Hi all

Thought I would add Spy Sweeper (free trial) to my arsenal. First scan yielded what I believe to be a false positive :

"Sdbot Trojan Horse : Risk Rating Critical"
Location: C:\Windows\adiras.ini

Scanned with Ewido, Boclean and Kav 5....nothing. Jottis' online...nothing.

Curious also that this very same problem was posted by betauser2 on January 2nd 2006...don't know if this was submitted to Webroot for analysis....but surprised that Webroot have not addressed this problem (that is assuming that this one is indeed a false positive).

Another question if I may....is it usual to restrict removal of spyware only until you actively subscribe (pay?) for trial software as seems to be the case for Spy Sweeper ? (this is also true for the scan results and quarantine functions as far as I can make out).

Not attempting for one minute to bash this product after only very limited use....but can anyone assist ???

Anyone....??? ??? ???

Or do I head down to Castle Cops :-\

I've got SpySweeper and I haven't seen that (or any other) false positive, not that that means anything as far as your computer is concerned!. I suppose you could try reporting it to Webroot via their support system, but they may not be too interested while you are using a trial version.

As for the trial version being only part functional, I believe that is quite common. The more unscrupulous software vendors are alleged to rig their software to 'find' non existent problems in order to encourage users to buy the full program, but I am not suggesting that Webroot do that.

{QUOTE-> I've got SpySweeper and I haven't seen that (or any other) false positive, not that that means anything as far as your computer is concerned!. I suppose you could try reporting it to Webroot via their support system, but they may not be too interested while you are using a trial version.

As for the trial version being only part functional, I believe that is quite common. The more unscrupulous software vendors are alleged to rig their software to 'find' non existent problems in order to encourage users to buy the full program, but I am not suggesting that Webroot do that. <-QUOTE}


Thanks Togg

I'll take your advice and report this to Webroot.

Your response poses another interesting question....is there truly a lower level of support for trial version users ?. Surely Software Vendors dont discriminate.....or do they :-\

Thanks once again :)

I have seen a few programs where it was clearly indicated that the trial was 'crippled' so that it would only demonstrate its abilities, but not do the whole job, until it was paid for. Trouble is I can't remember any of them now!

The fact that you have checked with three other programs, (all of which seem to have good reputations) and one online scanner, would suggest that this sdbot finding is more than a little suspect. Any program, however good, can make these sorts of errors and it may be that you have something demonstrating 'trojan like' behaviour.

According to the database of a program I have called, appropriately, Trojan Remover, Backdoor sdbot is a remote access trojan controlled through IRC channels. Do you have any active IRC (chat) programs or an ADSL modem like betauser2 had? Googling adiras.ini does produce some odd looking responses, many in German!

Togg

I do not currently (or ever on this PC) have an active IRC (chat). I have an ADSL Modem (installed about 3 months ago having subscribed to Tiscali Broadband)....as betauser2 alluded to, this could be the connection. Also, a search for Adiras.exe on my system yielded nothing. Do I conclude that an .ini file. without the .exe it is associated with, is harmless ? (irrespective wether a false positive or not ?).
Still intend to post at Castle Cops and contact Webroot direct.

Many thanks for your responses and all your help.:)

Spysweeper have 2 forms of free trial

a free scan only with no fix capabilities and a free full version that scans & fixes

Many of the larger download sites have the free scan only version as do webroot themselves ( the full version is somewhat buried on their site)

The reason for this seems to be that many affiliates complained that too many people were trialling SS & fixing problems & never buying it so they were losing income

A lot of affiliates and I am one do not subscribe to this view and I will only have links to the full trial version that fixes as in my view you can only find out how effective an antispyware is by fixing things. Pure detections are nothing and anybody can build a scanner that finds everything but fixes nothing

The adiras.ini might be a fp or might be genuine the file is normally part of a modem installation but is also used by malware with that name

.ini files generally are text files that tell an exe file what to do so if you open it in notepad and paste the contents back here we should be able to tell whether it is a FP or not

Most av's will NOT detect any .ini files regardless of whether used by genuine or malware as on their own they are harmless

Hi dvk01, the information about spysweeper,s two trial versions is new to me. Can u please give a link to full trial version. Thanks

in my signature

lots of links

I wouldn't post a direct link here as I am an affiliate & I don't think it's fair to use this forum to gain possible sales

{QUOTE-> Spysweeper have 2 forms of free trial

a free scan only with no fix capabilities and a free full version that scans & fixes

Many of the larger download sites have the free scan only version as do webroot themselves ( the full version is somewhat buried on their site)

The reason for this seems to be that many affiliates complained that too many people were trialling SS & fixing problems & never buying it so they were losing income

A lot of affiliates and I am one do not subscribe to this view and I will only have links to the full trial version that fixes as in my view you can only find out how effective an antispyware is by fixing things. Pure detections are nothing and anybody can build a scanner that finds everything but fixes nothing

The adiras.ini might be a fp or might be genuine the file is normally part of a modem installation but is also used by malware with that name

.ini files generally are text files that tell an exe file what to do so if you open it in notepad and paste the contents back here we should be able to tell whether it is a FP or not

Most av's will NOT detect any .ini files regardless of whether used by genuine or malware as on their own they are harmless <-QUOTE}

Thanks dvk01

Adiras.ini file opened in notepad...contents :

[RASSettingNT]
Device="USB ADSL WAN Adapter"
DeviceType=ISDN
PhoneNumber=adsl
ConnectionName=Internet ADSL
ShortcutName=Internet ADSL
[RASSetting9X]
Device="USBADSL-LINE0"
DeviceType=ISDN
PhoneNumber=adsl
ConnectionName=Internet ADSL
ShortcutName=Internet ADSL
[Connection]
ShortcutName=Connection
FolderName=
IconConnection=

The .ini file has a creation date of 17/2/03....my PC was purchased in Oct 05with ADSL Internet Broadband connection 2-3 months later.

Thanks once again for your trouble and advice.:)

That is definitely a FP as that is the ini file for the adsl modem without a doubt

It looks like SS has found that one on name alone so it should be reported to them

Thanks again dvk01....will report this to SS.

Terry

{QUOTE-> in my signature

lots of links

I wouldn't post a direct link here as I am an affiliate & I don't think it's fair to use this forum to gain possible sales <-QUOTE}
Really nice thinking. Thanks