Here's a new one to me, RemoveIT Pro 2.1 SE

. . .
{QUOTE-> Welcome to InCode Solutions official web site, The company who develops antivirus systems for Windows Platform.

Our team was formed in the year 1999. in Rijeka, Croatia.

RemoveIT Pro XT - SE in only simple antivirus protection that only scans for viruses from database.

- For full and powerfull protection check out our RemoveIT Pro XT Enterprise.
- RemoveIT Pro XT has High level protection technology (HLP) and virus removal filters which filts all new executable files.

RemoveIT Pro XT - SE (Free for non commercial use) <-QUOTE}
http://www.incodesolutions.com/index2.html


StevieO

Only $15 or the free version. :o
It's also pretty new on the market, because the forum has no posts, no members at present. ::)

{QUOTE-> no members at present. ::) <-QUOTE}
the only registered members are from bots that registered for making publicity to their sites (casinos, ad spaceholders, etc.) :/ could be avoided a bit by applying more strict rules for registration to the forum

Sure, all have to try it - it deletes valid SYSTEM FILES!

I pressed stop after the first false postive - there are a lot of more system files detected.

By the way this is a valid Microsoft XML Parser DLL. The guy who develops this bullshit application (It's nothing else) does not even know what is malware and what not and all people are happy that such "new antivirus" finding things which other AV's are missing. Go, make a donation for screwing up your system ::)

RemoveIT Pro could be classified as Trojan Horse.

That's not but we would need another Class like "Idiotware"

I really cannot understand that people start using software which they don't know just because of the sake for having a "security software" name.

I said it already MANY TIMES in this forum - With unknown and untrustworthy Security Applications you can do more harm to your machine than having no programs at all installed! And this has nothing to do with "bashing products" or "not giving the author any chance" - it's insane to develop such applications without any expertise. You can really badly screwup a machine with this.

I for sure am not going to try this one out. :thumbd:
Best stick to the trusted ones.
Thanks for the warning and the test Happy Bytes. :)

Oh great i never liked that Microsoft XML Parser anyway. Maybe it could eliminate XP activation as well, along with a few other things hey !

Nice looking GUI though, worth getting just for that.

I suppose it might be better to choose an AV that misses things, rather than one that produces FP's !


StevieO

I disassembled it to bring some light into the dark. It's indeed "dangerous".
It scans for fixed filenames! That means if there is a malware which uses for example 123.dll in the systemfolder it will detect and delete ANY FILE - regardingless what it is - with the name 123.dll.

I just tryed it as follows: i renamed the own install log ( a normal text file ) of this pumpkin-application into "msxml3a.dll" and copied it into system32.

Voila: Detected! It detects it's own files if it has the matching name to the malware! That's also the reason why there is no proper virus name. The author only collects files where he ASSUMES that they are malicious. then he adds this filename in a database (simple encrypted) and scans for this filenames.

I cannot believe what crap people developing - thats really the worst i saw so far and just believe me i saw a lot of weird things

{QUOTE-> I really cannot understand that people start using software which they don't know just because of the sake for having a "security software" name. <-QUOTE}
I agree, some people will try anything. Doesn't seem to mater if it screws-up the computer.

Happy bytes you do know it's Very naughty to disassemble or reverse engineer software ?

I've heard of self repairing Apps, but self destructing ! Maybe they could turn it into a nice little shredder App instead.


StevieO

{QUOTE-> Happy bytes you do know it's Very naughty to disassemble or reverse engineer software ?
<-QUOTE}

That's my daily work. ;D

an analysts needs to disassemble malware, good thing he did :).
btw, nice trojan definition which could apply can be found on http://www.research.ibm.com/antivirus/SciPapers/Whalley/inwVB99.html

{QUOTE->
# What is a Trojan horse?

A Trojan horse is a program which performs (or claims to perform) something useful, while in the same time intentionally performs, unknowingly to the user, some kind of destructive function. This destructive function is usually called a payload.

A Trojan horse is a program which performs functions other than those stated in its specifications. These functions can be (and often are) malicious.

A Trojan horse is, as the name suggests, a program which is allowed onto the user’s PC under false pretences, whereupon it has undesirable side effects.

Trojan horse: A computer program with an apparently or actually useful function that contains additional (hidden) functions that surreptitiously exploit the legitimate authorizations of the invoking process to the detriment of security.

A program which someone tells you is legitimate software, but which actually does something other than what the person claims it will do.

A program which the user thinks or believes will do one thing, and which does that thing, but which also does something additional which the user would not approve of.

A program which the user thinks or believes will do one thing (the ‘perceived purpose’), and which may or may not do that thing, but which also does something else which is not necessary to accomplish the perceived purpose, and of which the user would not approve (the ‘payload’). <-QUOTE}

etc.

:P

Well it is NOT a trojan. The author does not even know that he's that bad. So basically it becomes a dangerous application based on unexpirience from the author, but not on purpose. A trojan always has a purpose to disguest something. Here we have a new kind of malware - i would name it "Idiotware" but unfortunately there isn't such a category now ;D Or "PDA" Potentially dangerous Application :wacko:

{QUOTE-> Sure, all have to try it - it deletes valid SYSTEM FILES! <-QUOTE}
Glad to know that! My PCs always run faster with FEWER system files! I really need to give this AV a test drive!

Dave

{QUOTE-> Glad to know that! My PCs always run faster with FEWER system files! I really need to give this AV a test drive!

Dave <-QUOTE}

If you donate 5 bucks to me i can send you a copy of DEL-Command ;D

Gotta love Happy Bytes and his 'bullshit walks' attitude! :D :D :D

{QUOTE-> Gotta love Happy Bytes and his 'bullshit walks' attitude! :D :D :D <-QUOTE}

I don't know you, but i love you too ;D

Now whom is realy in the know?

Interesting young thread.

http://www.dslreports.com/forum/remark,15734965

SOunds pretty nasty to me.

Happy B, when you dissembled this did you find a rootkit?

The worm has nothing to do with this app.

Ok sorry this must be a different version.

"There is virus Win32.Alcra.F that has name RemoveIT Pro 2.4 SE.zip and it spreads it self via sharing networks. So please beware if you downloading this zip file or some other zip file via sharing network and keep your antivirus up to date." ( »www.incodesolutions.com/index2.html )"

con

What is so difficult to understand? The worm has nothing to do with this version what you can download on their website.

Was just wondering why this post over on Dslreports mentioned this and the link to ( »www.incodesolutions.com/index2.html )" is all.

{QUOTE-> If you donate 5 bucks to me i can send you a copy of DEL-Command ;D <-QUOTE}
Happy, you're a great guy! Just put a check in the mail for $15 to cover a license for 3 PCs! Promise you, my check won't bounce!

Dave

Yes it should be the DELTREE/c: *.* command on floppy
Of course this has to be a system loaded floppy
ahahhahahahhahah

{QUOTE-> Yes it should be the DELTREE/c: *.* command on floppy
Of course this has to be a system loaded floppy
ahahhahahahhahah <-QUOTE}
Thanks for the info! I just stopped payment on the check to Happy!

Dave

Controler, i hate you now >:(

Dang I was just going to say I do not want to be on HappyB's spanking list because his evil apple icon scares me LOL

I don't want that little bugger bitting my bunns..

If it removes valid files, maybe Symantec could add it to their own norton removal tools.lol!.Sorry guys, couldn't resist that one.

Well it might have found a FP on Happy bytes PC, but it found something very nasty on mine. I think it was one of those rutkite type Kernel things we've all been hearing about.

177942

Anyway i clicked on fix, and i have to say my PC seems to run a lot lighter than before, much less overhead, and is using far fewer system resources than it ever did.

Lucky i found it just in time hey, before any serious damage was done !


StevieO

Oh one last thing, i've just noticed someth.....:/+]\^ @echo off $sys$

Good one!lol!

Wow I can't stop laughing at this shoddy antivirus and the people in this thread. ;D :shifty:

And the sad part is, there's enough uninformed users out there that will by this thing.

Wasn't this already discussed some time ago? Funny detection names btw...

Don't know.But things have been alittle slow around here the past few days so we all needed a good laugh i think.Brought back memories of those norton threads.

{QUOTE-> 9:58:27 PM: Scanning, please wait...
9:58:27 PM: Infected directory C:\Program Files\Viewpoint
9:58:36 PM: Infected file (Win32.Adware.Viewpoint) C:\Program Files\Viewpoint\Viewpoint Media Player\AxMetaStream.dll
9:58:36 PM: Infected file (Win32.Adware.Viewpoint) C:\Program Files\Viewpoint\Viewpoint Media Player\ClassIDs.ini
9:58:36 PM: Infected file (Win32.Adware.Viewpoint) C:\Program Files\Viewpoint\Viewpoint Media Player\ComponentMgr_03000F11.dll
9:58:36 PM: Infected file (Win32.Adware.Viewpoint) C:\Program Files\Viewpoint\Viewpoint Media Player\Components\AOLUserShell.dll
9:58:36 PM: Infected file (Win32.Adware.Viewpoint) C:\Program Files\Viewpoint\Viewpoint Media Player\Components\Mts3Reader.dll
9:58:36 PM: Infected file (Win32.Adware.Viewpoint) C:\Program Files\Viewpoint\Viewpoint Media Player\Components\SceneComponent.dll
9:58:36 PM: Infected file (Win32.Adware.Viewpoint) C:\Program Files\Viewpoint\Viewpoint Media Player\Components\SreeDMMX.dll
9:58:36 PM: Infected file (Win32.Adware.Viewpoint) C:\Program Files\Viewpoint\Viewpoint Media Player\MetaStreamConfig.ini
9:58:36 PM: Infected file (Win32.Adware.Viewpoint) C:\Program Files\Viewpoint\Viewpoint Media Player\MtsAxInstaller.exe <-QUOTE}


:lurking:

I found this on their page...

{QUOTE-> 27-Feb-2006 08:27:05 PM
Reviewer: praveen360

Pros: Scan & Removal is fast.

It had reported a virus "Sys32.st5unst" which other popular program 'Avast Antivirus' failed to identify.

Seems to be an useful application. Can be Recommended.

Cons: Probably, the cons in previous versions were fixed.....It had an Uninstaller. <-QUOTE}

Roflmao? No kidding, classifying uninstaller as malware is really something that others should do lol

{QUOTE-> 17-Mar-2006 02:59:19 AM
Reviewer: downloadADICK

Pros: This thing really works!

Its fast and easy to use

It detects 10 virus in my system that avast! missed.

I highly recomend this product

It is worth a download

Cons: no cons ;) <-QUOTE}

Another lol one :lol:

I am author of this software, you have no right to post messages like this,
RemoveIT Pro is not dangerous software, it cannot ruin your computer and it does not delete any vital windows file.
Some dangerous file can change only 1 byte on itself and signature will bi different, and it will not be detected by standard av programs, because of this RemoveIT Pro is designed and it detect by filename. None good and professional program will call it self ex suhoy.exe and put it self in system32 folder.
By this example you alreday know that similar kind of files like suhoy.exe are dangerous and this detection by filename sometimes is the best.
Ex.
When you locate internat.exe in WinDir you can be shoure that it is worm, you dont need none signature to prove this, if you are not shoure you can always copy it into quarantine.
I have lot of emails which prove that RemoveIT Pro helped many people and i dont have any information about some ruined system made by my program, RemoveIT Pro does not have that kind of behavior and it cannot ruin your computer , it can only help.

Many of you here does not have any clue how hard is to work in av industry and how hard is fight against virus writers.

Here is some post by Durad which said that
C:\Program Files\Viewpoint is not addware, you can believe it or not but Viewpoint can ruin you computer and its addware.

Kind of peoples who write bad posts about RemoveIT Pro, moust of them can potential be virus writes and crack coders which ruins this industry and cause millions of dollar damage, against them we need do fight, we dont need to ruin av industry and dissasemble it like one guy in this posts, did you know that dissasembling is against the law and i can sue you for it whenever i want so be carefull what you post.

I hope that we in av industry will stop our enemys and clean all computers against dangerous garbage in them.

Best regards!
Damjan Irgolic,
InCode Solutions TM.

Damjan

Stick to what you know and that is not writing AV-software.There are lots of other ways to make a decent living in this world.
When i want to remove windows from my computer i will use your software, it seems very effective at that.

greetings
Abe

To all,

Let's keep this thread based on factual content and informed opinion and not have it devolve into a shouting match or a thread in which facts get randomly mixed with non-factual content. Thanks.

Blue

No personal offence, but we don't need another ViruScape regardless of good intentions you have. Antiviruses are domain of experts dedicated especially for this area (since it's not just about creating patterns anymore).
Just a thought...

Which country do you have InCode Solutions TM registered? Definitely not in the US, USPTO says nothing...

_me, what 'proof' do you have that ViewPoint is malicious? You have many false positives even on the default installation of Windows. Can you explain this? Previous posts also say that it detected KERNEL32.dll. Did you do any testing of your software? Do the computers you did your testing on still boot up?

And, how does a filename make a program malicious? I could rename Explorer.exe "I_am_a_virus.txt.scr.exe.mpeg.jpg.exe.haha.exe" but that wouldn't make it malicious. You are thinking about detection incorrectly.

This is there website: http://www.incodesolutions.com/
Also, in a screenshot you have of running processes, you have AVG installed. Do you not trust your own software?

In your product, you have MANY spelling mistakes.

You are leading people into a false sense of security. And with 20k+ downloads from CNet, you should really have ironed out more bugs. :(

I see you have something in your product which "removes all new files to the Windows directory" What if someone actually decides to install a program, or *GASP* update Windows and it adds core files there?

RejZor -- what is that about? ViruScape works perfectly fine. Did you actually try it? The information spread around was false. I do not appreciate this type of slander.

Oh boy. Nevermind...

Really. There are core differences between this product and ViruScape. We have officially released ViruScape, so, I recommend that you try it again and see if all of the 'problems' are there. Just because some people think one person in this company did something wrong doesnt mean that the product is wrong. I wonder how many people at other companies have done something wrong before.

@_me:

If you think you know more about malware than i do please try to enlighten me. I have a first (serious) question for you:

How comes if you rename a innocent textfile (just a "Hello World" Textfile) into a fixed stored virusname with .dll extension from your database that it's detected as "Sys32"? A renamed text file isn't a System32 Executable File!
Did you hear about MZ Sign, PE Sign, Fileheaders and Sections? I assume not!

Now comes the next question: There are several worms which actually REPLACING (overwriting) the original Notepad.exe How the heck will you detect such worms just by checking filenames? Deleting it always just to be sure it isn't the worm?! :o

Yes, i have avg installed just for test and perfomance.

Let me have this straight.
AVG takes much resource and did not detect many dangerous files which my program did including win32ssr.exe and it is not fast like my prog, avg takes 20mins for one scan process that is to long, in that time virus can delete all files in your comp which avg would not even notice it.
I am not here to write against my friends in av industry i am here to resolve problems with RemoveIT Pro.

Virus named Win32.Alcra.F spreads itself also like RemoveIT Pro 2.4 SE.zip via networks, you are free to test it with bearshare or some other ptp program.
Write down removeit pro and you shell se many results of viruses size of 200kb and more, some of them are Win32.Alcra.F

None normal user wont rename some legal program like explorer.exe to virus name win32ssr.exe just for test and said that Removeit Pro is garbage.
RemoveIT Pro is here to protect users against viruses and it is not dangerous in any kind, it cannot ruin your computer, only thing that can ruin your computer is you if you dont know how to protect your self against viruses.

I respect every opinion but please do no post about something that you dont understand.

Viruses which replaces legal programs like notepad.exe it detect by memory hash check.

The next bullshit what you wrote: It's there to protect users from viruses.

HOW SHOULD IT PROTECT USERS FROM PARASITIC VIRUSES? By checking FileNames? Don't make laugh

{QUOTE-> I respect every opinion but please do no post about something that you dont understand. <-QUOTE}

So you're going to say that i do not know what i say here? Do you know who i'm?

:gack: :gack: :wacko: :blink:

With AVG, they have an on-access guard so a virus COULDN'T go thru and infect all of the files.

A user is not constantly clicking Scan in your program, and I don't see how scanning speed could protect you any better....

Your 'scanning' is also just like running dir C:\windows\ /a /b /s>C:\listoffiles.txt
and using grep to find the 'malicious' lines

There, should I sell that for $15 now?

"Viruses which replaces legal programs like notepad.exe it detect by memory hash check."

I have a question about this. Isn't this exactly what you said you DIDN'T want to do? And, in memory, what if the program opens up a file (i.e. - notepad opening a file) Would that change your hash?

Hashing memory is not going to work...

Interesting (funny too!) Thread!

Indeed, this has been a very enjoyable thread, unfortunately, I don't know enough about this stuff to know if these guys are serious, or just having fun! :blink:

Acadia

{QUOTE->
I am not here to write against my friends in av industry i am here to resolve problems with RemoveIT Pro. <-QUOTE}

hm, which friends?

{QUOTE->
I respect every opinion but please do no post about something that you dont understand. <-QUOTE}

HB understands it perfectly and what he writes is true. He has much more experience in writing AV programs and analyzing malware than probably most other well-known AV peoples, so it is a bit funny that YOU write him that he does not understand your "program".

Just for curiosity and nothing more, how old are you?

Oh they are serious BELIEVE ME!! Right HB?? ;)

Interesting is that most every malware and dangerous file can be found by filename so i dont understand why you guys have so much against filename check.
It is obvious that some of you develop malicious programs and filename check is like cancer for you.

The personal attacks need to stop or this thread will be closed

bigc

{QUOTE-> Interesting is that most every malware and dangerous file can be found by filename so i dont understand why you guys have so much against filename check.
It is obvious that some of you develop malicious programs and filename check is like cancer for you. <-QUOTE}

Now I ask: why this sentence? Now you've well-explained your skill level ;)

So that means even i can build my own AV!! Filename check is not that big a deal! Would you buy my AV? And what if i rename a virus as explorer.exe??

Normal user will not rename any malicous file to legitimate process, if you wanna ruin your computer be my guest.

Build av program is not so easy as you think, RemoveIT Pro has more than 50.000 virusus in his database with daily update.
Every day atleast 200 new viruses comes so it is not so simple.

Yes, normal user wont do that! But im a virus writer, and what if i release my virus as explorer.exe??

If you release your virus with legitimate name, it will be located by signature.
Hash is good for checking viruses which replaces legitimate processes.
Moust of viruses up to 95% can be located with filename check.

{QUOTE->
Moust of viruses up to 95% can be located with filename check. <-QUOTE}

rofl :P

No comments! ::) :-X :P

{QUOTE-> Moust of viruses up to 95% can be located with filename check. <-QUOTE}

Oh the great one speaks ;D There are A LOT of trojans which are using randomly generated names. And please explain to me how you would detect for instance this virus with your Filename Check:

http://www.eset.com/msgs/tengaa.htm

Or the ItW Listed Parite.B ? That is completely impossible to detect parasitic viruses with a filename check due to the fact that parasitic viruses ATTACHING itself to existing valid files!

RemoveIT Pro does not have only filename check it has also signature check for randomly generated viruses.
RemoveIT Pro XT Enterprise has filter which prevents writing on processes.
This technology is similar like firewall which block ports.
Process will normally work but it cannot be patched.
There are many people who thanks me that only my program helps them so my work has meaning and i only do this to help people.

Oh is it? ;D I'm very sad to tell you that parasitic viruses also attaching to files which are currently NOT RUNNING. And now? :o

Wait i just get it... You don't even know what a parasitic virus is - isn't it? :o
Why you don't let this business to people which actually knowing what they are doing? I Tell you what - this program should be added to the Rouge-List:
http://www.spywarewarrior.com/rogue_anti-spyware.htm

Can someone take care of this?

This fellow is wondering why his laptop suddenly will not boot. He is looking for a good time to schedule repairs...:ouch:

I really dont think thats a laptop, but oh well! :D

This thread has degraded to the point that the posts are now just personal in nature and not actually related to the original meaning of the thread. So it will now be closed.

bigc