Webroot SpySweeper anyone??

I bought a SpySweeper subscription about 3 years ago, and at first I thought it was the cat's meow -- thorough sweeping and good proactive defenses, etc., regular updates, and most importantly, my system never got a baddy -- I have always used a good AV, too, so those two reasons worked, it seemed.

Then I noticed about 18 mos ago it was running very heavy. So I took it out, even though I had just bought an extension until 2009.

I know it is now up to version 5.5, AND I and I'm wondering if it has lightened up a bit, or does it still lock into almost every conceivable part of the OS?? Anybody has experience with the latest SpySweeper??

 

Caveat Emptor!

https://www.wilderssecurity.com/showthread.php?t=197538
https://www.wilderssecurity.com/showthread.php?t=196844
https://www.wilderssecurity.com/showthread.php?t=184585

 

I'm using the Spy Sweeper WITHOUT antivirus, and it has never been heavy on my system. I have 512 MB RAM though. I don't know why it became heavvy on your system. By definition speed depends on some combination of hardware/software and how you use that, including possible errors.

I believe we are at version 5.5.7.

But before you install it, keep in mind that Webroot tries to install the Spy Sweeper with the ask.com toolbar, and the 'search assistant' by default ! I think that those two have spyware/adware characteristics. Not good for a security product ! If you want to install the Spy Sweeper, I suggest you use a customized install so that you'll avoid those two (I wonder if they also try to sneak in a google toolbar).

Inserting the ask.com toolbar/IAC is becoming an infamous practice in the security industry. Even Zonealarm is into it ! (For more info, I suggest googling sunbeltblogspot, IAC, ask.com toolbar, Webroot)

And I wonder what they do with your credit card number ... they currently have an auto-renewal policy ... Paying (in January) for the extension of the subscription was in more than one way strange ... I won't elaborate on that. I wonder if Webroot can be trusted ...

 

Elitekiller, before I started writing my post yours wasn't there. I must be slow ...

 

It has always been heavy. No need to run a real time spyware program. Just run a scan once a week with SuperAntiSpyware free and Spybot.

 

To each his own I suppose.

https://www.wilderssecurity.com/showthread.php?t=198524

 

So what to do if a spy gets in between scans and sends home all kinds of confidential information (passwords, etc.) Real time seems as important for spies as for virii, no?




|||

 

Prevention is better then cure.

 

Thank you...............Spyware just doesn't come walking in. You let it in by installing something or visiting some site where you need to install an active x plugin. Comodo tells me all I need to know about whats going on and NOD32 keeps me pretty well protected. I only have had 1 spyware problem years ago but Comodo 2.4 stop it in its track because bells and whistles went off about some unknown program trying to connect. I clicked deny cause I did not know what it was. Then I ran a spyware scan and presto. It was gone. I good firewall and virus scan is all you need in real time mode. Then run a spyware scan once a week with whatever program you chose.

 

Your Welcome.

 

If I did that I would quickly regret it !

 

No you would not. What are you using for an AV and FW?

 

(partial quote)

Not knowing NOD32 (antivirus I believe) or Comodo: Since I started using Counterspy I virtually never get spyware (1 adware program and an occasional cookie over the past 6 months).

But before that: even with the Spy Sweeper and the older version of the Spyware Doctor giving real-time protection, I got spyware on a regular basis, and not just cookies. And (at least since IE 7 is the way it is now, with me using elevated security settings) it never had to do with installing ActiveX, or installing a program (except of course spyware that was a program and not part of a program or attached to it somehow).

I can't really explain the discrepancy between our experiences ... except if you were just visiting mainstream sites (not safe anymore).

 

You have know idea what NOD32 is. Its only one of the best AV on the market. If you keep getting spyware then maybe you should change you surfing habits. Use Firefox or Opera. I have never known anyone to keep getting spyware unless they are just clicking away. Invest in good protection and you will be fine. Obviously Counterspy isn't good if you keep getting spyware. Comodo is a firewall BTW. I visited alot of different sites. Sites I cannot mention and never have gotten a thing. So I will suggest again to change your security set up and surfing habits.

 

Well, sure, I know that. But I run nod32 (past 18 mos.) and I'm running Online Armor (both FW and HIPS), but I still got some strange nasty a few days ago, something called <Trojan.Net-PhakeRU>, a file with 12 registry entries. I found them using SuperAS free; i.e., only on-demand. According to <http://www.superantispyware.com> this is a trojan that lifts passwords, etc, and phones them somewhere. Point is, I only caught the sucker *after* it was on my machine. Either this puppy's a false pos or nod32 and OA fell down. Oh, I'm behind a router, too.

Any ideas how it got in?? I don't do porn sites or other risky places.


//

 

What exactly did SAS remove? Do you have logs on it?

 

By chance was this on your Lenovo thinkpad T60p with a password manager installed ?

If so, do you recall installing or noticing if a Password Manager Browser Helper Object was already installed ?

From Castle Cops GUID list....BF468356-BB7E-42D7-9F15-4F3B9BCFCED2

From File Research Center....Trojan.Net-PhakeRU

If not in this thread, perhaps in another thread, this could be looked at further. Also, the logs mentioned earlier would be of interest.

Bubba

 

Oh if only that were true............

 

Thats all I ever needed with any of my pc's. Never got any spyware or viruses. Safe surfing and good protection. I also use web based email which is safer then OE.

 

Hi Mike. Yes, I have these from my generated from the SAS scan log [edit: and now at second take, I see that SAS is flagging a file from my computer (Lenovo/IBM Thinkpad) Client Security app --> false positive?]:


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/01/2008 at 03:27 PM

Application Version : 3.9.1008

Core Rules Database Version : 3393
Trace Rules Database Version: 1385

Scan type : Complete Scan
Total Scan Time : 01:38:31

Memory items scanned : 531
Memory threats detected : 0
Registry items scanned : 5975
Registry threats detected : 12
File items scanned : 40757
File threats detected : 1

Trojan.Net-PhakeRU
HKLM\Software\Classes\CLSID\{BF468356-BB7E-42D7-9F15-4F3B9BCFCED2}
HKCR\CLSID\{BF468356-BB7E-42D7-9F15-4F3B9BCFCED2}
HKCR\CLSID\{BF468356-BB7E-42D7-9F15-4F3B9BCFCED2}
HKCR\CLSID\{BF468356-BB7E-42D7-9F15-4F3B9BCFCED2}#AppID
HKCR\CLSID\{BF468356-BB7E-42D7-9F15-4F3B9BCFCED2}\InprocServer32
HKCR\CLSID\{BF468356-BB7E-42D7-9F15-4F3B9BCFCED2}\InprocServer32#InprocServer32
HKCR\CLSID\{BF468356-BB7E-42D7-9F15-4F3B9BCFCED2}\InprocServer32#ThreadingModel
HKCR\CLSID\{BF468356-BB7E-42D7-9F15-4F3B9BCFCED2}\ProgID
HKCR\CLSID\{BF468356-BB7E-42D7-9F15-4F3B9BCFCED2}\Programmable
HKCR\CLSID\{BF468356-BB7E-42D7-9F15-4F3B9BCFCED2}\TypeLib
HKCR\CLSID\{BF468356-BB7E-42D7-9F15-4F3B9BCFCED2}\VersionIndependentProgID
C:\PROGRAM FILES\LENOVO\CLIENT SECURITY SOLUTION\TVTPWM_IE_COM.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF468356-BB7E-42D7-9F15-4F3B9BCFCED2}


|||

 

Just noticed your post, Bubba, thanks. YES!! You got it exactly: ThinkPad T60p, with password manager. Is this a *real* baddy, or just a FP


|||

 

For me it would confirm that those are valid files used by your LENOVO thinkpad password protection software.

I would suggest re-installing the LENOVO password protection software and re-scan but select check only if possible. If it re-finds those same entries, follow appropriate procedure for reporting a possible false positive.

Bubba

 

Done. Thanks for the input.

Sam


|||

 

I'm currently using Virusscan Plus 2008, including their firewall. Among (?) other things to prevent the installation of spyware, McAfee uses scripts as part of it's engine !

I intend to drop McAfee, I'm just considering waiting for the the new version of Counterspy with antivirus, or get something else.

But before McAfee 2007 I had an earlier version of McAfee, with virusscan 10 or 11 and firewall version 7 (or close). I got lots of spyware !

 

Only 1 adware program in 6 months isn't bad !

I wouldn't know how to respond to the rest of your statement (or invest time trying to).