jmorlan
April 12th, 2005, 10:58 AM
I just ran the free CA PestScan web scanner at...
http://store.ca.com/dr/v2/ec_main.entry25?page=freePestPatrolScan&client=ComputerAssociates&sid=35715
and they found 47 pests on my computer. That is an exageration because "47" is the total number of entries under each main "pest." In fact there were only 12 main "pests" as follows. I expanded the entries I am particularly curious about:
VNC Server 4.0 - Commercial RAT
BargainBuddy - Adware
C:\WINDOWS\system32\instsrv.exe
VNC - Commercial RAT
VNC Viewer 4.0 - Commercial RAT
ISTbar - Hijacker
hkey_local_machine \software\classes\typelib\{11269241-f241-11cf-bd9a-00aa00575603}
LowerMyBills.com - Tracking Cookie
DealTime - Tracking Cookie
PriceGrabber - Tracking Cookie
One-Time-Offer - Tracking Cookie
CoolSavings.com - Tracking Cookie
Com.com - Tracking Cookie
Cdfreaks - Tracking Cookie
VNC is installed on purpose so the three main entries for it are all false positives.
My preliminary research indicates that instsrv.exe is used to install programs to run as a service and its presence does not necessarily indicate that "Bargain Buddy" is installed. In fact I am sure Bargain Buddy is not installed.
The typelib regkey seems to enable the VB 5 - IShellLinkA Interface(ANSI) via C:\WINDOWS\system32\SHELLLNK.TLB. Again this appears to be something which could be installed by any programs and is not specific to ISTbar - Hijacker which is also not on my computer.
Thus I believe these three (six if you count each VNC entry) are false positives.
I wonder if the others are real or false positives. One reason I'm curious is that none of them were detected by AdAware, SpyBot S&D, or MS Antispyware except for VNC which was detected by MS before I placed it on its ignore list.
If I were a less trusting person, I might think that CA is trying to scare me into buying their product
http://store.ca.com/dr/v2/ec_main.entry25?page=freePestPatrolScan&client=ComputerAssociates&sid=35715
and they found 47 pests on my computer. That is an exageration because "47" is the total number of entries under each main "pest." In fact there were only 12 main "pests" as follows. I expanded the entries I am particularly curious about:
VNC Server 4.0 - Commercial RAT
BargainBuddy - Adware
C:\WINDOWS\system32\instsrv.exe
VNC - Commercial RAT
VNC Viewer 4.0 - Commercial RAT
ISTbar - Hijacker
hkey_local_machine \software\classes\typelib\{11269241-f241-11cf-bd9a-00aa00575603}
LowerMyBills.com - Tracking Cookie
DealTime - Tracking Cookie
PriceGrabber - Tracking Cookie
One-Time-Offer - Tracking Cookie
CoolSavings.com - Tracking Cookie
Com.com - Tracking Cookie
Cdfreaks - Tracking Cookie
VNC is installed on purpose so the three main entries for it are all false positives.
My preliminary research indicates that instsrv.exe is used to install programs to run as a service and its presence does not necessarily indicate that "Bargain Buddy" is installed. In fact I am sure Bargain Buddy is not installed.
The typelib regkey seems to enable the VB 5 - IShellLinkA Interface(ANSI) via C:\WINDOWS\system32\SHELLLNK.TLB. Again this appears to be something which could be installed by any programs and is not specific to ISTbar - Hijacker which is also not on my computer.
Thus I believe these three (six if you count each VNC entry) are false positives.
I wonder if the others are real or false positives. One reason I'm curious is that none of them were detected by AdAware, SpyBot S&D, or MS Antispyware except for VNC which was detected by MS before I placed it on its ignore list.
If I were a less trusting person, I might think that CA is trying to scare me into buying their product