Who is lying?

[Jackie]

MS AntiSpyware reports the system is clean. 2 minutes
later, ran SpyAudit from webroot. It reports 1 trojan, 3
Adware & 12 cookies.

Either webroot is trying to get me to buy Spy Sweeper or
there is a significant deficiency in Microsoft's
AntiSpyware product.

What gives?

 

[Guest]

MS AntiSpyware reports the system is clean. 2 minutes
later, ran SpyAudit from webroot. It reports 1 trojan, 3
Adware & 12 cookies.

Either webroot is trying to get me to buy Spy Sweeper or
there is a significant deficiency in Microsoft's
AntiSpyware product.

What gives?

Microsoft AntiSPYWARE detects SPYWARE, not *trojans*. Cookies aren't
spyware. Adware isn't necessarily spyware (presenting banners in
freeware that you elected to install is adware which may or may phone
home with info regarding your activities). You gave no specifics so
don't expect an equivalent reply.

Did SpyAudit actually tell you on what it triggered when it purportedly
declared that you had these items? If so, did you check if you actually
had them? Perhaps they provide manual eradication instructions which
would delineate what it triggered on and what you need to do to remove
the item. If you don't find any of those items then it was a false
positive.

You really expect just one anti-spyware product to discover all malware
there exists that might infect your computer? Start employing other
anti-malware scanners to keep your system clean: Ad-Aware, Spybot S&D,
MS AntiSpyware, online PestScan, anti-virus program, a firewall with
outbound application rules, and some form of IDS (intrusion detection
system), like WinPatrol, Spybot's TeaTimer, or Prevx Home.

Webroot has their online pest scanner and it has reported 2 infections
that never existed on my system. Nothing of what was described in their
manual eradication instructions was found on my system and scans by
several other products turned up nothing, too. Spy Sweeper has had some
big blunders. It would detect spyware if you had a Finance folder under
your Favorites
(and its "fix" was to delete the folder so you would lose your URL
shortcuts in that folder). It would detect an INF file by its filename
rather than inspect its contents.

 

[Guest]

MS AntiSpyware reports the system is clean. 2 minutes
later, ran SpyAudit from webroot. It reports 1 trojan, 3
Adware & 12 cookies.

Either webroot is trying to get me to buy Spy Sweeper or
there is a significant deficiency in Microsoft's
AntiSpyware product.

What gives?

Microsoft AntiSPYWARE detects SPYWARE, not *trojans*. Cookies aren't
spyware. Adware isn't necessarily spyware (presenting banners in
freeware that you elected to install is adware which may or may phone
home with info regarding your activities). You gave no specifics so
don't expect an equivalent reply.

Did SpyAudit actually tell you on what it triggered when it purportedly
declared that you had these items? If so, did you check if you actually
had them? Perhaps they provide manual eradication instructions which
would delineate what it triggered on and what you need to do to remove
the item. If you don't find any of those items then it was a false
positive.

You really expect just one anti-spyware product to discover all malware
there exists that might infect your computer? Start employing other
anti-malware scanners to keep your system clean: Ad-Aware, Spybot S&D,
MS AntiSpyware, online PestScan, anti-virus program, a firewall with
outbound application rules, and some form of IDS (intrusion detection
system), like WinPatrol, Spybot's TeaTimer, or Prevx Home.

Webroot has their online pest scanner and it has reported 2 infections
that never existed on my system. Nothing of what was described in their
manual eradication instructions was found on my system and scans by
several other products turned up nothing, too. Spy Sweeper has had some
big blunders. It would detect spyware if you had a Finance folder under
your Favorites
(and its "fix" was to delete the folder so you would lose your URL
shortcuts in that folder). It would detect an INF file by its filename
rather than inspect its contents.

 

[Guest]

Wow, there is no malware "catch all" product on the
market? (an idea her for the enterprising folks!)
Thanks for the clarification.

SpyAudit did not list the items triggered the audit
report. It did tell me the trojan is "Trojan-downloader-
hidd" and the Ad ware are CWS-AboutBlank, FreshBar and
Targetclicks Hijack. No manual erradication
description. Any suggestions on how to erradicate?

 

[Ron Chamberlin]

Hi Jackie,

It's a conspiracy here.

Seriously, the BETA product MWAS doesn't search for dataminers or cookies,
so that narrows down the results.
I would be interested in learning what the missed 'trojan' was. MWAS can nab
some, but it's main intent isn't virus activity.


Ron Chamberlin
MS-MVP

 

[Ron Chamberlin]

My heart will go still when there is a need for only one anti malware
catcher/blocker/cleaner.
Until then, those that deal with them need a veritable toolbox to carry
around the tricks of the trade.

I've done a fair amount of testing of the MWAS product on testbunnie
machines in the office, and I find that the MWAS program does a pretty darn
good job of stopping the junk before it gets in and goes haywire in the
machine. Proactive protection is a heckuva lot nicer than having to put on
the gloves and go in after the pests.

Ron Chamberlin
MS-MVP

 

[Jackie]

Ron, webroot reports the trojan as "Trojan-downloader-
hidd" Whatever that means.

I know I have a CoolWebSearch on my box, based on Ad-
aware and, I think, MSAS. I just can't get rid of it,
including using CWShredder. Any suggestions?

-----Original Message-----
Hi Jackie,

It's a conspiracy here.

Seriously, the BETA product MWAS doesn't search for dataminers or cookies,
so that narrows down the results.
I would be interested in learning what the

missed 'trojan' was. MWAS can nab

 

[Bill Sanderson]

You might try about:buster, from this location:

http://www.networktechsupport.com/newsletters/issue2/interview.php
(see the link in the upper left)

 

[Guest]

Not to be too skeptical, but how do I know that I'm not
installing another spyware/trojan horse/virus?

 

[Guest]

Wow, there is no malware "catch all" product on the
market? (an idea her for the enterprising folks!)
Thanks for the clarification.

SpyAudit did not list the items triggered the audit
report. It did tell me the trojan is "Trojan-downloader-
hidd" and the Ad ware are CWS-AboutBlank, FreshBar and
Targetclicks Hijack. No manual erradication
description. Any suggestions on how to erradicate?

According to a post from some else saying that SpySweeper reporting the
"Trojan-downloader-
hidd" infection, he said SpyAudit told him what were the entries on
which it triggered; see
http://forums.thetechguys.com/archive/index.php/t-15056.html. Were
those registry entries, files, or whatever else was reported for the
trojan actually found on your system? You sure SpyAudit said nothing
about WHAT is said was what composed the infection? I could be their
SpySweeper product would tell you but their SpyAudit (and thin ActiveX
client that you download) only alerts to the detection and doesn't give
you any info regarding the infection (which makes a worthless tool).

Get Ad-Aware and Spybot S&D to see if the alert on the same infections.
For CoolWebSearch crap, look at CWShredder (now owned by Intermute).
CWS-AboutBlank is described at
http://cwshredder.net/cwshredder/cwschronicles.html#aboutblank.
Freshbar is described at http://www.doxdesk.com/parasite/FreshBar.html.
You can do the rest of the Google search for the Targetclicks infection.

 

[plun]

Not to be too skeptical, but how do I know that I'm not
installing another spyware/trojan horse/virus?

Hi

About:Buster is a well known tool for about:blank infections

See these wellknown forums:

http://www.merijn.org/forums.html

and this

http://www.aumha.org/a/quickfix.htm

 

[Bill Sanderson]

It's entirely appropriate to be skeptical.

You'll have to do some research, decide who you trust, and take a risk.
That's one of the reasons why I welcome Microsoft's entry into this field,
and why (besides exercising the beta being the purpose of these groups) I
try to accomplish cleaning using Microsoft's product.

Turns out the version available at that location is out of date anyway--

http://www.majorgeeks.com/download4289.html

is perhaps a better reference.

To date, the process of cleaning the fastest moving of these bugs is best
accomplished with some tools which are designed and maintained by the user
community--in this case a 15-year old user.