Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Antivirus nightmare.


20 Nov 2009   #1
JMH

Win 7 Ultimate 64-bit. SP1.
 
 
Antivirus nightmare.

Quote:
Over at ZDNet, the site's Editor in Chief, Larry Dignan, just blogged about his experiences trying to remove a malware infection from his Windows XP computer.

As a story from the trenches, I loved it, especially his experience calling McAfee on the phone for help.
But I was surprised at his approach to dealing with the problem.
Malicious software has been infecting Windows computers for ages, yet his only line of defense was a single antivirus product. That's simply insufficient.
More -
Larry Dignan's antivirus nightmare - Computerworld Blogs

My System SpecsSystem Spec
.

20 Nov 2009   #2

Windows 7 x64 Home Premium
 
 

I only have NIS 2010. I thought I was sufficiently protected.
My System SpecsSystem Spec
21 Nov 2009   #3

Windows 7 Ultimate x64
 
 

I've never used any more than 1 antivirus program. There is something serious wrong with windows if you need multiple AV applications to simply keep your computer running.
My System SpecsSystem Spec
.


21 Nov 2009   #4
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

He unfortunately had a TDSSServ.sys trojan / rootkit involved with Antivirus Pro 2009 ... not too many antivirus programs can detect and/or remove it.
My System SpecsSystem Spec
21 Nov 2009   #5

Windows 7 Home Premium x32 SP1
 
 

Quote   Quote: Originally Posted by Jacee View Post
He unfortunately had a TDSSServ.sys trojan / rootkit involved with Antivirus Pro 2009 ... not too many antivirus programs can detect and/or remove it.
You are right, TDSS is also present in MS AntiSpyware 2009. Indeed this is very clever and very hard to detect/remove infection since it can control AddPrinter function of the spoolss.exe process at driver (LPC transport) level.
My System SpecsSystem Spec
21 Nov 2009   #6

W7 X-64 W8.1 X-64 Opensuse 13.1 W2003 Server
 
 

Quote   Quote: Originally Posted by Creer View Post
Quote   Quote: Originally Posted by Jacee View Post
He unfortunately had a TDSSServ.sys trojan / rootkit involved with Antivirus Pro 2009 ... not too many antivirus programs can detect and/or remove it.
You are right, TDSS is also present in MS AntiSpyware 2009. Indeed this is very clever and very hard to detect/remove infection since it can control AddPrinter function of the spoolss.exe process at driver (LPC transport) level.

Hi there
Are you really telling me that a program shipped by MS actually has a virus in it -- or have I mis-understood something here.

If the program really does contain a virus I just shudder to think of the lawsuits MS will be facing.

Please tell me I mis-understood the post.

Cheers
jimbo
My System SpecsSystem Spec
21 Nov 2009   #7

Windows 7 Home Premium x32 SP1
 
 

Quote   Quote: Originally Posted by jimbo45 View Post
Quote   Quote: Originally Posted by Creer View Post
Quote   Quote: Originally Posted by Jacee View Post
He unfortunately had a TDSSServ.sys trojan / rootkit involved with Antivirus Pro 2009 ... not too many antivirus programs can detect and/or remove it.
You are right, TDSS is also present in MS AntiSpyware 2009. Indeed this is very clever and very hard to detect/remove infection since it can control AddPrinter function of the spoolss.exe process at driver (LPC transport) level.

Hi there
Are you really telling me that a program shipped by MS actually has a virus in it -- or have I mis-understood something here.

If the program really does contain a virus I just shudder to think of the lawsuits MS will be facing.

Please tell me I mis-understood the post.

Cheers
jimbo
Hi Jimbo,

you are wrong here. MS AntiSpyware is NOT Microsoft product. Have a look at VirusTotal analyze: Virustotal. MD5: 5a34fd85bdac65d50a56a2c69228a726 Packed.Generic.187 VirTool:Win32/Obfuscator.EF High Risk Fraudulent Security Program
and my video on YouTube: http://www.youtube.com/watch?v=LRcxMhiHXGQ

MS AntiSpyware 2009 (MSAS2009 or msas2009.exe) is FAKE AS.
My System SpecsSystem Spec
21 Nov 2009   #8

W7 X-64 W8.1 X-64 Opensuse 13.1 W2003 Server
 
 

Quote   Quote: Originally Posted by Creer View Post
Quote   Quote: Originally Posted by jimbo45 View Post
Quote   Quote: Originally Posted by Creer View Post

You are right, TDSS is also present in MS AntiSpyware 2009. Indeed this is very clever and very hard to detect/remove infection since it can control AddPrinter function of the spoolss.exe process at driver (LPC transport) level.

Hi there
Are you really telling me that a program shipped by MS actually has a virus in it -- or have I mis-understood something here.

If the program really does contain a virus I just shudder to think of the lawsuits MS will be facing.

Please tell me I mis-understood the post.

Cheers
jimbo
Hi Jimbo,

you are wrong here. MS AntiSpyware is NOT Microsoft product. Have a look at VirusTotal analyze: Virustotal. MD5: 5a34fd85bdac65d50a56a2c69228a726 Packed.Generic.187 VirTool:Win32/Obfuscator.EF High Risk Fraudulent Security Program
and my video on YouTube: http://www.youtube.com/watch?v=LRcxMhiHXGQ

MS AntiSpyware 2009 (MSAS2009 or msas2009.exe) is FAKE AS.
Hi there

this is an easy error to make as MS implies Microsoft -- perhaps the "product" should not be called MS Antispyware -- surprised MS haven't protected their trademark.

It's like saying MS outlook or MS windows aren't MS products.

However with AV software or anything else labelled MS ----- I would check to see if it is a Licensed MS product before even thinking to install it.

Reading the original post I'm sure most people who didn't know would assume MS antispyware was an MS product.

Cheers
jimbo.
My System SpecsSystem Spec
21 Nov 2009   #9

Windows 7 Home Premium x32 SP1
 
 

Quote   Quote: Originally Posted by jimbo45 View Post
Quote   Quote: Originally Posted by Creer View Post
Quote   Quote: Originally Posted by jimbo45 View Post


Hi there
Are you really telling me that a program shipped by MS actually has a virus in it -- or have I mis-understood something here.

If the program really does contain a virus I just shudder to think of the lawsuits MS will be facing.

Please tell me I mis-understood the post.

Cheers
jimbo
Hi Jimbo,

you are wrong here. MS AntiSpyware is NOT Microsoft product. Have a look at VirusTotal analyze: Virustotal. MD5: 5a34fd85bdac65d50a56a2c69228a726 Packed.Generic.187 VirTool:Win32/Obfuscator.EF High Risk Fraudulent Security Program
and my video on YouTube: http://www.youtube.com/watch?v=LRcxMhiHXGQ

MS AntiSpyware 2009 (MSAS2009 or msas2009.exe) is FAKE AS.
Hi there

this is an easy error to make as MS implies Microsoft -- perhaps the "product" should not be called MS Antispyware -- surprised MS haven't protected their trademark.

It's like saying MS outlook or MS windows aren't MS products.

However with AV software or anything else labelled MS ----- I would check to see if it is a Licensed MS product before even thinking to install it.

Reading the original post I'm sure most people who didn't know would assume MS antispyware was an MS product.

Cheers
jimbo.
Yes I agree with you, but this is how it works (marketing approach?)... and it allows malware writers to cheat more not computer/security savvy users than ever. The best practice in such casesis to determine whether a program has digital signature signed by Microsoft or other security vendor, check in google/bing whether a program is malicious, scan before install via VirusTotal or our AV/AS/AM scaner - you should be sure on 100% that software which you want to install is 100% safe - there is no room for error, unless you do it on VM and you know what you are doing.
My System SpecsSystem Spec
21 Nov 2009   #10
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Many viruses/malware will pose themselves as a normal operating file, when infact they are malicious.
The particular one above is hidden in Drivers.
My System SpecsSystem Spec
Reply

 Antivirus nightmare.




Thread Tools



Similar help and support threads for2: Antivirus nightmare.
Thread Forum
WLM nightmare Browsers & Mail
Solved 2nd Monitor nightmare! Graphic Cards
Solved Please Help with BSOD Nightmare BSOD Help and Support
ICS Nightmare! (pls help!!) Network & Sharing
Boot nightmare General Discussion
Comodo AntiVirus or Kaspersky AntiVirus System Security
Update Nightmare Gaming

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 01:19 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33