Table of Contents

1. Introduction
2. Installing and Running Microsoft AntiSpyware Beta for the first time
3. How to update Microsoft AntiSpyware Beta
4. How to manage the quarantine
5. How to use the real-time protection
6. How to disable the real-time protection
7. Important information about missing sporder.dll and not being able to connect to the Internet
8. Conclusion

Note: If you have run Microsoft AntiSpyware and are getting error messages about Sporder.dll or you can not connect to the Internet, click on this link:

Important information about not being able to connect to the Internet

Introduction

Recently Microsoft has released a beta version of their AntiSpyware program. This tutorial will cover in detail how to install, configure, and scan your computer using this program in the most effective and efficient manner. As this program is a beta, there are certain aspects of the program that may not work correctly as of yet. As new features are added or changed, this tutorial will be modified to reflect these changes. Please remember that since this program is still in the beta stage of development, you use it at your own risk.

Installing and Running Microsoft AntiSpyware Beta for the first time

Step 1: Download and Install the Microsoft AntiSpyware Beta

To download the free Microsoft AntiSpyware Beta you need to visit their download site. This locate is located at the following link:

Microsoft AntiSpyware Beta

When you click on this site, follow the directions and when you finally see the Download button, click on this button. You will then be presented with a screen similar to Figure 1 below:

Figure 1: Save the program to your computer

You should click on the Save button which will open a screen similar to Figure 2 below.

Figure 2: Save the file to your Desktop

Change the Save in: drop down box to Desktop and press the Save button. The program will now download and be saved on your desktop. When it has completed downloading you will find an icon on your desktop that looks like Figure 3 below.

Figure 3: Microsoft AntiSpyware Desktop Icon

Double-click on this icon to launch the setup of the Microsoft AntiSpyware program. The setup program will now load and you will be presented with a screen similar to Figure 4 below:

Figure 4: Microsoft AntiSpyware Setup welcome screen

At this point you should press the Next button and accept the license agreement. Keep pressing the Next button, accepting all of the defaults, until you reach the following screen.

Figure 5: End of Installation

Place a checkmark in the checkbox labeled Launch Microsoft AntiSpyware and press the Finish button designated by the red box above.

Step 2: Configure Microsoft AntiSpyware using its first-time wizard.

Microsoft AntiSpyware will now load and you will be presented with the setup wizard. The first screen will be similar to Figure 6 below.

Figure 6: Microsoft AntiSpyware Setup Wizard

Press the Next button to reach the next screen. This screen prompts whether or not you want to use the autoupdater. You should leave this at the default selection, Yes, automatically keep Microsoft AntiSpyware updates (recommended), so that your program will know about the latest threats recognized by this software.

You should now press the Next button again. This screen prompts whether or not you want to use the Real-time Security Agent. The real-time security agent will monitor your computer for any threats of spyware or browser hijackings and notify you immediately, similar to how an antivirus software notifies you when you are about to run a virus. You should leave this at the default selection, Yes, help keep me secure (recommended).

Press the Next button and you will be at a screen asking if you would like to join Spynet. Spynet is a service allows you to help provide samples and new information about spyware that Microsoft AntiSpyware does not know how to fix currently. The privacy agreement states that no personal information will be provided without your knowledge, so if you want to take part in this effort to increase the available knowledge of spyware infections leave this set to its default option of Yes, I want to help fight spyware (recommended).

Press the Finish button and you will be presented with the final screen of the setup wizard. This screen is asking if you would like to have the AntiSpyware program run on its own every morning at 2 AM. If you would like to do this, then leave the checkbox checked labeled Run a spyware scan every night at 2 a.m., otherwise uncheck it. You should then click on the Run scan later link.

Step 3: Update the programs definitions and run your first scan

The program will start and you will be presented with the main screen, or Summary Screen, of Microsoft AntiSpyware. This screen will look similar to Figure 7 below.

Figure 7: Microsoft AntiSpyware Summary screen

The section designated by the red box above is the System Summary. This section tells you information such as when the last spyware scan was done, what the last scan found, when a scan is scheduled to go off, whether or not real-time protection is enabled, if the autoupdater is enabled and what the date of the latest spyware definitions are.

The blue box is where you would start a scan of your computer which we will cover in a moment.

The green box allows you to change real-time protection settings on your computer. You should leave these settings at their default settings as that provides you with the most protection.

The yellow box provides some advanced tools such as system setting restorer, a system settings explorer, and a file analyzer. For the most part you will never need to touch these settings and should be avoided.

Before we start a scan for the first time we want to make sure the program has the latest updates. To get these updates click on the File menu and then click on the Check for updates... button. The program will connect to Microsoft's servers and check for new updates. If any are found it will download them and install them.

Now click on the link labeled Spyware scan options. This will bring you to the Spyware scan settings page as shown in Figure 8 below.

Figure 8: Spyware Scan Settings

You should select the option that is labeled Run a full system scan and make sure the following settings are checked:

• Scan memory locations and running processes
• Scan selected drives/folders
• Deep Scan folders (recommended but will increase scan time)

Then click on the Select link to the right of Scan selected drives/folders and a new screen will appear. Select all the hard drives in your machine that you would like to scan for infections. Do not select any cd rom, dvd, flash drives, memory sticks, cameras, or other devices. Select only hard drive partitions. Then press the OK button and you will be back at the settings screen. Put a checkmark in the Save these options checkbox to save these settings for future scans and then click on the Run Scan Now button.

Step 4: Scanning your computer for Spyware and other malware

After you press the Run Scan Now button the program will start scanning your computer for spyware and other malware. This may take a while as it performs an in depth scan so please be patient. When it is done scanning your computer it will present you with a screen similar to Figure 9 below summarizing what was found.

Figure 9: Summary of malware found on your machine

When the scan is completed you will be presented with a list of spyware or other malware that was found by the program. If you want to learn more about a particular item found you can click once on that item and its information will appear in the box on the right. You should then decide if you are going to Quarantine, Remove, or Ignore the file. When you have finished choosing an action, or using the default action, put a checkmark in the checkbox labeled Create restore point, in case something goes wrong with the removal process. Press the Continue button to start the removal process and a confirmation screen about the actions the software is about to take similar to Figure 10 below will appear waiting for input from you.

Figure 10: Confirmation Screen

If you would like to send information about the spyware found on your computer to Microsoft's SpyNet then you can leave the Send to SpyNet checkbox checked, otherwise uncheck it. Then press the Yes button if you would like to continue with the removal of the spyware. When the software has completed removing the spyware you will be back at the Summary screen and you can close the program.

If you have followed this setup completely, the next time you want to run a scan on your computer, you can simply start the program, update it, and then click on the Tools menu and then on Spyware Scan and then Run Scan Now. Then click on the Run Scan Now button to start the scan.

How to update Microsoft AntiSpyware Beta

In order to get the best functionality from the program you should update it right before you do a scan on your computer. To update the program simply start Microsoft AntiSpyware and then click on the File menu and then select Check for Updates. The program will connect to Microsoft's servers and download any updates and definitions that you may not have. Once that is completed any subsequent scans will use the newest spyware definitions.

How to manage the quarantine

When you run a scan and the program finds a file that is considered malware it will give you the option to Remove (delete) it or Quarantine it. If you quarantine the file it will be placed in storage space on your computer so that you can restore it if you wish in the future. Almost 99% of the time you will never want to restore the files and will want to remove these quarantined files so they are no longer on your system.

To enter the quarantine start the program and then click on Tools, then Spyware Scan, then Manage Spyware Quarantine. You will now be presented with a screen similar to Figure 11 below.

Figure 11: Microsoft AntiSpyware Quarantine Screen

To restore an item you would put a checkmark in the checkbox next to the item and then select the Un-quarantine all checked threats. Be aware that if you do this you may re infect yourself. To remove an item from your computer you would put a checkmark in the checkbox next to the item and then select the Permanently remove all checked threats.

How to use the real-time protection

The Microsoft AntiSpyware programs contains real-time protection for your computer similar to how antivirus software works. When it detects a setting is about to be changed or that you are about to run a known spyware program, it will notify you with an alert on your screen similar to Figure 12 below.

Figure 12: Microsoft AntiSpyware alert

If you know the program or want the change to be permitted then you should press the Allow button. If you do not recognize the program or do not want the action to take place press the Block button.

When you receive an alert because of a program or script running it will give you an additional checkbox labeled Remember this action. If you leave this checkbox checked then the program will remember what action you chose and automatically use that action for future occurrences of that script or program. So if you have the Remember this action setting checked, and you decide to block a program from running, then in the future if you decide to run that program again it will still be blocked from running. Setting alerts, on the other hand, do not give you the choice of remembering the setting or not and the program will automatically remember your choice.

There can be cleared with an alert telling you an action was blocked or by opening the main program and clicking on the Real-time Protection button as shown in Figure 13 below.

Figure 13: Real-time Protection button

Once you click on that button you will be presented with the various agents that the real-time protection uses. Click on the agent that corresponds to what you are trying to unblock and then click on the appropriate checkpoint once to select it. On the right you should see the option to Manage allowed/blocked ... . Click on that link and you will be taken into the listings of the Allowed/Blocked actions for that checkpoint. Change the drop down box from Allowed to Blocked and you should see a listing of the blocked action. This same method works for removing items that have been allowed.

Lets use an example so that you can see more clearly how this is done. You downloaded a program from a friend which is a .bat file. When you double-click on it to launch it, Microsoft AntiSpyware comes up with an alert similar to the one shown in Figure 14.

Figure 14: Unknown Script alert

You are concerned so you block it. When you speak to your friend he tells you that the script is fine, and as your trust your friend, you try running it again. Now, though, since you blocked it, Microsoft AntiSpyware does not allow the program to run so you get an error message similar to the one below in Figure 15.

Figure 15: Blocked program alert

To fix this you can simply click on the Manage blocked scripts... option in the alert and check the entry for this program and remove it. Or you can open the main program and click on the Real-time Protection button and then click on the Application Agents option. Since the file you tried to run previously is a .bat file you need to select the checkpoint called Script Blocking. Then left click on Manage allowed/blocked ... and change the drop down box from Allowed Scripts to Blocked Scripts. You should now see a entry for the script you are trying to run. Put a checkmark next to the entry and click on the Remove button to remove the entry. Either method works and now you can run the program.

How to disable the real-time protection

There are times that you may want to disable the real-time protection. One reason is if you are getting help via a HijackThis log analysis the real-time protection may make it difficult to fix certain entries. If you are asked to disable the real-time protection simply right click on the icon that looks like this and click on Security Agents Status (Enabled) and click on Disable Real-time Protection. To re enable it, you follow the same steps but click on Enable Real-time Protection.

Important information about missing sporder.dll and not being able to connect to the Internet.

There have been reported cases of losing Internet access and getting errors about a missing Sporder.dll after running Microsoft AntiSpyware and cleaning certain infections. If you run into this problem you should download the following program.

LSP-Fix Download Link

Save the file and extract it to your desktop. Then double-click on the LSPFix.exe icon on your desktop. When the program loads, click on the Finish button and reboot your computer. You should now be able to connect to the Internet.

If that fix did not work, then you can try this alternate fix . Download the following program:

Winsock2Fix Download Link

Save and extract this file to your desktop. Then double-click on the WinsockFix.exe file found there. When the program launches click on the ReG-Backup button to backup your registry. Then click on the Fix button to fix the corrupted LSP Chain. Reboot your computer and you should now be able to access the Internet.

To fix the sporder.dll you should reinstall the application that is having problems or attempt to replace the file by download it here:

Sporder.dll Download Link

and saving it in your c:\windows\system32 or c:\winnt\system32 directories. There is no guarantee that this will fix your problem and a reinstall of the affected application is your best option.

Conclusion

Now that you know how to effectively and efficiently use the Microsoft AntiSpyware Beta you can clean your computer of spyware that is able to be found by this product. As this is a beta, it must be understood that it is still currently under development so you use it at your own risk. If you need help with the use of this program feel free to ask us in it's dedicated support forum: Microsoft AntiSpyware Forum

Lawrence Abrams
http://www.bleepingcomputer.com
Bleeping Computer Spyware & Malware Removal Series
Source of Original Content, Tutorials, Technical Support and Computer Concepts for the beginning or novice computer user.