluttering this
newsgroups
with unnecessary posts.)
microsoft.privat.security.spyware.appcompany
(Post Application Compatibility)
microsoft.privat.security.spyware.general
(Post all General questions here)
microsoft.privat.security.spyware.install
(Post problems when encountering errors during and after Install)
microsoft.privat.security.spyware.networking
(post related Networking problems here)
microsoft.privat.security.spyware.onlinecommunity
(What's Online Community? Beats me !!!)
microsoft.privat.security.spyware.signatures
(Post Signatures problems here and check regularly for information on
signatures updates)
==========================================
(Ignore this section pending more investigation) -Quote
Additional applications required before attempts to remove spyware
WinsockXPFix.exe
http://www.iup.edu/house/resnet/winfix.shtm
LSP-Fix
http://www.cexx.org/lspfix.htm
(Ignore this section pending more investigation) -Quote
Read this before using the above
http://support.microsoft.com/kb/892350
==========================================
=========
Known BUGS
=========
Find them here
http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm
http://www.microsoft.com/athome/security/spyware/software/faq.mspx
(MSAS Beta 2 will provide numberous fixes)
no numbers assigned
If the task bar is set to the right or left of your screen,
Alert flies up the screen
(Fix by "Boris" bkortiak@tbsindustries)
Use the Alt-Tab Power Toy.
Alt-Tab to the alert, then Tab to DENY, or ALLOW
# The icon on the taskbar turns Blue when.......................................
# Cookies not included in this beta. Stay tuned for Beta 2.
# Don't run MSAS if you are running Kazza
# Tracks Eraser isn't working in this version
# Icon is missing in the taskbar
# This version expires on: 31-Jul-05
The next version should be out before the expiry date
# Security Bug
Fireup Internet Explorer
Tools | Internet Options | Security tab
select Restricted | click Sites button
enter www.microsoft.com | click Add button
MSAS notification window is a BUG
An internet Explorer Trusted Site Requires Approval
Trusted Sites are web sites that you trust not to damage your computer.
These sites automatically allow Internet Explorer to use lower security and will
be allowed to run scripts, potentially dangerous ones, on your computer.
(contributed by )
=============================================
Steve Dodson has said he wants to hear from folks with
#resistant Istbar infections
and request that posters email with a subject header including ISTBAR to
(e-mail address removed)
=============================================
==========
Common errors
==========
Q. MSAS expiry date error
A. You have the display format for dates set to other than the defaults. Or,
your current date and time are set wrong.
Check the date and time first.
Then go to control panel, Date, Time, Language, and Regional options
Choose Regional and Language options, and click on the Customize button on
the displayed page.
Click on the date tab. Find the short date format and long date format
dropdown controls, and reset each one to the topmost choice.
Q. Freezing when updating definitions.
A. Try Repairing MSAS
Control Panel | Add or Remove Programs
Select Microsoft AntiSpyware
Click here for support information
Click on Repair button
Q. Cannot enable System Explorers in Advanced Tools.
A. This is the current fix for the issue, direct from Microsoft
(and with attests here that it works!)
We believe we have a workaround which is better than
installing the VB6 SP.
Can we have users who experience this problem try the following:
1) Open up a command prompt (start - run - cmd)
2) Type in the following "regsvr32 msvbvm60.dll"
(without the quotes).
3) Close and re-open Windows AntiSpyware
Please let me know if this is working.
Steve Dodson [MSFT]
MCSE, CISSP
PSS Security
Q. If the task bar is set to the right, left or top of your screen, Alert flies
up the screen
A. Use the Alt-Tab Power Toy.
Alt-Tab to the alert, then Tab to DENY, or ALLOW
(Fix by "Boris" bkortiak@tbsindustries)
Q. After you run Microsoft Windows AntiSpyware (Beta), you have network-related
problems, or you receive an error message
A. http://support.microsoft.com/kb/892350
===========
Possible solutions
===========
=================================================
If you have identified a particular program that is demonstrating suspicious
behavior,
you can submit a report to Microsoft directly through Windows AntiSpyware
(Beta):
• In the main menu, click "Tools" and then "Suspected Spyware Report."
• Fill out a description of the problem and click "Create Report."
• After Windows AntiSpyware (Beta) does a scan of your computer, click "Submit
Report."
Restart in Safe Mode, open Microsoft AntiSpyware, on the scan page choose
scan options full system scan (check boxes below) click "Run Scan Now".
Go back to Advanced Tools Browser Restore check "Start Page" and click
"Restore" button at the bottom.
=================================================
=======================================
Get HijackThis.exe from
http://tomcoyote.org/hjt/hjt199//HijackThis.exe
Save it to C:\hjt (new folder) then Run it and select
Scan and Save Log. Note where you saved the log then
send it to me as an attachment. Put Hijack in the subject
so I'll know it's not spam.
Ron Kinner
Microsoft MVP 2004 & 2005
(e-mail address removed)
=======================================
Unable to run *.exe files
http://securityresponse.symantec.co....to.reset.shellopencommand.registry.keys.html
http://tinyurl.com/yrotz
Ron Kinner
Microsoft MVP 2004 & 2005
=================================================
Boot into Safe Mode (F8) at startup;
Empty your temporary files AND your Temporary Internet Files
and Settings\Username\Local Settings\Temporary Internet Files folder ;
Run the scan while in safe mode;
If you are running SP2, open IE---Tools---Manage Add-ons, and uncheck any
BHO's that you don't recognize.
Ron Chamberlin
MS-MVP
=================================================
Try Repairing MSAS
Control Panel | Add or Remove Programs
Select Microsoft AntiSpyware
Click here for support information
Click on Repair button
===========================
11:01 AM 11-May-05