IMPORTANT INFORMATION

Original post can be found at the Official Spybot S & D forums here: http://forums.net-integration.net/index.php?showtopic=1696

Quote:

"While many people in the anti-spyware sector are doing this mostly because they are dedicated to security and privacy, there are always a few black sheep trying to make quick money using the fear of many users.

Two such black sheeps are BulletProof software with their Spyware and Adware Remover and TrekBlue with their SpywareNuker.
Both products are based on a hacked version of the Spybot-S&D database. Evidence for this is very clear as the Spyot-S&D contains quite some entries to determine such theft.
These entries are wrong entries, some detecting things that do not really exist, some detecting minor threats under the wrong name, etc.. These tricks are absolutely harmless to the normal user of Spybot-S&D, but do clearly identify a stolen version of the Spybot-S&D database. Both products mentioned above detect exactly the same 'mistakes' the Spybot-S&D database contains.

I am in contact with two attourneys to sue these two companies.
I recommend that you use neither of the two programs mentioned above. Using them is a copyright infringement!!!
(and in addition you won't get more than with Spybot-S&D, as they are based on older Spybot-S&D databases)

Another interesting thing: there is someone 'spamming' at download.com: Spybot-S&D and AdAware have received thousands of negative feedbacks with the same text (CNet is removing them constantly), but the BPS Remover has gotten more than 10.000 positive feedbacks from the same name and the same text."

[hr]

Short version: BPS Spyware Remover is using a hacked version of Spybot S & D's database. Do not download their software.

UPDATE: Recent information has also pointed to an interesting similarity between BPS Traces Remover and WindowWasher...

Best regards,

-Javacool

The sincerest form of flattery
http://www.spywareinfoforum.com/newsletter/archives/feb-2003/13.php
By: Mike Healan
Imitation may be the sincerest form of flattery, but Nicolas Stark of Lavasoft and Patrick Kolla of PepiMK Software don't feel the least bit honored by companies they both claim are illegally copying their work. Stark and Kolla are the developers behind the two most popular spyware removal programs in the world, Ad-aware and Spybot S&D. Both developers have issued statements in the last few days indicating that their software has been reverse engineered and copied by various companies.
Earlier this week, Kolla posted a statement at the Spybot support forums accusing Trek Blue's SpywareNuker and BulletProofSoft's Spyware Remover of using a hacked copy of Spybot's encrypted target database. The target databases of BPS Spyware Remover and Trek Blue SpywareNuker both contain flaws that are also present in Spybot's database. The flaws are small things, such as one target which is detected under the wrong name as well as some targets present in Spybot's database which do not actually exist. Developers often introduce harmless flaws such as these into their software to identify unauthorized copies. Allegedly both SpywareNuker and BPS have the exact same errors and non-existent targets in their databases. Kolla has stated his intention to file lawsuits against both TrekBlue and BulletProofSoft for copyright infringement.
I've discussed Spyware Nuker before. I won't link to the web site since the home page loads an activex script which installs the program, possibly without prompting if security settings are set too low. At one point SpywareNuker was being labeled spyware and was even added to Spybot's database as a spyware target.
Lavasoft's owner Nicolas Stark has posted a similar statement at Lavasoft's support forums saying that BulletProofSoft's Spyware Remover and another program called Spycleaner are reversed engineered copies of the older 5.8x version of Ad-aware. Stark points out that both BPS Spyware Remover and Topdownload's Spycleaner have an interface that is nearly identical to the previous version of Ad-aware. Mr Stark indicated that he is considering taking legal action against these companies.
More... (http://www.spywareinfoforum.com/newsletter/archives/feb-2003/13.php)

</shameless plug> ;)

And Mike's site is open 24/7 for discussion on many topics with great people.


another </shameless plug> :D

-{ Quote: " quoting: Primrose link=board=20;threadid=7221;start=0#48103 date=1045145045]
another </shameless plug> :D
" }-

Unnecessary (already knew that) and off-topic. ;)

Regards,

Pieter

Lo there all

I'd like to ask a question here, as it sems appropriate in this thread. I've been using BPS Spyware Remover alongside both adaware and spybot and it has persisitently found a "freescratchandwin" entry in the registry which both adaware and spybot "missed." In light of this developement, is this one of those "flaws" that is in both databases that exposes this nonsense from BPS. I'd appreciate some thought and insight, cos if it is, BPS gets removed till they get their act together and make a lot of disgruntled folk really really happy. I for one am not going to use their products till I'm happy that anything and everything they're doing is on the up and up and totally legitimate. And the worst of it is I actually liked their product. >:( :'(

Regards to all
TheApostate

If you had really been hit by FreeScratchandWin you would find this startup entry: HKLM\..\Run: [FSW] C:\Program Files\FSW\fsw.exe
and this one {5DD7B3BE-FDEC-4563-B038-FF80F2345B89} (Fswinst Control) - h**p://www.freescratchandwin.com/files/fswinst07.cab in your Downloaded Program Files.
Could you tell us exactly what BPS found? Just curious. ;)

Regards,

Pieter


Made the link to FSW unclickable

Hi Pieter

Sorry about the length of time in replying, don't know how I missed your reply, esp seeing as I was looking out for one. Methinks I need a new pair of glasses perhaps ::) 8)

As far as I can remember it only ever mentioned that it had found the fsw, but none of the entries you mentioned. I could run scan after scan right after each other and it would always find it. What had me puzzled was the fact that neither adaware nor spybot found anything. I also run spywareblaster, so it had me puzzled. I've never had any problems with the FSW before then, nor since. If you need that info, I would have to see if I still have my copy of BPS to hand and reinstall it and let you know.

I've run regedit and did ind this entry :-HKLM\software\microsoft\IE\activex compatibility\ ---- in the right pane it says compatibility flags 0x00000400(1024).

In the absence of anything else I'm presuming that this is a Spywareblaster killbit entry. Will search my system for the other files and see if they there and let you know.

Thanks
TheApostate

HI again Pieter

Just finished checking my system and so far no traces of the cab file you mentioned in the dowloaded prgram files folder or anywhere else for that matter. So it would seem to me to have been false postive findings by BPS.

Thanks again
TheApostate

Hi TheApostate,

That leaves two options:
1. They actually added some own input to their detection, resulting in a f/p.
2. They copied a f/p which has since then been corrected in the scanner they copied it from.

I don´t think BPS would pick up on kill-bits by SpywareBlaster (you´d have a lot more findings in that case)

Regards,

Pieter

-{ Quote: " quoting: Pieter_Arntz link=board=20;threadid=7221;start=0#54561 date=1050140736]
I don´t think BPS would pick up on kill-bits by SpywareBlaster (you´d have a lot more findings in that case)
" }-

Of course, assuming they copied Spybot's database, wouldn't that be a unique false-positive for PepiMK to include? (Spybot wouldn't detect it, of course, but anyone else that copied the database would...) ::)

Just an idea.

Best regards,

-Javacool

Hi guys

Pieter, thanks, I'm still learning, so hopefully none of my thoughts/ideas/questions will be considered to "dumb" for you guys :o ;)

TheApostate

Hi TheApostate,

No need to worry about that. Dumb in my book is "not willing to learn" , so you don´t fit the bill. :)
It takes a wise man to know his limitations and ask the right questions at the right places.

Regards,

Pieter

Warning: Another copycat has emerged.

http://www.spywareinfoforum.com/forums/index.php?act=ST&f=8&t=6298&hl=&s=2fe043c37b06a8d0fb23601505c3331e

Regards,

Pieter

>:(damn that f up i hope you run those thifs into the ground that so f'ed it aint funny i hope you get millions in your lawsuit.

It must be April Fools Day, not Christmas

this site http://sharempeg.com/find/
a Known CWS site is advertising a spyware killer ( http://www.spykiller.com/index.asp?Ref=2580 )what is the world coming to

I assume that spyware killer is a baddie in itself.

Their blurb definitely seems to suggest that it cures all evils and removes spyware etc, while still allowing KAzaa etc to function properly

This reeks of the biggest scam on the net, especially with 50% commission paid to introducing webmasters.

Hi,

h**p://mycusthelp.com/SPYKILLER/supportkbitem.asp?sSessionID=&Inc=247&sFilA=Categories&sFilB=&sFilC=&FA=-1&FB=-1&FC=-1

...is one question from the Spykiller FAQ. They have a link to download HJT at the bottom of the page, but from themselves, and not, as you might expect, from Merijn or any of those you'd trust. I'd leave it alone.. :)

Perhaps someone with the knowhow would like to see if it's a specially re-engineered version or not.. maybe designed to hide any of their own nasties.

Paranoia... oh yeah.. :)

Cheers

Liam

-{ Quote: " quoting: e-liam link=board=20;threadid=7221;start=15#msg123425 date=1074946258]
Perhaps someone with the knowhow would like to see if it's a specially re-engineered version or not.. maybe designed to hide any of their own nasties.

" }-

An old version: 1.97.3

Regards,

Pieter

From a hacked version of Spybot?

My God. If I wrote what I thought about these guys, I'm sure I'd get banned.

[Edited to remove insult]

Well that one from BulletProof software in my opinion was the only other good one that you could buy. But looks like that is out the window now. The only true solution in my opinion if you are going to buy something is pestpatrol. Have you seen thier database PestPatrol detects 124,081 pests as of May 14, 2004 . These pests are grouped into families, each of which has a unique name. PestPatrol detects 20,796 families. I looked at that webroot one it only did like 5000 or 7000 and that one from BulletProof software did more than the one from webroot(Spy Sweeper) from what I seen. http://www.pestpatrol.com/Stats/ is pestpatrol's site. To bad I liked that one from BulletProof the only real competition pestpatrol had. I got some freinds that has the one from BulletProof thanks for the info sure will tell em and watch this forum for updates.

-{ Quote: "Another interesting thing: there is someone 'spamming' at download.com: Spybot-S&D and AdAware have received thousands of negative feedbacks with the same text (CNet is removing them constantly), but the BPS Remover has gotten more than 10.000 positive feedbacks from the same name and the same text."" }-
Ive noticed this for other programs too, ppl have gone as far as 2 steal moderators identities to post bad comments about a program,
ive noticed this on "Avant Browser"'s forum people posting that users of cnet are posting untrue statements, i have stopped reading user reviews from there, cuz i dont know who 2 believe

just my 2 cents, thanks :D

TeMerc Internet Security Site "Questionable Anti-Spyware" List (http://groups.msn.com/TeMercInternetSecuritySite/questionableantispywaredonotuse.msnw)

Some beauts:

"WarNet is owned and run by the same people who own andrun C2 Media, producers of the infamous lop parasite."

Trusting the same people who put your privacy in danger with protecting it? No thanks, I'll pass. ::)

"SpywareLabs produce a parasite detection program called Virtual Bouncer, with a removal option requiring payment."

Sounds like a computerized version of the protection racket. :o

"StopSign detects the free spyware removers Ad-Aware and Spybot as 'attackware'."

"Attackware" must be a compliment, I take it. ;D

"xp -AntiSpy... disables some [functions] that are said to phone home to Microsoft[, but] contain[s] a dialer named SecurityTipps."

What's that... don't let Microsoft spy [edit]on[\edit] you, let us do that instead? :P

The genuine XP-Anti-Spy is a jolly useful app and I'm more than happy to run it on my computer.
Unfortunately,some miscreant saw fit to set up a bogus XP Anti-Spy download site with a .de suffix.This imposter comes with a hidden payload-namely a dialer.

There are clear warnings about this scam on the genuine xp-antispy.org site.Felt I had to put the record straight as Chris,the writer of XP Anti-Spy is blameless and deserves respect,not derision.

It would be interesting if the modified database entries in the real thing were to point at these fake tools, though I don't think that they'd be unjustified in having an explicit entry to remove them.

Here's a nice page that lists many suspect and bad spyware removal programs which is maintained by Eric Howes of IE Spyad fame. It also contains other info such as how to avoid undesirable links caused by Google ads that have been flooded by the bad antispyware sites and links to trustworthy spyware removal programs such as Ad-Aware, Spybot search & Destroy, and more.

This list supercedes any other lists that have been posted on the Spyware Warrior blog and forum.

http://www.spywarewarrior.com/rogue_anti-spyware.htm

Don't trust what's on that site. The company I work for has just noticed one of our products listed there as a rogue spyware cleaning program.

We'll be taking legal action against this loser.

And what would this app. be that the company u work for, produces?

-{ Quote: "We'll be taking legal action against this loser." }-
Well that loser is very much respected around these parts so good luck with that. ;)


snowbound

Found this forum Today doing a google search for "Using tracking cookies" and just had to join.

Just posting to introduce myself (Hi) as I think this forum looks like a real good place to learn some very good information.

Also to subscirbe to this thread (and no doubt many more to follow) as something to refer to!

Very Interesting read on SpyWare! Even more interesting read on SpyWare removal! This forum should be a must be read to all internet users.

-{ Quote: "Don't trust what's on that site. The company I work for has just noticed one of our products listed there as a rogue spyware cleaning program.

We'll be taking legal action against this loser." }-Oh yeah, and what's this "product" you are talking about anyway? Care to share? Or are you ashamed to even name it?

I f he doesn't report back for a respond from March to October you can't keep your breath for any answer, I think ;)

-{ Quote: "Oh yeah, and what's this "product" you are talking about anyway? Care to share? Or are you ashamed to even name it?" }-
It probably went out of business or they got sued and put out of business. ::)

I am not all that techie on the software engineering side. But when I see leaders in their industry Lavasoft and Spybot SD (free I might add), just to name two, stolen pirated whatever. It really makes me very >:( >:( .

Prosecution to the fullest by those companies that have been harmed is what I think should happen. That is assuming the cost of litigation does not harm the one seeking relief.

At any rate those who have used stolen code database or what ever, you do not want me on the jury. I will vote to crush you like the roach you are!! :P

how do u resverse engineer a program..? just tell me what is used, and why? how do u get the source code? i'm so stumped.

-{ Quote: "how do u resverse engineer a program..? just tell me what is used, and why? how do u get the source code? i'm so stumped." }-

Sorry, you won't be getting that kind of help here at Wilders.