Microsoft AntiSpyware 1.0 Beta!

Not trying to be cynical here, but the comments about it messing up Spybot. Well lets just review the situation here - Microsoft ANTISPYWARE breaks Spybot, which just happens to be an ANTISPYWARE application. Very convenient don't you think?

 

Here are the memory usages on my system using ProcessExplorer.....

Also, I got a definition update today and the FP for searchsquire has been fixed....

 

anyone has ever wonder WHY MS would BUY Giant?
to cover its own spyware

I'm not letting wolf to guard hens house

 

scheduler does not work

 

Could you explain to me how it found this supposed "elevated threat" spyware when I have no DWord value at all for that registry key? I use Spybot and immunize feature.

I would recommend extreme caution in using this software. It destroyed my Conexant V92 PCI modem. I spent 4 hours on the phone with Dell yesterday troubleshooting this. When I installed the software it immediately crashed my XP Pro Del Dimension 8300. I finally got it to work, ran one scan and all it found was the one false positive. I was unable to stop the real time scanner and it also phoned home immediately even though I told it not to do so during installation. I had also said for real time scanner to not run during installation. It ignored this. So, I uninstalled it after having it 20 minutes about. I was appalled when I looked at all of it closely and saw how very deep it hooks into the system. That is dangerous as it just begs for problems.

Immediately upon uninstall, I got first a frozen Process Guard when I tried to open it from the systray. It opened then froze. I had to reboot. Upon reboot, I immediately was greeted with two error boxes having to do with software installation for my dial up modem which said the software was not digitally signed so I should stop it. I clicked cancel and got an error box that said the new hardware had not installed successfully due to the non-digitally signed software. I clicked off of that and up popped the first error box. I hadn't installed any new hardware so these errors were a mystery. I could not get rid of them.

Everything got rapidly worse from this point. Device manager showed the Conexant modem working properly but also showed 70 instances of another modem improperly installed. Dell CD for the modem when inserted, ran a wizard and then announced that I had "illegally" installed a second non Dell approved hardware modem and that it had to be removed immediately before the wizard would do anything further. I hadn't installed any modem ever. I was also seeing "error allocating for PCI device" at every POST.

After, four hours of troubleshooting, the modem is removed as the computer will not boot now with the modem card installed in any slot. Dell is sending me a new modem and a tech will be flying over from Honolulu to install it. Thank goodness I mostly use my external cable modem as the part will be here Tuesday but the Dell tech probably won't be able to fly over for another week as they are kept very busy.

Dell thinks, as do I, that it is almost certain that the uninstalling of the MS antispyware application is what what caused this problem. A friend who is very hardware knowledgeable said he looked at the MS application after I had this problem and says that I am "experiencing the end result of what happens with a badly intergrated ASPI hook and one would think MS would NOT hook anything, but build the progo in via a patch." I am not knowledgeable enough to know how correct this observation may or may not be but I am convinced it was the application uninstallation that caused this mess. My computer was working beautifully up until I installed the software. The Conexant modem had never given any problems before. I tried system restore (the point I made before installing the software and later one a week earlier). Both worked but the problem remained.

So, I suggest extreme caution with this application at this time. Dell said I wasn't even the first to call in with major problems stemming from the MS software.

 

Yep!...I had some glitches last night too. This app froze on the show results screen nearly every time.....It was throwing up boxes about registry changes quite often which I didn't know how to answer......and I had several errors shutting down and rebooting my machine. So this morning I simply Ghosted back from my external HDD thereby getting rid of it without a messy uninstall....That'll teach me for trying beta! It doesn't engender a lot of faith in M$ though, does it?
Buck.

 

I don't know what MS did with this software... Giant did not have these problems. And I use now Counter Spy which also is a Giant clone. No problems there too. Or it must that be that at my pc the automatic update doesn't work. It seems that they are working on that looking at an email that I got from Sunbelt.

 

Hi Mele,

That is the whole issue ... it is only finding and reporting the searchsquire Key, regardless of the Dword Value. If there is no Dword Value set ... something has already removed it. The Dword Value should be 4. I believe both Spybot and Spyware Blaster make this entry ... run them again to re-write the Dword Value, Or you can manually do it.

A value of 4 means searchsquire is set as a restricted zone. A value of 2 indicates it is set as a trusted zone.

Sorry, to hear of your problems with Microsoft Antispy ... I don't run it, and probably never will, I have almost Zero trust for anything M$ does, right or wrong. I do however run Giant and haven't had any issues ... but things seem to have changed with the product after the takeover.

HTH,

Steve

 

And I am sure all of you are using the SPynet feature?
The one that securly links all users of AntiSpyware to each other.
Um which port was that again?

Bruce

 

I hear ya', Bruce. I think I'll just give this thing a miss entirely - especially after having read everything here and in the newsgroup.

I don't need problems and I really don't think it's providing anything that I don't already have anyway. (D/L erased). Pete

 

Ahhh...now I understand. So some nasty removed the value which either Spyware Blaster or Spybot set as 4? Hmmmm...I ran Spybot last night and had trouble getting immunize to take (there were 30+ new ones) but it was finally successful and after reading your post just now, I checked the registry Searchsquire key and Spybot put in a DWord value of 4. I also checked the restricted zone in IE and it is listed there either from Spyware Blaster or Spybot. I seldom use IE (I am a FF fan) so I haven't paid a lot of attention to exactly what Spybot and SWB put in the restricted zone.

Thanks for the help and explanation.

 

AntiSpay has two components:

GIANTAntiSpywareMain.exe 2068 /NA
gcasDtServ.exe 4052 N/A

gcasDtServ.exe is the one that runs in the tray after ending the main module and has to be right clicked to end it. This is the realtime protection component and doesn't like to take no for an answer.

Question for you Giant people, is gcasDtServ.exe from Giant, or is this an add-on by MS?

Regards - Charles

 

It's been there from the start. Don't know if it's been modified by MS, however.

Blue

 

I am trying it. First scan ok.

On the 7th got an update. Second scan it Freeze's here after scanning 22225 files:

Scanning for hidden spyware threats...
Scanning memory: Polymorphic Browser Hijack Scan

On top of the program, on the blue bar, it is marked:

Microsoft antispyware (Beta) (does not answer)

So now what do I do? It can't complete a scan.

XP Pro SP2

Thank's

 

Working great on 2 WinXP machines here. Removed spyware/adware that I could never get removed with other apps on my kids computer. Also discovered 2 spyware apps that was slowing my machine down that were not discovered by Sybot S/D.

 

Although MS Antispyware monitors several registry locations, it fails to monitor several other locations which are also used by spywares to auto-start. Just some examples for those (not covered) locations:

HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute link
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run link
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load link
HKCU\Control Panel\Desktop\scrnsave.exe link
HKCU\Software\Microsoft\Command Processor\AutoRun link

This is not the full list. I also inserted links to reports about the malwares which are using these keys.
-hojtsy-

 

Wow.
Good post Hojtsy. Thanks.
The MJRW team strikes
If knowledgable users are reporting these problems with well tested and reputable antispyware apps, where does it leave the greater public?
M$ takes a potentially great app that was rapidly evolving into an important part of the armament...and breaks it?

Already seeing signs that the M$ antispyware app will pick out competing antispy apps. Any ideas about what M$ might regard as "safe" malware!!

Not to be too paranoid, but, I wonder when it will unhook FF?

 

This OZ has got a point here....

 

LOL
we try and watch our wolves DU.

 

i had a quick look through the thread and didnt see this link posted. it's a test against adaware and spybot.
http://www.flexbeta.net/main/articles.php?action=show&id=84

 

this aussi has got a major point. I wish I never purchased giant. and I am too late to get my refund lol, just since four days I see that my subscription ends in three days and it was ok from the moment I purchased it. I have sent them three emails, none of them are answered.

what do I do? I think at the end need to uninstall the licenced version and install the beta... this is beginning to frustrate me while I'm typing this so I'll stop...and see

cheers

 

If Microsoft ends up (like most believe) and offering this at cost, what an injustice! For Microsoft to sell a tool to notify you that you're infected because of their failure to fix their major exploits, what an irony!!!!

 

Problem with Real Time Protect feature

Would be interested in any comments by Giant users on this.

The problem in a nutshell is that the Real Time protect feature can't be shut down - this seems to be true for most users.

My twist on that is once I intially disabled it, can't turn it back on - admittedly haven't tried very hard because I have no interest in having it run.

The question basically is if this is the beta or has Giant always had this problem?

The situation is pretty well summed up in the quote below.

http://www.windowsbbs.com/showthread.php?t=39560&page=4&pp=15

This subject starts at Post#50

Regards - Charles

 

It block's in the registry.

Found out why this happen's:

Go to where Microsoft antispyware is located, for me it's in "c:\program files\microsoft antispyware" and look "errors.log". Open it with word pad and it will tell you your problem. For me "not anough memory". Impossible but I close'd many programs of my "startup" then tried "Micosoft AntiSpyware" and it work's like a charm.

 

My error messages are more cryptic.
I can't decipher them
Any help?

Code:

Method '~' of object '~'
failed::gcasDtServ:modData:InitializeFriendlyFilesData::
17/1/05 7:06:17 PM:1.0.501
91::ln 0:Object variable or With block variable not
set::gcasDtServ:FriendlyFiles:ExistsSysData::
17/1/05 7:06:17 PM:1.0.501