M$ Anti-Spyware results

I'm not really sure what these are - anyone else have them? Pete

 

Jimbob was nice enough to link me to this page: http://securityresponse.symantec.com/avcenter/venc/data/adware.cdt.html - but I'm having a little trouble accepting the fact that the computer's infected with something that's been around since at least Dec. 27, 2004.

With so many of the A/S programs having updated recently (SWB, M$AS, AA, SBS&D), it's kind of hard not to wonder if M$AS is seeing something one of the others did incorrectly and flagging it. Hmm. Pete

 

Snap to the rescue! Seems as though IE-SPYAD2 puts its' entries in that location - probably that's what M$AS is picking up on. I didn't notice that particular thing being stated in Eric's "Side Effects" portion, but that's pretty much GOT to be what's causing it.

Thanks, Snap! Pete

 

Hi spy1,

Restrict Web Sites from Installing Software explains how that key and its subkeys work. Hopefully you will have a value set to "4" for all those sites.

Nick

 

Nick - Yes, they are "4"'s. That pretty much nails that one shut. Thanks. Pete

 

So, its sorted?

 

Yes, Jimbob, it's a false positive from M$AS - I guess due to the fact that that program just checks for the keys themselves (not whether they're a "4" or not, and thus beneficial instead of detrimental).

I wonder how many users will let M$AS quarantine or delete those keys, not realzing what they are (it was a pretty serious alert, language-wise).

Eric - Do you know whether or not placing those keys found by the M$AS scan into "Ignore" will prevent MSAS (or any other program for that matter) from detecting the malicious key should it cross their computer?

THAT could be a problem. Pete

 

"How to Tell the Difference

You can tell the difference between IE-SPYAD (original) and IE-SPYAD2 by opening IE-ADS.REG and inspecting the Registry keys listed. Registry keys that point to HKEY_CURRENT_USER indicate that you're using IE-SPYAD (original). Registry keys pointing to HKEY_LOCAL_MACHINE indicate that you're using IE-SPYAD2."

 

I meant "the thing" about it causing a false positive from M$AS, Bubba. NP.

I'll have to inquire whether there's a way for the various anti-spyware vendors to read the sub-key # - and thus avoid the F/P. Pete

 

How do you submit beta feedback regarding MS Antispy Beta to Microsoft, there seems to be no link from the program itself, unless I'm not looking in the right place.

Jimbob

 

Select Tools\Suspected Spyware Report... to submit feedback.

Regards,
Bubba

 

Or post on the forum

http://communities.microsoft.com/newsgroups/default.asp?ICP=spyware&sLCID=us

In fact this bug in the latest definitions has already been reported there.