Just to say that in my system, spyeraser finds a file that does not
exist....
regards,
M
> "Nick Skrepetos" <nskrepe...@yahoo.com> wrote:
>>Walt Bilofsky wrote:
>>> "Nick Skrepetos" <nskrepe...@yahoo.com> wrote:
>>> >Walt Bilofsky wrote:
>>> >> Uniblue SpyEraser found a number of "threats" on my PC that were
>>> >> not detected by any other program I tried. Is this a cause for
>>> >> concern?
>>> >> I downloaded and ran the free (scan only) SpyEraser from
>>> >> http://www.liutilities.com/products/spyeraser/ . It found a lot
>>> >> of problems, and suggested that the product be purchased in order
>>> >> to clean them up.
>>> >> Among the threats it found were Screenspy, Mainpean Dialer, and
>>> >> AdultLinks QABar. I scanned my system with Norton Anti-Virus
>>> >> 2006, Spybot 1.3, and Ad-Aware SE Personal, and none of them
>>> >> found any of these (or anything else worth worrying about). The
>>> >> Symantec web site lists files and registry keys for these
>>> >> threats, none of which were present on my PC.
>>> >> SpyEraser also listed threats called NX Client, Viewpoint Media
>>> >> Toolbar, TinTel dialer, and VX2. Symantec doesn't list any of
>>> >> these as threats.
>>> >> So - what's going on here?
>>> >> P.S.: It wasn't so easy to uninstall SpyEraser, either. And when
>>> >> I got the uninstall to run without errors, it left the program
>>> >> files on the hard drive anyway.
>>> >I am going to reserve official comment here - I would be interested
>>> >in seeing the LOG of EXACTLY what was detected. Can you post that
>>> >here?
>>> >Nick Skrepetos
>>> >SUPERAntiSpyware.com
>>> >http://www.superantispyware.com
>>> Sounds sensible, Nick.
>>> The log (omitting tracking cookies) is below, with my comments in
>>> brackets. Hope this is helpful.
>>> - Walt
>>> ==================
>>> Start Dateecember 26, 2006 at 09:28:03 PM
>>> End Date
>>> Total Time:4 Mins 52 Secs
>>> Detected Threats
>>> NX Client
>>> Details: NoMachine is useful for remote access and terminal services
>>> and is installed in companies such as HP, Google, IBM, Siemens,
>>> Motorola, SAP, Philips Semiconductors, Nokia, Verisign, VMWare,
>>> Novell, Symbio Technologies, Trolltech, Toshiba Electronics Europe,
>>> AXA Technology Services etc.
>>> Status:No Action taken
>>> Remote Control Software-Remote Control Software
>>> Infected registry keys/values detected
>>> hkey_local_machine\software\cygnus solutions\cygwin\program
>>> options\\
>>> hkey_local_machine\software\cygnus solutions\cygwin\mounts
>>> v2\\
>>> hkey_local_machine\software\cygnus solutions\\
>>> [ WALT: These keys are there, but the only values in them are the
>>> pathnames for my Cygwin directories, and one flag bit.]
>>> Tintel
>>> Details: Tintel is a program which makes long-distance phone calls
>>> or calls to 900 and 976 phone numbers without user's knowledge. To
>>> connect, the computer must be connected to a phone line via a
>>> standard modem or ADSL. Cable or satellite users and users on
>>> network or behind a firewall are generally not affected. Tintel
>>> allows subscription-based websites to charge subscribers by billing
>>> the user's phone line.
>>> Status:No Action taken
>>> Dialer-Dialer
>>> Infected registry keys/values detected
>>> hkey_classes_root\.tcw\\
>>> [WALT: This registry key assigns the extension .tcw to Turbo Cad Win
>>> 2.]
>>> ScreenSpy
>>> Details: ScreenSpy is a type of RAT spyware. Remote Administration
>>> Tool provides a complete control over the machine and it could be
>>> used for malicious purposes. It also tries to manipulate machine
>>> through a remote location on the internet. There are two types of
>>> components: one is on target machine and answer all the remote
>>> commands and second application that is used by the attacker to
>>> track the server applications.
>>> Status:No Action taken
>>> Key Logger-Key Logger
>>> Infected registry keys/values detected
>>> hkey_current_user\software\classes\clsid\{1efb6596-857c-11d1-b16a-00c
>>> 0f0283628}\ inprocserver32\\
>>> VX2
>>> Details: VX2 is a Browser Helper Object for InternetExplorer. It
>>> monitors web pages requested and data entered into forms and sends
>>> this information to its home server. It then displays pop-up
>>> advertisement windows based on the information. It can update itself
>>> and install other software. There are two variants of this parasite
>>> with different file and internal names, but both work identically.
>>> It also shares IE's memory context and has the capability to perform
>>> any action on the available windows and modules.
>>> Status:No Action taken
>>> Browser Helper-Browser Helper
>>> Infected registry keys/values detected
>>> hkey_local_machine\software\vendor
>>> [WALT: The value of the key "vendor" is "Dell", the manufacturer of
>>> my PC.]
>>> MainPean Dialer
>>> Details: MainPean Dialer is a program which makes long-distance
>>> phone calls or calls to 900 and 976 phone numbers without user's
>>> knowledge. To connect, the computer must be connected to a phone
>>> line via a standard modem or ADSL. Cable or satellite users and
>>> users on network or behind a firewall are not affected.
>>> Status:No Action taken
>>> Dialer-Dialer
>>> Infected registry keys/values detected
>>> hkey_current_user\software\freeware\\
>>> [WALT: This key contains a subtree of keys for the freeware program
>>> VirtualDub.]
>>> NJStar
>>> Details: NJStar Asian Explorer is a FREE web browser created for
>>> reading Chinese, Japanese and Korean (CJK) web pages with
>>> intelligent NJStar CJK auto-detection technologies just like
>>> Microsoft Internet Explorer or Netscape. It gives a tension free CJK
>>> web surfing experience. Its use is in conjunction with the
>>> best-selling NJStar Communicator and it allow us to view, input and
>>> save CJK web pages with unprecedented control and ease.
>>> Status:No Action taken
>>> Adware-Adware
>>> Infected registry keys/values detected
>>> hkey_current_user\software\njstar\\
>>> [WALT: This browser helper is cited as Adware around the web. I
>>> installed the software for its Chinese keyboard input.]
>>> AdultLinks.QBar
>>> Details: AdultLinks QaBar combines links to porn and other sites to
>>> the Internet Explorer Favorite menu.It is also known as adware that
>>> shows what third-party is advertising on his computer. Ads could of
>>> various forms like, pop-ups, pop-unders, banners, or links embedded
>>> within web pages or parts of the Windows interface. Adware also
>>> helps in keeping track of browsing habits so that a record could be
>>> kept with the user.
>>> Status:No Action taken
>>> Browser Plugin-Browser Plugin
>>> Infected files detected
>>> c:\windows\downloaded program files\conflict.1\lssupctl.dll
>>> c:\windows\downloaded program files\conflict.1\lssupctl.inf
>>> c:\windows\downloaded program files\conflict.1\sdclicense.txt
>>> c:\windows\downloaded program files\conflict.1\symadata.dll
>>> c:\windows\downloaded program files\conflict.1\tgctlsi.dll
>>> c:\windows\downloaded program files\conflict.1\tgctlsi.inf
>>> c:\windows\downloaded program files\conflict.1\tgctlsr.dll
>>> c:\windows\downloaded program files\conflict.1\tgctlsr.inf
>>> Infected directories detected
>>> c:\windows\downloaded program files\conflict.1
>>> [WALT: tgctlst.inf starts off:
>>> ;SprtName=SupportSoft ScriptRunner Control
>>> ;SprtXpiName=SupportSoft ScriptRunner
>>> ;SprtJarName=SupportSoft/ScriptRunner
>>> ;SprtEmbedType=application/x-SupportSoft-ScriptRunner-Plugin
>>> I see an LsSupCtl.dll but no matching inf file. sdclicense.txt is a
>>> license from support.com.]
>>Walt - much as I suspected - a whole bunch of what appear to be false
>>positives. That's quite a few on single non-infected system. SpyEraser
>>was detecting SUPERAntiSpyware as a "rogue" product - they corrected
>>that as soon as I found out about the detection.
>>Nick Skrepetos
>>SUPERAntiSpyware.com
>>http://www.superantispyware.com
Reply With Quote