M$ Anti-Spyware results

Discussion in 'other anti-malware software' started by spy1, Mar 6, 2005.

Thread Status:
Not open for further replies.
  1. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    I'm not really sure what these are - anyone else have them? Pete
     

    Attached Files:

  2. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Jimbob was nice enough to link me to this page: http://securityresponse.symantec.com/avcenter/venc/data/adware.cdt.html - but I'm having a little trouble accepting the fact that the computer's infected with something that's been around since at least Dec. 27, 2004.

    With so many of the A/S programs having updated recently (SWB, M$AS, AA, SBS&D), it's kind of hard not to wonder if M$AS is seeing something one of the others did incorrectly and flagging it. Hmm. Pete
     
  3. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Snap to the rescue! Seems as though IE-SPYAD2 puts its' entries in that location - probably that's what M$AS is picking up on. I didn't notice that particular thing being stated in Eric's "Side Effects" portion, but that's pretty much GOT to be what's causing it.

    Thanks, Snap! Pete
     
  4. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
  5. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Nick - Yes, they are "4"'s. That pretty much nails that one shut. Thanks. Pete
     
  6. Jimbob1989

    Jimbob1989 Registered Member

    Joined:
    Oct 18, 2004
    Posts:
    2,529
    So, its sorted?
     
  7. peteatwork

    peteatwork Guest

    Yes, Jimbob, it's a false positive from M$AS - I guess due to the fact that that program just checks for the keys themselves (not whether they're a "4" or not, and thus beneficial instead of detrimental).

    I wonder how many users will let M$AS quarantine or delete those keys, not realzing what they are (it was a pretty serious alert, language-wise).

    Eric - Do you know whether or not placing those keys found by the M$AS scan into "Ignore" will prevent MSAS (or any other program for that matter) from detecting the malicious key should it cross their computer?

    THAT could be a problem. Pete
     
  8. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    "How to Tell the Difference

    You can tell the difference between IE-SPYAD (original) and IE-SPYAD2 by opening IE-ADS.REG and inspecting the Registry keys listed. Registry keys that point to HKEY_CURRENT_USER indicate that you're using IE-SPYAD (original). Registry keys pointing to HKEY_LOCAL_MACHINE indicate that you're using IE-SPYAD2."
     
  9. peteatwork

    peteatwork Guest

    I meant "the thing" about it causing a false positive from M$AS, Bubba. NP.

    I'll have to inquire whether there's a way for the various anti-spyware vendors to read the sub-key # - and thus avoid the F/P. Pete
     
  10. Jimbob1989

    Jimbob1989 Registered Member

    Joined:
    Oct 18, 2004
    Posts:
    2,529
    How do you submit beta feedback regarding MS Antispy Beta to Microsoft, there seems to be no link from the program itself, unless I'm not looking in the right place.

    Jimbob
     
  11. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Select Tools\Suspected Spyware Report... to submit feedback.

    Regards,
    Bubba
     

    Attached Files:

  12. JRosenfeld

    JRosenfeld Registered Member

    Joined:
    Jul 26, 2004
    Posts:
    117
Loading...
Thread Status:
Not open for further replies.