does win defender (b2) log/record internet source/origin of history items?

[MsOsWin]

wd recently quarantined webhancer.
ohter peple us this computer, and i'm not sure if they may have clicked something that
should have appeared suspicious. i'd like to block that if possible.


i checked wd History only by coincidence. from History tab:
---------------
Category:
Spyware

Description:
This program is dangerous and records user activity.

Advice:
Review the alert details to see why the software was detected. If you do not like how the
software operates or if you do not recognize and trust the publisher, consider blocking or
removing the software.

Resources:
file:
H:\Documents and Settings\x\Local Settings\Temporary Internet
Files\Content.IE5\QN8LQR2F\beachfree[1].exe->(WiseSfx)->(wise0048)->(RARSfx)-

whAgent.exe

file:
H:\Documents and Settings\x\Local Settings\Temporary Internet
Files\Content.IE5\QN8LQR2F\beachfree[1].exe->(WiseSfx)->(wise0048)->(RARSfx)-

whInstaller.exe

file:
H:\Documents and Settings\x\Local Settings\Temporary Internet
Files\Content.IE5\QN8LQR2F\beachfree[1].exe->(WiseSfx)->(wise0048)->(RARSfx)-

whSurvey.exe

file:
H:\Documents and Settings\x\Local Settings\Temporary Internet
Files\Content.IE5\QN8LQR2F\beachfree[1].exe->(WiseSfx)->(wise0048)->(RARSfx)-

webhdll.dll

file:
H:\Documents and Settings\x\Local Settings\Temporary Internet
Files\Content.IE5\QN8LQR2F\beachfree[1].exe->(WiseSfx)->(wise0048)->(RARSfx)-

whiehlpr.dll

http://www.microsoft.com/security/encyclopedia/details.aspx?name=WebHancer&threatid
=14127

which is a goofy url: ie (with manual reload) and ff redirects to
http://www.microsoft.com/athome/security/protect/chooseos.mspx
Security Essentials_www.microsoft.com

google site:www.microsoft.com webhancer shows nothing.

---------
HijackThis shows none of wd's log list. i think i can conclude that wd has effectively
quarantined those webhancer parts.


-----
further info. winxp home updated. this computer is also using
zonealarm
spybotsd
lavasoft ad-aware
norton av 2005
mvps hosts
proxomitron
tight ie settings, except for minimum loosening for trusted zone's few logon sites.

 

[Bill Sanderson MVP]

I don't believe Windows Defender is able to record that information. I
suppose it is in the browser history, but I don't see how you could
correlate it time wise--I don't think there's time info in the browser
history .

About the best you can do in this situation is to have the other users of
the machine be limited users, and look carefully at the settings at the very
end of tools, options, that determine what actions a limited user is
permitted to take within Windows Defender.

I agree with your analysis of what likely happened--I suspect that someone
more familiar with Webhancer than I could probably do some guessing about
the kinds of sites that might host it.

--

wd recently quarantined webhancer.
ohter peple us this computer, and i'm not sure if they may have clicked
something that
should have appeared suspicious. i'd like to block that if possible.


i checked wd History only by coincidence. from History tab:
---------------
Category:
Spyware

Description:
This program is dangerous and records user activity.

Advice:
Review the alert details to see why the software was detected. If you do
not like how the
software operates or if you do not recognize and trust the publisher,
consider blocking or
removing the software.

Resources:
file:
H:\Documents and Settings\x\Local Settings\Temporary Internet
Files\Content.IE5\QN8LQR2F\beachfree[1].exe->(WiseSfx)->(wise0048)->(RARSfx)-

whAgent.exe

file:
H:\Documents and Settings\x\Local Settings\Temporary Internet
Files\Content.IE5\QN8LQR2F\beachfree[1].exe->(WiseSfx)->(wise0048)->(RARSfx)-

whInstaller.exe

file:
H:\Documents and Settings\x\Local Settings\Temporary Internet
Files\Content.IE5\QN8LQR2F\beachfree[1].exe->(WiseSfx)->(wise0048)->(RARSfx)-

whSurvey.exe

file:
H:\Documents and Settings\x\Local Settings\Temporary Internet
Files\Content.IE5\QN8LQR2F\beachfree[1].exe->(WiseSfx)->(wise0048)->(RARSfx)-

webhdll.dll

file:
H:\Documents and Settings\x\Local Settings\Temporary Internet
Files\Content.IE5\QN8LQR2F\beachfree[1].exe->(WiseSfx)->(wise0048)->(RARSfx)-

whiehlpr.dll

http://www.microsoft.com/security/encyclopedia/details.aspx?name=WebHancer&threatid
=14127

which is a goofy url: ie (with manual reload) and ff redirects to
http://www.microsoft.com/athome/security/protect/chooseos.mspx
Security Essentials_www.microsoft.com

google site:www.microsoft.com webhancer shows nothing.

---------
HijackThis shows none of wd's log list. i think i can conclude that wd has
effectively
quarantined those webhancer parts.


-----
further info. winxp home updated. this computer is also using
zonealarm
spybotsd
lavasoft ad-aware
norton av 2005
mvps hosts
proxomitron
tight ie settings, except for minimum loosening for trusted zone's few
logon sites.

 

[Guest]

In addition to what Bill mentioned

1.- Have you tried the cleaning running in safe mºde?
--
2.- Webhancer.- They do collect details on the web sites viewed but if the
user agrees to install WebHancer then it is done with consent.

You can view their privacy policy here:

http://www.webhancer.com/privacy/

Webhancer can be removed using the Add/Remove Programs screen by removing
either of these:

WebHancer Survey Companion or WebHancer Customer Companion
-----

3.- You can go to the System Event log:

Start, run, eventvwr.msc <enter>

Click on the System event log

Go to View, choose Filter, and choose "windefend" in the source control.

Look for yellow triangle entries that give the precise path and location of
what was detected, and use the button provided to paste the content of the
detection back to a message here.

Good luck

wd recently quarantined webhancer.
ohter peple us this computer, and i'm not sure if they may have clicked something that
should have appeared suspicious. i'd like to block that if possible.


i checked wd History only by coincidence. from History tab:
---------------
Category:
Spyware

Description:
This program is dangerous and records user activity.

Advice:
Review the alert details to see why the software was detected. If you do not like how the
software operates or if you do not recognize and trust the publisher, consider blocking or
removing the software.

Resources:
file:
H:\Documents and Settings\x\Local Settings\Temporary Internet
Files\Content.IE5\QN8LQR2F\beachfree[1].exe->(WiseSfx)->(wise0048)->(RARSfx)-

whAgent.exe

file:
H:\Documents and Settings\x\Local Settings\Temporary Internet
Files\Content.IE5\QN8LQR2F\beachfree[1].exe->(WiseSfx)->(wise0048)->(RARSfx)-

whInstaller.exe

file:
H:\Documents and Settings\x\Local Settings\Temporary Internet
Files\Content.IE5\QN8LQR2F\beachfree[1].exe->(WiseSfx)->(wise0048)->(RARSfx)-

whSurvey.exe

file:
H:\Documents and Settings\x\Local Settings\Temporary Internet
Files\Content.IE5\QN8LQR2F\beachfree[1].exe->(WiseSfx)->(wise0048)->(RARSfx)-

webhdll.dll

file:
H:\Documents and Settings\x\Local Settings\Temporary Internet
Files\Content.IE5\QN8LQR2F\beachfree[1].exe->(WiseSfx)->(wise0048)->(RARSfx)-

whiehlpr.dll

http://www.microsoft.com/security/encyclopedia/details.aspx?name=WebHancer&threatid
=14127

which is a goofy url: ie (with manual reload) and ff redirects to
http://www.microsoft.com/athome/security/protect/chooseos.mspx
Security Essentials_www.microsoft.com

google site:www.microsoft.com webhancer shows nothing.

---------
HijackThis shows none of wd's log list. i think i can conclude that wd has effectively
quarantined those webhancer parts.


-----
further info. winxp home updated. this computer is also using
zonealarm
spybotsd
lavasoft ad-aware
norton av 2005
mvps hosts
proxomitron
tight ie settings, except for minimum loosening for trusted zone's few logon sites.