Need info on Spyware Cease

ohblu · #1 August 7th, 2009, 12:08 AM

My grandmother called me today saying her computer is broken (again). Apparently she downloaded some sort of registry cleaning/fixing software that came with Spyware Cease (or vice versa). She was in the middle of scanning her computer with these programs, they had found some problems, she minimized the window and then I guess her computer locked up. She says she rebooted it about six times. I'm not sure if it's her whole computer that isn't working correctly or just AOL (she's very confusing). I know she said she couldn't get AOL to work. She also said these products were recommended by AOL (whatever that means). For all I know, she could've seen an advertisement on AOL's website.

Does anyone know anything about Spyware Cease and a registry program that might come with it? I've tried searching about this product but it looks like some people think it's legitimate and others think it's not. So I don't know what to think. It might help my grandmother's computer problem if I knew a little more about these programs.

Franklin · #2 August 7th, 2009, 12:13 AM

It's a rogue.
http://www.malwarebytes.org/malwaren...e.SpywareCease

http://www.malwarebytes.org/malwarenet.php

the Tester · #3 August 7th, 2009, 12:19 AM

Edited.
*** I see Franklin found it listed as a rogue before I posted.

prairie dog · #4 August 7th, 2009, 12:43 AM

Have a look at this spybot S&D thread. I would get it off her system

ohblu · #5 August 7th, 2009, 03:03 AM

Thanks. I'll get that off as soon as I can. I have a couple more questions though.

I noticed that this program will scan a computer for threats but won't remove them unless you pay for the full program. So since she says her computer locked up and AOL won't work, does that sound like she probably paid for it and it removed some important files? If that's the case and I can't get into windows, should I boot into safe mode and use the "last known good configuration" option? Or should I use system restore? I've removed a program like this from her computer before, but that's before the full program was installed and so it didn't do any real damage.

I guess I should mention that her computer is Win XP.

jmonge · #6 August 7th, 2009, 03:09 AM

in safe mode with networking download a copy of malwarebytes and remove this faker

chris1341 · #7 August 7th, 2009, 04:25 AM

Quote:

Originally Posted by ohblu

Thanks. I'll get that off as soon as I can. I have a couple more questions though.

I noticed that this program will scan a computer for threats but won't remove them unless you pay for the full program. So since she says her computer locked up and AOL won't work, does that sound like she probably paid for it and it removed some important files? If that's the case and I can't get into windows, should I boot into safe mode and use the "last known good configuration" option? Or should I use system restore? I've removed a program like this from her computer before, but that's before the full program was installed and so it didn't do any real damage.

I guess I should mention that her computer is Win XP.

I looked at this before I'm not sure it contains malicious code just produces a huge amount of FP's to try and force the gullible to buy.

It maybe some of the FP's that have been removed by the programme are important files and that's causing the lock ups.

It's a good example of why every good security set up needs decent imaging software to replace infected systems with a clean backups.

If you don't have that system restore might let you roll back to a pre-install state.

If it is the Spyware Cease itself that causing the issues Jmonge is right MBAM is excellent at cleaning up after this particular rogue.

Cheers

Franklin · #8 August 7th, 2009, 04:43 AM

Can anyone find it listed as a download at Softpedia? If not then just having the award posted at their site qualifies it as a rogue.

Name: Soft.JPG
Views: 421
Size: 18.1 KB

gery · #9 August 7th, 2009, 06:21 AM

WOT reports the site as poor reputation but Norton 360 says it is clean wonder why this is ok with Norton

Retadpuss · #10 August 7th, 2009, 06:35 AM

it is a rogue.

gery · #11 August 7th, 2009, 06:36 AM

is there something wrong with Norton then?
AVG also does not mark it as bad

TonyW · #12 August 7th, 2009, 06:54 AM

Quote:

Originally Posted by gery

is there something wrong with Norton then?

I think it's more to do with a classification issue. Norton analysts probably determined there's no malicious code in the file. I note there doesn't appear to be a category for fraudulent/rogue software at Norton Safe Web.

andyman35 · #13 August 7th, 2009, 08:26 AM

Quote:

Originally Posted by Franklin

Can anyone find it listed as a download at Softpedia? If not then just having the award posted at their site qualifies it as a rogue.

Attachment 211089

No mention of it on Softpedia they obviously just nicked the 100% award logo.

In other respects this would appear to belong to the class of rogue that actually has some real functionality mixed in with the dodgy FPs,which probably keeps it hovering within the grey area.

Keyboard_Commando · #14 August 7th, 2009, 08:45 AM

http://www.spywareremoversolution.com/ Seems to be a promotional site to a bunch of crapware, including Spyware Cease.

Has no warning from WOT even though it is giving positive reviews to a bunch of rogue applications. http://www.spywareremoversolution.co...easereview.php

WOT users report them.

jmonge · #15 August 7th, 2009, 09:28 AM

k9 blocked this page

http://127.0.0.1:2372/blockpage?id=288

TonyW · #16 August 7th, 2009, 11:03 AM

Quote:

Originally Posted by jmonge

k9 blocked this page

http://127.0.0.1:2372/blockpage?id=288

That'll be your own block page for the domain which we can't see; K9 does have it listed under the Spyware/Malware Sources category, which is why it's blocked for you.

simisg · #17 August 7th, 2009, 11:14 AM

i have microsoft security essentials in my pc and not detect this rogue and others.....from this site http://www.spywareremoversolution.com/ why microsoft alow these rogues ?? its all about money ? malwarebytes detects all as rogues......and wot says red sites.....

TonyW · #18 August 7th, 2009, 12:07 PM

Quote:

Originally Posted by simisg

why microsoft alow these rogues ?? its all about money ? malwarebytes detects all as rogues......and wot says red sites.....

Some AVs are better than others at detecting rogues as rogues. Many of these files are clean; if you submit for analysis, some virus analysts will tell you the files don't contain malicious code, and they often don't. They need more analysis and the applications looked into in more detail as to what they're trying to do. Trouble is there's so many out there now and they look authentic with one goal in mind: to try and extract your hard earned cash to fix what they claim are viruses or system errors. This is why they're rogues.

ohblu · #19 August 7th, 2009, 09:55 PM

I got it fixed using System Restore.

She says she bought a program called Registry Easy for $10 that came with Spyware Cease. She says she never scanned the computer with Spyware Cease, only with Registry Easy. It was during the scan with Registry Easy that the computer locked up. When I started it in normal mode, it was super slow then froze. Hijack This showed that Spyware Cease was a running process and installed in the Program Files folder. Other than that, there was no other indications of malware.

Is Registry Easy considered rogue software too? If so, is there anyway to get her $10 back?

Toby75 · #20 August 7th, 2009, 10:04 PM

Guess it's real easy to get a McAfee secure seal these days. Just give 'em $1800/yr and you can get the seal even if your product is a rogue. Isn't that just friggin wonderful.

the Tester · #21 August 7th, 2009, 11:52 PM

ohblu,
I don't know if Registry Easy is a rogue but apparently they are looking for developers! Seriously.
I see the website has a "McAfee Secure" logo at the top right corner just like in Toby's screenshot.

http://www.registryeasy.com/about-us.php

Evidently A-Squared detected them as malware and d-listed them earlier this year.

http://forum.emsisoft.com/Default.aspx?g=posts&t=4303

In June IObit Security 360 classified it as a rogue.

http://forums.iobit.com/showthread.php?t=2976

So there are two conflicting opinions on whether Registry Easy is malware/a rogue or not.

ohblu · #22 August 8th, 2009, 12:17 AM

She says she got it from a website called clkbank.com and paid $10. What are the thoughts on that? I'm trying to get information on this website. Registry Easy's website charges $34.95 so I want to make sure she didn't give out her credit card number to crooks.

JRViejo · #23 August 8th, 2009, 12:24 AM

ohblu, here's some info on that site: http://whois.domaintools.com/clkbank.com.

the Tester · #24 August 8th, 2009, 12:38 AM

Do you know when she bought the license for the program?
According to clickbank's policy she may be able to get a refund if it's within 60 days of purchase. Clickbank is evidently just a retail website.
Cheesesoft is the developer of both SpywareCease and Registry Easy.That's the connection for the two programs.

http://www.clickbank.com/return_policy.html

ohblu · #25 August 8th, 2009, 12:59 AM

Ok. Thanks. She bought it sometime this week. But how can a refund be issued? I mean, usually when you purchase software, the sale is final. Also, what reason should she give them for wanting to get a refund? The software messed up her computer?

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search