Re: Microsoft AntiSpyware Beta - Severe Bug crashes PC
From: Roger Abell (mvpNOSpam_at_asu.edu)
Date: 01/15/05
- Next message: Roger Abell: "Re: W2K install order"
- Previous message: Roger Abell: "Re: W2K boot question"
- In reply to: Shalom B.: "Microsoft AntiSpyware Beta - Severe Bug crashes PC"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 15 Jan 2005 12:31:18 -0700
All issues with this beta are being handled here
http://communities.microsoft.com/newsgroups/default.asp?ICP=spyware&sLCID=us
(scroll the top windows if you want info on use of
newsreader for direct access to the newsgroups)
-- Roger Abell Microsoft MVP (Windows Security) MCSE (W2k3,W2k,Nt4) MCDBA "Shalom B." <Anonymous@inter.net> wrote in message news:cs8uag$4l$1@sparta.btinternet.com... > I downloaded the Microsoft AntiSpyware Package and had it installed on 3 > of my machines at home to try it out and see what all the hype and fuss > was all about. I have a Direct Connect (P2P) client on one computer > (Windows XP SP2) and it picked up an ad delivery threat as follows > > Grokster > Type: Adware Bundler > Threat Level: Moderate > Author: Grokster, LTD > Description: Grokster (free version) installs adware and spyware > including GAIN, CyDoor, My Search, WebRebates, and Relivant Knowledge. > > But when i went ahead to remove this threat my PC went unresponsive > immediately, with CPU utilization at 100% and Page File usage shooting > from 240MB up to 1280 MB within a matter of minutes and 5 minutes later > I was out of virtual memory. Thinking it was a one-off thing (as the > application is still beta), i manually had to power my PC back on and > tried to remove the threat but the same happened again, thinking > something was definitely wrong and to rule out faults with my PC and its > configuration I set about installing the DC client on another PC and > using MS Anti-spyware to check for threats, sure enough, same story again. > > Ok, so i went into the registry and located the key > (HKEY_LOCAL_MACHINE\SOFTWARE\Magnet) (thanks to MS Antispyware, it > supplies the key names as well as the values containing the malware > executable making life a bit easier) but permissions set on the key (by > the DC client installer i suppose) would not let me navigate or delete > the key, so i gave the Everyone group full permissions and after this MS > Antispyware was able to remove the threat from the registry fine but the > executable (magnet.exe) was still left behind untouched. > > But when the scheduled scan ran later that day the threat had reappeared > and again my PC crashed and i found out the DC Client had rewritten all > the data back into the registry, my only way of not allowing the malware > executable to run was to leave the registry keys intact but remove the > executable from the DC Client's program files folder so as to not let it > be invoked. > > The threat still is found each time a scan is run but i have ignored it. > Is anyone experiencing a problem like this? and could someone tell me > what magnet.exe does exactly? > > I hope the guys at MSFT (or Giant) will read this and correct this bug too.
- Next message: Roger Abell: "Re: W2K install order"
- Previous message: Roger Abell: "Re: W2K boot question"
- In reply to: Shalom B.: "Microsoft AntiSpyware Beta - Severe Bug crashes PC"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
