Microsoft AntiSpyware

[Guest]

Archived from groups: microsoft.public.windowsxp.perform_maintain (More info?)

There was a post in here the other day asking if anyone has tested
Microsoft's AntiSpyware program.

I have been using the program on my home machine and 5 of my office's 20
machines since it's release. Today a number of users were hit with massive
spyware attacks. 5 machines had MS AntiSpy installed. The others had only
Spybot installed. The machines with Spybot are updated and scanned frequently
so they were pretty much clean prior to this.

I ran Spybot on the first machine. Spybot locked up while trying to remove
the threats. None were removed. I ran Spybot in Safe Mode and was able to
remove some but not all in the long list of threats, although they all
immediately reinfected the system on reboot. These were mainly new spyware
programs that I have never seen. Virtual Bouncer and People on Page were the
only old, known threats and Spybot has never been able to remove them before
anyway.

It was not easy but after turning off most of the spyware in Task Manager, I
installed MS AntiSpy. After updating it, I went back into safe mode and ran a
Quick Scan. A ton of problems were found (54) and all but 2 were removed. I
chose Remove instead of the recommended Quarantine on those two. After
reboot, I ran another Quick Scan. The last two problems were found and
quarantined. Finally, I ran a Deep Scan and no threats remained.

The results were the same on all remaining machines.

I read a post saying that the SpyWare makers were gearing up for this attack
and I thank the Microsoft AntiSpyware Team for helping me look like a hero
today.

Good job !!!

HJ

 

[pop]

Archived from groups: microsoft.public.windowsxp.perform_maintain (More info?)

hjomby wrote:
> There was a post in here the other day asking if anyone has tested
> Microsoft's AntiSpyware program.
>
> I have been using the program on my home machine and 5 of my office's
> 20 machines since it's release. Today a number of users were hit with
> massive spyware attacks. 5 machines had MS AntiSpy installed. The
> others had only Spybot installed. The machines with Spybot are
> updated and scanned frequently so they were pretty much clean prior
> to this.
>
> I ran Spybot on the first machine. Spybot locked up while trying to
> remove the threats. None were removed. I ran Spybot in Safe Mode and
> was able to remove some but not all in the long list of threats,
> although they all immediately reinfected the system on reboot. These
> were mainly new spyware programs that I have never seen. Virtual
> Bouncer and People on Page were the only old, known threats and
> Spybot has never been able to remove them before anyway.
>
> It was not easy but after turning off most of the spyware in Task
> Manager, I installed MS AntiSpy. After updating it, I went back into
> safe mode and ran a Quick Scan. A ton of problems were found (54) and
> all but 2 were removed. I chose Remove instead of the recommended
> Quarantine on those two. After reboot, I ran another Quick Scan. The
> last two problems were found and quarantined. Finally, I ran a Deep
> Scan and no threats remained.
>
> The results were the same on all remaining machines.
>
> I read a post saying that the SpyWare makers were gearing up for this
> attack and I thank the Microsoft AntiSpyware Team for helping me look
> like a hero today.
>
> Good job !!!
>
> HJ

Soooooo, what are thge names of the spyware that MS caught which the others
couldn't?

MS's stuff is BETA: Do you know what that means? And you STILL deleted
rather than quanrantined files? Woof, you're a brave soul, or very sorry by
now.

Pop

--
---
No, I won't get dressed.
I'm retired!

 

[Guest]

Archived from groups: microsoft.public.windowsxp.perform_maintain (More info?)

Pop,

I had too much going on to write it all down. Next time I will try to keep
track of it. Beta or not, it works and risk is part of the job. I'd rather
reimage a machine than spend 5 hours trying to figure out how to safely
remove this garbage. Before the release of this program, I used to spend 80%
of my time dealing with spyware. So far the beta is a 100% in my opinion.

HJ

"Pop" wrote:

> hjomby wrote:
> > There was a post in here the other day asking if anyone has tested
> > Microsoft's AntiSpyware program.
> >
> > I have been using the program on my home machine and 5 of my office's
> > 20 machines since it's release. Today a number of users were hit with
> > massive spyware attacks. 5 machines had MS AntiSpy installed. The
> > others had only Spybot installed. The machines with Spybot are
> > updated and scanned frequently so they were pretty much clean prior
> > to this.
> >
> > I ran Spybot on the first machine. Spybot locked up while trying to
> > remove the threats. None were removed. I ran Spybot in Safe Mode and
> > was able to remove some but not all in the long list of threats,
> > although they all immediately reinfected the system on reboot. These
> > were mainly new spyware programs that I have never seen. Virtual
> > Bouncer and People on Page were the only old, known threats and
> > Spybot has never been able to remove them before anyway.
> >
> > It was not easy but after turning off most of the spyware in Task
> > Manager, I installed MS AntiSpy. After updating it, I went back into
> > safe mode and ran a Quick Scan. A ton of problems were found (54) and
> > all but 2 were removed. I chose Remove instead of the recommended
> > Quarantine on those two. After reboot, I ran another Quick Scan. The
> > last two problems were found and quarantined. Finally, I ran a Deep
> > Scan and no threats remained.
> >
> > The results were the same on all remaining machines.
> >
> > I read a post saying that the SpyWare makers were gearing up for this
> > attack and I thank the Microsoft AntiSpyware Team for helping me look
> > like a hero today.
> >
> > Good job !!!
> >
> > HJ
>
> Soooooo, what are thge names of the spyware that MS caught which the others
> couldn't?
>
> MS's stuff is BETA: Do you know what that means? And you STILL deleted
> rather than quanrantined files? Woof, you're a brave soul, or very sorry by
> now.
>
> Pop
>
> --
> ---
> No, I won't get dressed.
> I'm retired!
>
>
>

 

[Guest]

Archived from groups: microsoft.public.windowsxp.perform_maintain (More info?)

Banking Trojan disables MS Anti-Spyware
http://www.theregister.co.uk/2005/02/09/banking_trojan/

[[Troj/BankAsh-A will attempt to disable the beta version of Microsoft
AntiSpyware. The Trojan may also attempt to deny access to a number of
security-related and anti-virus websites.]]

[[Troj/BankAsh-A will attempt to disable or kill the Microsoft AntiSpyware
application. The Trojan will delete the following registry entry, if it
exists: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\gcasServ

The Trojan will also attempt to terminate the following Microsoft
AntiSpyware related processes:

GCASCLEANER GCASDTSERV GCASINSTALLHELPER
GCASNOTICE GCASSERV GCASSERVALERT GCASSWUPDATER
GCIPTOHOSTQUEUE GIANTANTISPYWAREMAIN
GIANTANTISPYWAREUPDATER

Troj/BankAsh-A will try to suppress warning messages that Microsoft
AntiSpyware may display and will delete all files within the folder named
"C:\Program Files\Microsoft AntiSpyware".

Troj/BankAsh-A may attempt to deny access to a number of websites by
modifying the HOSTS file found in the Windows folder or the
"%SYSTEM%\drivers\etc" folder.

Troj/BankAsh-A may download and run updates of itself.

Troj/BankAsh-A will attempt to unregister and delete a DLL named
IEHELPER.DLL from the Windows system folder. ]]
Troj/BankAsh-A
http://www.sophos.com/virusinfo/analyses/trojbankasha.html

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In news:0AFF35CE-B50E-414E-A490-CAA308DBCFCF@microsoft.com,
hjomby <hjomby@discussions.microsoft.com> hunted and pecked:
> There was a post in here the other day asking if anyone has tested
> Microsoft's AntiSpyware program.
>
> I have been using the program on my home machine and 5 of my office's
> 20 machines since it's release. Today a number of users were hit with
> massive spyware attacks. 5 machines had MS AntiSpy installed. The
> others had only Spybot installed. The machines with Spybot are
> updated and scanned frequently so they were pretty much clean prior
> to this.
>
> I ran Spybot on the first machine. Spybot locked up while trying to
> remove the threats. None were removed. I ran Spybot in Safe Mode and
> was able to remove some but not all in the long list of threats,
> although they all immediately reinfected the system on reboot. These
> were mainly new spyware programs that I have never seen. Virtual
> Bouncer and People on Page were the only old, known threats and
> Spybot has never been able to remove them before anyway.
>
> It was not easy but after turning off most of the spyware in Task
> Manager, I installed MS AntiSpy. After updating it, I went back into
> safe mode and ran a Quick Scan. A ton of problems were found (54) and
> all but 2 were removed. I chose Remove instead of the recommended
> Quarantine on those two. After reboot, I ran another Quick Scan. The
> last two problems were found and quarantined. Finally, I ran a Deep
> Scan and no threats remained.
>
> The results were the same on all remaining machines.
>
> I read a post saying that the SpyWare makers were gearing up for this
> attack and I thank the Microsoft AntiSpyware Team for helping me look
> like a hero today.
>
> Good job !!!
>
> HJ

 

[Guest]

Archived from groups: microsoft.public.windowsxp.perform_maintain (More info?)

In case you haven't heard, MS AntiSpyware removed Internet Explorer itself.
Some fools actually had to buy a new computer! Go Firefox! Go Thunderbird!
Go Penguin!

=============================================
"hjomby" <hjomby@discussions.microsoft.com> wrote in message
news:0AFF35CE-B50E-414E-A490-CAA308DBCFCF@microsoft.com...
> There was a post in here the other day asking if anyone has tested
> Microsoft's AntiSpyware program.
>
> I have been using the program on my home machine and 5 of my office's 20
> machines since it's release. Today a number of users were hit with massive
> spyware attacks. 5 machines had MS AntiSpy installed. The others had only
> Spybot installed. The machines with Spybot are updated and scanned
> frequently
> so they were pretty much clean prior to this.
>
> I ran Spybot on the first machine. Spybot locked up while trying to remove
> the threats. None were removed. I ran Spybot in Safe Mode and was able to
> remove some but not all in the long list of threats, although they all
> immediately reinfected the system on reboot. These were mainly new spyware
> programs that I have never seen. Virtual Bouncer and People on Page were
> the
> only old, known threats and Spybot has never been able to remove them
> before
> anyway.
>
> It was not easy but after turning off most of the spyware in Task Manager,
> I
> installed MS AntiSpy. After updating it, I went back into safe mode and
> ran a
> Quick Scan. A ton of problems were found (54) and all but 2 were removed.
> I
> chose Remove instead of the recommended Quarantine on those two. After
> reboot, I ran another Quick Scan. The last two problems were found and
> quarantined. Finally, I ran a Deep Scan and no threats remained.
>
> The results were the same on all remaining machines.
>
> I read a post saying that the SpyWare makers were gearing up for this
> attack
> and I thank the Microsoft AntiSpyware Team for helping me look like a hero
> today.
>
> Good job !!!
>
> HJ

 

[Guest]

Archived from groups: microsoft.public.windowsxp.perform_maintain (More info?)

Go home..

--
Mike Hall
MVP - Windows Shell/user

http://dts-l.org/goodpost.htm





"Kui Tang" <NOSPAM name: hacker72 domain: phreaker.net> wrote in message
news:e$UikN$DFHA.2632@TK2MSFTNGP12.phx.gbl...
> In case you haven't heard, MS AntiSpyware removed Internet Explorer
> itself. Some fools actually had to buy a new computer! Go Firefox! Go
> Thunderbird! Go Penguin!
>
> =============================================
> "hjomby" <hjomby@discussions.microsoft.com> wrote in message
> news:0AFF35CE-B50E-414E-A490-CAA308DBCFCF@microsoft.com...
>> There was a post in here the other day asking if anyone has tested
>> Microsoft's AntiSpyware program.
>>
>> I have been using the program on my home machine and 5 of my office's 20
>> machines since it's release. Today a number of users were hit with
>> massive
>> spyware attacks. 5 machines had MS AntiSpy installed. The others had only
>> Spybot installed. The machines with Spybot are updated and scanned
>> frequently
>> so they were pretty much clean prior to this.
>>
>> I ran Spybot on the first machine. Spybot locked up while trying to
>> remove
>> the threats. None were removed. I ran Spybot in Safe Mode and was able to
>> remove some but not all in the long list of threats, although they all
>> immediately reinfected the system on reboot. These were mainly new
>> spyware
>> programs that I have never seen. Virtual Bouncer and People on Page were
>> the
>> only old, known threats and Spybot has never been able to remove them
>> before
>> anyway.
>>
>> It was not easy but after turning off most of the spyware in Task
>> Manager, I
>> installed MS AntiSpy. After updating it, I went back into safe mode and
>> ran a
>> Quick Scan. A ton of problems were found (54) and all but 2 were removed.
>> I
>> chose Remove instead of the recommended Quarantine on those two. After
>> reboot, I ran another Quick Scan. The last two problems were found and
>> quarantined. Finally, I ran a Deep Scan and no threats remained.
>>
>> The results were the same on all remaining machines.
>>
>> I read a post saying that the SpyWare makers were gearing up for this
>> attack
>> and I thank the Microsoft AntiSpyware Team for helping me look like a
>> hero
>> today.
>>
>> Good job !!!
>>
>> HJ
>
>

 

[Guest]

Archived from groups: microsoft.public.windowsxp.perform_maintain (More info?)

LOL!
My sentiments exactly.
Thanks for the chuckle, Mike.
~K



Mike Hall (MS-MVP) wrote:
> Go home..
>
>
> "Kui Tang" <NOSPAM name: hacker72 domain: phreaker.net> wrote in
> message news:e$UikN$DFHA.2632@TK2MSFTNGP12.phx.gbl...
>> In case you haven't heard, MS AntiSpyware removed Internet Explorer
>> itself. Some fools actually had to buy a new computer! Go Firefox!
>> Go Thunderbird! Go Penguin!
>>
>> =============================================
>> "hjomby" <hjomby@discussions.microsoft.com> wrote in message
>> news:0AFF35CE-B50E-414E-A490-CAA308DBCFCF@microsoft.com...
>>> There was a post in here the other day asking if anyone has tested
>>> Microsoft's AntiSpyware program.
>>>
>>> I have been using the program on my home machine and 5 of my
>>> office's 20 machines since it's release. Today a number of users
>>> were hit with massive
>>> spyware attacks. 5 machines had MS AntiSpy installed. The others
>>> had only Spybot installed. The machines with Spybot are updated and
>>> scanned frequently
>>> so they were pretty much clean prior to this.
>>>
>>> I ran Spybot on the first machine. Spybot locked up while trying to
>>> remove
>>> the threats. None were removed. I ran Spybot in Safe Mode and was
>>> able to remove some but not all in the long list of threats,
>>> although they all immediately reinfected the system on reboot.
>>> These were mainly new spyware
>>> programs that I have never seen. Virtual Bouncer and People on Page
>>> were the
>>> only old, known threats and Spybot has never been able to remove
>>> them before
>>> anyway.
>>>
>>> It was not easy but after turning off most of the spyware in Task
>>> Manager, I
>>> installed MS AntiSpy. After updating it, I went back into safe mode
>>> and ran a
>>> Quick Scan. A ton of problems were found (54) and all but 2 were
>>> removed. I
>>> chose Remove instead of the recommended Quarantine on those two.
>>> After reboot, I ran another Quick Scan. The last two problems were
>>> found and quarantined. Finally, I ran a Deep Scan and no threats
>>> remained. The results were the same on all remaining machines.
>>>
>>> I read a post saying that the SpyWare makers were gearing up for
>>> this attack
>>> and I thank the Microsoft AntiSpyware Team for helping me look like
>>> a hero
>>> today.
>>>
>>> Good job !!!
>>>
>>> HJ

 

[Guest]

Archived from groups: microsoft.public.windowsxp.perform_maintain (More info?)

i run anti spy and it picks up nothing but i run anaother anti sty software
and i get al type of pickups

"hjomby" wrote:

> There was a post in here the other day asking if anyone has tested
> Microsoft's AntiSpyware program.
>
> I have been using the program on my home machine and 5 of my office's 20
> machines since it's release. Today a number of users were hit with massive
> spyware attacks. 5 machines had MS AntiSpy installed. The others had only
> Spybot installed. The machines with Spybot are updated and scanned frequently
> so they were pretty much clean prior to this.
>
> I ran Spybot on the first machine. Spybot locked up while trying to remove
> the threats. None were removed. I ran Spybot in Safe Mode and was able to
> remove some but not all in the long list of threats, although they all
> immediately reinfected the system on reboot. These were mainly new spyware
> programs that I have never seen. Virtual Bouncer and People on Page were the
> only old, known threats and Spybot has never been able to remove them before
> anyway.
>
> It was not easy but after turning off most of the spyware in Task Manager, I
> installed MS AntiSpy. After updating it, I went back into safe mode and ran a
> Quick Scan. A ton of problems were found (54) and all but 2 were removed. I
> chose Remove instead of the recommended Quarantine on those two. After
> reboot, I ran another Quick Scan. The last two problems were found and
> quarantined. Finally, I ran a Deep Scan and no threats remained.
>
> The results were the same on all remaining machines.
>
> I read a post saying that the SpyWare makers were gearing up for this attack
> and I thank the Microsoft AntiSpyware Team for helping me look like a hero
> today.
>
> Good job !!!
>
> HJ