A
AndyManchesta
There's been alot of posts recently saying MS Antispy
never finds anything on the system. Here's a example of
what MSAS can do and reasons why the Real Time Protection
is a great feature. I shut down all the protection on my
test system (MSAS,CAeTrust,ZoneAlarm) & used some
malicious sites for about 30 minutes, scanning through
each and clicked a few pop ups to open new sites and pop
ups for screensavers and smileys
I can now see alot of problems like Aurora, IST, Hotbar,
SAH agent and also now have a bogus hosts file setup in
the Windows folder which is set as a hidden file, IE
homepage has been taken over and Im getting constant pop
ups for winfixer & reg cleaners and free ringtones,
Windows Explorer and IE keeps crashing Also Spysheriff
has been installed on the system and the desktop
wallpaper replaced with a spyware warning
Used Task Manager to end the process on all the malware
files to make things abit easier.
Run MS Antispy and updated the definitions then run a
full system scan.
It found 38 different malware infections and 1336
infected files and registry entries
(Spyware,Adware,Password Stealer & Trojans)
**See Screen Shots & Results For Info**
Removed everything and let it reboot the system. Got
messages on reboot saying Hotbar was missing files and
did I want to reinstall ?
Opened Add/Remove Screen and removed these
ContextPlus
Hotbar Browser, Weather & Wallpaper tools
Hotbar Outlook Tools
HotBar Shopper Reports
Atomic Clock Sync
The Best Offers - This is listed but once clicked just
displays (A division of Direct Revenue) and gives a
uninstall address at bestoffers so its the same as Aurora
and possibly the new infection coming from them,
Ran MS Antispy Again and it found alot of the same
Malware, 21 infections and 76 infected entries but
everything was detected in system restore
so maybe worth checking this if MSAS shows the same
detections on each scan, I Just flushed the system
restore to remove them.
**See Results**
Aurora was detected twice by MSAS but its still missing
parts to the infection so it will keep coming back, It
also looks like Aurora has changed again as the icons in
the windows folder now match bestoffers icons plus
svcproc is a new variant.
Run Ewido on a full system scan and removed all malware
**See Results**
Rebooted and Checked some files that remained after both
MSAS and Ewido scans at jotti's site
**See Results**
Run Adaware SE and removed everything found
**See Results**
Run Spybot and removed everything found
**See Results**
Still had the spyware warning wallpaper and I couldnt use
the Control Panel>Display option to change it as the
options were grayed out and not active, also most of the
files which I uploaded at Jotti's site still exist on the
system
Run SmitRem (By NoAhdfear) which removed the final part
of the desktop wallpaper Hijack and then was able to
reload the original XP wallpaper
I Still had to use Hijack This to fix some entries that
remained (BHO, Toolbar & Run Entries) then rebooted and
used Killbox to remove all the other files I found from
the Jotti scan page
**See Results for list**
The System is now clean again but it took all the above
scanners, Hijack This and then had to remove the final
Trojan/Malware entries that they all missed in the scans
manually. Microsoft Antispy did very well in removing
everything it detected first time but there is alot that
isnt on MSAS's definition list as you will see from the
other scanner results but to be fair to MSAS the other
scanners with latest definitions missed alot of files as
well,
**Results** (6 Text Files)
http://andymanchesta.com/MSAS/results.zip
**ScreenShots** (MSAS Detections and Spyware Wallpaper)
http://andymanchesta.com/MSAS/pics.zip
Andy
never finds anything on the system. Here's a example of
what MSAS can do and reasons why the Real Time Protection
is a great feature. I shut down all the protection on my
test system (MSAS,CAeTrust,ZoneAlarm) & used some
malicious sites for about 30 minutes, scanning through
each and clicked a few pop ups to open new sites and pop
ups for screensavers and smileys
I can now see alot of problems like Aurora, IST, Hotbar,
SAH agent and also now have a bogus hosts file setup in
the Windows folder which is set as a hidden file, IE
homepage has been taken over and Im getting constant pop
ups for winfixer & reg cleaners and free ringtones,
Windows Explorer and IE keeps crashing Also Spysheriff
has been installed on the system and the desktop
wallpaper replaced with a spyware warning
Used Task Manager to end the process on all the malware
files to make things abit easier.
Run MS Antispy and updated the definitions then run a
full system scan.
It found 38 different malware infections and 1336
infected files and registry entries
(Spyware,Adware,Password Stealer & Trojans)
**See Screen Shots & Results For Info**
Removed everything and let it reboot the system. Got
messages on reboot saying Hotbar was missing files and
did I want to reinstall ?
Opened Add/Remove Screen and removed these
ContextPlus
Hotbar Browser, Weather & Wallpaper tools
Hotbar Outlook Tools
HotBar Shopper Reports
Atomic Clock Sync
The Best Offers - This is listed but once clicked just
displays (A division of Direct Revenue) and gives a
uninstall address at bestoffers so its the same as Aurora
and possibly the new infection coming from them,
Ran MS Antispy Again and it found alot of the same
Malware, 21 infections and 76 infected entries but
everything was detected in system restore
so maybe worth checking this if MSAS shows the same
detections on each scan, I Just flushed the system
restore to remove them.
**See Results**
Aurora was detected twice by MSAS but its still missing
parts to the infection so it will keep coming back, It
also looks like Aurora has changed again as the icons in
the windows folder now match bestoffers icons plus
svcproc is a new variant.
Run Ewido on a full system scan and removed all malware
**See Results**
Rebooted and Checked some files that remained after both
MSAS and Ewido scans at jotti's site
**See Results**
Run Adaware SE and removed everything found
**See Results**
Run Spybot and removed everything found
**See Results**
Still had the spyware warning wallpaper and I couldnt use
the Control Panel>Display option to change it as the
options were grayed out and not active, also most of the
files which I uploaded at Jotti's site still exist on the
system
Run SmitRem (By NoAhdfear) which removed the final part
of the desktop wallpaper Hijack and then was able to
reload the original XP wallpaper
I Still had to use Hijack This to fix some entries that
remained (BHO, Toolbar & Run Entries) then rebooted and
used Killbox to remove all the other files I found from
the Jotti scan page
**See Results for list**
The System is now clean again but it took all the above
scanners, Hijack This and then had to remove the final
Trojan/Malware entries that they all missed in the scans
manually. Microsoft Antispy did very well in removing
everything it detected first time but there is alot that
isnt on MSAS's definition list as you will see from the
other scanner results but to be fair to MSAS the other
scanners with latest definitions missed alot of files as
well,
**Results** (6 Text Files)
http://andymanchesta.com/MSAS/results.zip
**ScreenShots** (MSAS Detections and Spyware Wallpaper)
http://andymanchesta.com/MSAS/pics.zip
Andy
)