altermatt Premium Member join:2004-01-22 White Plains, NY |
Spywareinfo's online scan?A family member is a techie by career, and was on the phone with MS regarding the hosing of his machine (no RealTek) by the latest patch, and the MS rep told him to run the online spyware scan at » www.spywareinfo.com/xscan.php . He's VERY security savvy, running well-thought of apps (including Webroot SpySweeper) which have never found anything, yet that scan found a bunch of stuff. He thought that meant it was good and suggested I try. I'm even more careful and have never had an infection of any kind. So I ran the scan (not the installable ActiveX control but the non-downloadable one) and was disturbed to find it popped up with a bunch of suspeicious files it wanted to fix. Including saying it detected HotBar in---get this---a shortcut on my desktop! That's just silly, but the other "detections" were in CLSID's, etc. and more troublesome. It also said it detected the service IPRIP running (which can be a backdoor), but there is no such service running anywhere. I didn't trust this enough to let it "fix" things. I can't believe all the top security software all miss these things and this online scan suddenly finds them. Does anyone have experience with this tool and can comment? If they're legit, and SpySweeper, SAV, KAV, BOClean, etc. are all missing these, it would certainly indicate a problem! Color me doubtful, but open to learning. |
|
norwegian Premium Member join:2005-02-15 Outback |
Thanks for the link altermatt. Gave the activex a run, and found it requires just to download mscoree.dll mscorie.dll wmhelper.dll javacypt.dll msjava.dll Then once installed, ran the tool and it found has the same detection of Smiley that has been around for as long as I can remember. Here's a link at Kaspersky about it » forum.kaspersky.com/lofi ··· 138.htmlI would like to know more on this. It hasnt found anything else, nor has anything else found this Smiley adware in all the tested software that has run here. The program it came from seems a really good tool for keeping cleaning maintainance done, but spyware scanner, not so sure. I'll wait till someone with more knowledge on this subject can comment before passing judgement. |
|
dadkinsCan you do Blu? MVM join:2003-09-26 Hercules, CA 2 edits |
to altermatt
X-Cleaner? Get the free version and run it from on your machine: » www.techspot.com/downloa ··· ree.htmlBTW, the X-Cleaner scan that you linked to at SpywareInfo... it found Proven Tactics(Comcast Toolbar) - nothing else. I'm ok with that. The freeware X-Cleaner has been in my toolbox for years. |
|
altermatt Premium Member join:2004-01-22 White Plains, NY |
said by dadkins:X-Cleaner? Get the free version and run it from on your machine: Well, the site says this tool is exactly the same as the free version of x-cleaner, so my concerns and original question still stands: since every other security app finds nothing, nada, on any of the three machines (all very securely run) tested, and this tool finds lots of very strange and scary stuff (including HotBar in a shortcut, which as far as I know is impossible), is this really a reliable tool? And if so, why isn't this making headline news that all the well-known apps are missing so many things? I'm used to different apps sometimes picking up one or two things another app doesn't, but this was really over-the-top. So open to assessments of how likely it is that what they found is really malware especially considering the anomalies I mention in the first post. Thanks. |
|
dadkinsCan you do Blu? MVM join:2003-09-26 Hercules, CA 2 edits |
| Proven Tactics - Comcast Toolbar |
*Here* it finds only the Proven Tactics BHO - aka the Comcast Toolbar. I have the Comcast Toolbar... I installed it. Nothing else is found. I can't call it on the other apps, but I have used X-Cleaner for years. Since X-Cleaner gives you the path, look for them manually and see if they are there. » www.spywareguide.com/pro ··· 6&from=4 |
|
Name Game Premium Member join:2002-07-07 Grand Rapids, MI
1 recommendation |
to altermatt
I ran it for you in the active X..found nothing on my winxp Sp2 laptop. |
|
dadkinsCan you do Blu? MVM join:2003-09-26 Hercules, CA |
said by Name Game:I ran it for you in the active X..found nothing on my winxp Sp2 laptop. Yep! |
|
norwegian Premium Member join:2005-02-15 Outback
1 recommendation |
to dadkins
said by dadkins:Since X-Cleaner gives you the path, look for them manually and see if they are there. This has to be a bonus. Something I like too. |
|
Name Game Premium Member join:2002-07-07 Grand Rapids, MI |
to altermatt
|
|
Name Game |
to altermatt
Hotbar has lots of desktop stuff BTW » www.google.com/search?hl ··· e+Search |
|
bettywont Premium Member join:2004-09-11 Montreal, QC |
to altermatt
I find it odd MS is not recommending their own ''WINDOWS DEFENDER''I personally have a list of trusted Spyware detection programs and have tested many that gave false positives.The one that had the most F/P'S in my testing, is SPYWARE DOCTOR,it would be interesting to see what they detected for analogy;Please post the comparisons if you wish to. |
|
dadkinsCan you do Blu? MVM join:2003-09-26 Hercules, CA 3 edits |
to Name Game
Also, I think Oberon Media (free games) are owned/partnered with HotBar...\ » www.hotbargames.com/priv ··· cy&lc=enPlay freebie games? Get them at MSN? Pogo? Verizon? » corp.oberon-media.com/gc_5.aspThat would be your HotBar. |
|
EliteKiss My Ass join:2002-10-03 New Haven, CT Synology RT2600ac TP-Link TC-7650 ARRIS SB8200
1 edit |
to altermatt
This program is crap. I've never seen something produce so many FPs before. On my very secure setup, with an install of Windows from under a month ago, it supposedly thought I had BonzaiBuddy installed according to a CSLID it found. Scans with Both Ad-aware and Super Antispyware bring back 0 results. Googling of the CLSID it detected shows it to be a former FP with a few products, including Ad-Aware. |
|
dadkinsCan you do Blu? MVM join:2003-09-26 Hercules, CA |
Odd, didn't find that here... 3 month old computer here with ALL updates.
Do you have the entire path to this supposed nasty? |
|
EliteKiss My Ass join:2002-10-03 New Haven, CT Synology RT2600ac TP-Link TC-7650 ARRIS SB8200
2 edits |
to altermatt
There was no path. Just a few reg keys. Checked out the reg keys, they don't point anywhere. For anyone interested: Detected BonziBuddy: CLSIDs (1) : {decc98e1-ec4e-11d2-93e5-00104b9e078a}
Registry Keys (2) : HKEY_CLASSES_ROOT\interface\{decc98e1-ec4e-11d2-93e5-00104b9e078a} HKEY_LOCAL_MACHINE\Software\Classes\Interface\{decc98e1-ec4e-11d2-93e5-00104b9e078a} Both these CSLIDs have 1 key called "ISSImage", then there are a few subkeys under the CSLIDs with just as little data. No paths or files at all. |
|
dadkinsCan you do Blu? MVM join:2003-09-26 Hercules, CA |
Don't know what to tell you friend... X-Cleaner finds nothing out of the ordinary here except the Comcast Toolbar... that's here on purpose.
Those keys don't exist here. On any of my machines. |
|
altermatt Premium Member join:2004-01-22 White Plains, NY |
Thanks to all for the varying responses. Apparently, some are finding a lot of false positives, others have no problem whatsoever. I got curious when he reported a bunch of stuff found on his machine when I know he's pretty careful, so thought I'd use it on mine, figuring NOTHING would come up, and was distressed to see a LOT of strange stuff (well, I consider 5 a lot!). And when one was to a SHORTCUT (not to the game itself, which I could understand, but to the shortcut to the folder in which the game LINK is (didn't peep on the folder that the game actually is in, just the one with the shortcut to the folder with the shortcut!), I got suspeicious.
I don't have IPRIP running, either, though I know it can be both a legit service and a nasty---it just isn't listed in my Services.
And the rest were CLSIDs that were indicating VERY bad (and well-known) trojans and backdoors that I would have expected one of the security apps here to have picked u long before this. I'm really hesitant to trust these, since they look like FPs, yet it bothers me to think I've got anything nasty here when I'm so careful!
Hence, still open to hearing more, and will run the tool again from an admin account instead of a power user in case the FPs were due to not being able to access everything in the reg. (doubtful, but worth a try).
Thanks!! |
|
|
altermatt |
LATE UPDATE: Despite finding reports elsewhere of FPs with this tool (I always check here first ), the assurances of some here made me decide to try running the scan agai, from my admin account, and letting it fix everything. Of course, I did a True Image first , as well as letting it make a Restore Point. Each time it found a CLSID with a supposed nasty in there, I let it "Remove", carefully copying the info to a notepad file just in case. The only thing I wouldn't let it do is the "IPRIP" service---I do have RIP Listener (a standard MS service) listed in services, but it is disabled and not running, and there is no "IPRIP" listed as such. And I just didn't trust it to remove an entire service, especially one that doesn't exist. But when it said it found When UU control and CoolWebSearch in CLSIDs (again, common yet never found here by any other tool), I let it go ahead and remove; same with the supposed HotBar it found in the LINK to the games folder on my desktop (not in the games folder itself, which contains mainly boring common games). To its credit, so far nothing seems broken. The only negative is that it said it had to reboot and did so before I could save my notepad file, so my "failsafe" listing of all changes was gone. I redid the scan and all it found was the SweetBar in IPRIP thing, which I left alone until I can do some more research on why this should show up. Thanks all for your help. Any further comments, pro or con, greatly appreciated. I still think this gives a lot of FPs, and am leery of recommending it to rookies who might not be comfortable researching each thing and being careful to do this with belt and suspenders. |
|
Just Bob Premium Member join:2000-08-13 Spring Hill, FL |
Just Bob
Premium Member
2007-Apr-7 7:46 am
You may want to look this over and see if you have any of the files or registry entries. If you do, I'd recommend taking your problem to the cleanup forum. » www.sarc.com/avcenter/ve ··· gof.html |
|
1 recommendation |
superspy2000 to dadkins
Anon
2007-Apr-7 8:41 am
to dadkins
Hey Dadkins isn't that download of X-cleaner free a bit old now? Here: » www.techspot.com/downloa ··· ree.htmlI think the latest so-called free versions are 30 day trial though, so maybe that's why your recommending an older free version? |
|
Name Game Premium Member join:2002-07-07 Grand Rapids, MI
1 recommendation |
to altermatt
said by altermatt:LATE UPDATE: Despite finding reports elsewhere of FPs with this tool (I always check here first ), the assurances of some here made me decide to try running the scan agai, from my admin account, and letting it fix everything. Of course, I did a True Image first , as well as letting it make a Restore Point. Each time it found a CLSID with a supposed nasty in there, I let it "Remove", carefully copying the info to a notepad file just in case. The only thing I wouldn't let it do is the "IPRIP" service---I do have RIP Listener (a standard MS service) listed in services, but it is disabled and not running, and there is no "IPRIP" listed as such. And I just didn't trust it to remove an entire service, especially one that doesn't exist. But when it said it found When UU control and CoolWebSearch in CLSIDs (again, common yet never found here by any other tool), I let it go ahead and remove; same with the supposed HotBar it found in the LINK to the games folder on my desktop (not in the games folder itself, which contains mainly boring common games). To its credit, so far nothing seems broken. The only negative is that it said it had to reboot and did so before I could save my notepad file, so my "failsafe" listing of all changes was gone. I redid the scan and all it found was the SweetBar in IPRIP thing, which I left alone until I can do some more research on why this should show up. Thanks all for your help. Any further comments, pro or con, greatly appreciated. I still think this gives a lot of FPs, and am leery of recommending it to rookies who might not be comfortable researching each thing and being careful to do this with belt and suspenders. I suggest to you the following: 1.If you would have let X-cleaner do everything it called out it would not have broken your system. 2, Even though you have all those other Security products mentions that you felt had done a good job in protecting you and therefore x-cleaner was full of beans..I suggest to you that all the security products and after the fact scanners you do have that might have cleaned up malware or a badboy in the past..all some really do is DISABLE the crap so it does NOT run..that is their main job...and in doing so they still leave bits of crap from the original exploit on your PC..some clean up more of it than others..so continue your research..but I think you will find the bits it called out were legit..but not really active. In the past people have found the same scenario matching off LavaSoft Adaware against Sypbot S&D. |
|
dadkinsCan you do Blu? MVM join:2003-09-26 Hercules, CA |
to altermatt
^^^What Name Game Said!^^^
Likely traces that were leftover form a previous cleaning by - ???.
I still feel it is a good idea to have *ALL* the bad guys - and ALL the traces(running or not) removed from the machine(s)
*MY* scan found a toolbar that *I* put on here - Good Lookin Out! NOTHING else is found on here...
I can uninstall the toolbar and it will find nada. |
|
altermatt Premium Member join:2004-01-22 White Plains, NY
2 recommendations |
to Name Game
said by Name Game:If you would have let X-cleaner do everything it called out it would not have broken your system. As I mentioned, I DID let it remove everything except the IPRIP, and yes, everything seems to be working fine. said by Name Game:all some really do is DISABLE the crap so it does NOT run...and in doing so they still leave bits of crap from the original exploit on your PC..I think you will find the bits it called out were legit..but not really active. That's a good take on this; thanks! From what you say, chances are these were "traces" that weren't harmful, but I'm glad to have them off the system anyway. So I'm feeling better about this tool, definitely. That said, would still be careful recommending this to rookies who might not be willing to think before removing, including doing a bit of research, and who might not have an image and/or system restore at the ready. Again, thanks all. |
|
Name Game Premium Member join:2002-07-07 Grand Rapids, MI
1 recommendation |
said by altermatt:said by Name Game:If you would have let X-cleaner do everything it called out it would not have broken your system. As I mentioned, I DID let it remove everything except the IPRIP, and yes, everything seems to be working fine. said by Name Game:all some really do is DISABLE the crap so it does NOT run...and in doing so they still leave bits of crap from the original exploit on your PC..I think you will find the bits it called out were legit..but not really active. That's a good take on this; thanks! From what you say, chances are these were "traces" that weren't harmful, but I'm glad to have them off the system anyway. So I'm feeling better about this tool, definitely. That said, would still be careful recommending this to rookies who might not be willing to think before removing, including doing a bit of research, and who might not have an image and/or system restore at the ready. Again, thanks all. And for that reason..many of us like the download and installed type programs..and especially those that will do an autobackup of what you do decided to delete..in a .reg file..that can then be clicked on to reinstall or repair. Some are not foolproof..but it beats hunting on the internet to find a missing .dll etc. |
|
1 recommendation |
anony101 to altermatt
Anon
2007-Apr-7 1:24 pm
to altermatt
For the record, I ran the activex control from a 3 year old clean windows installation and it found nothing. |
|
Woody79_00I run Linux am I still a PC? Premium Member join:2004-07-08 united state |
If you really wanna know if your Machine is infected with anything or not, i would scan with this online tool then go to » www.emsisoft.com/en/soft ··· re/free/ and download a2 free edition it has over 660,000+ malware/rootkits/spyware/trojans in it's most cureent database if A2 doesn't return any results, then your machine is clean. A2 is primarily an Anti-Trojan/anti-rootkit, but it does have a comprehensive Antispyware, as well as it's "trace" scanning is superb, and it's herustics will report suspicious files, and if you wish you can submit them and A2 team will respond promptly if it's bad or not i have been using A2 for years, it's that good of a product. i have worked on many machines where Kaspersky, Mcafee, symantec, Spy-bot, and every other Program out there says the machine is clean, yet the machine is running terribly, run A2 on the machine it finds everthting the others won't and fixes it like new. It is awesome, i am running the paid version next to Mcafee and i must say, it is an excellent set up The only difference btween the free version and paid version is "Real-time protection" the free version uses the same egine and database updates as the paid version download and install A2 update it, and run a deep scan on your PC and posts the results or let me know if A2 finds anything |
|
dadkinsCan you do Blu? MVM join:2003-09-26 Hercules, CA |
AVG/Ewido has 735, 319 currently... but -
No single security app catches 100%. No single security app will detect all traces. This is why *I* scan with a boatload of scanners weekly. I'm more likely to *NOT* have malware than most.
Running, dormant, archived, traces, whatever... it all gets removed!
YMMV. |
|
|
to altermatt
May I suggest an experiment? With current updates, make sure that full immunization is applied by both Spywareblaster and Spybot S&D. Then run Xcleaner and let it fix all that it finds. Then open Spywareblaster and Spybot S&D in turn and check to see if any immunization has been removed. |
|
Mowergun |
The point of my suggested experiment is to see if Xcleaner is mis-identifying kill bits as malicious cslid's. |
|
EliteKiss My Ass join:2002-10-03 New Haven, CT |
to altermatt
Still convinced that what it found on my machine was an FP, minus the fact that nobody else has the same FP.
In regedit do a search for the string "ISSImage". Anything come up? |
|