Windows Antispy Newsgroup FAQ

At the RSA conference, Bill Gates announced the consumer and enterprise strategy for Microsoft Windows AntiSpyware.

"The personal version of the final Windows AntiSpyware software (will be) available at no additional charge to licensed Windows customers as part of the Windows value proposition. The offering will offer full functionality to consumers, including the ability to detect and remove spyware, continual protection that helps guard against more than 50 ways that Web sites and programs can put spyware on a PC, and protection against the latest threats through the combined efforts of the SpyNetT community and Microsoft researchers. For business customers, with more complex infrastructure support, management and deployment needs, Microsoft plans a managed anti-spyware solution that will be available as part of a paid solution."

More information can be found at the following link: http://www.microsoft.com/presspass/press/2005/feb05/02-15RSA05KeynotePR.asp

Please submit a suspected spyware report by clicking tools -> Suspected Spyware Report.

Windows Antispy Versions below 1.0.613 have now expired.

1) Known bugs/errors/unpopular features

a) Various mis-spellings and errata

c) Win9x installs are not supported. (expected behavior)

d) Enterprise end user could block processes domain administrator wants to run

e) CoolWebSearch, VX2 versions not detected (for cws run antispy in safe mode twice, or try CWShredder

f) false positives try submitting yours

vendors:fill out a dispute form

1) ?

k) Tracks Eraser failures

l) Multi-user installs not working (Limited User errors, Fast User Switching. etc)

p) No "Failed Install" notice

q) Tracking Cookies not deleted. (This feature is not included in this beta release, next version will do that)

r) Accessibility features not included (for the beta)

u) network and firewall related problems (winsock)

aa) Ignore closes the browser

dd) terminal serve (Remote Desktop) into a computer, the MS AntiSpy(beta) icon will turn blue

ee) Firewall dead

hh) Kaaza files lost

jj) Dell machines ask for setup disk on scan

ll) totally successful scans only happen in Safe Mode

nn) HOSTS file permission and blocking features.

oo) System Explorer menu item missing (Conflict caused by ATI Mulltimedia DAO (uninstal-reinstall it)) OR see entry below ******

pp) RUN Key in the registry is not cleared. (perhaps virus rather than spyware, as well as maybe a bug or needed feature)

qq) Search not restored after search spy/hijack removal.(see Advanced Tools menu/Use "Browser Hijack Settings Restore" feature)

ss) scan on startup impacts system performance during the scan

uu) WINTOOLS lockup (uninstall from add/remove app, and run a safe mode scan)

vv) TeaTimer from spybot causes performance hit

yy) home page changes to MSN (Fast User Switching issue)

ccc) Hibernation problems with some antivirus software (not defined yet)

hhh) DSO Exploit not detected Spybot S&D DSO Exploit Fix

iii) antispy 'timed' popup windows have no 'close' option

kkk) Virtual Memory errors ( run a deep scan in Safe Mode, and be sure you are logged on as an admin user)

mmm) System Restore not cleaned (use 'disk cleanup's option for that)

sss) "System Inoculation Wizard " listed in help, but not included in this beta

uuu) Scan causes big performance hit (slow comnputer)

www) Un-quarantined items missing. (Kazaa, and others)

yyy) Scans only function when running as Administrator (this is expected behavior, try 'RunAs" for other users)

aaaa)"Estimated scan time:" incorrect

bbbb) scan freezes to "Polymorphic browser hijack scan" (you have a very large ../System32/drivers/etc/HOSTS file.)

cccc) "Detected Spyware on your system:" message when no spyware found.

dddd) Error 102 aqnd Error 103 (be sure you have the latest version of antispyware, and are running as an administrator.

eeee) ?

a) "I like it" (Thanks for testing the beta and providing feedback.)

b) bug reports? (Yes, file in this newsgroup. Please title the message so it is Obvious it is a bug, error, or false positive)

c) Deployable via SUS, Enterprise? (see notice at top)

d) MS AntiSpyware cannot start with error 101 (Use the Update feature in Add/Remove, "Change" )(see entry below)

e) Giant Software owners (see page for More information about general questions for currently licensed customers of Giant Software

f) Group Policy options available? (see notice at top)

g) about:blank issues (Click Tools, Suspected Spyware Report, and submit it to Spynet)

h) Uninstall MAS? (Add/Remove app in Control Panel)

i) "Is there a tutorial for this software?" Tutorial - How to use the Microsoft AntiSpyware Beta to remove Spyware

j) "Is the Security Center going to include this?" (probably)

k) " Language Settings are ignored." (beta is English only)

l) "Does this beta expire? (Yes, see Help menu, About)

m) "My antispy expired already!" (change to English in Regional Settings, to run the beta

n) "Limited uses cannot run the scan, make it a service."

0) "Why not include a 'Winsock Repair Tool? (they are working on a way to take care of that issue (also see 3)-e) below)

p) "It doesn't scan for Cookies!" (Cookies can be considered YOUR choice. There are various Privacy settings (IE, tools menu, options, privacy tab)

q) "Scheduled scans do not run!" (you have to be logged onto the system for the scan to run)

r) "Update fails with third party firewall"(see *firewall entry below)

s) "When do we get the next version of the beta (or release date for final)" (When it's ready)

t) "Can you update definition files from a downloaded copy?" (not yet, under development)

u) "What criterion is used to determine what is spyware?" Microsoft Windows AntiSpyware (Beta) identifies a program as a spyware threat

v) "Are there any command line arguments available?" ( *.exe -scan -schedule -withui -withresultsui)

w) "Can you do remote, silent, or unattended installs?" (see ** below)

x) "Update version incorrect in Help, About box?" (do a manual update, on the File menu)

y) "Expiration date extension and Beta 2? (July 31 expiration was extended by an online update, and there will be a beta 2, date not announced.)

z) Why do I get a "Shell Execute Hook" error? (you have not restarted the computer after updating Windows Antispy)

3) Remarks

a) "it doesn’t work!! (It's a "Beta")

b) "Will it be free, or not?" (see announcement at top)

c) "My software is falsely accused of spying!" MAS incorrectly identifies a program as a spyware threat

d) "The error.log file gets too big!" (It's a "Beta")

e) "It's NOT a Bug!" (many spyware removals will expose relic damage, Repair the system)

f) Various other rants and trolling (yawn)

created by Mark L. Ferguson

If you wish to request a FAQ addition, send it to marfer_mvp@yahoo.com
but you Must put QZ somewhere in the Subject line of the message, or it gets automatically deleted)

Free for re-publication

(If you would like to post reply comments or additions, anything but a rant is fine.) AntiSpy newsgroup info >> Newsserver: privatenews.microsoft.com Username privatenews\spyware Password: spyware (or) Support newsgroup

*Error 101 fix

(choose a non-default location for the install, e.g "C:\msas\" or )

Verify you are logged in as an administrator.

Open up control panel and double-click on add/remove programs.

Select Microsoft AntiSpyware

Select "Change"

On the Microsoft AntiSpyware Maintenance Wizard, click next.

On the next screen (Microsoft AntiSpyware Maintenance Wizard) select Update

Microsoft AntiSpyware and click next.

Select Install

Let the product update.

Click Finish.

(if no help, try uninstalling from Add/Remove, and then reinstall the antispyware.)

Another Error 101 fix -

Home edition -- In Regedit, navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa. Find the value called "nodefaultadminowner". The supported values are "0" for "Administrators group", or "1" for "Object creator". Set the value to 0.

Pro Edition -- start/run, type secpol.msc , then browse to Security Settings \ Local Policies \ Security Options. The policy name is "System objects: Default owner for objects created by members of the Administrators group". The allowable settings are "Administrators group" or "Object creator". Change it to "Administrators group." After that change has been made, please refresh the policy by typing: "gpupdate /force" from a command prompt.

Another Error 101 fix -

Windows Installer cleanup tool:

http://support.microsoft.com/default.aspx?scid=kb;en-us;290301

And another Error 101 fix -

(on Win 2000):

Go to the MAS install directory (typically C:\Program

Files\Microsoft Anitspyware)

Create a shortcut for dcasDTServ.exe.

Drag the shortcut into your Start Menu\Programs\Startup

Restart.

*Update with third party firewall

Customers with software firewalls need to grant access to the programs below in order to keep Microsoft AntiSpyware up to date as well as upload unknown threats to the spynet community.

GiantAntiSpywareMain.exe

gcasDtServ.exe

MicrosoftAntiSpywareUpdater.exe

gcasServAlert.exe

Customers with hardware firewalls only need to verify ports 80 and 443 are open.

** Remote silent, or unattended installs (found by ryan@overdose)

http://www.overdose.net/docs/msas_silent_remote_install.txt

.\GIANTAntiSpywareMain.exe /S /v/qn

msiexec.exe /i c:\msantispy.msi /qn INSTALLDIR=c:\MSAS\

MsiExec.exe /X {536F7C74-844B-4683-B0C5-EA39E19A6FE3} /L *vx /Log c:\msas.log /quiet

first run "gcasDtServ.exe /regserver" for silent installs (/q)

remote installs of Antispyware