I'm on the second day of a free trial of CounterSpy. I did a scan and removed some spyware, and now suddenly my McAfee IS9 said I was no longer protected and to reinstall Security Suite. Which I did, though it still isn't working right, but that's beside the point here.
Is CounterSpy not compatible with McAfee?
Is there anything that is?
Do I really need anti-spyware if I'm running McAfee and try to surf safely?

cmwilson:

I have not haeard of any serious compatibility problems between CounterSpy 1.5 (the version I assume that you're trialing) and MCAfee VirusScan.

Although you say so explicitly, I assume you performed the scan and remove with CounterSpy, so why don't we take a look at teh CounterSpy scan log to see what it detected an removed. If you could, please open CounterSpy, then do the following:

1. Navigate View >> Spyware Scan >> Spyware Scan History

2. Select the scan you'd like to view

3. Hit "View Details"

4. Copy and paste the relevant portions into a response here.

Once we get a copy of your log, we can better assess just what's going on.

Best,

Eric L. Howes
Director of Malware Research
Sunbelt Software

Dump mcafees antispyware if you are using counterspy, its much better.

-{ Quote: "Dump mcafees antispyware if you are using counterspy, its much better." }-
CMwilson says he got Mcafee Internet security 9 (not antispyware).

And i would hold counterspy together with mcafee, both compliment eachother good for detection spyware.

-{ Quote: "cmwilson:
Although you say so explicitly, I assume you performed the scan and remove with CounterSpy, so why don't we take a look at teh CounterSpy scan log to see what it detected an removed.
" }-

Here's the info you asked for. I notice a mcafee dll right at the top. I saw it at the time, but I couldn't figure out how to unselect it from the list. I made the (evidently erroneous) assumption that the dll wouldn't be removed, just the spyware.

This is the result of my second scan with CounterSpy. The result of the first scan is very long, too long to post here, but it also has some McAfee components in it. That scan did not cause McAfee to fail.

Why does CounterSpy think McAfee is spyware?


Spyware Scan Details
Start Date: 9/28/2006 6:00:19 PM
End Date: 9/28/2006 6:39:57 PM
Total Time: 39 mins 38 secs

Detected spyware

YouCouldWinThis Adware (General) more information...
Details: YouCouldWinThis is a program which creates advertisement's on user's PC according to their surfing habits.
Status: Deleted

Infected files detected
c:\program files\mcafee\mps\mcpopup.dll

Infected registry entries detected
HKEY_CLASSES_ROOT\Interface\{9D573D0E-663C-435F-BF31-2C4497373C41}
HKEY_CLASSES_ROOT\Interface\{9D573D0E-663C-435F-BF31-2C4497373C41}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{9D573D0E-663C-435F-BF31-2C4497373C41}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{9D573D0E-663C-435F-BF31-2C4497373C41}\TypeLib {90A52F08-64AC-4DC6-9D7D-4516670275D3}
HKEY_CLASSES_ROOT\Interface\{9D573D0E-663C-435F-BF31-2C4497373C41}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{9D573D0E-663C-435F-BF31-2C4497373C41} IWindowEventHandler
HKEY_CLASSES_ROOT\Interface\{B1E68D42-02C4-465B-8368-5ED9B732E22D}
HKEY_CLASSES_ROOT\Interface\{B1E68D42-02C4-465B-8368-5ED9B732E22D}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{B1E68D42-02C4-465B-8368-5ED9B732E22D}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{B1E68D42-02C4-465B-8368-5ED9B732E22D}\TypeLib {90A52F08-64AC-4DC6-9D7D-4516670275D3}
HKEY_CLASSES_ROOT\Interface\{B1E68D42-02C4-465B-8368-5ED9B732E22D}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{B1E68D42-02C4-465B-8368-5ED9B732E22D} IDocEventHandler

cmwilson:

CounterSpy isn't targeting McAfee's files -- it's targeting the registry keys, which are used by a number of badware apps (Google those long numbers known as CLSIDs and take a look at the results). The CounterSpy scan engine has logic that allows it to take Reg keys and then find the associated files on the hard drive -- which is apparently what happened here.

In any case, thanks for posting that log. These false positives will be corrected in the next update to CounterSpy's definitions.

You mention having done another scan that produced a very long log. If you'd care to email me that log at ehowes(at)sunbelt-software.com, I'd be happy to take a look at it as well.

Best,

Eric L. Howes
Sunbelt Software

-{ Quote: "CounterSpy isn't targeting McAfee's files -- it's targeting the registry keys" }-Hello Eric,

Would that McAfee Popup Blocker dll reported in the scan log above be the McAfee file he's mentioning :-\

-{ Quote: "Infected files detected
c:\program files\mcafee\mps\mcpopup.dll" }-Bubba

Bubba:

Yes, that is a McAfee file. My point, though, was that our definitions don't target that file. The log file is reporting what was actually detected and removed. And the McAfee file was detected and removed not because we explicitly and knowingly targeted McAfee in our definitions, but because the scan engine tracked down the file associated with the Reg key -- a Reg key that happens to be used by a number of other apps as well.

Best,

Eric L. Howes