MS AntiSpyware says a lot of processess are spyware. Is this true?

Posted on 2005-02-28
Medium Priority
Last Modified: 2013-12-04
I've run Microsoft AntiSpyware a couple of times and it shows lots of processess I've always thought were safe to be "a known spyware free process that uses autostart properties to run." Processess like fast.exe, InCD (Nero) and some others I have deleted...

Now, should I trust MS AntiSpyware? You know, it' a beta version... (Beta1). In other words, can I safely remove files/processes this software indicates as spyware?


Question by:LincolnCarvalho
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 15

Accepted Solution

greyknight17 earned 500 total points
ID: 13425971
Hi Lincoln, yes MS AntiSpyware seems to be catching some false positives.  I seen one user who said it catches Firefox as being a threat also.

What I recommend is checking out what it found first.  If it's something you recognize like Nero, I would ignore it's warning.

Not sure if you have these installed already, so here are other spyware removal programs:

Please download Ad-aware SE (http://www.lavasoftusa.com) and install it if you don't have it already.  Make sure it's the newest version and check for any updates before running it.  Go to http://www.lavasoftusa.com/software/addons/vx2cleaner.shtml to get the plug-in for fixing VX2 variants.  To run this tool, go into Ad-aware->Add-ons and select VX2 Cleaner.  Then click Run Tool and OK to start it.  If it's clean, it will say Status System Clean.  Otherwise, you will have to click on the Clean button to remove the VX2 infection.  Run the scan and fix everything that it finds.

Download and install Spybot S&D (http://security.kolla.de/).  Run Spybot and click on the 'Search for Updates' button.  Install any updates that are available.  Next click on the 'Check for Problems' button.  Let it run the scan.  If it finds something, check all those in RED and hit the 'Fix Selected Problems' button.  Exit Spybot.  If you keep getting the DSO Exploit entries, even after you updated Windows and fixed them, then download the Spybot DSO Exploit Fix (http://majorgeeks.com/download4392.html) and install it over the current Spybot installation.

This one below is specifically made to remove the CoolWebSearch infections.

Download CWShredder (http://www.greyknight17.com/spy/CWShredder.exe) and run it.  Click on 'I Agree' button if you agree with it.  Click on 'Fix' (it will automatically fix anything it finds for you) and OK.  If it asks if you want to delete a certain random file, choose No and post that filename here.  Let it finish the scan and then hit Next and Exit.

Expert Comment

ID: 13428251
like greynight was saying, you need to be very careful deleting things it detects. I use BearShare sometimes, killed all the spyware that came with it, but since it comes with spyware the actual app was listed as spyware.

The things it finds, if your not familuar with the file name, usually putting the full filename threw google will tell you what the file is and more than likely where you got it from.

LVL 38

Expert Comment

by:Rich Rumble
ID: 13432479
I recommend Ad-Aware as well from lavasoft... M$ seems to be playing favorites these days, as I've seen it also detect FireFox as spyware, and the install was very new... I think they may actually be targeting legit programs, and or there are many FP's right now. Giant's spyware was very good before M$ bought them...
http://www.ignition-project.com/node/376  (they are one to talk... see the screen shot and description)

Featured Post

Four New Appliances. Same Industry-leading Speeds.

But don't take it from us.  The Firebox M370 is Miercom tested and Miercom approved, outperforming its competitors for stateless and stateful traffic throughput scenarios.  Learn more about the M370, M470, M570 and M670 and find the right solution for your organization today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

No security measures warrant 100% as a "silver bullet". The truth is we also cannot assume anything but a defensive and vigilance posture. Adopt no trust by default and reveal in assumption. Only assume anonymity or invisibility in the reverse. Safe…
Users of Windows 10 Professional can disable automatic reboots using the policy editor. This tool is not included in the Windows home edition. But don't worry! Follow the instructions below to install (a Win7) policy editor on your Windows 10 Home e…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…
Suggested Courses
Course of the Month12 days, 18 hours left to enroll

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question