PDA

Просмотр полной версии : Microsoft AntiSpyware



SDA
08.01.2005, 22:47
Новости с форума Kadet Team.

http://download.microsoft.com/downl...wareInstall.exe

Так вот,это ни что иное как giant antispyware ,только в мелкософтовской шкуре.Версия бэтта:Microsoft AntiSpyware Version: 1.0.501
This version expires on: 31.07.2005.

Вот и результат:
Spyware Scan Details
Start Date: 07.01.2005 23:12:20
End Date: 07.01.2005 23:19:42
Total Time: 7 mins 22 secs

Detected Threats

ShopAtHome Spyware more information...
Details: ShopAtHome installs itself in the Winsock layer of your system and redirects your browser to merchant sites to take advantage of the affiliate fees.
Status: Removed
Severe threat - Severe threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction and exploits are in the wild. There exists a high possibility of potential system damage or security flaw. Attacker has complete control over your computer or install new software on your machine.

Infected files detected
d:\windows\system32\sahhtml.exe
d:\windows\system32\xmlparse.dll
d:\windows\system32\xmltok.dll


Specrem RAT more information...
Status: Removed
Severe threat - Severe threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction and exploits are in the wild. There exists a high possibility of potential system damage or security flaw. Attacker has complete control over your computer or install new software on your machine.

Infected files detected
C:\WINDOWS\SYSTEM\SCRRUN.DLL


WindUpdates Browser Plug-in more information...
Details: WindUpdates downloads additional adware and displays pop-up advertising.
Status: Removed
Severe threat - Severe threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction and exploits are in the wild. There exists a high possibility of potential system damage or security flaw. Attacker has complete control over your computer or install new software on your machine.

Infected registry keys/values detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6}\Contains\Files D:\WINDOWS\Downloaded Program Files\AdmilliServX.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6}\DownloadInformation CODEBASE http://static.windupdates.com/cab/C.../bridge-c11.cab
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6}\InstalledVersion 0,0,0,1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6}\InstalledVersion LastModified Thu, 23 Dec 2004 17:34:39 GMT
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} SystemComponent 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} Installer MSICD


Admilli Service Adware more information...
Status: Removed
High threat - High risk threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction. May open up communication ports, use polymorphic tactics, stealth installations, and/or anti-spy counter measures. May us a security flaw in the operating system to gain access to your computer.

Infected files detected
d:\windows\downloaded program files\admilliservx.dll

Infected registry keys/values detected
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15AD478 9-CDB4-47E1-A9DA-992EE8E6BAD6}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15AD478 9-CDB4-47E1-A9DA-992EE8E6BAD6}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15AD478 9-CDB4-47E1-A9DA-992EE8E6BAD6}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15AD478 9-CDB4-47E1-A9DA-992EE8E6BAD6}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6}

Не скачивал и не тестил по причене тех. сбоя в выделенке, а на модеме качать 6,5метров не охота. Вопрос к Geser (он на форуме Kadet Team дискутировал по теме giant antispyware): есть ли смысл ставить Microsoft AntiSpyware да еще бэты,при наличии АVZ, хотя пока прога бесплатная или дождаться полной версии. Может быть кто-то на форуме уже тестил.

Geser
08.01.2005, 23:16
Бета черевата всякими глюками. Я бы не ставил. А вот AdAware в дополнению к AVZ не помешает.

AndreyKa
09.01.2005, 08:22
Ставить не стоит, если нет большого любопытства.
В общих чертах красиво сделаная со знанием устройства ОС программа для не умодренных глубокими познаниями пользователей.
У меня он ничего вредного не нашел ;)
То, что он фильтр ffdshow принял за
---
CommonName
Type: Search Hijacker
Threat Level: Elevated
Author: CommonName Limited
Description: CommonName is a 'keywords' service, allowing one to enter simple names insatead of URLs. After its original release, the software has become a complicated (and sometimes buggy) search-hijacker and adware, aggressively bundled with many third-party ap
---
я посчитал ложным срабатыванием.

Lex
09.01.2005, 13:29
Занятная программа, но оооочень тормозная.

SDA
10.01.2005, 21:55
Более подробное описание, кому интересно:
http://www.fcenter.ru/online.shtml?articles/software/utilities/11490