BleepingComputer.com: Windows Defender Beta 2 Caution Caution

After a battle with this trojan and continual reinfections I have come to the conclusion that there is a high probability that this program is the source of my infection.
After considerable anayalis it appears that my recent download of this program my computer became infected with the "Spyware Quake" Trojan.
I have a hardware firewall, the windows xp firewall, and Zone alarm, and avast antivirus, in addition I run at least 4 spyware [malware type progams] and this is the first infection of this type in over 3 years operation.
Interestingly none of my defences detected the obvious infection except Avast which gave warning but did not protect me. all defence programs are auto updated daily or more often.
It was not enough to clean the trojan out and turn "defender" off but the reinfections only stopped when I deleted the downloaded file of "defender".
I have no wish to paint microsoft in a bad light but thought I should alert potential users of the possibility of problems, I did contact the local Microsoft office in an effort to warn them of the possible infection, but regrettably they took the view that they could not have this type of problem, I only hope they are right.

I find this to be very interesting. But I do not think it is at all possible.

How To Remove Spywarequake

Quote

Perhaps it is a false positive? And please keep in mind that it is a beta.

What was the precise warning Avast gave you?
While MS might be many things, it is not a spreader of malware; I suspect , without any evidence to the contrary, that what Avast was finding was Defender's definition file.
Secondly, given the close scrutiny of any MS product by many experts, if Defender were spreading the malware, it would certainly have been made public by now.
Repeated infections of SpywareQuake would indicate that the source would reside elsewhere.
Regards,
John

Spyware Quake is related to Trojan-Spy.HTML.Smitfraud which is often downloaded to a computer and installed by another malware program. It is included in a large number of underground web pages, adult sites or pirated software sites. As well as dropping other malware like Smitfraud on the computer, it also installs other malicious applications such as:

Adware Delete
AdwarePunisher
AdwareSheriff
AlfaCleaner
Anti-Virus-Pro
AntiVirus Gold
BraveSentry
Crystalys media
PestTrap
P.S.Guard
PSGuard
Search Maid
Security IGuard
SpyAxe
SpyFalcon
SpySheriff
Spy Demolisher
Spy Trooper
SpywareStrike
SpywareQuake.exe
Spyware-Stop
Video iCodec
Virtual Maid
Winhound

Thank to all for comments made.
I am not anti MS nor do I normally mistrust their sites, quite the contary.
The infections were NOT false positives the computer WAS infected with "spyware Quake" which arrived with "Vcodec".
After cleaning the computer I tested my concerns about "defender" by again downloading "defender" and again it reinfected the computer I have now cleaned all the nasties out and got rid of defender and so far all is well, as an aside I have never had a false positive using Avast [yet].

You probably did not clean out the original infection entirely or clean your system restore and thus reinfected yourself. Having it return after installing Defender appears to be coincidence.

If there were a problem with Defender doing as you say, it would have been reported throughout the whole Internet Security community and this is not the case.

Are you running Windows Firewall at the same time as your other software firewall (Zone Alarm)? Is this a good practice?

I think you will find that Avast HAS rendered false positives. Go to their forum & do some reading. I have experienced at least one myself. Moderators on the Avast4 Home forum have confirmed false positives I have read threads about. Avast is known to detect Panda On-Line Active Scan unencrypted definitions as Win32CTX, for example. I also read daily on the MS Windows Defender news group and have heard nobody claim it downloads with SpywareQuake. Suspect you got this infection elsewhere and timing with WD download/installation was coincidence, as other poster suggested. Did you upload the file to Jotti or Virus Total to be certain it was an infection & not a false positive? FYI, any anti-virus or anti-spyware software is capable of rendering false positives.

Like Morphyus pointed out, are you running ZA Firewall and Windows Firewall at the same time? If so, this is NOT a good practice. Running two firewalls will not give you more protection but instead possibly weaken your defenses and hog up more system resources than necessary. Also, like many of the malware experts have said here, Windows Defender is probably not the source of your malware infection, but rather a triggering to a hidden infection. Maybe I'm not making much sense at the moment so let me try to put this in simpler terms. Windows Defender is a valid anti-malware tool that is in BETA. BETA means that a program is in testing mode and will probably have bugs and errors that come along with it. Thousands... Millions of computer users probably have tried Windows Defender (I certainly have), and many of us can tell you that windows defender will not infect you with malware. Now as for the part I mentioned about Windows Defender triggering hidden malware. It is possible (and highly probable) that your infection is not gone (you should follow the advice, links, etc. that some of the helpers have already given you to remove your infection). Since your infection is still concealed somewhere from the anti-malware programs on your computer, it could continue to do its work in a stealth-mode like method. When Windows Defender is installed, the malware might kick up in order to prevent a potential risk to it from installing and running. Another good point brought up by buttoni in regards to Avast, Avast isn't the best anti-virus program in the world and does display a bevy of false positives, so its warnings about Windows Defender could indeed be false positives.

Elendil, on May 31 2006, 10:58 AM, said:

Well, that's not exactly the impression I meant to leave regarding Avast. I think it IS a very good anti-virus program. An occasional FP is not a "bevy" of them. I think it is a testimonial to Avast that it is the only one of his defense programs that detected the infection he seems to still have. Avast, in fact many other AV programs can (and DO) occasionally read on board/on-demand scanner virus signatures as infections. Avast definitely doesn't like anything Panda related. Pandaware ought to consider encrypting their virus definitions! So my conclusion is that this is a Panda weakness, not an Avast weakness.

To the original poster, I also have been running Windows Defender for two months and do not have Spywarequake infection, so I agree with other posters here that WinDefender does NOT install with this infection. You're gonna need to dig deeper to find where it's hiding/reinstalling itself.

Oh, and I forgot to mention to OP that I also run Avast 4.7 along with Defender & am not getting any Spywarequake warnings. Yours is not a false positive, most likely. Perhaps more indication you really have some remnant of the infection still hiding on your system, but I doubt the Defender download was the source.

I also seem to have gotten systemdoctor from windefender. I am not positive that that is where it came from but It only started when I messed with defender. I currently use windows live one care and the prevx I downloaded from advice on this forum seems to be kicking it's azz.

Try saving and scanning before installing. I doubt that defender will be the offender.

From the looks of it, we're not going to be able cure all your malware problems in an efficient time spam at this rate (plus this essentially has turned into a topic that belongs in the Am I Infected Board?) ; so, I'm advising you to use HJT (HiJackThis) and then posting it for a professional diagnostics.

Read the: Preparation Guide For Using HJT

Windows Defender is a great program... but since it came from M$, we can't expect much.