Microsoft Antispyware


Recommended Posts

Hi all,

I would like to inform you about Microsofts Antispyware Beta version. This is a great program which caught things that I have missed in the HijackThis Scan. Here is a log from a "clean" comp (Alot of registry stuff has been edited out. To see the full log visit http://dknoppix.com/Personal%20Files/Micro...are%20Log.txt

):

Spyware Scan Details

Start Date: 1/22/2005 12:51:36 AM

End Date: 1/22/2005 12:54:59 AM

Total Time: 3 mins 23 secs

Detected Threats

VX2.Transponder Browser Plug-in more information...

Details: VX2 is an Internet Explorer browser helper object that monitors Web page requests and data entered into forms. It sends this information to its remote server, and displays pop-up advertisements. VX2 also collects and sends personal information.

Status: Removed

Severe threat - Severe threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction and exploits are in the wild. There exists a high possibility of potential system damage or security flaw. Attacker has complete control over your computer or install new software on your machine.

Infected files detected

C:\Documents and Settings\Owner\Local Settings\Temp\THI400A.tmp\polall1m.exe

C:\WINDOWS\system32\polall1m.exe

=================

Bridge/WinFavorites Spyware more information...

Details: Bridge monitors your Internet browsing activities. It logs keystrokes and displays pop-up advertising.

Status: Removed

Severe threat - Severe threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction and exploits are in the wild. There exists a high possibility of potential system damage or security flaw. Attacker has complete control over your computer or install new software on your machine.

Infected files detected

c:\windows\downloaded program files\bridge.inf

=======================

AvenueMedia.DyFuCA Browser Plug-in more information...

Details: AvenueMedia DyFuCA Internet Optimizer is adware that changes your browser error page. It periodically displays pop-up advertisements from its remote sites and may update itself.

Status: Removed

Severe threat - Severe threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction and exploits are in the wild. There exists a high possibility of potential system damage or security flaw. Attacker has complete control over your computer or install new software on your machine.

==============================

Twain Tech Adware more information...

Details: Twain Tech is an adware based Internet Explorer browser helper object that displays targeted advertisements based on your browsing patterns.

Status: Removed

High threat - High risk threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction. May open up communication ports, use polymorphic tactics, stealth installations, and/or anti-spy counter measures. May us a security flaw in the operating system to gain access to your computer.

Infected files detected

c:\documents and settings\owner\local settings\temp\mxtarget.dll

C:\WINDOWS\preInsMt.exe

c:\windows\inf\alchem.inf

c:\windows\inf\twaintec.inf

C:\Documents and Settings\Owner\Local Settings\Temp\THI2849.tmp\mxTarget.dll

C:\Documents and Settings\Owner\Local Settings\Temp\THI9ED.tmp\mxTarget.dll

C:\Documents and Settings\Owner\Local Settings\Temp\preInsMt.exe

C:\Documents and Settings\Owner\Local Settings\Temp\THI2849.tmp\preInsMt.exe

C:\Documents and Settings\Owner\Local Settings\Temp\THI7AAC.tmp\preInsMt.exe

C:\Documents and Settings\Owner\Local Settings\Temp\THI9ED.tmp\preInsMt.exe

================================

VX2.ABetterInternet Adware more information...

Details: ABetterInternet displays advertisements based on the Web sites you visit.

Status: Removed

High threat - High risk threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction. May open up communication ports, use polymorphic tactics, stealth installations, and/or anti-spy counter measures. May us a security flaw in the operating system to gain access to your computer.

Infected files detected

c:\documents and settings\owner\local settings\temp\polmx3.cab

c:\documents and settings\owner\local settings\temp\polmx3.inf

==========================

eXact.CashBack Adware more information...

Details: CashBack is part of BargainBuddy adware that displays pop-up advertisements.

Status: Removed

High threat - High risk threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction. May open up communication ports, use polymorphic tactics, stealth installations, and/or anti-spy counter measures. May us a security flaw in the operating system to gain access to your computer.

=======================

eXact.NaviSearch Adware more information...

Details: NaviSearch 404 displays pop-up advertisements and redirects the Internet Explorers search error page.

Status: Removed

High threat - High risk threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction. May open up communication ports, use polymorphic tactics, stealth installations, and/or anti-spy counter measures. May us a security flaw in the operating system to gain access to your computer.

======================

eXact.BargainBuddy Adware more information...

Details: BargainBuddy is a Browser Helper Object that watches the pages your browser requests and the terms you enter into a search engine web form. If a term matches a preset list of sites or keywords, BargainBuddy will display an ad.

Status: Removed

High threat - High risk threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction. May open up communication ports, use polymorphic tactics, stealth installations, and/or anti-spy counter measures. May us a security flaw in the operating system to gain access to your computer.

Infected files detected

c:\temp\bb_auto_wider.swf

c:\temp\bb_click_wider.swf

c:\temp\bb_welcome.html

c:\temp\bb_welcome1.swf

C:\WINDOWS\bbchk.exe

================

DownloadWare Adware more information...

Details: DownloadWare downloads and installs software from advertisers. It runs at Windows startup, and, if a network connection is available, it connects to its servers. It can be installed through an ActiveX control.

Status: Removed

High threat - High risk threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction. May open up communication ports, use polymorphic tactics, stealth installations, and/or anti-spy counter measures. May us a security flaw in the operating system to gain access to your computer.

====================

EUniverse Updater Browser Hijacker more information...

Details: EUniverse is adware that runs at Windows startup. EUniverse generates pop-up advertisements, and performs a number of spyware related functions such as transmitting personal information and redirecting Internet Explorer.

Status: Removed

High threat - High risk threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction. May open up communication ports, use polymorphic tactics, stealth installations, and/or anti-spy counter measures. May us a security flaw in the operating system to gain access to your computer.

=======================

IEPlugin Spyware more information...

Details: IEPlugin is an Internet Explorer browser helper object that monitors URLs, content entered into forms, and local filenames and displays pops-up advertisements.

Status: Removed

High threat - High risk threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction. May open up communication ports, use polymorphic tactics, stealth installations, and/or anti-spy counter measures. May us a security flaw in the operating system to gain access to your computer.

Infected files detected

C:\Documents and Settings\Owner\Local Settings\Temp\wupdt.exe

================

SearchSquire Adware more information...

Details: SearchSquire is an Internet Explorer sidebar containing paid links that open when you use search engines.

Status: Removed

Elevated threat - Elevated threats are usually threats that fall into the range of adware in which data about a user's habits are tracked and sent back to a server for analysis without your consent or knowledge.

================================

Detected Spyware Cookies

No spyware cookies were found during this scan.

-----------------------------------

So before running HijackThis, I would recommend the user to download this program and use it before running HijackThis. This will get rid of alot of junk that will be there. Run it along with Adaware and Spybot. BUT be aware this is a BETA program. So be careful when running it. Download the file from http://www.microsoft.com/downloads/details...&displaylang=en.

Will have updates posted soon about this.

dk

Edited by dknoppix
Link to post
Share on other sites

When I click the link I goto... You might wanna fix it :P

===========================================================

OH Darn!!!!

The Page was not found.....

So go home at www.dknoppix.com

===========================================================

thank ya for the new scanner :)

Link to post
Share on other sites

MS AntiSpyware can also see the "Hosts" file. Go to Advanced Tools (In the upper right-hand corner) ---> Windows Hosts file

Helpful for HijackThis logs. There are other features I am playing with now.

dk

Link to post
Share on other sites
  • 1 month later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...