Microsoft AntiSpyware Expired Error
If you see a window with the following error message when you log into
a PC, check on whether Microsoft AntiSpyware Beta 1 is installed and has
expired.
Error |
Unexpected error; quitting
[ OK ] |
If the message is due to an expired version of Microsoft AntiSpyware
attempting to start, you should see the Microsoft AntiSpyware bullseye
icon with "Error" next to it in the taskbar at the bottom of the screen.
You will see the same error if you try to start Microsoft Antispyware manually,
if it has expired.
[/security/spyware/MS-Antispyware]
permanent link
PWS.Bancos.A (Password Stealer) False Positive
When I remotely logged into a user's system this morning to check an FTP
transfer log on it prior to running a backup of the system, I saw Microsoft
AntiSpyware's scan report indicated it had detected one item during its nightly
scan of the system. The spyware it detected was
"PWS.Bancos.A (Password Stealer)".
Item Details
PWS.Bancos.A
Type: Password Stealer
Threat Level: Severe
Description: A Trojan that captures or transmits passwords to an
attacker.
Advice: Severe-risk tiems have an extreme potential for adverse effect,
such as a security exploit, and should be removed.
When I looked at the registry key values detected, I saw they referred to
"Intel\Landesk\VirusProtect6"
(see
Scan Results).
The Intel LANDesk software allows enterprises to manage client
PCs1,
so I thought this might be a false positive.
The spyware definitions on the system were version 5805 (2/11/2006 8:12:18 AM).
Microsoft AntiSpyware Version: 1.0.701
This version expires on: 7/31/2006
Spyware Definition Version: 5805 (2/11/2006 8:12:18 AM)
After finding PWS.Bancos.A Password Stealer on the user's system, I checked
the Microsoft Antispyware results from its early morning run on my wife's
PC. I found the same report of PWS.Bancos.A being detected with references
to the same registry entries. And a short time later, I received an email
from the vice president of the company where I had found the first report
of the problem. She had also found the same scan results when she came in
to the office to work on her system.
After extensive searching for any postings regarding this detection, I did find
an indication that it was a false positive in a February 10, 2006
posting at
Siljaline's IE &
Security Blog, where I found the following posted.
Definitions "5807" released to address a false-positive detection some essential
components of several Symantec Corporate Antivirus versions are being identified
as PWS.Banco.A
The 3 systems in question are all running
Symantec AntiVirus Corporate Edition 8.0. I monitor the installation of
programs on systems with
Inctrl.
Inctrl2
can record the file and registry changes that occur during software
installation. Looking at an installation report for
SAV 8.0, I found that the
Software\Intel\Landesk registry keys were created during the installation of
that software.
According to Trend Micro, the
company was one of the original developers of the Intel LANDesk Virus
Protect (LDVP) technology
3.
But in 1998, Symantec purchased
Intel Corporation's anti-virus business and
also licensed Intel systems management technology which it combined with its own
antivirus technology4.
Inside Microsoft Antispyware, I went to "File" and selected "Check Updates".
Newer spyware definitions were downloaded and I then saw the version number
listed as 5807 when I selected "Help" and "About Microsoft AntiSpyware".
Microsoft AntiSpyware Version: 1.0.701
This version expires on: 7/31/2006
Spyware Definition Version: 5807 (2/11/2006 8:12:18 AM)
When I ran a full scan with those definitions nothing was detected. I updated
the definitions on my wife's system and ran a scan of her system also.
Likewise, this time nothing was detected.
For anyone who finds Microsoft AntiSpyware is reporting a false positive,
Microsoft provides a
False Positive Report Form.
Reference:
-
LANDesk Management Suite 8.6
Network America
-
Stay in Control
PC Magazine
By Neil J.
Rubenking
-
Trend Micro Offers Free Upgrades And Support to Intel Landesk Virus Protect
Customers Worldwide
Trend Micro
1998 Press Release
-
Symantec buys Intel's Anti-Virus Business
Symantec Corporation
September 28, 1998
-
MS Anti-Spyware Defs. "5807" now available
Siljaline's IE &
Security Blog
Posted Friday, February 10, 2006 3:41 PM by
siljaline
-
Microsoft AntiSpyware False Positive Report Form
Microsoft Corporation
[/security/spyware/MS-Antispyware]
permanent link
Microsoft AntiSpyware and UltraVNC
Microsoft Antispyware will detect VNC server software, such as UltraVNC,
as spyware. It will list it as only a "moderate" threat, but if you use
UltraVNC to remotely manage a system you should instruct Microsoft
AntiSpyware to always ignore UltraVNC, so that you don't get a false positive
report that the system is infected every day, if Microsoft AntiSpyware is
running on a daily basis. Also, if anyone else uses the system, he or she may
instruct Microsoft AntiSpyware to remove UltraVNC, removing your remote control
and diagnostic capability.
[
More Info ]
[/security/spyware/MS-Antispyware]
permanent link
Microsoft AntiSpyware
Microsoft purchased Giant Company Software's antispyware program in December of 2004 and now offers that software for free under its own name. I've found the
software works very well at detecting and removing adware and spyware. It
should be easy to install and use, even for users who aren't particularly
technically proficient. The only negative factor I've found with the product
is a lack of a capability to generate report files.
The sofware can be downloaded from
Microsoft® Windows AntiSpyware (Beta).
Instructions for Installing Microsoft AntiSpyware
References:
-
Microsoft Windows Anti-Spyware Preview
[/security/spyware/MS-Antispyware]
permanent link