Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 296
  • Last Modified:

MS AntiSpyware says a lot of processess are spyware. Is this true?

I've run Microsoft AntiSpyware a couple of times and it shows lots of processess I've always thought were safe to be "a known spyware free process that uses autostart properties to run." Processess like fast.exe, InCD (Nero) and some others I have deleted...

Now, should I trust MS AntiSpyware? You know, it' a beta version... (Beta1). In other words, can I safely remove files/processes this software indicates as spyware?


1 Solution
Hi Lincoln, yes MS AntiSpyware seems to be catching some false positives.  I seen one user who said it catches Firefox as being a threat also.

What I recommend is checking out what it found first.  If it's something you recognize like Nero, I would ignore it's warning.

Not sure if you have these installed already, so here are other spyware removal programs:

Please download Ad-aware SE (http://www.lavasoftusa.com) and install it if you don't have it already.  Make sure it's the newest version and check for any updates before running it.  Go to http://www.lavasoftusa.com/software/addons/vx2cleaner.shtml to get the plug-in for fixing VX2 variants.  To run this tool, go into Ad-aware->Add-ons and select VX2 Cleaner.  Then click Run Tool and OK to start it.  If it's clean, it will say Status System Clean.  Otherwise, you will have to click on the Clean button to remove the VX2 infection.  Run the scan and fix everything that it finds.

Download and install Spybot S&D (http://security.kolla.de/).  Run Spybot and click on the 'Search for Updates' button.  Install any updates that are available.  Next click on the 'Check for Problems' button.  Let it run the scan.  If it finds something, check all those in RED and hit the 'Fix Selected Problems' button.  Exit Spybot.  If you keep getting the DSO Exploit entries, even after you updated Windows and fixed them, then download the Spybot DSO Exploit Fix (http://majorgeeks.com/download4392.html) and install it over the current Spybot installation.

This one below is specifically made to remove the CoolWebSearch infections.

Download CWShredder (http://www.greyknight17.com/spy/CWShredder.exe) and run it.  Click on 'I Agree' button if you agree with it.  Click on 'Fix' (it will automatically fix anything it finds for you) and OK.  If it asks if you want to delete a certain random file, choose No and post that filename here.  Let it finish the scan and then hit Next and Exit.
like greynight was saying, you need to be very careful deleting things it detects. I use BearShare sometimes, killed all the spyware that came with it, but since it comes with spyware the actual app was listed as spyware.

The things it finds, if your not familuar with the file name, usually putting the full filename threw google will tell you what the file is and more than likely where you got it from.

Rich RumbleSecurity SamuraiCommented:
I recommend Ad-Aware as well from lavasoft... M$ seems to be playing favorites these days, as I've seen it also detect FireFox as spyware, and the install was very new... I think they may actually be targeting legit programs, and or there are many FP's right now. Giant's spyware was very good before M$ bought them...
http://www.ignition-project.com/node/376  (they are one to talk... see the screen shot and description)

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now