SpySweeper False Positive

Downloaded the Google Toolbar a few days ago. A scan with SpySweeper is flagging the Google Toolbar falsely as BrowserVillage Sidebar. An example of one of the CLSIDs it wants to delete is AA58ED58-01DD-4D91-8333-CF10577473F7. Checked this on Tony Klein's BHO list and it is associated with the Google Toolbar and not BrowserVillage Sidebar.

Also scanned with AdawareSE, Spybot, PestPatrol, SpySubtractPro, and AOL Spyware Protection. The programme BHO Demon is correctly showing the Google Toolbar and not BrowserVillage Sidebar.

Have emailed Webroot's UK office and have just advised them on their Support page.

This is for information in case anyone else is troubled with this false positive.

SpySweeper also found Marketscore on my machine. I went to Start/Search/All Files and Folders and typed in Marketscore. It found an Internet Explorer shortcut to Marketscore which had not been on my machine prior to updating the definitions from SpySweeper. I deleted this and SpySweeper stopped flagging it.

Ironically, I have been running SpySweepers's IE Favourites Shield and know for a fact that I did not add Marketscore to my IE Favourites list. I am the only user of this machine. It was definitely not on my machine prior to updating the definitions from SpySweeper.

(I have posted this on the other thread concerning SpySweeper.)

[azumi21]

Quote:

Originally Posted by bch

Downloaded the Google Toolbar a few days ago. A scan with SpySweeper is flagging the Google Toolbar falsely as BrowserVillage Sidebar. An example of one of the CLSIDs it wants to delete is AA58ED58-01DD-4D91-8333-CF10577473F7. Checked this on Tony Klein's BHO list and it is associated with the Google Toolbar and not BrowserVillage Sidebar.

Also scanned with AdawareSE, Spybot, PestPatrol, SpySubtractPro, and AOL Spyware Protection. The programme BHO Demon is correctly showing the Google Toolbar and not BrowserVillage Sidebar.

Have emailed Webroot's UK office and have just advised them on their Support page.

This is for information in case anyone else is troubled with this false positive.

i wouldn't trust a google toolbar installed on my browser (no matter what is is identified as). i would delete it.

[TonyKlein]

Quote:

Originally Posted by azumi21

i wouldn't trust a google toolbar installed on my browser (no matter what is is identified as). i would delete it.

There's nothing wrong with the Google toolbar; in fact it's one application I couldn't do without...

A glaring False Positive indeed, and I reckon SpySweeper will hasten to correct it...

Thank you for your responses and I have to agree with Tony Klein about the Google Toolbar. (Your BHO Demon is an excellent programme and I'm pleased I've had the opportunity to tell you that.) I haven't heard anything from SpySweeper. On checking, they haven't opened the ticket left on their support forum. I'm sure the matter will be resolved but am still curious as to how the Marketsco IE Shortcut got onto my machine.

Just updated the latest definitions from SpySweeper and the programme is no longer flagging BrowserVillage Sidebar so the matter has been resolved. Its still flagging Marketscore but no doubt this will be resolved in due course.

Apologies, Tony Klein. I have just realised that you are not the author of the BHODemon programme but rather the BHO List.

Received an email from SpySweeper instructing me to upgrade from version 3 to version 3.2.0 (Build 146) Spyware Definitions 383. (Another 12 months updates thrown in). Having done another scan it now doesn't flag Marketscore but it flags the Google Toolbar again but, this time, as WebSearch Toolbar. Scanned with PestPatrol and SpySubtractPro which found nothing plus I simply do not have WebSearch Toolbar on this machine or the associated files that come with it.

I've emailed SpySweeper again with this information so they can look into it.

[gerardwil]

I wonder why the definitions is 383.
Mine says as in the screenshot.

Gerard

gerardwil.

Definitely says 383 in respect of version 3.2.0.

[gerardwil]

Quote:

Originally Posted by bch

gerardwil.

Definitely says 383 in respect of version 3.2.0.

OK, lets say it different: I wonder why mine says 504 if that makes any difference.

gerardwil.

Tried to post a screenshot but I must have to be a fully fledged member before I have that facility. Have checked the webroot site and it is showing version 3.2.0 as the latest version. You might try the Options section in SpySweeper and clicking on "Update Programme" to see if you can get the latest version.

[gerardwil]

Ofcourse I did that and it says I have the latest version.
Also I asked webroot and they give me very fast a ticket, but that is still open for about 5 days
Cheers,

Gerard

[gerardwil]

Today my ticket is gone without giving me any answer

Am still having 3.1.0.134 and used spywaredefinitions : 504

Trying to update it keeps saying: you have most recent definitions.



Gerard

gerardwil.

Seems they roll out updated versions of the programme to new customers first. If you go to http://support.webroot.com/ics/suppo...asp?deptID=776 you can request the updated version.

Hope this is of help but just ignore it if you have already done this.

[Don Pelotas]

Hi Gerard

Here's a direct Link to the Webroot updatepage, unfortunately Webroot is not quick to ad the newest builds ( mine is 3.2.0 build 142 definitions 395) to the update server, so we have to check the forums and help each other out.

Regards

Downloaded the latest definitions (numbered 395) and SpySweeper is no longer flagging the Google Toolbar as some other toolbar.

[gerardwil]

Hi,

Just to let you know that Webroot e-mailed me the solution. They send me a link to download another copy of Spy Sweeper. Installed it and now says: version 3.2 (build 146) spyware definitions 397.
New expire date september 19 2005.
So I am happy now again

Gerard