WebSpecials and AntiSpyware

  • Thread starter Thread starter DrNorm
  • Start date Start date
D

DrNorm

I'm new to this forum and have read with great interest the back-and-forth
about the weaknesses of Microsoft AntiSpyware. False positives, misses on
spyware caught by other agents, etc.

I'm currently stuck with a small handful of nasty buggers. One such pest
is WebSpecials. What I find disturbing is not that MSAS misses it, because
it does indeed find it. Nor am I particularly disturbed by its inability to
delete it, because it's a tricky one.

What's disturbing is that it claims to have successfully deleted it when it
has done no such thing. It proudly announces that it has successfully
deleted the file in question, webspecs.dll. But if I explore the folder
it's in, it's still there, and is still undeletable.

If one looks at the log file, one sees that it fails and tries to quarantine
it. That also apparently fails.

Software should not report failure as success.
 
I absolutely agree with your observations.

Can you try restarting in safe mode and scanning until a scan comes through
clean, using the full scan option?

The program isn't doing what it needs to do, but lets see whether it is
capable of dealing with this bug with a little help.
 
I actually managed to rid myself of WebSpecials through a lot of grunt work.
However, the Vx2.ZServ Trojan is still alive, as is the EUniverse Updater
Browser Hijacker.

I will do as you suggest when I have the time and run MSAS in safe mode with
a full scan. I have my doubts, but I'll let you know.
 
Both of these items have been mentioned in these groups, although I'm not
certain of the particular Vx2 variant. I'm not sure myself of whether
success was reported for these bugs--but scanning in safe mode with current
definitions--5685 as I write, is the thing to try. If this fails, there are
further (non Microsoft) tools and approaches I can suggest, or others may
spot your references and come up with specifics for these particular bugs.
 
Hi Norm,
If the MSAS doesn't kick it on Safe Mode, you can always get the VX2 add on
for Adaware and give that a shot.


Ron Chamberlin
MS-MVP
 
The point of my original post was not that I couldn't get rid of these
things. The point
was that MSAS is lying when it says that a file has been deleted when it has
failed
in its attempt.

Some of these stinkers are hard to remove. I've done it manually and my
system is
pretty much clean. I did go back to Ad-Aware for a little help and to see
what MSAS
misses.

I sure wish I didn't have to spend all my computer time dealing with
spyware, but there
just doesn't seem to be a tool that handles it all effortlessly. That's
the nature of dealing
with a sloppily-planned O/S.

Norm
 
I agree that the cleaning operations which declare success, but in fact
aren't successful are a flaw in the program--that's clear, and I hope that
behavior can be improved upon.
 
Back
Top