Some interesting results from ScanSpyware, the latest database update shows following:

Files recognized:
=================
[Rootkit.MS]

C:\WINDOWS\system32\drivers\rkhdrv40.sys
__________________________________________________

Seems they don´t like RkUnhooker 3.7.

A new fight between Rootkit finder vs Antispyware crews.


Application Information
=======================
Application Version: ScanSpyware v3.8 build 3.8.0.4
Updated Database: ssdb082407.db

Sounds like a rouge?!?

Oh boy:wacko:

Since your keen on spreading the n00s....have you actually tested ScanSpyware versus real malware rootkits to see if the software is even capable of detecting rootkit malwares :dry:

{QUOTE-> Sounds like a rouge?!? <-QUOTE}

ScanSpyware is listed as rogue at spywarewarrior.com
http://www.spywarewarrior.com/rogue_anti-spyware.htm#products

{QUOTE-> aggressive advertising; false positives work as goad to purchase [A: 6-26-04 / U: 3-24-06] <-QUOTE}

{QUOTE-> Sounds like a rouge?!? <-QUOTE}

That doesn´t matter, first time I see a antispy (no matter if white or black hat tool) that display rku as danger.

{QUOTE-> ScanSpyware is listed as rogue at spywarewarrior.com
http://www.spywarewarrior.com/rogue_anti-spyware.htm#products <-QUOTE}


Seems like they are not the only one's with this opinion of ScanSpyware.

fcukdat :
{QUOTE-> ScanSpyware is listed as rogue at spywarewarrior.com
<-QUOTE}
It did ring a bell, think its been out awhile. I see it is available in downloads at CC :)

{QUOTE-> Seems like they are not the only one's with this opinion of ScanSpyware. <-QUOTE}

Yes, they have some false positives, but sometimes they also have real hits;D ;D ;D ;D ;D ;D ;D ;D 8) I love to compare those crazy results.8)

Nevertheless they are the first antispy (no matter if rogue or not) company I´ve seen who directly attack RkU.

{QUOTE->
Files recognized:
=================
[Rootkit.MS]

C:\WINDOWS\system32\drivers\rkhdrv40.sys
<-QUOTE}

Hello,

it is false positive, probably due to rogue nature of this antispyware tool.

{QUOTE-> That doesn´t matter, first time I see a antispy (no matter if white or black hat tool) that display rku as danger. <-QUOTE}

The nature of the scanner as a rogue program renders it's findings irrelevant.

A rogue is a rogue and is not only worthless but may be dangerous as well, as some of these rogue softwares install virus or spyware themselfs.

{QUOTE-> A rogue is a rogue and is not only worthless but may be dangerous as well, as some of these rogue softwares install virus or spyware themselfs. <-QUOTE}

Do you really think this is dangerous? They are harmless..
scan spyware is really harmless..

..the paranoia in this case is really in the wrong place..

I never saw any real danger while testing your so called dangerous rogue spy.. mostly adware and funny false positives nothing else.. beside the author of scan spy. seems to have taken the threat of EP serious or my
topic because last signature update has removed the false positive.

{QUOTE-> Do you really think this is dangerous? <-QUOTE}

I believe I said "but may be dangerous as well"

{QUOTE-> They are harmless <-QUOTE}

I hardley call a rogue/fake anti spyware harmless.

{QUOTE-> I never saw any real danger while testing your so called dangerous rogue spy.. mostly adware and funny false positives nothing else <-QUOTE}

Some rogue apps do contain more then just FP's or adware others may contain malware.

{QUOTE-> spy. seems to have taken the threat of EP serious or my
topic because last signature update has removed the false positive <-QUOTE}

Ahhhh ya that must be it,they were afraid that their creditbility was at stake. ::)


There are many rogue apps being pasted off as legit programs anti spyware,anti virus,reg cleaners and so on.
If you like to test them then by all means continue.
No offence or disrespect intended, i'm just saying one must be careful with these apps cause they are not all "harmless".


Many are discussed here.
http://www.malwarebytes.org/forums/

AntiVir detects RKunhooker doesnt it? I wouldn't be surprised if several "trusted" security programs detect RKunhooker really, given the nature of the tool...

{QUOTE-> AntiVir detects RKunhooker doesnt it ? <-QUOTE}

Not on custom file scan and also nothing from the realtime guard when RKU is used:thumb:

No AntiVir does not detect RKU. It is a wonder that Dr.Web does not detect RKU, but maybe they like the spider icon too much to detect it. The spider looks similar to dr.web, maybe the same crew?..

DrWeb heuristic even detects Splashscreens and aol files as possible backdoor,looooooooool, :-)))))
I still can´t believe that they are so passive in not enhancing their poor heuristic.