Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Microsoft Anti-Spyware 1st Scan


  • Please log in to reply
10 replies to this topic

#1 Pandy

Pandy

    Bleepin'


  • Members
  • 9,559 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:01 PM

Posted 18 January 2005 - 12:04 PM

Just thought I would share this bit of info.. I have run my first scan with Microsoft's new Beta. Um.. :woot: I am a bit stunned to see what it found. the list goes like this..

1. Incredifind ~ classified as adware and I will remove that one. Rated High.
2. KaZZa (ad-ware bundler). I would remove this too. Rated Moderate
3. Ok.. this one is a complete surprise..
VX2 transponder(browser plug-in). :inlove: Rated Severe.
4. iLookup(browser hijacker) rated Severe
5. NewDotNet (browser plug-in) Rates high
6. PowerReg Scheduler(spyware) rated moderate.. I think this one has some legitimate
programs running in it. It lists HjT and something on my son's desktop.
7. Ezula.TopText(adware) Rated High
8.WhenU.SaveNow(adware) Rated High
9. AltNet P2P Networking(adware) Rated Elevated
10. FunWebProducts... yeah it's a blast.. (adware) Rated Elevated
11. CoolWebSearch.StartPage(browser Hijacker)Rated severe of course.. this is located
in IE of course. :flowers: :(
12. SeachSquire(adware) rated elevated
13. MywaySearchBar(browser plug-in) adware rated moderate
14. IST SlotchBar (toolbar) Rated High
15. ActualNames (browser hijacker) rated elevated.

How did all this get here? I am stunned. Here I though I was doing well staying on top of things and I find this stuff. I am just a bit blind-sided.. specially by that VX2.. where the bleeping bleep did that come from??
Like I said... just thought I would share. :cool: :trumpet:
I have every sort of tool you can imagine.. Ad-aware SE.. Spy-bot..Spyware blaster.. AVG... A squared.. And I am STILL .. STILL infected? I just do not know.

:huh: :) :) :thumbsup:

Do not anticipate trouble, or worry about what may never happen. Keep in the sunlight.

Hide not your talents. They for use were made. What's a sundial in the shade?

~ Benjamin Franklin

I am a Bleeping Computer fan! Are you?

Facebook

Follow us on Twitter


BC AdBot (Login to Remove)

 


#2 Philip Brampton

Philip Brampton

  • Members
  • 372 posts
  • OFFLINE
  •  
  • Local time:01:01 PM

Posted 18 January 2005 - 12:14 PM

Pandy.
I am shocked.However did you acquire that rubbish.Please keep us informed.
Thanks.
Philip

#3 jgweed

jgweed

  • Members
  • 28,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, Il.
  • Local time:12:01 PM

Posted 18 January 2005 - 12:23 PM

No matter how carefull you are, Pandy, these things have a way of creeping in. Maybe you should post a HijackThisLog.
Regards,
John
Whereof one cannot speak, thereof one should be silent.

#4 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:11:01 AM

Posted 18 January 2005 - 12:27 PM

Whatever you do, do not allow MSAS to remove anything that has to do with NewDotNet, or you will lose your Internet connection. Remove it from the add/remove panel. :flowers:

EDIT: Also, do you have your browser security settings turned up? Although MSAS does not yet deal with cookies, some of those are probably just registry entries. Crank up your browser settings. :thumbsup:

Edited by groovicus, 18 January 2005 - 12:30 PM.


#5 Pandy

Pandy

    Bleepin'

  • Topic Starter

  • Members
  • 9,559 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:01 PM

Posted 18 January 2005 - 12:52 PM

Thanks guys.. hehe I knew there was a reason I should be scared to let MSAS fix anything yet. Thanks for the heads up there Groovicus. HjT Log, John? Nothing shows I all ready looked at it. I think this is weird lol.

Do not anticipate trouble, or worry about what may never happen. Keep in the sunlight.

Hide not your talents. They for use were made. What's a sundial in the shade?

~ Benjamin Franklin

I am a Bleeping Computer fan! Are you?

Facebook

Follow us on Twitter


#6 Pandy

Pandy

    Bleepin'

  • Topic Starter

  • Members
  • 9,559 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:01 PM

Posted 18 January 2005 - 01:24 PM

I was in the middle of posting this when I got that error message again.. too many connections... just thought I'd mention lol

I had MSAS remove everything except the NewDotNet and PowerReg scheduler. NewDotNet does not show up in Add/Remove programs. But it has shown up the second scan, which is going right now. LOL..

I wondered if something was wrong tho because when I log onto my desktop.. I see a flash of dialogue boxes.. they disappear and I do not get to see what they are. There must be 4 of them there. Hm.. I am afraid to reboot tho. LOL

Do not anticipate trouble, or worry about what may never happen. Keep in the sunlight.

Hide not your talents. They for use were made. What's a sundial in the shade?

~ Benjamin Franklin

I am a Bleeping Computer fan! Are you?

Facebook

Follow us on Twitter


#7 Pandy

Pandy

    Bleepin'

  • Topic Starter

  • Members
  • 9,559 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:01 PM

Posted 26 January 2005 - 12:38 PM

What a pain the Bleep here. OK I have gotten out most everything that was listed in my first post. I was surprised to see it take out the VX2.. I didn't think it would be able to.. either it did or it was a false positive. I am confused about that actually. My problem now is Newdotnet. I can't get it out. Now it is hiding in the System Volume information. I cant use add/remove to get it out because Newdotnet is not listed there. I am reluctant to let MSAS remove it because I am worried about losing my internet.. going by what Groovicus says up there. lol I guess I just have to sift out the file from the volume info. *groan* I know I will try and search for the file.

Do not anticipate trouble, or worry about what may never happen. Keep in the sunlight.

Hide not your talents. They for use were made. What's a sundial in the shade?

~ Benjamin Franklin

I am a Bleeping Computer fan! Are you?

Facebook

Follow us on Twitter


#8 Ronbo

Ronbo

  • Members
  • 333 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Directly above the center of the Earth
  • Local time:12:01 PM

Posted 26 January 2005 - 03:51 PM

Pandy, seeing all that it found on your computer made me wonder if I had anything lurking around that my anti-spyware wasn't finding. So I downloaded it and tried it out. I came up clean except for one registry folder and the file in it. Not trusting in a beta software I checked the registry entry out before having it fix anything. It was one of the registry entries for the internet explorer pre-loaded restricted sites.

Finding one of M$'s own security items as spyware did not impress me in the least. If I would have removed it, "searchsquire" would no longer have been in my restricted sites and I would have been susceptible to it.

Then to top that off, when I went to reboot my computer, I got a BSOD. The first one I have ever had on this computer. Joy oh joy, now I remember why I don't normally try beta software.

I have tried rebooting several times since and everything seems alright now. I just did a backup last night which is the only reason I decided to risk trying M$AS today so I think I will be restoring my drive shortly just to be on the safe side.

I hope you get your situation worked out and I hope it didn't give you any false positives and take out something you need.
There is no justice, there is just us.

#9 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:11:01 AM

Posted 26 January 2005 - 04:24 PM

Pandy,

Have you seen this news item posted by phawgg?
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook

#10 Pandy

Pandy

    Bleepin'

  • Topic Starter

  • Members
  • 9,559 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:01 PM

Posted 26 January 2005 - 04:52 PM

HUmmm... thanks for your replies Ronbo and tg1911. I do not use BitDefender. But I see what you mean. I couldn't believe really I had VX2 on my machine and not know it. hehe As far as it removing anything I needed. I don't think so?? I've had no errors and everything seems to be OK.. my programs and such. Now I guess I will uninstall this M$A$ Beta. I know beta testing can be risky. I have tested betas before. But I think I will pass on this one. And no tg1911 I hadn't seen that post by phawgg. Thanks for the heads up there. This newdotnet tho shows it was installes in October of 2003 tho. I find that to be strange. Can't imagine how it hid there all this time. I guess that every Anti-virus software out there is not perfect. I guess I will just go with the AVG 7.0 for now. Thanks again for the replies.

Do not anticipate trouble, or worry about what may never happen. Keep in the sunlight.

Hide not your talents. They for use were made. What's a sundial in the shade?

~ Benjamin Franklin

I am a Bleeping Computer fan! Are you?

Facebook

Follow us on Twitter


#11 Acadia

Acadia

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Location:SouthCentral PA
  • Local time:01:01 PM

Posted 26 January 2005 - 08:58 PM

How did all this get here? I am stunned. Here I though I was doing well staying on top of things ...Ad-aware SE.. Spy-bot..Spyware blaster.. AVG... A squared..  And I am STILL .. STILL infected? I just do not know.

Ok, first of all, among all the programs that you have mentioned are on your pc, only SpywareBlaster will help keep those nasties off in real time. AdAware, and Spybot, if you have the versions that most of us have, must be brought up and run; they will help you clean up but do nothing to prevent. AVG is an anti-virus so is useless against these guys. Asquared, if you are using the free version, must be brought up and run, does not protect you in real time, plus, it is only an anti-trojan not an anti-spyware program. So, only SpywareBlaster can offer you some protection in real time, but there is simply too much for one program to defend against.

The worst sites to pick up these things are gaming sites and porn sites. Most porn and gaming sites are in the business to download adware and spyware, they are not really into porn and games themselves; games and porn are simply the bait that they use to get you to come. If you go to either one of these type of sites there is almost a 100% probability that you will become infected. A chain is only as strong as its weakest link, and the weakest link in our pc security is our very own surfing habits. Good luck.

Acadia

Edited by Acadia, 26 January 2005 - 09:00 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users