Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Antivirus nightmare.

20 Nov 2009   #1
JMH

Win 7 Ultimate 64-bit. SP1.
 
 
Antivirus nightmare.

Quote:
Over at ZDNet, the site's Editor in Chief, Larry Dignan, just blogged about his experiences trying to remove a malware infection from his Windows XP computer.

As a story from the trenches, I loved it, especially his experience calling McAfee on the phone for help.
But I was surprised at his approach to dealing with the problem.
Malicious software has been infecting Windows computers for ages, yet his only line of defense was a single antivirus product. That's simply insufficient.
More -
Larry Dignan's antivirus nightmare - Computerworld Blogs


My System SpecsSystem Spec
.

20 Nov 2009   #2
LooseJuice

Windows 7 Professional 64-bit
 
 

I only have NIS 2010. I thought I was sufficiently protected.
My System SpecsSystem Spec
21 Nov 2009   #3
pparks1

Windows 7 Ultimate x64
 
 

I've never used any more than 1 antivirus program. There is something serious wrong with windows if you need multiple AV applications to simply keep your computer running.
My System SpecsSystem Spec
.


21 Nov 2009   #4
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

He unfortunately had a TDSSServ.sys trojan / rootkit involved with Antivirus Pro 2009 ... not too many antivirus programs can detect and/or remove it.
My System SpecsSystem Spec
21 Nov 2009   #5
Creer

Windows 7 Home Premium x32 SP1
 
 

Quote   Quote: Originally Posted by Jacee View Post
He unfortunately had a TDSSServ.sys trojan / rootkit involved with Antivirus Pro 2009 ... not too many antivirus programs can detect and/or remove it.
You are right, TDSS is also present in MS AntiSpyware 2009. Indeed this is very clever and very hard to detect/remove infection since it can control AddPrinter function of the spoolss.exe process at driver (LPC transport) level.
My System SpecsSystem Spec
21 Nov 2009   #6
jimbo45

Linux CENTOS 7 / various Windows OS'es and servers
 
 

Quote   Quote: Originally Posted by Creer View Post
Quote   Quote: Originally Posted by Jacee View Post
He unfortunately had a TDSSServ.sys trojan / rootkit involved with Antivirus Pro 2009 ... not too many antivirus programs can detect and/or remove it.
You are right, TDSS is also present in MS AntiSpyware 2009. Indeed this is very clever and very hard to detect/remove infection since it can control AddPrinter function of the spoolss.exe process at driver (LPC transport) level.

Hi there
Are you really telling me that a program shipped by MS actually has a virus in it -- or have I mis-understood something here.

If the program really does contain a virus I just shudder to think of the lawsuits MS will be facing.

Please tell me I mis-understood the post.

Cheers
jimbo
My System SpecsSystem Spec
21 Nov 2009   #7
Creer

Windows 7 Home Premium x32 SP1
 
 

Quote   Quote: Originally Posted by jimbo45 View Post
Quote   Quote: Originally Posted by Creer View Post
Quote   Quote: Originally Posted by Jacee View Post
He unfortunately had a TDSSServ.sys trojan / rootkit involved with Antivirus Pro 2009 ... not too many antivirus programs can detect and/or remove it.
You are right, TDSS is also present in MS AntiSpyware 2009. Indeed this is very clever and very hard to detect/remove infection since it can control AddPrinter function of the spoolss.exe process at driver (LPC transport) level.

Hi there
Are you really telling me that a program shipped by MS actually has a virus in it -- or have I mis-understood something here.

If the program really does contain a virus I just shudder to think of the lawsuits MS will be facing.

Please tell me I mis-understood the post.

Cheers
jimbo
Hi Jimbo,

you are wrong here. MS AntiSpyware is NOT Microsoft product. Have a look at VirusTotal analyze: Virustotal. MD5: 5a34fd85bdac65d50a56a2c69228a726 Packed.Generic.187 VirTool:Win32/Obfuscator.EF High Risk Fraudulent Security Program
and my video on YouTube: http://www.youtube.com/watch?v=LRcxMhiHXGQ

MS AntiSpyware 2009 (MSAS2009 or msas2009.exe) is FAKE AS.
My System SpecsSystem Spec
21 Nov 2009   #8
jimbo45

Linux CENTOS 7 / various Windows OS'es and servers
 
 

Quote   Quote: Originally Posted by Creer View Post
Quote   Quote: Originally Posted by jimbo45 View Post
Quote   Quote: Originally Posted by Creer View Post

You are right, TDSS is also present in MS AntiSpyware 2009. Indeed this is very clever and very hard to detect/remove infection since it can control AddPrinter function of the spoolss.exe process at driver (LPC transport) level.

Hi there
Are you really telling me that a program shipped by MS actually has a virus in it -- or have I mis-understood something here.

If the program really does contain a virus I just shudder to think of the lawsuits MS will be facing.

Please tell me I mis-understood the post.

Cheers
jimbo
Hi Jimbo,

you are wrong here. MS AntiSpyware is NOT Microsoft product. Have a look at VirusTotal analyze: Virustotal. MD5: 5a34fd85bdac65d50a56a2c69228a726 Packed.Generic.187 VirTool:Win32/Obfuscator.EF High Risk Fraudulent Security Program
and my video on YouTube: http://www.youtube.com/watch?v=LRcxMhiHXGQ

MS AntiSpyware 2009 (MSAS2009 or msas2009.exe) is FAKE AS.
Hi there

this is an easy error to make as MS implies Microsoft -- perhaps the "product" should not be called MS Antispyware -- surprised MS haven't protected their trademark.

It's like saying MS outlook or MS windows aren't MS products.

However with AV software or anything else labelled MS ----- I would check to see if it is a Licensed MS product before even thinking to install it.

Reading the original post I'm sure most people who didn't know would assume MS antispyware was an MS product.

Cheers
jimbo.
My System SpecsSystem Spec
21 Nov 2009   #9
Creer

Windows 7 Home Premium x32 SP1
 
 

Quote   Quote: Originally Posted by jimbo45 View Post
Quote   Quote: Originally Posted by Creer View Post
Quote   Quote: Originally Posted by jimbo45 View Post


Hi there
Are you really telling me that a program shipped by MS actually has a virus in it -- or have I mis-understood something here.

If the program really does contain a virus I just shudder to think of the lawsuits MS will be facing.

Please tell me I mis-understood the post.

Cheers
jimbo
Hi Jimbo,

you are wrong here. MS AntiSpyware is NOT Microsoft product. Have a look at VirusTotal analyze: Virustotal. MD5: 5a34fd85bdac65d50a56a2c69228a726 Packed.Generic.187 VirTool:Win32/Obfuscator.EF High Risk Fraudulent Security Program
and my video on YouTube: http://www.youtube.com/watch?v=LRcxMhiHXGQ

MS AntiSpyware 2009 (MSAS2009 or msas2009.exe) is FAKE AS.
Hi there

this is an easy error to make as MS implies Microsoft -- perhaps the "product" should not be called MS Antispyware -- surprised MS haven't protected their trademark.

It's like saying MS outlook or MS windows aren't MS products.

However with AV software or anything else labelled MS ----- I would check to see if it is a Licensed MS product before even thinking to install it.

Reading the original post I'm sure most people who didn't know would assume MS antispyware was an MS product.

Cheers
jimbo.
Yes I agree with you, but this is how it works (marketing approach?)... and it allows malware writers to cheat more not computer/security savvy users than ever. The best practice in such casesis to determine whether a program has digital signature signed by Microsoft or other security vendor, check in google/bing whether a program is malicious, scan before install via VirusTotal or our AV/AS/AM scaner - you should be sure on 100% that software which you want to install is 100% safe - there is no room for error, unless you do it on VM and you know what you are doing.
My System SpecsSystem Spec
21 Nov 2009   #10
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Many viruses/malware will pose themselves as a normal operating file, when infact they are malicious.
The particular one above is hidden in Drivers.
My System SpecsSystem Spec
Reply

 Antivirus nightmare.




Thread Tools





Similar help and support threads
Thread Forum
Antivirus is Dead: Long Live Antivirus!
Source A Guy
Security News
WLM nightmare
Every time I go to set someone up with a live mail account and use their in existing email address the wretched program will not accept the address they already have and keeps requesting that it has to be set up as a hotmail one. If I ask it to use their own address it comes with some rubbish...
Browsers & Mail
2nd Monitor nightmare!
For several years I have used 2 monitors without any problem. A few days ago I decided to replace the 2nd monitor connected by VGA cable for a new HP x2301 MicroThin LED Bright View. My main monitor is a HP x2558hc connected to the desktop HDMI socket. The video card is a NVIDEO GeForce 8600 GS...
Graphic Cards
ICS Nightmare! (pls help!!)
HELP!! (please) :shock: I don't know what else to do.:rolleyes: I have tried many different options and searched the net for similar issues but I haven't yet found the way out (or any hint to pintpoint the source of the problem) The problem: I have a desktop connected to Internet through a...
Network & Sharing
Comodo AntiVirus or Kaspersky AntiVirus
Which of these is better? I'm currently using Kaspersky AV plus Comodo Firewall as noted in my sig.
System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 03:29.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App