Dan Posted January 22, 2005 Report Share Posted January 22, 2005 (edited) Hi all,I would like to inform you about Microsofts Antispyware Beta version. This is a great program which caught things that I have missed in the HijackThis Scan. Here is a log from a "clean" comp (Alot of registry stuff has been edited out. To see the full log visit http://dknoppix.com/Personal%20Files/Micro...are%20Log.txt):Spyware Scan DetailsStart Date: 1/22/2005 12:51:36 AMEnd Date: 1/22/2005 12:54:59 AMTotal Time: 3 mins 23 secs Detected ThreatsVX2.Transponder Browser Plug-in more information...Details: VX2 is an Internet Explorer browser helper object that monitors Web page requests and data entered into forms. It sends this information to its remote server, and displays pop-up advertisements. VX2 also collects and sends personal information.Status: RemovedSevere threat - Severe threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction and exploits are in the wild. There exists a high possibility of potential system damage or security flaw. Attacker has complete control over your computer or install new software on your machine.Infected files detectedC:\Documents and Settings\Owner\Local Settings\Temp\THI400A.tmp\polall1m.exeC:\WINDOWS\system32\polall1m.exe=================Bridge/WinFavorites Spyware more information...Details: Bridge monitors your Internet browsing activities. It logs keystrokes and displays pop-up advertising.Status: RemovedSevere threat - Severe threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction and exploits are in the wild. There exists a high possibility of potential system damage or security flaw. Attacker has complete control over your computer or install new software on your machine.Infected files detectedc:\windows\downloaded program files\bridge.inf=======================AvenueMedia.DyFuCA Browser Plug-in more information...Details: AvenueMedia DyFuCA Internet Optimizer is adware that changes your browser error page. It periodically displays pop-up advertisements from its remote sites and may update itself.Status: RemovedSevere threat - Severe threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction and exploits are in the wild. There exists a high possibility of potential system damage or security flaw. Attacker has complete control over your computer or install new software on your machine.==============================Twain Tech Adware more information...Details: Twain Tech is an adware based Internet Explorer browser helper object that displays targeted advertisements based on your browsing patterns.Status: RemovedHigh threat - High risk threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction. May open up communication ports, use polymorphic tactics, stealth installations, and/or anti-spy counter measures. May us a security flaw in the operating system to gain access to your computer.Infected files detectedc:\documents and settings\owner\local settings\temp\mxtarget.dllC:\WINDOWS\preInsMt.exec:\windows\inf\alchem.infc:\windows\inf\twaintec.infC:\Documents and Settings\Owner\Local Settings\Temp\THI2849.tmp\mxTarget.dllC:\Documents and Settings\Owner\Local Settings\Temp\THI9ED.tmp\mxTarget.dllC:\Documents and Settings\Owner\Local Settings\Temp\preInsMt.exeC:\Documents and Settings\Owner\Local Settings\Temp\THI2849.tmp\preInsMt.exeC:\Documents and Settings\Owner\Local Settings\Temp\THI7AAC.tmp\preInsMt.exeC:\Documents and Settings\Owner\Local Settings\Temp\THI9ED.tmp\preInsMt.exe================================VX2.ABetterInternet Adware more information...Details: ABetterInternet displays advertisements based on the Web sites you visit.Status: RemovedHigh threat - High risk threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction. May open up communication ports, use polymorphic tactics, stealth installations, and/or anti-spy counter measures. May us a security flaw in the operating system to gain access to your computer.Infected files detectedc:\documents and settings\owner\local settings\temp\polmx3.cabc:\documents and settings\owner\local settings\temp\polmx3.inf==========================eXact.CashBack Adware more information...Details: CashBack is part of BargainBuddy adware that displays pop-up advertisements.Status: RemovedHigh threat - High risk threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction. May open up communication ports, use polymorphic tactics, stealth installations, and/or anti-spy counter measures. May us a security flaw in the operating system to gain access to your computer.=======================eXact.NaviSearch Adware more information...Details: NaviSearch 404 displays pop-up advertisements and redirects the Internet Explorers search error page.Status: RemovedHigh threat - High risk threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction. May open up communication ports, use polymorphic tactics, stealth installations, and/or anti-spy counter measures. May us a security flaw in the operating system to gain access to your computer.======================eXact.BargainBuddy Adware more information...Details: BargainBuddy is a Browser Helper Object that watches the pages your browser requests and the terms you enter into a search engine web form. If a term matches a preset list of sites or keywords, BargainBuddy will display an ad.Status: RemovedHigh threat - High risk threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction. May open up communication ports, use polymorphic tactics, stealth installations, and/or anti-spy counter measures. May us a security flaw in the operating system to gain access to your computer.Infected files detectedc:\temp\bb_auto_wider.swfc:\temp\bb_click_wider.swfc:\temp\bb_welcome.htmlc:\temp\bb_welcome1.swfC:\WINDOWS\bbchk.exe================DownloadWare Adware more information...Details: DownloadWare downloads and installs software from advertisers. It runs at Windows startup, and, if a network connection is available, it connects to its servers. It can be installed through an ActiveX control.Status: RemovedHigh threat - High risk threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction. May open up communication ports, use polymorphic tactics, stealth installations, and/or anti-spy counter measures. May us a security flaw in the operating system to gain access to your computer.====================EUniverse Updater Browser Hijacker more information...Details: EUniverse is adware that runs at Windows startup. EUniverse generates pop-up advertisements, and performs a number of spyware related functions such as transmitting personal information and redirecting Internet Explorer.Status: RemovedHigh threat - High risk threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction. May open up communication ports, use polymorphic tactics, stealth installations, and/or anti-spy counter measures. May us a security flaw in the operating system to gain access to your computer.=======================IEPlugin Spyware more information...Details: IEPlugin is an Internet Explorer browser helper object that monitors URLs, content entered into forms, and local filenames and displays pops-up advertisements.Status: RemovedHigh threat - High risk threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction. May open up communication ports, use polymorphic tactics, stealth installations, and/or anti-spy counter measures. May us a security flaw in the operating system to gain access to your computer.Infected files detectedC:\Documents and Settings\Owner\Local Settings\Temp\wupdt.exe================SearchSquire Adware more information...Details: SearchSquire is an Internet Explorer sidebar containing paid links that open when you use search engines.Status: RemovedElevated threat - Elevated threats are usually threats that fall into the range of adware in which data about a user's habits are tracked and sent back to a server for analysis without your consent or knowledge.================================Detected Spyware CookiesNo spyware cookies were found during this scan. -----------------------------------So before running HijackThis, I would recommend the user to download this program and use it before running HijackThis. This will get rid of alot of junk that will be there. Run it along with Adaware and Spybot. BUT be aware this is a BETA program. So be careful when running it. Download the file from http://www.microsoft.com/downloads/details...&displaylang=en.Will have updates posted soon about this.dk Edited January 23, 2005 by dknoppix Quote Link to post Share on other sites
Oni Posted January 22, 2005 Report Share Posted January 22, 2005 When I click the link I goto... You might wanna fix it ===========================================================OH Darn!!!!The Page was not found.....So go home at www.dknoppix.com===========================================================thank ya for the new scanner Quote Link to post Share on other sites
Dan Posted January 23, 2005 Author Report Share Posted January 23, 2005 Update: Link fixed Quote Link to post Share on other sites
Oni Posted January 23, 2005 Report Share Posted January 23, 2005 ThanksBut where can I find the microsoft scannner? Is it like on the microsoft's site as "Spyware scanner" in search or something? Quote Link to post Share on other sites
Dan Posted January 23, 2005 Author Report Share Posted January 23, 2005 Will post link later... *dk hits himself in the head for being an idiot* Quote Link to post Share on other sites
Dan Posted January 23, 2005 Author Report Share Posted January 23, 2005 Update:Download Link included. I am downloading it onto my mom's laptop. I will have any other cool features here.dk Quote Link to post Share on other sites
Dan Posted January 23, 2005 Author Report Share Posted January 23, 2005 MS AntiSpyware can also see the "Hosts" file. Go to Advanced Tools (In the upper right-hand corner) ---> Windows Hosts fileHelpful for HijackThis logs. There are other features I am playing with now.dk Quote Link to post Share on other sites
Dan Posted January 29, 2005 Author Report Share Posted January 29, 2005 Microsoft Antispyware Tutorial Part I is up!!!Here is is: http://www.besttechie.net/forums/index.php...st=0#entry15144 Quote Link to post Share on other sites
Matt Posted March 26, 2005 Report Share Posted March 26, 2005 thanks for the info dk, Ive tried the scanner out - works wellMatt Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.