Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Defender Beta 2 Caution Caution


  • Please log in to reply
22 replies to this topic

#1 oldun

oldun

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:38 PM

Posted 02 April 2006 - 10:32 PM

After a battle with this trojan and continual reinfections I have come to the conclusion that there is a high probability that this program is the source of my infection.
After considerable anayalis it appears that my recent download of this program my computer became infected with the "Spyware Quake" Trojan.
I have a hardware firewall, the windows xp firewall, and Zone alarm, and avast antivirus, in addition I run at least 4 spyware [malware type progams] and this is the first infection of this type in over 3 years operation.
Interestingly none of my defences detected the obvious infection except Avast which gave warning but did not protect me. all defence programs are auto updated daily or more often.
It was not enough to clean the trojan out and turn "defender" off but the reinfections only stopped when I deleted the downloaded file of "defender".
I have no wish to paint microsoft in a bad light but thought I should alert potential users of the possibility of problems, I did contact the local Microsoft office in an effort to warn them of the possible infection, but regrettably they took the view that they could not have this type of problem, I only hope they are right.

Edited by oldun, 02 April 2006 - 10:37 PM.


BC AdBot (Login to Remove)

 


#2 Scarlett

Scarlett

    Bleeping Diva


  • Members
  • 7,479 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:As always I'm beside myself ;)
  • Local time:07:38 PM

Posted 04 April 2006 - 10:39 PM

I find this to be very interesting. But I do not think it is at all possible.

How To Remove Spywarequake

SpywareQuake is a anti-spyware program that is known to issue fake warnings on your computer in order to manipulate you into buying its full commercial version. The program is generally installed by a Trojan that automatically downloads and installs the program. An image of the program is below:


Perhaps it is a false positive? And please keep in mind that it is a beta.

Edited by Scarlett, 04 April 2006 - 10:41 PM.

Posted Image

#3 jgweed

jgweed

  • Members
  • 28,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, Il.
  • Local time:07:38 PM

Posted 05 April 2006 - 12:36 PM

What was the precise warning Avast gave you?
While MS might be many things, it is not a spreader of malware; I suspect , without any evidence to the contrary, that what Avast was finding was Defender's definition file.
Secondly, given the close scrutiny of any MS product by many experts, if Defender were spreading the malware, it would certainly have been made public by now.
Repeated infections of SpywareQuake would indicate that the source would reside elsewhere.
Regards,
John
Whereof one cannot speak, thereof one should be silent.

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,734 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:38 PM

Posted 05 April 2006 - 05:45 PM

Spyware Quake is related to Trojan-Spy.HTML.Smitfraud which is often downloaded to a computer and installed by another malware program. It is included in a large number of underground web pages, adult sites or pirated software sites. As well as dropping other malware like Smitfraud on the computer, it also installs other malicious applications such as:

Adware Delete
AdwarePunisher
AdwareSheriff
AlfaCleaner
Anti-Virus-Pro
AntiVirus Gold
BraveSentry
Crystalys media
PestTrap
P.S.Guard
PSGuard
Search Maid
Security IGuard
SpyAxe
SpyFalcon
SpySheriff
Spy Demolisher
Spy Trooper
SpywareStrike
SpywareQuake.exe
Spyware-Stop
Video iCodec
Virtual Maid
Winhound
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 oldun

oldun
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:38 PM

Posted 05 April 2006 - 06:04 PM

Thank to all for comments made.
I am not anti MS nor do I normally mistrust their sites, quite the contary.
The infections were NOT false positives the computer WAS infected with "spyware Quake" which arrived with "Vcodec".
After cleaning the computer I tested my concerns about "defender" by again downloading "defender" and again it reinfected the computer I have now cleaned all the nasties out and got rid of defender and so far all is well, as an aside I have never had a false positive using Avast [yet].

Edited by oldun, 05 April 2006 - 06:05 PM.


#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,734 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:38 PM

Posted 07 April 2006 - 08:54 AM

You probably did not clean out the original infection entirely or clean your system restore and thus reinfected yourself. Having it return after installing Defender appears to be coincidence.

If there were a problem with Defender doing as you say, it would have been reported throughout the whole Internet Security community and this is not the case.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 Morphyus

Morphyus

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:38 PM

Posted 20 April 2006 - 09:50 PM

Are you running Windows Firewall at the same time as your other software firewall (Zone Alarm)? Is this a good practice?

#8 buttoni

buttoni

  • Members
  • 267 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Temple, Texas
  • Local time:07:38 PM

Posted 29 May 2006 - 06:46 PM

I think you will find that Avast HAS rendered false positives. Go to their forum & do some reading. I have experienced at least one myself. Moderators on the Avast4 Home forum have confirmed false positives I have read threads about. Avast is known to detect Panda On-Line Active Scan unencrypted definitions as Win32CTX, for example. I also read daily on the MS Windows Defender news group and have heard nobody claim it downloads with SpywareQuake. Suspect you got this infection elsewhere and timing with WD download/installation was coincidence, as other poster suggested. Did you upload the file to Jotti or Virus Total to be certain it was an infection & not a false positive? FYI, any anti-virus or anti-spyware software is capable of rendering false positives.
HP Pavilion desktop p6270z; 8 GB ram; Win7 Home Premium x64 bit; FX 4.0; DSL 2Wire modem/router; MVPS Hosts; Comodo FW 5.3(D+ & Sandbox enabled); MSSE; MBAM on demand.

#9 Elendil

Elendil

  • Members
  • 660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The US
  • Local time:08:38 PM

Posted 31 May 2006 - 10:58 AM

Like Morphyus pointed out, are you running ZA Firewall and Windows Firewall at the same time? If so, this is NOT a good practice. Running two firewalls will not give you more protection but instead possibly weaken your defenses and hog up more system resources than necessary. Also, like many of the malware experts have said here, Windows Defender is probably not the source of your malware infection, but rather a triggering to a hidden infection. Maybe I'm not making much sense at the moment so let me try to put this in simpler terms. Windows Defender is a valid anti-malware tool that is in BETA. BETA means that a program is in testing mode and will probably have bugs and errors that come along with it. Thousands... Millions of computer users probably have tried Windows Defender (I certainly have), and many of us can tell you that windows defender will not infect you with malware. Now as for the part I mentioned about Windows Defender triggering hidden malware. It is possible (and highly probable) that your infection is not gone (you should follow the advice, links, etc. that some of the helpers have already given you to remove your infection). Since your infection is still concealed somewhere from the anti-malware programs on your computer, it could continue to do its work in a stealth-mode like method. When Windows Defender is installed, the malware might kick up in order to prevent a potential risk to it from installing and running. Another good point brought up by buttoni in regards to Avast, Avast isn't the best anti-virus program in the world and does display a bevy of false positives, so its warnings about Windows Defender could indeed be false positives.
Stanford '14
B.S. Candidate | Computer Science

#10 buttoni

buttoni

  • Members
  • 267 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Temple, Texas
  • Local time:07:38 PM

Posted 11 June 2006 - 09:19 AM

Another good point brought up by buttoni in regards to Avast, Avast isn't the best anti-virus program in the world and does display a bevy of false positives, so its warnings about Windows Defender could indeed be false positives.


Well, that's not exactly the impression I meant to leave regarding Avast. I think it IS a very good anti-virus program. An occasional FP is not a "bevy" of them. I think it is a testimonial to Avast that it is the only one of his defense programs that detected the infection he seems to still have. Avast, in fact many other AV programs can (and DO) occasionally read on board/on-demand scanner virus signatures as infections. Avast definitely doesn't like anything Panda related. :thumbsup: Pandaware ought to consider encrypting their virus definitions! So my conclusion is that this is a Panda weakness, not an Avast weakness.

To the original poster, I also have been running Windows Defender for two months and do not have Spywarequake infection, so I agree with other posters here that WinDefender does NOT install with this infection. You're gonna need to dig deeper to find where it's hiding/reinstalling itself.

Edited by buttoni, 11 June 2006 - 11:47 AM.

HP Pavilion desktop p6270z; 8 GB ram; Win7 Home Premium x64 bit; FX 4.0; DSL 2Wire modem/router; MVPS Hosts; Comodo FW 5.3(D+ & Sandbox enabled); MSSE; MBAM on demand.

#11 buttoni

buttoni

  • Members
  • 267 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Temple, Texas
  • Local time:07:38 PM

Posted 12 June 2006 - 07:17 AM

Oh, and I forgot to mention to OP that I also run Avast 4.7 along with Defender & am not getting any Spywarequake warnings. Yours is not a false positive, most likely. Perhaps more indication you really have some remnant of the infection still hiding on your system, but I doubt the Defender download was the source.

Edited by buttoni, 12 June 2006 - 07:20 AM.

HP Pavilion desktop p6270z; 8 GB ram; Win7 Home Premium x64 bit; FX 4.0; DSL 2Wire modem/router; MVPS Hosts; Comodo FW 5.3(D+ & Sandbox enabled); MSSE; MBAM on demand.

#12 helmeteye

helmeteye

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:38 PM

Posted 25 June 2006 - 02:47 AM

I also seem to have gotten systemdoctor from windefender. I am not positive that that is where it came from but It only started when I messed with defender. I currently use windows live one care and the prevx I downloaded from advice on this forum seems to be kicking it's azz.

#13 gunner

gunner

  • Members
  • 337 posts
  • OFFLINE
  •  
  • Location:Pensacola, Florida
  • Local time:08:38 PM

Posted 25 June 2006 - 03:52 AM

Try saving and scanning before installing. I doubt that defender will be the offender.
Spike's advice: Backup your data routinely.

#14 Elendil

Elendil

  • Members
  • 660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The US
  • Local time:08:38 PM

Posted 25 June 2006 - 11:09 AM

From the looks of it, we're not going to be able cure all your malware problems in an efficient time spam at this rate (plus this essentially has turned into a topic that belongs in the Am I Infected Board?) ; so, I'm advising you to use HJT (HiJackThis) and then posting it for a professional diagnostics.

Read the: Preparation Guide For Using HJT
Stanford '14
B.S. Candidate | Computer Science

#15 Jesse Bassett

Jesse Bassett

  • Members
  • 418 posts
  • OFFLINE
  •  
  • Location:Rosemount, MINN.
  • Local time:07:38 PM

Posted 25 June 2006 - 04:26 PM

Windows Defender is a great program... but since it came from M$, we can't expect much.
Windows XP Media Center Edition 2005 l McAfee Total Protection l Super AntiSpyware Free Edition l AdAware SE Personal l Spyware Blaster l Spyware Guard l Safe Eyes 2007




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users