After a battle with this trojan and continual reinfections I have come to the conclusion that there is a high probability that this program is the source of my infection.
After considerable anayalis it appears that my recent download of this program my computer became infected with the "Spyware Quake" Trojan.
I have a hardware firewall, the windows xp firewall, and Zone alarm, and avast antivirus, in addition I run at least 4 spyware [malware type progams] and this is the first infection of this type in over 3 years operation.
Interestingly none of my defences detected the obvious infection except Avast which gave warning but did not protect me. all defence programs are auto updated daily or more often.
It was not enough to clean the trojan out and turn "defender" off but the reinfections only stopped when I deleted the downloaded file of "defender".
I have no wish to paint microsoft in a bad light but thought I should alert potential users of the possibility of problems, I did contact the local Microsoft office in an effort to warn them of the possible infection, but regrettably they took the view that they could not have this type of problem, I only hope they are right.

I find this to be very interesting. But I do not think it is at all possible.

How To Remove Spywarequake



Perhaps it is a false positive? And please keep in mind that it is a beta.

What was the precise warning Avast gave you?
While MS might be many things, it is not a spreader of malware; I suspect , without any evidence to the contrary, that what Avast was finding was Defender's definition file.
Secondly, given the close scrutiny of any MS product by many experts, if Defender were spreading the malware, it would certainly have been made public by now.
Repeated infections of SpywareQuake would indicate that the source would reside elsewhere.
Regards,
John

Spyware Quake is related to Trojan-Spy.HTML.Smitfraud which is often downloaded to a computer and installed by another malware program. It is included in a large number of underground web pages, adult sites or pirated software sites. As well as dropping other malware like Smitfraud on the computer, it also installs other malicious applications such as:

Adware Delete
AdwarePunisher
AdwareSheriff
AlfaCleaner
Anti-Virus-Pro
AntiVirus Gold
BraveSentry
Crystalys media
PestTrap
P.S.Guard
PSGuard
Search Maid
Security IGuard
SpyAxe
SpyFalcon
SpySheriff
Spy Demolisher
Spy Trooper
SpywareStrike
SpywareQuake.exe
Spyware-Stop
Video iCodec
Virtual Maid
Winhound

Thank to all for comments made.
I am not anti MS nor do I normally mistrust their sites, quite the contary.
The infections were NOT false positives the computer WAS infected with "spyware Quake" which arrived with "Vcodec".
After cleaning the computer I tested my concerns about "defender" by again downloading "defender" and again it reinfected the computer I have now cleaned all the nasties out and got rid of defender and so far all is well, as an aside I have never had a false positive using Avast [yet].

You probably did not clean out the original infection entirely or clean your system restore and thus reinfected yourself. Having it return after installing Defender appears to be coincidence.

If there were a problem with Defender doing as you say, it would have been reported throughout the whole Internet Security community and this is not the case.

Are you running Windows Firewall at the same time as your other software firewall (Zone Alarm)? Is this a good practice?

I think you will find that Avast HAS rendered false positives. Go to their forum & do some reading. I have experienced at least one myself. Moderators on the Avast4 Home forum have confirmed false positives I have read threads about. Avast is known to detect Panda On-Line Active Scan unencrypted definitions as Win32CTX, for example. I also read daily on the MS Windows Defender news group and have heard nobody claim it downloads with SpywareQuake. Suspect you got this infection elsewhere and timing with WD download/installation was coincidence, as other poster suggested. Did you upload the file to Jotti or Virus Total to be certain it was an infection & not a false positive? FYI, any anti-virus or anti-spyware software is capable of rendering false positives.

Like Morphyus pointed out, are you running ZA Firewall and Windows Firewall at the same time? If so, this is NOT a good practice. Running two firewalls will not give you more protection but instead possibly weaken your defenses and hog up more system resources than necessary. Also, like many of the malware experts have said here, Windows Defender is probably not the source of your malware infection, but rather a triggering to a hidden infection. Maybe I'm not making much sense at the moment so let me try to put this in simpler terms. Windows Defender is a valid anti-malware tool that is in BETA. BETA means that a program is in testing mode and will probably have bugs and errors that come along with it. Thousands... Millions of computer users probably have tried Windows Defender (I certainly have), and many of us can tell you that windows defender will not infect you with malware. Now as for the part I mentioned about Windows Defender triggering hidden malware. It is possible (and highly probable) that your infection is not gone (you should follow the advice, links, etc. that some of the helpers have already given you to remove your infection). Since your infection is still concealed somewhere from the anti-malware programs on your computer, it could continue to do its work in a stealth-mode like method. When Windows Defender is installed, the malware might kick up in order to prevent a potential risk to it from installing and running. Another good point brought up by buttoni in regards to Avast, Avast isn't the best anti-virus program in the world and does display a bevy of false positives, so its warnings about Windows Defender could indeed be false positives.

Well, that's not exactly the impression I meant to leave regarding Avast. I think it IS a very good anti-virus program. An occasional FP is not a "bevy" of them. I think it is a testimonial to Avast that it is the only one of his defense programs that detected the infection he seems to still have. Avast, in fact many other AV programs can (and DO) occasionally read on board/on-demand scanner virus signatures as infections. Avast definitely doesn't like anything Panda related. Pandaware ought to consider encrypting their virus definitions! So my conclusion is that this is a Panda weakness, not an Avast weakness.

To the original poster, I also have been running Windows Defender for two months and do not have Spywarequake infection, so I agree with other posters here that WinDefender does NOT install with this infection. You're gonna need to dig deeper to find where it's hiding/reinstalling itself.

Oh, and I forgot to mention to OP that I also run Avast 4.7 along with Defender & am not getting any Spywarequake warnings. Yours is not a false positive, most likely. Perhaps more indication you really have some remnant of the infection still hiding on your system, but I doubt the Defender download was the source.

I also seem to have gotten systemdoctor from windefender. I am not positive that that is where it came from but It only started when I messed with defender. I currently use windows live one care and the prevx I downloaded from advice on this forum seems to be kicking it's azz.

Try saving and scanning before installing. I doubt that defender will be the offender.

From the looks of it, we're not going to be able cure all your malware problems in an efficient time spam at this rate (plus this essentially has turned into a topic that belongs in the Am I Infected Board?) ; so, I'm advising you to use HJT (HiJackThis) and then posting it for a professional diagnostics.

Read the: Preparation Guide For Using HJT

Windows Defender is a great program... but since it came from M$, we can't expect much.

Why is everyone quick to knock microsoft? ok no company is perfect, but let's face it..... without microsoft we'd all be pretty bored right now!
People go on about how other OS are better...... but who really started it all?
If microsoft was that bad, why are they still going? We all like to knock someone who does well in life, but just sometimes we have to say that they have been a big help as well.
Ok, i don't like there browser because i like the extensions i can add to 'Firefox'. but that doesn't mean that i never use it.
I've worked up from w95. w98. and now xp, and when vista is up and running properly i'll probably go over to that. So.... without Ms, i'd have nothing to do!

I must agree... if you feel so strongly against Microsoft have fun with a Mac OS and stop complaining about Microsoft's terrible security and how terrible it is. Sure Microsoft has some major issues (WGA better get changed otherwise I'll be one of the people storming Redmond), but it has so many more features than other Operating Systems have (at least in my opinion). I've never been a Mac fan... I hate them, they hate me; it's a mutual thing.

Also, was stated earlier that you can pick that particular "infection'" up by downloading porn, large graphic wallpapers, and visiting underground warez forums. This alone is a very big risk!!!! The sites that you connect too will always have some guru there that is not there for helpful reasons but to cause havoc. Meaning, they can see you, where you are, and even gain access to your system if you are not careful. Many users of these type forums are hidden behind a string of linked anonymous IP's and can also use FTP's to get you there shared files. I am only saying that you must expect that nothing and I do mean NOTHING is guaranteed as SAFE in the IT world. We are the ones helping to make everyone else safe by sharing our knowledge with each other and everyone that wants it. Not to mention the word "BETA" means guinea pig to me. We are the one's that volunteer with some risks to share and test these products and lend feedback so that they can make their product effecient. So it is not just Microsoft, it is any company that puts out a beta version. If you download any bootlegged copies of any thing or use any patches or store any of these zipped files on your computer this can also be where some of these files are stored. It could have piggy-backed it self on another file that was piggy-backed on another file. The only other thing that I can think of is that the program may have a vulnerability in it that we all may not have discovered yet but that it what testing a beta is all about....finding out how deep the rabbit hole goes.

PS: In addition to not using two or three firewalls...you really only need one good antivirus and one good antispyware program running in real-time. Just aggressively confiure them to a higher security level. I use Ewido 4.0, NOD32 2.5, ZoneAlaram Pro and it has its on built in antispyware. Most really don't know how to configure there firewall and antivirus. Good Luck!!!!

Using two or three firewalls? That would be a dubious mistake. You should NOT use more than 1 firewall at any given time for any reason. Using multiple firewalls will cause in PC performance loss and could actually make you more vulnerable as opposed to safer.

Elendil, I think you misread the phrase...the phrase read, " In addition to NOT using two or three firewalls..." You should never use more than one.

Would you please post the link you used to download Defender? I do not think I am speaking out of turn when I say we would like to see for our selfs. If for no other reason than to steer members away from the site. I personally would like to verify you findings. Have you contacted MicroSoft?

I agree with acklan -

what site was that copy of MS Defender downloaded from?

I have downloaded numerous copies of MS Defender, and have not experienced this anomaly.

When did all of this happen? Since around Januay '06 I have downloaded and installed Windows Defenter (beta 2) several times and have not had any problems with the "Spyware Quake" Trojan. Pretty wierd that it stopped when you took it off though.