Discussion in 'other anti-malware software' started by spy1, Mar 6, 2005.
I'm not really sure what these are - anyone else have them? Pete
Jimbob was nice enough to link me to this page: http://securityresponse.symantec.com/avcenter/venc/data/adware.cdt.html - but I'm having a little trouble accepting the fact that the computer's infected with something that's been around since at least Dec. 27, 2004.
With so many of the A/S programs having updated recently (SWB, M$AS, AA, SBS&D), it's kind of hard not to wonder if M$AS is seeing something one of the others did incorrectly and flagging it. Hmm. Pete
Snap to the rescue! Seems as though IE-SPYAD2 puts its' entries in that location - probably that's what M$AS is picking up on. I didn't notice that particular thing being stated in Eric's "Side Effects" portion, but that's pretty much GOT to be what's causing it.
Thanks, Snap! Pete
Restrict Web Sites from Installing Software explains how that key and its subkeys work. Hopefully you will have a value set to "4" for all those sites.
Nick - Yes, they are "4"'s. That pretty much nails that one shut. Thanks. Pete
So, its sorted?
Yes, Jimbob, it's a false positive from M$AS - I guess due to the fact that that program just checks for the keys themselves (not whether they're a "4" or not, and thus beneficial instead of detrimental).
I wonder how many users will let M$AS quarantine or delete those keys, not realzing what they are (it was a pretty serious alert, language-wise).
Eric - Do you know whether or not placing those keys found by the M$AS scan into "Ignore" will prevent MSAS (or any other program for that matter) from detecting the malicious key should it cross their computer?
THAT could be a problem. Pete
"How to Tell the Difference
You can tell the difference between IE-SPYAD (original) and IE-SPYAD2 by opening IE-ADS.REG and inspecting the Registry keys listed. Registry keys that point to HKEY_CURRENT_USER indicate that you're using IE-SPYAD (original). Registry keys pointing to HKEY_LOCAL_MACHINE indicate that you're using IE-SPYAD2."
I meant "the thing" about it causing a false positive from M$AS, Bubba. NP.
I'll have to inquire whether there's a way for the various anti-spyware vendors to read the sub-key # - and thus avoid the F/P. Pete
How do you submit beta feedback regarding MS Antispy Beta to Microsoft, there seems to be no link from the program itself, unless I'm not looking in the right place.
Select Tools\Suspected Spyware Report... to submit feedback.
Or post on the forum
In fact this bug in the latest definitions has already been reported there.
Separate names with a comma.