Guest HTFiddler Posted February 2, 2009 Posted February 2, 2009 I got infected with "Spyware Protect 2009", a Renos family trojan. Downloaded MSRT, and ran it twice in full scan mode .... 2.5 hrs each. Once in Safe Mode and once in Normal. Both times, MSRT reported 0 infections! And on this page: http://www.microsoft.com/security/portal/ Renos is listed 5 times as a top threat. And every MSRT threat list includes Renos. So I ended up calling 866-PCSAFETY, and they tweaked a few settings and had me run the third party Malwarebytes, which scanned in 1/5th the time (30 min), found 34 infections, cleaned them all and put my Win XP Pro back into top form! Anyone have any idea what is going on here? Like, what's the point of having this tool which knows this Renos family is a top threat and then runs for 2.5 hrs, looks at every file on my hard drive, and cannot identify and remove this trojan? I mean, if you Google, "Spyware Protect 2009", there are over 12,000 hits! It's not like this is some new variant or something. Not only that, most of the removal instructions found via Google are worthless. I wasted half a day with this worthless MSRT. Can't Microsoft do any better??? Quote
Guest 1PW Posted February 2, 2009 Posted February 2, 2009 On 02/02/2009 12:51 AM, HTFiddler sent:<span style="color:blue"> > I got infected with "Spyware Protect 2009", a Renos family > trojan. Downloaded MSRT, and ran it twice in full scan mode > ... 2.5 hrs each. Once in Safe Mode and once in Normal. > Both times, MSRT reported 0 infections! And on this page: > > http://www.microsoft.com/security/portal/ > > Renos is listed 5 times as a top threat. And every MSRT threat list > includes Renos.</span> What was the first thing that led you to think you had been infected? MSRT isn't updated that often and when they do, they seem to provision it only with the ability to do a one/few new things well. <http://support.microsoft.com/kb/890830> About two-thirds of the way down, a list of what MSRT deals with can be found. Not very impressive when compared to the numbers of known malware. <span style="color:blue"> > > So I ended up calling 866-PCSAFETY, and they tweaked a few settings > and had me run the third party Malwarebytes, which scanned in 1/5th > the time (30 min), found 34 infections, cleaned them all and put my > Win XP Pro back into top form!</span> "Does Macy's tell Gimbel's?" It's good to know that some within Microsoft know a winner when they see one. If you're a consistent lurker of these malware newsgroups, you would have noticed that MBAM & SAS are recommended frequently. 34 infections makes me wonder if you had /any/ malware protection to begin with. <span style="color:blue"> > Anyone have any idea what is going on here? Like, what's the point of > having this tool which knows this Renos family is a top threat and > then runs for 2.5 hrs, looks at every file on my hard drive, and > cannot identify and remove this trojan? I mean, if you Google, > "Spyware Protect 2009", there are over 12,000 hits! It's not like > this is some new variant or something. Not only that, most of the > removal instructions found via Google are worthless. > > I wasted half a day with this worthless MSRT. Can't Microsoft do any > better???</span> Many of us believe they would have, if they had wanted to - should have because history shows us this. One hopes that you have learned that more than one type of system protection is essential for your system's security. What counter-measures had you been taking? What changes or additions do you contemplate making now? Besides continued MBAM scans. Do you have any working theories as to how your system became infected? How confident are you that your system is now absolutely cleansed? Pete -- 1PW @?6A62?FEH9:DE=6o2@=]4@> [r4o7t] Quote
Guest Comgeek Posted April 14, 2009 Posted April 14, 2009 Spyware Protect 2009 is a rogue spywares fake program, you should try manual removal method to remove spyware protect 2009 http://darfuns.com/remove-spyware-protector-2009/ Quote
Guest Virus Guy Posted April 15, 2009 Posted April 15, 2009 Comgeek wrote: <span style="color:blue"> > Spyware Protect 2009 is a rogue spywares fake program, you should > try manual removal method to remove spyware protect 2009 > hxxp://darfuns.com/remove-spyware-protector-2009/</span> VBA32 suspected of Win32 Shadow Service Install Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.