locked
Why does Windows Live OneCare not able to remove OneStep Search Toolbar RRS feed

  • Question

  • When I run Windows Live OneCare I would expect it to detect and remove the Malware\Spyware OneStep Search Toolbar.   Every time I run Yahoo Anti-Spy it finds this culprit immediately.  Why  does Windows OneCare not detect this?   I have applied all the updates and still not able to get rid of this.  I am now in the process of downloading Service Pack 3!  Will this take care of this issue? If anyone has an answer on how to get this off my computer please let me know.  Thank you for your support.  I would hope the Windows Live OneCare team is addressing this issue.

     

     

     

    Tuesday, September 23, 2008 3:08 PM

Answers

  • Once a malware program is identified and a removal routine is verified, there is sometimes a considerable wait for this information to be automated and coded into the program’s malware engine. So the best bet is to contact OneCare Support and see if they have a manual removal routine that they can walk you through: http://forums.microsoft.com/WindowsOneCare/ShowPost.aspx?PostID=2421771&SiteID=2

    GreginMich

     

    Edit: Jimdano, did Yahoo Anti-Spy remove or quarantine this malware, or make an attempt to do so? Is it still being detected when you scan with Yahoo Anti-Spy? Does OneCare fail to make any detection when you run a full system scan?

    Wednesday, September 24, 2008 12:03 AM

All replies

  • Once a malware program is identified and a removal routine is verified, there is sometimes a considerable wait for this information to be automated and coded into the program’s malware engine. So the best bet is to contact OneCare Support and see if they have a manual removal routine that they can walk you through: http://forums.microsoft.com/WindowsOneCare/ShowPost.aspx?PostID=2421771&SiteID=2

    GreginMich

     

    Edit: Jimdano, did Yahoo Anti-Spy remove or quarantine this malware, or make an attempt to do so? Is it still being detected when you scan with Yahoo Anti-Spy? Does OneCare fail to make any detection when you run a full system scan?

    Wednesday, September 24, 2008 12:03 AM
  • I certainly agree with Greg, you should be going to OneCare support for this problem.  However, I can tell you that a signature for the malware currently exists in OneCare.  Perhaps they need a new sample from you to update the 02/05/2008 definition they have here: http://www.microsoft.com/security/portal/Entry.aspx?Name=BrowserModifier%3aWin32%2fOneStepSearch
    Wednesday, September 24, 2008 1:06 AM
  • Good research Dave! I’m wondering if the Yahoo Anti-Spy might have removed the detectable core of the program and left some remnants behind. As I just pointed out in another post, and as you well know, the initial removal routines sometimes miss some highly visible components that leave the user confused about whether the malware program has actually been removed. That would be my guess, but you’re right, it could be a new variant. Best Regards,

    GreginMich

     

    Wednesday, September 24, 2008 1:45 AM
  • If we look at the number of variants that Kaspersky has defined for this malware in this listing: http://www.threatexpert.com/threats/adware-whenusearchbar.html

    … it appears more likely that the culprit in this case could very well be a variant that is not being detected by OneCare. If this is a variant that hasn’t been identified by Microsoft, then Dave’s suggestion of submitting a sample would apply. If this variant has been identified and a signature release is pending, then the information for removal might already be available, as I suggested. Either way, OneCare Support should be able to sort this out.

    GreginMich

     

    Wednesday, September 24, 2008 12:23 PM