altermatt
Premium
join:2004-01-22
White Plains, NY
 ·Verizon Online DSL
| Spywareinfo's online scan?
A family member is a techie by career, and was on the phone with MS regarding the hosing of his machine (no RealTek) by the latest patch, and the MS rep told him to run the online spyware scan at »www.spywareinfo.com/xscan.php . He's VERY security savvy, running well-thought of apps (including Webroot SpySweeper) which have never found anything, yet that scan found a bunch of stuff. He thought that meant it was good and suggested I try.
I'm even more careful and have never had an infection of any kind. So I ran the scan (not the installable ActiveX control but the non-downloadable one) and was disturbed to find it popped up with a bunch of suspeicious files it wanted to fix. Including saying it detected HotBar in---get this---a shortcut on my desktop! That's just silly, but the other "detections" were in CLSID's, etc. and more troublesome. It also said it detected the service IPRIP running (which can be a backdoor), but there is no such service running anywhere.
I didn't trust this enough to let it "fix" things. I can't believe all the top security software all miss these things and this online scan suddenly finds them. Does anyone have experience with this tool and can comment? If they're legit, and SpySweeper, SAV, KAV, BOClean, etc. are all missing these, it would certainly indicate a problem! Color me doubtful, but open to learning.
--
The truth of a thing is the feel of it, not the think of it. -- Stanley Kubrick |
|
norwegian
Premium
join:2005-02-15
Outback
·WestNet Broadband
| Thanks for the link altermatt.
Gave the activex a run, and found it requires just to download
mscoree.dll
mscorie.dll
wmhelper.dll
javacypt.dll
msjava.dll
Then once installed, ran the tool and it found has the same detection of Smiley that has been around for as long as I can remember. Here's a link at Kaspersky about it
»forum.kaspersky.com/lofiversion/···138.html
I would like to know more on this. It hasnt found anything else, nor has anything else found this Smiley adware in all the tested software that has run here.
The program it came from seems a really good tool for keeping cleaning maintainance done, but spyware scanner, not so sure. I'll wait till someone with more knowledge on this subject can comment before passing judgement.
--
The only thing necessary for the triumph of evil is for good men to do nothing - Edmund Burke |
|
dadkins
Can you do Blu?
Premium,MVM
join:2003-09-26
Hercules, CA
 ·Comcast
2 edits | reply to altermatt
X-Cleaner?
Get the free version and run it from on your machine:
»www.techspot.com/downloads/318-x···ree.html
BTW, the X-Cleaner scan that you linked to at SpywareInfo... it found Proven Tactics(Comcast Toolbar) - nothing else.
I'm ok with that.
The freeware X-Cleaner has been in my toolbox for years. 
--
Think outside the Fox... Opera |
|
altermatt
Premium
join:2004-01-22
White Plains, NY
·Verizon Online DSL
| said by dadkins  :X-Cleaner? Get the free version and run it from on your machine: Well, the site says this tool is exactly the same as the free version of x-cleaner, so my concerns and original question still stands: since every other security app finds nothing, nada, on any of the three machines (all very securely run) tested, and this tool finds lots of very strange and scary stuff (including HotBar in a shortcut, which as far as I know is impossible), is this really a reliable tool? And if so, why isn't this making headline news that all the well-known apps are missing so many things? I'm used to different apps sometimes picking up one or two things another app doesn't, but this was really over-the-top.
So open to assessments of how likely it is that what they found is really malware especially considering the anomalies I mention in the first post. Thanks.
--
The truth of a thing is the feel of it, not the think of it. -- Stanley Kubrick |
|
dadkins
Can you do Blu?
Premium,MVM
join:2003-09-26
Hercules, CA
·Comcast
2 edits |  | 
Proven Tactics - Comcast Toolbar |
Nothing else is found.
I can't call it on the other apps, but I have used X-Cleaner for years. Since X-Cleaner gives you the path, look for them manually and see if they are there.
»www.spywareguide.com/product_sho···6&from=4
--
Think outside the Fox... Opera |
|
Name Game
Premium
join:2002-07-07
North Myrtle Beach, SC | reply to altermatt
I ran it for you in the active X..found nothing on my winxp Sp2 laptop. |
|
dadkins
Can you do Blu?
Premium,MVM
join:2003-09-26
Hercules, CA
·Comcast
| said by Name Game :I ran it for you in the active X..found nothing on my winxp Sp2 laptop. Yep! 
--
Think outside the Fox... Opera |
|
norwegian
Premium
join:2005-02-15
Outback
·WestNet Broadband
| reply to dadkins
said by dadkins :Since X-Cleaner gives you the path, look for them manually and see if they are there. This has to be a bonus. Something I like too.
--
The only thing necessary for the triumph of evil is for good men to do nothing - Edmund Burke |
|
Name Game
Premium
join:2002-07-07
North Myrtle Beach, SC | reply to altermatt
RIP
»www.vernalex.com/tools/services/···Listener |
|
Name Game
Premium
join:2002-07-07
North Myrtle Beach, SC
| reply to altermatt
Hotbar has lots of desktop stuff BTW
»www.google.com/search?hl=en&q=ho···e+Search
--
Gladiator Security Forum »www.gladiator-antivirus.com/ Missing Kids »www.missingkids.com/ |
|
bettywont
Premium
join:2004-09-11
Montreal, QC
| reply to altermatt
I find it odd MS is not recommending their own ''WINDOWS DEFENDER''I personally have a list of trusted Spyware detection programs and have tested many that gave false positives.The one that had the most F/P'S in my testing, is SPYWARE DOCTOR,it would be interesting to see what they detected for analogy;Please post the comparisons if you wish to. |
|
dadkins
Can you do Blu?
Premium,MVM
join:2003-09-26
Hercules, CA
·Comcast
3 edits | reply to Name Game
Also, I think Oberon Media (free games) are owned/partnered with HotBar...\
»www.hotbargames.com/privacy.htm?···cy&lc=en
Play freebie games?
Get them at MSN? Pogo? Verizon?
»corp.oberon-media.com/gc_5.asp
That would be your HotBar. 
--
Think outside the Fox... Opera |
|
Elite
join:2002-10-03
Orange, CT
·Optimum Online
1 edit | reply to altermatt
This program is crap. I've never seen something produce so many FPs before. On my very secure setup, with an install of Windows from under a month ago, it supposedly thought I had BonzaiBuddy installed according to a CSLID it found. Scans with Both Ad-aware and Super Antispyware bring back 0 results. Googling of the CLSID it detected shows it to be a former FP with a few products, including Ad-Aware. |
|
dadkins
Can you do Blu?
Premium,MVM
join:2003-09-26
Hercules, CA | Odd, didn't find that here...
3 month old computer here with ALL updates.
Do you have the entire path to this supposed nasty?
--
Think outside the Fox... Opera |
|
Elite
join:2002-10-03
Orange, CT
·Optimum Online
2 edits | reply to altermatt
There was no path. Just a few reg keys. Checked out the reg keys, they don't point anywhere.
For anyone interested:
Detected BonziBuddy:
CLSIDs (1) :
{decc98e1-ec4e-11d2-93e5-00104b9e078a}
Registry Keys (2) :
HKEY_CLASSES_ROOT\interface\{decc98e1-ec4e-11d2-93e5-00104b9e078a}
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{decc98e1-ec4e-11d2-93e5-00104b9e078a}
Both these CSLIDs have 1 key called "ISSImage", then there are a few subkeys under the CSLIDs with just as little data. No paths or files at all. |
|
dadkins
Can you do Blu?
Premium,MVM
join:2003-09-26
Hercules, CA
·Comcast
| Don't know what to tell you friend... X-Cleaner finds nothing out of the ordinary here except the Comcast Toolbar... that's here on purpose.
Those keys don't exist here. On any of my machines.
--
Think outside the Fox... Opera |
|
altermatt
Premium
join:2004-01-22
White Plains, NY
·Verizon Online DSL
| Thanks to all for the varying responses. Apparently, some are finding a lot of false positives, others have no problem whatsoever. I got curious when he reported a bunch of stuff found on his machine when I know he's pretty careful, so thought I'd use it on mine, figuring NOTHING would come up, and was distressed to see a LOT of strange stuff (well, I consider 5 a lot!). And when one was to a SHORTCUT (not to the game itself, which I could understand, but to the shortcut to the folder in which the game LINK is (didn't peep on the folder that the game actually is in, just the one with the shortcut to the folder with the shortcut!), I got suspeicious.
I don't have IPRIP running, either, though I know it can be both a legit service and a nasty---it just isn't listed in my Services.
And the rest were CLSIDs that were indicating VERY bad (and well-known) trojans and backdoors that I would have expected one of the security apps here to have picked u long before this. I'm really hesitant to trust these, since they look like FPs, yet it bothers me to think I've got anything nasty here when I'm so careful!
Hence, still open to hearing more, and will run the tool again from an admin account instead of a power user in case the FPs were due to not being able to access everything in the reg. (doubtful, but worth a try).
Thanks!!
--
The truth of a thing is the feel of it, not the think of it. -- Stanley Kubrick |
|
altermatt
Premium
join:2004-01-22
White Plains, NY
·Verizon Online DSL
| reply to altermatt
LATE UPDATE: Despite finding reports elsewhere of FPs with this tool (I always check here first ), the assurances of some here made me decide to try running the scan agai, from my admin account, and letting it fix everything. Of course, I did a True Image first , as well as letting it make a Restore Point.
Each time it found a CLSID with a supposed nasty in there, I let it "Remove", carefully copying the info to a notepad file just in case. The only thing I wouldn't let it do is the "IPRIP" service---I do have RIP Listener (a standard MS service) listed in services, but it is disabled and not running, and there is no "IPRIP" listed as such. And I just didn't trust it to remove an entire service, especially one that doesn't exist. But when it said it found When UU control and CoolWebSearch in CLSIDs (again, common yet never found here by any other tool), I let it go ahead and remove; same with the supposed HotBar it found in the LINK to the games folder on my desktop (not in the games folder itself, which contains mainly boring common games).
To its credit, so far nothing seems broken. The only negative is that it said it had to reboot and did so before I could save my notepad file, so my "failsafe" listing of all changes was gone. I redid the scan and all it found was the SweetBar in IPRIP thing, which I left alone until I can do some more research on why this should show up.
Thanks all for your help. Any further comments, pro or con, greatly appreciated. I still think this gives a lot of FPs, and am leery of recommending it to rookies who might not be comfortable researching each thing and being careful to do this with belt and suspenders.
--
The truth of a thing is the feel of it, not the think of it. -- Stanley Kubrick |
|
Just Bob
Premium
join:2000-08-13
Spring Hill, FL
| You may want to look this over and see if you have any of the files or registry entries. If you do, I'd recommend taking your problem to the cleanup forum.
»www.sarc.com/avcenter/venc/data/···gof.html |
|
superspy2000
@keymachine.de
 from:
Name Game
| reply to dadkins
Hey Dadkins isn't that download of X-cleaner free a bit old now? Here: »www.techspot.com/downloads/318-x···ree.html
I think the latest so-called free versions are 30 day trial though, so maybe that's why your recommending an older free version? |
|
