 Windows Defender Beta 2 Caution Caution, Possible source of "spyware quake" infection |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.| Important Announcement: We have two terrific contests running on the site that I wanted all our members and guests to know about. The first contest is the HP Magic Giveaway, which is underway as of November 28th. More information can be found at this topic, which will be updated very soon with further information. The second contests, is for the chance to win two Seagate FreeAgent external hard drives. More information about this contest can be found here. These are both amazing contests and I suggest everyone submit an entry for them. - BleepingComputer Management |
  |
 Apr 2 2006, 10:32 PM
Post
#1
|
|
|
New Member  Group: Members Posts: 2 Joined: 2-April 06 Member No.: 62,363  |
After considerable anayalis it appears that my recent download of this program my computer became infected with the "Spyware Quake" Trojan. I have a hardware firewall, the windows xp firewall, and Zone alarm, and avast antivirus, in addition I run at least 4 spyware [malware type progams] and this is the first infection of this type in over 3 years operation. Interestingly none of my defences detected the obvious infection except Avast which gave warning but did not protect me. all defence programs are auto updated daily or more often. It was not enough to clean the trojan out and turn "defender" off but the reinfections only stopped when I deleted the downloaded file of "defender". I have no wish to paint microsoft in a bad light but thought I should alert potential users of the possibility of problems, I did contact the local Microsoft office in an effort to warn them of the possible infection, but regrettably they took the view that they could not have this type of problem, I only hope they are right. This post has been edited by oldun: Apr 2 2006, 10:37 PM |
 |
 
|
|
Apr 4 2006, 10:39 PM
Post
#2
|
|
 Bleeping GloDiva Group: Members Posts: 7,479 Joined: 25-April 04 From: As always I'm beside myself ;) Member No.: 228 |
I find this to be very interesting. But I do not think it is at all possible.
How To Remove Spywarequake QUOTE SpywareQuake is a anti-spyware program that is known to issue fake warnings on your computer in order to manipulate you into buying its full commercial version. The program is generally installed by a Trojan that automatically downloads and installs the program. An image of the program is below: Perhaps it is a false positive? And please keep in mind that it is a beta. This post has been edited by Scarlett: Apr 4 2006, 10:41 PM --------------------  |
|
|
|
|
Apr 5 2006, 12:36 PM
Post
#3
|
|
 Forum Addict Group: Global Moderator Posts: 20,640 Joined: 11-April 04 From: Chicago, Il. Member No.: 113 |
What was the precise warning Avast gave you?
While MS might be many things, it is not a spreader of malware; I suspect , without any evidence to the contrary, that what Avast was finding was Defender's definition file. Secondly, given the close scrutiny of any MS product by many experts, if Defender were spreading the malware, it would certainly have been made public by now. Repeated infections of SpywareQuake would indicate that the source would reside elsewhere. Regards, John -------------------- Whereof one cannot speak, thereof one should be silent.
|
|
|
|
|
Apr 5 2006, 05:45 PM
Post
#4
|
|
 Bleepin' Janitor Group: Global Moderator Posts: 13,506 Joined: 9-July 05 From: Virginia, USA Member No.: 26,513 |
Spyware Quake is related to Trojan-Spy.HTML.Smitfraud which is often downloaded to a computer and installed by another malware program. It is included in a large number of underground web pages, adult sites or pirated software sites. As well as dropping other malware like Smitfraud on the computer, it also installs other malicious applications such as:
Adware Delete AdwarePunisher AdwareSheriff AlfaCleaner Anti-Virus-Pro AntiVirus Gold BraveSentry Crystalys media PestTrap P.S.Guard PSGuard Search Maid Security IGuard SpyAxe SpyFalcon SpySheriff Spy Demolisher Spy Trooper SpywareStrike SpywareQuake.exe Spyware-Stop Video iCodec Virtual Maid Winhound -------------------- "THE BAD GUYS DON'T NEED A SEARCH WARRANT. ARE YOU PROTECTED?"
Microsoft MVP - Windows Security 2007-2008  |
|
|
|
|
Apr 5 2006, 06:04 PM
Post
#5
|
|
|
New Member Group: Members Posts: 2 Joined: 2-April 06 Member No.: 62,363 |
Thank to all for comments made.
I am not anti MS nor do I normally mistrust their sites, quite the contary. The infections were NOT false positives the computer WAS infected with "spyware Quake" which arrived with "Vcodec". After cleaning the computer I tested my concerns about "defender" by again downloading "defender" and again it reinfected the computer I have now cleaned all the nasties out and got rid of defender and so far all is well, as an aside I have never had a false positive using Avast [yet]. This post has been edited by oldun: Apr 5 2006, 06:05 PM |
|
|
|
|
Apr 7 2006, 08:54 AM
Post
#6
|
|
|
Bleepin' Janitor Group: Global Moderator Posts: 13,506 Joined: 9-July 05 From: Virginia, USA Member No.: 26,513 |
You probably did not clean out the original infection entirely or clean your system restore and thus reinfected yourself. Having it return after installing Defender appears to be coincidence.
If there were a problem with Defender doing as you say, it would have been reported throughout the whole Internet Security community and this is not the case. -------------------- "THE BAD GUYS DON'T NEED A SEARCH WARRANT. ARE YOU PROTECTED?"
Microsoft MVP - Windows Security 2007-2008 |
|
|
|
|
Apr 20 2006, 09:50 PM
Post
#7
|
|
 New Member Group: Members Posts: 6 Joined: 16-April 06 Member No.: 64,207 |
Are you running Windows Firewall at the same time as your other software firewall (Zone Alarm)? Is this a good practice?
--------------------  |
|
|
|
|
May 29 2006, 06:46 PM
Post
#8
|
|
 Forum Regular Group: Members Posts: 194 Joined: 20-June 05 From: Central Texas Member No.: 24,183 |
I think you will find that Avast HAS rendered false positives. Go to their forum & do some reading. I have experienced at least one myself. Moderators on the Avast4 Home forum have confirmed false positives I have read threads about. Avast is known to detect Panda On-Line Active Scan unencrypted definitions as Win32CTX, for example. I also read daily on the MS Windows Defender news group and have heard nobody claim it downloads with SpywareQuake. Suspect you got this infection elsewhere and timing with WD download/installation was coincidence, as other poster suggested. Did you upload the file to Jotti or Virus Total to be certain it was an infection & not a false positive? FYI, any anti-virus or anti-spyware software is capable of rendering false positives.
-------------------- Dell Dimension 4700 Desktop; 512 RAM; WinXP-SP3; Firefox 3.0 (IE6 rarely); ATT DSL 2Wire 1800 modem/router; IE-Spyad; MVPS Hosts File; Comodo Firewall 3.0; Avast! Home; SuperAntispyware Pro
|
|
|
|
|
May 31 2006, 10:58 AM
Post
#9
|
|
 Distinguished Member Group: Members Posts: 656 Joined: 1-May 06 From: The US Member No.: 66,290 |
Like Morphyus pointed out, are you running ZA Firewall and Windows Firewall at the same time? If so, this is NOT a good practice. Running two firewalls will not give you more protection but instead possibly weaken your defenses and hog up more system resources than necessary. Also, like many of the malware experts have said here, Windows Defender is probably not the source of your malware infection, but rather a triggering to a hidden infection. Maybe I'm not making much sense at the moment so let me try to put this in simpler terms. Windows Defender is a valid anti-malware tool that is in BETA. BETA means that a program is in testing mode and will probably have bugs and errors that come along with it. Thousands... Millions of computer users probably have tried Windows Defender (I certainly have), and many of us can tell you that windows defender will not infect you with malware. Now as for the part I mentioned about Windows Defender triggering hidden malware. It is possible (and highly probable) that your infection is not gone (you should follow the advice, links, etc. that some of the helpers have already given you to remove your infection). Since your infection is still concealed somewhere from the anti-malware programs on your computer, it could continue to do its work in a stealth-mode like method. When Windows Defender is installed, the malware might kick up in order to prevent a potential risk to it from installing and running. Another good point brought up by buttoni in regards to Avast, Avast isn't the best anti-virus program in the world and does display a bevy of false positives, so its warnings about Windows Defender could indeed be false positives.
-------------------- SSEF 3rd Place Finalist, Broward County Science Fair Grand Award Winner, and 1st Place Finalist in Computer Science.
CBHS Lightning, Alpha Team Member 07-08 Alumni of the CBHS Theta "Animals" 06-07 "When you find yourself arguing with a fool, make sure he's not similarly occupied." |
|
|
|
|
Jun 11 2006, 09:19 AM
Post
#10
|
|
|
Forum Regular Group: Members Posts: 194 Joined: 20-June 05 From: Central Texas Member No.: 24,183 |
QUOTE(Elendil @ May 31 2006, 10:58 AM)  Another good point brought up by buttoni in regards to Avast, Avast isn't the best anti-virus program in the world and does display a bevy of false positives, so its warnings about Windows Defender could indeed be false positives. Well, that's not exactly the impression I meant to leave regarding Avast. I think it IS a very good anti-virus program. An occasional FP is not a "bevy" of them. I think it is a testimonial to Avast that it is the only one of his defense programs that detected the infection he seems to still have. Avast, in fact many other AV programs can (and DO) occasionally read on board/on-demand scanner virus signatures as infections. Avast definitely doesn't like anything Panda related.  Pandaware ought to consider encrypting their virus definitions! So my conclusion is that this is a Panda weakness, not an Avast weakness.To the original poster, I also have been running Windows Defender for two months and do not have Spywarequake infection, so I agree with other posters here that WinDefender does NOT install with this infection. You're gonna need to dig deeper to find where it's hiding/reinstalling itself. This post has been edited by buttoni: Jun 11 2006, 11:47 AM -------------------- Dell Dimension 4700 Desktop; 512 RAM; WinXP-SP3; Firefox 3.0 (IE6 rarely); ATT DSL 2Wire 1800 modem/router; IE-Spyad; MVPS Hosts File; Comodo Firewall 3.0; Avast! Home; SuperAntispyware Pro
|
|
|
|
|
Jun 12 2006, 07:17 AM
Post
#11
|
|
|
Forum Regular Group: Members Posts: 194 Joined: 20-June 05 From: Central Texas Member No.: 24,183 |
Oh, and I forgot to mention to OP that I also run Avast 4.7 along with Defender & am not getting any Spywarequake warnings. Yours is not a false positive, most likely. Perhaps more indication you really have some remnant of the infection still hiding on your system, but I doubt the Defender download was the source.
This post has been edited by buttoni: Jun 12 2006, 07:20 AM -------------------- Dell Dimension 4700 Desktop; 512 RAM; WinXP-SP3; Firefox 3.0 (IE6 rarely); ATT DSL 2Wire 1800 modem/router; IE-Spyad; MVPS Hosts File; Comodo Firewall 3.0; Avast! Home; SuperAntispyware Pro
|
|
|
|
|
Jun 25 2006, 02:47 AM
Post
#12
|
|
|
New Member Group: Members Posts: 1 Joined: 25-June 06 Member No.: 73,392 |
I also seem to have gotten systemdoctor from windefender. I am not positive that that is where it came from but It only started when I messed with defender. I currently use windows live one care and the prevx I downloaded from advice on this forum seems to be kicking it's azz.
|
|
|
|
|
Jun 25 2006, 03:52 AM
Post
#13
|
|
 Forum Regular Group: Members Posts: 337 Joined: 7-April 05 From: Pensacola, Florida Member No.: 16,433 |
Try saving and scanning before installing. I doubt that defender will be the offender.
-------------------- Spike's advice: Backup your data routinely.
|
|
|
|
|
Jun 25 2006, 11:09 AM
Post
#14
|
|
|
Distinguished Member Group: Members Posts: 656 Joined: 1-May 06 From: The US Member No.: 66,290 |
From the looks of it, we're not going to be able cure all your malware problems in an efficient time spam at this rate (plus this essentially has turned into a topic that belongs in the Am I Infected Board?) ; so, I'm advising you to use HJT (HiJackThis) and then posting it for a professional diagnostics.
Read the: Preparation Guide For Using HJT -------------------- SSEF 3rd Place Finalist, Broward County Science Fair Grand Award Winner, and 1st Place Finalist in Computer Science.
CBHS Lightning, Alpha Team Member 07-08 Alumni of the CBHS Theta "Animals" 06-07 "When you find yourself arguing with a fool, make sure he's not similarly occupied." |
|
|
|
|
Jun 25 2006, 04:26 PM
Post
#15
|
|
 Senior Member Group: Members Posts: 418 Joined: 30-December 05 From: Rosemount, MINN. Member No.: 47,493 |
Windows Defender is a great program... but since it came from M$, we can't expect much.
-------------------- Windows XP Media Center Edition 2005 l McAfee Total Protection l Super AntiSpyware Free Edition l AdAware SE Personal l Spyware Blaster l Spyware Guard l Safe Eyes 2007
|
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 2nd December 2008 - 08:24 AM |
© 2003-2008 All Rights Reserved Bleeping Computer LLC.