Antispyware inneffective

  • Thread starter Thread starter Henry
  • Start date Start date
H

Henry

Why can't the antispyware block the spyware completely.
I run scans daily, it removes the agents and as soon as
it finishes they come back. In effect the AntiSpyware
serves no purpose.
 
-----Original Message-----
Why can't the antispyware block the spyware completely.
I run scans daily, it removes the agents and as soon as
it finishes they come back. In effect the AntiSpyware
serves no purpose.
Click to expand...

Hi

This is a ongoing battle between advertisment/spyware and
anti spyware solutions. For every step antispyware takes
you will directly have new variants from Ad/spy companys.
This is a never ending loop there fore you probably needs
at least 2 antispyware programs with todays situation.

I recommend MSAS and Adaware (in below link)

- Send a spyware report to MS about to make this product
better, menu tools.

- Follow this for removal:

http://aumha.org/a/quickfix.php
 
MSAS is finding and removing "A", but MSAS is not finding (or removing)
process "B".
After MSAS removes "A", process "B" restores "A".
In some cases, "A" is started each time the computer boots; and when "A"
starts, it then starts "B".
In those cases, if you boot into SAFE MODE (pump the F8 key as the
machine boots) and run a couple of scans with MSAS, the problem will be
cured.
Otherwise you must find the process or module that keeps restoring "A"
and kill it and any processes associated with "A" prior to running a scan.
 
Bob said:
MSAS is finding and removing "A", but MSAS is not finding (or removing)
process "B".
After MSAS removes "A", process "B" restores "A".
In some cases, "A" is started each time the computer boots; and when "A"
starts, it then starts "B".
In those cases, if you boot into SAFE MODE (pump the F8 key as the
machine boots) and run a couple of scans with MSAS, the problem will be
cured.
Click to expand...

Well, for newbies and normal users this "safe mode" is
something totally unknown.

Maybe MS should make a restart function to safe mode within
MSAS to
make it easier for them. And also a twice scan function ???
;)

Ive heard a lot "damned computer" when users misses F8 when
boot is done and OS starts.

Or maybe to have default startup process wich halts on this ;)

Otherwise you must find the process or module that keeps restoring "A"
and kill it and any processes associated with "A" prior to running a scan.
Click to expand...

MSAS must be able to do this in normal mode.
 
plun said:
Well, for newbies and normal users this "safe mode" is something totally
unknown.

Maybe MS should make a restart function to safe mode within MSAS to
make it easier for them.
Click to expand...

If that's possible, that is _exactly_ what should be done.

And also a twice scan function ??? ;)
Click to expand...

I've read the scan twice suggestion so many times here that I threw it
in. But I cannot personally attest to it's accomplishing anything more
than a single scan.
Ive heard a lot "damned computer" when users misses F8 when
boot is done and OS starts.
Click to expand...

The phrase I use is even less polite.
Or maybe to have default startup process wich halts on this ;)




MSAS must be able to do this in normal mode.
Click to expand...

One wishes that MSAS could do it all in normal mode, but I think that's
an unrealistic expectation in the near term.
 
Bob said:
If that's possible, that is _exactly_ what should be done.
Click to expand...

Bill, did you see this ?

I've read the scan twice suggestion so many times here that I threw it
in. But I cannot personally attest to it's accomplishing anything more
than a single scan.
Click to expand...

No it´s a waste with time.
The phrase I use is even less polite.
Click to expand...


%&"##¤%&/((/&& ;)

One wishes that MSAS could do it all in normal mode, but I think that's
an unrealistic expectation in the near term.
Click to expand...

It´s beacuse of this I really thinks its important for
novice/normal users to
be guided, Instructions and a Forum, through this mess with
for example Aumha.org, excellent site. I was glad when I
found it.

This is an example how to solve a users problem, excellent ;)

http://aumha.net/viewtopic.php?t=11064

We are going from a situation with no spywareprotection for
many users and we indeed have a situation with a lot of
heavily compromised Windows PC,s.

I also dont believe in "shortcuts" in this challenge, for
some its maybe is easy to just remove some junk but its
better in long term to try to do a complete clean house of
a PC with different tools.
 
plun said:
Well, for newbies and normal users this "safe mode" is something totally
unknown.

Maybe MS should make a restart function to safe mode within MSAS to
make it easier for them. And also a twice scan function ???
Click to expand...

I don't know what the plan is, but this issue is pretty crystal clear. If
they can't automate the process, I hope there will at least be some clear
guidance in the help file, or a screen that pops (and allows printing)
explaining that safe mode is necessary.
Ive heard a lot "damned computer" when users misses F8 when
boot is done and OS starts.

Or maybe to have default startup process wich halts on this ;)
Click to expand...

I think if you hold just the CTRL key?
MSAS must be able to do this in normal mode.
Click to expand...

Yes--that's the goal, and I think the gears are there to do it, but it isn't
working for all bugs.
 
Bob Dietz said:
I've read the scan twice suggestion so many times here that I threw it in.
But I cannot personally attest to it's accomplishing anything more than a
single scan.
Click to expand...

I can't say that I have observed a first-hand instance where, in fact, a
second scan turned up something that the first scan did not. When scanning
with an antivirus, and I discover a virus, scanning until one comes through
clean has certainly been my practice, though.

And, we have several testimonies in these groups in relation to newdotnet
removal, that the residual startup entry is, in fact, removed, by a
succeeding scan--so that appears to be one clear case where the second scan
is useful.
 
I'm reading it, but I'm not the important one--'cause I don't work for
Microsoft.

I don't know the mechanisms that they have in place to gather and make use
of the feedback they are getting here, but I believe these messages are read
and the feedback is used.

The safe mode issue seems obvious to me--in fact, so obvious, that perhaps
it is a bug--otherwise surely they'd have had some form of notification to
the user that this is needed--I don't know how long Giant's product was out,
but a good while--and the reviewers didn't mention needing this procedure.

I don't think I started the scan twice recommendation, but I'll plead guilty
to parroting it. As I mentioned--it is my practice when cleaning viruses,
and I don't think it is too unreasonable a practice--it is nice to be sure
that the machine comes through clean when you think you are done.

I just read the "start in safe mode" instructions in help, and they don't
seem too tough--the machine sits at the list of OS's for some period of
time--the default is 30 seconds. I reduce that to 7 seconds on mine. If
you've reduced it to a low value, this is the price that you pay.

Here's a question for you--in regards to the expert handholding stuff. The
goal of Microsoft Antispyware is to do the job on its own. However, there
are always going to be bugs that it cannot handle at the current definition
level, and perhaps not without new code. So the expert assistance stuff
will continue to be around I think. We've floated the idea of an additional
newsgroup in this group for such cleaning dialogs, but I don't recall that I
got much response--it was part of a thread, not a general announcement or
poll.

What about the tools available within the product to be used in the context
of expert help? We don't have HijackThis, but the system explorers should
be able to see the same items. What needs to be done with the current tools
within the product to make them more easily used for cleaning with expert
assistance? The kinds of things I can think of are:

Let you cut and paste the left pane--i.e. all the startup items including
full detail, rather than just the detail of the highlighted single item.

Number those items in some repeatable way, so that they can be posted, and
an expert can say--block 6,7 and 9--and those numbers will correspond
repeatably on the next run of the system explorers.
 
Bill Sanderson wrote:
Here's a question for you--in regards to the expert handholding stuff. The
goal of Microsoft Antispyware is to do the job on its own. However, there
are always going to be bugs that it cannot handle at the current definition
level, and perhaps not without new code. So the expert assistance stuff
will continue to be around I think. We've floated the idea of an additional
newsgroup in this group for such cleaning dialogs, but I don't recall that I
got much response--it was part of a thread, not a general announcement or
poll.

What about the tools available within the product to be used in the context
of expert help? We don't have HijackThis, but the system explorers should
be able to see the same items. What needs to be done with the current tools
within the product to make them more easily used for cleaning with expert
assistance? The kinds of things I can think of are:

Let you cut and paste the left pane--i.e. all the startup items including
full detail, rather than just the detail of the highlighted single item.
Click to expand...

I'd rather see a "Report" button. There isn't enough detail in the left
hand pane.

Also the "Running Processes" explorer is wimpy.
We need something more akin to SysInternal's Process Explorer.
(The MD5 checksums are big plus. Don't loose those!)
 
Back
Top