Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MS Anti-Spyware Spyware Blaster false-flag


  • Please log in to reply
3 replies to this topic

#1 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:05:32 PM

Posted 23 April 2005 - 02:27 AM

MS Anti-Spyware Spyware Blaster false-flag.

siljaline at "Calendar of Updates" posted the following item.


Jordon Russell author of the uninstaller for Spyware Blaster and many other applications, penned this in MSAS Private News.


It has come to my attention that the current signatures for Microsoft
AntiSpyware are claiming the following file contains "NS Keylogger
Personsal Monitor":

File name: Inno Setup
File path: C:Program Files[program name goes here]unins000.exe
Publisher: None
File size: 640957 bytes
File MD5: 7f1f1e05a30a027583ff3406f48a4690

As creator of unins000.exe -- the Inno Setup Uninstaller
(http://www.innosetup.com/), which is bundled with a variety of
applications (e.g. SpywareBlaster) -- I can confirm that this is a FALSE
ALARM. There is NO spyware of any kind in this executable.

You should NOT let AntiSpyware quarantine or remove these files, or you will have trouble uninstalling applications. Just ignore the reports.

I have filed a vendor report, so hopefully this will be corrected soon.

--
Jordan Russell


(Original post at CoU >

http://www.dozleng.com/updates/index.php?showtopic=4793&hl= )

My MSAS detected this false positive this early A.M. and initially I allowed it to be
quarantined. Then I found this post, luckily, and restored the file.

:thumbsup:
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

BC AdBot (Login to Remove)

 


#2 Philip Brampton

Philip Brampton

  • Members
  • 372 posts
  • OFFLINE
  •  
  • Local time:05:32 PM

Posted 23 April 2005 - 03:11 AM

Dear Koan
I read with interest you post on"NS Keylogger"
I came across it yesterday while running a scan.It was quarantined and then removed this Morning.Not the right thing to do,i understand.
I am rather concerned because it says"Trouble uninstalling applications".
Could you advise please?
Thanks.

#3 KoanYorel

KoanYorel

    Bleepin' Conundrum

  • Topic Starter

  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:05:32 PM

Posted 23 April 2005 - 09:58 PM

Probably the simplest course would be to use your XP "System Restore", and reset
your system to before the deletion.

I've not found anything else out about reinstalling this file separately - yet.

sorry,
Koan
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#4 Philip Brampton

Philip Brampton

  • Members
  • 372 posts
  • OFFLINE
  •  
  • Local time:05:32 PM

Posted 24 April 2005 - 01:26 AM

Thanks,that's exactly what i have done.I don't seem to have any problems.
If you are in receipt of any further information,do please let me know.
As a matter of interest the threat is still showing up,despite scanning with the latest definations (5711).
Thanks and Regards.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users