PDA

View Full Version : PestPatrol false alarm CWS.GoogleMS.3 xxxtoolbar.com

FanJ
February 15th, 2004, 12:15 AM
PestPatrol gives a false positive:

Pest: CWS.GoogleMS.3
Pest Info: Category: Adware Background Info: Click here
File Info: In Registry: HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\zonemap\domains\xxxtoolbar.com
Certainty: Confirmed Threatens: Confidentiality, Liability Risk: Moderate - this file can be executed! Advice: Delete or ignore
Action: Ignored

The reason that it is a false positive, is this:
That registry item has dword 4.
That registry item is placed there by IE-SPYAD from Eric Howes.
It takes care of putting that domain in the Restricted Zone of Internet Explorer.

The PestPatrol company has been informed very recently.

I hope that PestPatrol will also check the dword for such things.

See for example the following two threads at Wilders:
http://www.wilderssecurity.com/showthread.php?t=16688
And
http://www.wilderssecurity.com/showthread.php?t=17490
Goon_Boy
July 12th, 2004, 09:00 AM
As of 12 July 2004, PestPatrol is still coming up with this false positive. Dell now has a link to PP's "online scanner" via their support site, and utilization of this "feature" yields the false positive. The problem is compounded by the fact that Dell's linked version doesn't allow one to see the details of this alleged malware or actually effect repairs - one is instead routed to a "Buy this product NOW!" hustle, which will probably be a good thing (for Dell and PP, anyway), because anyone using the online scanner will be convinced they're infected with any one of a number of insidious Porn Bots, and will be tripping over themselves in their haste to..."Buy this product NOW!"

Exceptionally low class hucksterism, Dell and PestPatrol. You should both be ashamed of yourselves.
cezar
July 14th, 2004, 07:39 AM
Are there any of you who can tell me where i can post my Pestpatrol log so i can find out if the are false posetive. the one i have in my evalaution version of pestpatrol is: InternetAlert, 6 BonziBuddy and 2 win32 Ghost keylogger.c i got when i listen to one of the guru`s from a firewall company`s forum with bad 5.0 upgrade and download something call Bazooga Ad-aware and Spyware 1.12 remover, i don`t think what the keykooger is a false posetive but any way i want them all remove from my pc.


Kind regards
Cezar
cezar
July 14th, 2004, 11:36 AM
I run an online scan on the pestpatrol website and it find no pest my pc was clean mebe it is bug in the evaluetion version of pestpatrol ?


Kind regards
Cezar
nadirah
July 17th, 2004, 02:09 PM
Pestpatrol is very popular for giving false positives non-stop. ::)
Get programs like Ad-aware and Spybot-S&D, they are much better than pestpatrol. ;)