dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
7572

CajunTek
Insane Cajun
Premium Member
join:2003-08-08
Arlington, TX

CajunTek

Premium Member

Xoftspy.. Is it more rogue antispyware

I've noted in reviewing several hijackthis logs posted here and in other forums that the program xoftspy was in the logs..
I did a search in several forums and found no information about it (just more hijackthis logs with the program in the listing) Only One forum (spywareinfo) suggested it may be a rogue program.. Any information would be appreciated.. I maintain a list of rogue antispy programs in the comcast.net forums..
The link to the site is a suspicious rip of of spybot
»spybot-spyware.com/

keith2468
Premium Member
join:2001-02-03
Winnipeg, MB

keith2468

Premium Member

You can *download* it free from here:
»www.no-spybot.com/

I wouldn't list a program as spyware unless there was an admission that that is what it is, or if there was actual evidence that either I'd seen first hand or had gotten from people I trusted.

Too many people assume that somehow all programs with a given name are from the same company. And of course you can pretty much give a file any name you want, even a name another company is using.

So even if someone had a xoftspy that did seem to be "spying" or tracking, I'd want to know that it was xoftspy from this vendor, and not xoftspy from some hacker.
eburger68
Premium Member
join:2001-04-28

eburger68 to CajunTek

Premium Member

to CajunTek
MerlynTech:

I take it that you've already seen my post over at SpywareInfo ( »www.spywareinfo.com/foru ··· ic=37543 ). I don't have much else to say about that application; it sure has plenty to cast doubt on it.

I've been collecting "rogue spyware" applications, including suspicious ones such as this one. I'd love to see your list and compare it with the one I've been keeping for my own personal reference. Do you have a link to your list? IM me if you'd like to have a gander at mine.

Best,

Eric L. Howes
B04
Premium Member
join:2000-10-28

1 edit

B04

Premium Member

It looks as if the actual product home page is at

»www.paretologic.com/

Their "affiliate program" (»www.paretologic.com/affi ··· ates.asp) is prominently featured, which apparently has led to the rampant "Spybot" named rip-off sites (such as those mentioned above), leeching off Kolla's hard work but selling Xoftspy.

-- B

keith2468
Premium Member
join:2001-02-03
Winnipeg, MB

1 edit

keith2468 to CajunTek

Premium Member

to CajunTek

innuendo

Being listed on for download on the same sites as spyware.
Since when is that the definition of spyware?

That would make everything available on cNet for download spyware because somethings on there contain spyware.

»download.com.com/3000-80 ··· 379.html

»download.com.com/3000-21 ··· 974.html

»download.com.com/3000-80 ··· =lst-0-2

Few companies that make small and mid-ticket items check out their retailers beyond running a simple credit check.

So without actual evidence of spying or tracking, I'd say it would be unethical to label something as spyware.

It is not like the evidence would be hard to get if it existed. One way would be a little packet analysis:
»www.mynetwatchman.com/pckidiot/
The other would be a text editor and Windows Explorer.

Some people are trying to earn some money to pay for the computer courses they took. We don't all have wealthy parents or day-time jobs in other fields. I see nothing wrong in asking for money for a product that works (but I don't object to free offers either).

B04
Premium Member
join:2000-10-28

1 edit

B04

Premium Member

said by keith2468:
Being listed on for download on the same sites as spyware.
Since when is that the definition of spyware?

That would make everything available on cNet for download spyware because somethings on there contain spyware.

»download.com.com/3000-80 ··· 379.html

»download.com.com/3000-21 ··· 974.html

»download.com.com/3000-80 ··· =lst-0-2

Few companies that make small and mid-ticket items check out their retailers beyond running a simple credit check.


Huh? Who called it spyware?

I'm not sure who you were actually addressing just now, but if it was Eric's post at SpywareInfo, all he said was "I would advise staying away from this one. The download pages that I did take a look at are suspicious as well -- very little information. In short, it's an application that popped up out of nowhere and is already associated with questionable domains."

?

-- B

John2g
Qui Tacet Consentit
Premium Member
join:2001-08-10
England

John2g to CajunTek

Premium Member

to CajunTek

Re: Xoftspy.. Is it more rogue antispyware

Obviously, must have software. Not!

CajunTek
Insane Cajun
Premium Member
join:2003-08-08
Arlington, TX

CajunTek to keith2468

Premium Member

to keith2468
Keith, You misunderstood.. I just noticed the name and had not heard of the program. In doing research on the program I find it a antispyware program..I then find information at spywareinfo (see eburger68's post) that the program is rogue (not that it is spyware).. I am just looking for more information on the viability of this program as an antispy program.. i.e. does it work, does it use suspicious marketing tactics (for one the Spybot site name is suspicious to me.

Bubba
GIT-R-DONE
MVM
join:2002-08-19
St. Andrews

Bubba to CajunTek

MVM

to CajunTek
Perhaps more info about the parent company would be advisable before passing judgement ? Where it is available for download should not be the only criteria for questioning whether or not the program is "rogue antispyware" ?

XoftSpy v3.1 by ParetoLogic Inc.

CajunTek
Insane Cajun
Premium Member
join:2003-08-08
Arlington, TX

1 edit

CajunTek

Premium Member

Bubba.. I have not passed judgement, merely stated that I am suspicious.. In fact that's why I am here.. to either reinforce or remove any suspicions I may have.. In fact if I were pasing judgement the title of this post might be "Xoftspy More Rogue antiSpyware"

Bubba
GIT-R-DONE
MVM
join:2002-08-19
St. Andrews

Bubba to CajunTek

MVM

to CajunTek
CajunTek See Profile....my post was directed at no one in particular. As always....I am glad when threads such as yours are started in this Forum for the simple fact the members here will dig deep when it comes to supplying information about a new kid on the block. As far as I'm concerned....I will be concentrating on my installation of Xoftspy to determine what, if anything, I can learn from the program....good or bad. I'll also....as time permits....be seeking any info I can concerning ParetoLogic Inc and not be diverted about sites where it is available for download.

CajunTek
Insane Cajun
Premium Member
join:2003-08-08
Arlington, TX

1 edit

CajunTek

Premium Member

Here's what I know so far about XoftSpy.. It finds the cookies (known ones that I have and trust from sites such as dslreports, Elibrary (paid reference site), and Comcast)

It also states that I have the CoolwebsSearch hijacking (2 variants) Cwshredder, Spybot S&D, and Ad-Aware all disagree
It also says I have MSconnect dialer, Nothing else I have identifies this either.. I suspect they all false positives...
I also don't care about dialers (don't have a dial up modem at all and ain't no phone lines to my computer)
It will not allow you to remove anything without purchase..

It does uninstall fairly well only thing it left after an add/remove were two files in the prefetch folder..

This is just my 1st pass with the program.. From what I see so far I wouldn't buy it but I can't say yet it is rogue..
eburger68
Premium Member
join:2001-04-28

1 edit

eburger68 to CajunTek

Premium Member

to CajunTek
Click for full size
Main Window
Click for full size
Scan Results

Register Notice
Hi All:

I did a test install of XoftSpy downloaded from paretologic.com. Here's what I can tell you:

1. The interface is garbage, broken. On my box (Win2K w/SP4, IE6 w/SP1, Office 2K) the main program window and all dialog boxes were mangled, bleeding into surrounding screen elements (see "Main Window" above). Looks like a cheap "rent-a-coder" job -- not very well done.

2. The system scan flagged three items: 2 for CoolWebSearch, one for MSConnect. All were Registry keys and all were false positives. The MSConnect false positive was particularly hilarious as it flagged a Netscape Reg key for Sun Java 1.4.2_04. (See "Scan Results" above.)

3. When I attempted to remove/clean the flagged items, I got a notice box informing me that I had to register and pay (see "Register Notice" above).

I should note I performed this scan with the latest updates available (an "Update" check reported that there were no new updates available).

In short, based on my brief experience with this application, I'd give the same advice that I gave in the SpywareInfo thread: stay away, esp. given that there are excellent, free anti-spyware tools with a proven track record and a deserved reputation for doing the job right.

The performance of XoftSpy, I might add, is completely consistent with other dicey/questionable anti-spyware apps that I've tested: false positives used to goad unsuspecting users into paying for protection they don't need (at least not from said application).

Best,

Eric L. Howes
eburger68

1 edit

1 recommendation

eburger68 to CajunTek

Premium Member

to CajunTek
MerlynTech:

That you and I got substantially similar results is rather damning. (Note: XoftSpy didn't flag any cookies on my box, but then I've moved all my IE folders to custom locations on drives other than C, which was the only drive the app scanned.) It looks like this application is simply flagging the same stuff on everyone's box and then demanding payment.

That performance is exactly what I'd expect from an application that is associated with SpyHunter domains and that gives the same vague information as other dicey anti-spyware apps on its home pages.

The uninstall, as you report, was fairly clean. Ad-aware and SpyBot have not found any questionable additions or modifications to my system.

Nonetheless, users would be advised to stick to anti-spyware applications with known track records and deserved reputations (see my post in the SpywareInfo thread for a short, incomplete list of suggestions).

Best,

Eric L. Howes

CajunTek
Insane Cajun
Premium Member
join:2003-08-08
Arlington, TX

CajunTek

Premium Member

Eburger68.. I agree 100%.. I also agree with your suggestions on actually what are good antispyware programs.. I've also bookmarked your site
»www.staff.uiuc.edu/~ehow ··· n-nf.htm
and Visit often...
CajunTek

CajunTek

Premium Member

I'd like to thank Eric(Eburger68) for his work with this issue.. as well as his continuing work on all spyware related issues..

Keep up the good work Eric and please don't stop!!
ankh3
Premium Member
join:2001-09-08
Albany, CA

ankh3 to CajunTek

Premium Member

to CajunTek
... uninstall ...it left after an add/remove ... two files in the prefetch folder..

------
Bear with me here, I'm a Mac user but my dear beloved wife uses Windows, had a popup this evening warning her she was infested and to click immediately to download yadayadayadagotcha ....

She said she's safe because Norton Antivirus updates once a week. I said, puhleeeeeasseeee run AdAware, wait, let's look at the settings, let's make it really look everywhere, okay, you go to your investment club and I'll watch the PC.

168 items detected. Gator among them, also this Enigmasoftware thing that led me to this topic because of overlap in the referenced URLs.

-------> So, my only question is ------

What does "left in the prefetch" mean? Does this mean another nasty can come along and touch files that give references to URLs, and trigger Explorer to go there and re-infest itself?

Or am I just overly suspicious? I saw (at work) something like automatic re-installation happening with the x0ff.dll file (popup adware from riversoftware) -- deleting everything else associated with that still left a registry file that, when touched, immediately re-acquired and reinstalled their adgarbage.

168 items detected. Oh, my.