MoonPoint Support Logo

 

Shop Amazon Warehouse Deals - Deep Discounts on Open-box and Used ProductsAmazon Warehouse Deals



Advanced Search
November
Sun Mon Tue Wed Thu Fri Sat
         
22 23
24 25 26 27 28 29 30
2024
Months
NovDec


Thu, Mar 09, 2006 7:01 pm

Microsoft AntiSpyware Expired Error

If you see a window with the following error message when you log into a PC, check on whether Microsoft AntiSpyware Beta 1 is installed and has expired.

Error
Unexpected error; quitting

[ OK ]

If the message is due to an expired version of Microsoft AntiSpyware attempting to start, you should see the Microsoft AntiSpyware bullseye icon with "Error" next to it in the taskbar at the bottom of the screen.

Microsoft Antispyware expiration
error

You will see the same error if you try to start Microsoft Antispyware manually, if it has expired.

[/security/spyware/MS-Antispyware] permanent link

Sat, Feb 11, 2006 8:52 pm

PWS.Bancos.A (Password Stealer) False Positive

When I remotely logged into a user's system this morning to check an FTP transfer log on it prior to running a backup of the system, I saw Microsoft AntiSpyware's scan report indicated it had detected one item during its nightly scan of the system. The spyware it detected was "PWS.Bancos.A (Password Stealer)".

Item Details

PWS.Bancos.A

Type: Password Stealer
Threat Level: Severe

Description: A Trojan that captures or transmits passwords to an attacker.

Advice: Severe-risk tiems have an extreme potential for adverse effect, such as a security exploit, and should be removed.

When I looked at the registry key values detected, I saw they referred to "Intel\Landesk\VirusProtect6" (see Scan Results).

The Intel LANDesk software allows enterprises to manage client PCs1, so I thought this might be a false positive.

The spyware definitions on the system were version 5805 (2/11/2006 8:12:18 AM).

Microsoft AntiSpyware Version: 1.0.701
This version expires on: 7/31/2006
Spyware Definition Version: 5805 (2/11/2006 8:12:18 AM)

After finding PWS.Bancos.A Password Stealer on the user's system, I checked the Microsoft Antispyware results from its early morning run on my wife's PC. I found the same report of PWS.Bancos.A being detected with references to the same registry entries. And a short time later, I received an email from the vice president of the company where I had found the first report of the problem. She had also found the same scan results when she came in to the office to work on her system.

After extensive searching for any postings regarding this detection, I did find an indication that it was a false positive in a February 10, 2006 posting at Siljaline's IE & Security Blog, where I found the following posted.

Definitions "5807" released to address a false-positive detection some essential components of several Symantec Corporate Antivirus versions are being identified as PWS.Banco.A

The 3 systems in question are all running Symantec AntiVirus Corporate Edition 8.0. I monitor the installation of programs on systems with Inctrl. Inctrl2 can record the file and registry changes that occur during software installation. Looking at an installation report for SAV 8.0, I found that the Software\Intel\Landesk registry keys were created during the installation of that software.

According to Trend Micro, the company was one of the original developers of the Intel LANDesk Virus Protect (LDVP) technology 3. But in 1998, Symantec purchased Intel Corporation's anti-virus business and also licensed Intel systems management technology which it combined with its own antivirus technology4.

Inside Microsoft Antispyware, I went to "File" and selected "Check Updates". Newer spyware definitions were downloaded and I then saw the version number listed as 5807 when I selected "Help" and "About Microsoft AntiSpyware".

Microsoft AntiSpyware Version: 1.0.701
This version expires on: 7/31/2006
Spyware Definition Version: 5807 (2/11/2006 8:12:18 AM)

When I ran a full scan with those definitions nothing was detected. I updated the definitions on my wife's system and ran a scan of her system also. Likewise, this time nothing was detected.

For anyone who finds Microsoft AntiSpyware is reporting a false positive, Microsoft provides a False Positive Report Form.

Reference:

  1. LANDesk Management Suite 8.6
    Network America
  2. Stay in Control
    PC Magazine
    By Neil J. Rubenking
  3. Trend Micro Offers Free Upgrades And Support to Intel Landesk Virus Protect Customers Worldwide
    Trend Micro
    1998 Press Release
  4. Symantec buys Intel's Anti-Virus Business
    Symantec Corporation
    September 28, 1998
  5. MS Anti-Spyware Defs. "5807" now available
    Siljaline's IE & Security Blog
    Posted Friday, February 10, 2006 3:41 PM by siljaline
  6. Microsoft AntiSpyware False Positive Report Form
    Microsoft Corporation

[/security/spyware/MS-Antispyware] permanent link

Sat, Dec 17, 2005 2:34 pm

Microsoft AntiSpyware and UltraVNC

Microsoft Antispyware will detect VNC server software, such as UltraVNC, as spyware. It will list it as only a "moderate" threat, but if you use UltraVNC to remotely manage a system you should instruct Microsoft AntiSpyware to always ignore UltraVNC, so that you don't get a false positive report that the system is infected every day, if Microsoft AntiSpyware is running on a daily basis. Also, if anyone else uses the system, he or she may instruct Microsoft AntiSpyware to remove UltraVNC, removing your remote control and diagnostic capability.

[ More Info ]

[/security/spyware/MS-Antispyware] permanent link

Thu, Feb 24, 2005 7:59 pm

Microsoft AntiSpyware

Microsoft purchased Giant Company Software's antispyware program in December of 2004 and now offers that software for free under its own name. I've found the software works very well at detecting and removing adware and spyware. It should be easy to install and use, even for users who aren't particularly technically proficient. The only negative factor I've found with the product is a lack of a capability to generate report files.

The sofware can be downloaded from Microsoft® Windows AntiSpyware (Beta).

Instructions for Installing Microsoft AntiSpyware

References:
  1. Microsoft Windows Anti-Spyware Preview

[/security/spyware/MS-Antispyware] permanent link

Valid HTML 4.01 Transitional

Privacy Policy   Contact

Blosxom logo