"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote:

>From: "Walt Bilofsky" <bilofsky@toolworks.com>
>
>| Uniblue SpyEraser found a number of "threats" on my PC that were not
>| detected by any other program I tried. Is this a cause for concern?
>
>| I downloaded and ran the free (scan only) SpyEraser from
>| http://www.liutilities.com/products/spyeraser/ . It found a lot of
>| problems, and suggested that the product be purchased in order to
>| clean them up.
>
>| Among the threats it found were Screenspy, Mainpean Dialer, and
>| AdultLinks QABar. I scanned my system with Norton Anti-Virus 2006,
>| Spybot 1.3, and Ad-Aware SE Personal, and none of them found any of
>| these (or anything else worth worrying about). The Symantec web site
>| lists files and registry keys for these threats, none of which were
>| present on my PC.
>
>| SpyEraser also listed threats called NX Client, Viewpoint Media
>| Toolbar, TinTel dialer, and VX2. Symantec doesn't list any of these
>| as threats.
>
>| So - what's going on here?
>
>P.S.:: It wasn't so easy to uninstall SpyEraser, either. And when I
>| got the uninstall to run without errors, it left the program files on
>| the hard drive anyway.
>
>Symantec is not a good non-viral anti malware detector. Ad-aware SE and SpyBot S&D are.
>However, you need to remove SpyBot S&D v1.4 and replace it with v1.4, then update it.
>
>I haven't heard of SpyEraser and it isn't on the Rogue list on Spyware Warrior. The
>installer also scans clean at Virus Total. However, it may be a new Rogue. One that
>repoerts malware that isn't there and one that won't allow easy removal.
>
>I suggest adding the following to Ad-aware and SpyBot
>SuperAntiSpyware -- http://www.superantispyware.com/supe...freevspro.html
>
>then perform the following...
>
>Download MULTI_AV.EXE from the URL --
>http://www.ik-cs.com/programs/virtools/Multi_AV.exe
>
>To use this utility, perform the following...
>Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
>Choose; Unzip
>Choose; Close
>
>Execute; C:\AV-CLS\StartMenu.BAT
>{ or Double-click on 'Start Menu' in C:\AV-CLS }
>
>NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
>FireWall to allow it to download the needed AV vendor related files.
>
>C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
>This will bring up the initial menu of choices and should be executed in Normal Mode.
>This way all the components can be downloaded from each AV vendor's web site.
>The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.
>
>You can choose to go to each menu item and just download the needed files or you can
>download the files and perform a scan in Normal Mode. Once you have downloaded the files
>needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
>during boot] and re-run the menu again and choose which scanner you want to run in Safe
>Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.
>
>When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
>file. http://www.ik-cs.com/multi-av.htm
>
>Additional Instructions:
>http://pcdid.com/Multi_AV.htm
>
>
>* * * Please report back your results * * *

Thanks for your reply.

SuperAntiSpyware reported no problems. (Every program found tracking
cookies; I'm not considering them as problems for the purpose of these
reports.)

I downloaded all the scanners in Multi_AV. Sophos (in Normal Mode)
found a "virus fragment" in one of the folders in my mail program, and
without asking removed it, I know not where. Fortunately that
particular folder hadn't been changed since my weekly automatic
backup; if it had deleted my entire in-box I would have been peeved.
(Norton Anti-Virus is happy with that file so perhaps a fragment isn't
a virus. But I'll take advice on that.)

At that point I decided that the pursuit of further knowledge wasn't
worth running three more programs intended for use when a system is so
damaged that deleting the odd file without prompting is perfectly
acceptable. So I terminated the Sophos scan before it could find and
devour my backup file.

If any of the other three scanners prompts before deleting, I'll be
happy to give them a whirl.

Do you think I've seen enough to conclude that Uniblue Spyeraser is
reporting bogus infections? I do.

- Walt Bilofsky