Need info on Spyware Cease

Discussion in 'malware problems & news' started by ohblu, Aug 7, 2009.

Thread Status:
Not open for further replies.
  1. ohblu

    ohblu Registered Member

    Joined:
    Jul 26, 2008
    Posts:
    79
    Location:
    Colorado
    My grandmother called me today saying her computer is broken (again). Apparently she downloaded some sort of registry cleaning/fixing software that came with Spyware Cease (or vice versa). She was in the middle of scanning her computer with these programs, they had found some problems, she minimized the window and then I guess her computer locked up. She says she rebooted it about six times. I'm not sure if it's her whole computer that isn't working correctly or just AOL (she's very confusing). I know she said she couldn't get AOL to work. She also said these products were recommended by AOL (whatever that means). For all I know, she could've seen an advertisement on AOL's website.

    Does anyone know anything about Spyware Cease and a registry program that might come with it? I've tried searching about this product but it looks like some people think it's legitimate and others think it's not. So I don't know what to think. It might help my grandmother's computer problem if I knew a little more about these programs.
     
  2. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
  3. the Tester

    the Tester Registered Member

    Joined:
    Jul 28, 2002
    Posts:
    2,854
    Location:
    The Gateway to the Blue Hills,WI.
    Edited.
    *** I see Franklin found it listed as a rogue before I posted.
     
  4. prairie dog

    prairie dog Registered Member

    Joined:
    Jun 9, 2009
    Posts:
    129
    Have a look at this spybot S&D thread. I would get it off her system
     
  5. ohblu

    ohblu Registered Member

    Joined:
    Jul 26, 2008
    Posts:
    79
    Location:
    Colorado
    Thanks. I'll get that off as soon as I can. I have a couple more questions though.

    I noticed that this program will scan a computer for threats but won't remove them unless you pay for the full program. So since she says her computer locked up and AOL won't work, does that sound like she probably paid for it and it removed some important files? If that's the case and I can't get into windows, should I boot into safe mode and use the "last known good configuration" option? Or should I use system restore? I've removed a program like this from her computer before, but that's before the full program was installed and so it didn't do any real damage.

    I guess I should mention that her computer is Win XP.
     
  6. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    in safe mode with networking download a copy of malwarebytes and remove this faker:thumb:
     
  7. chris1341

    chris1341 Guest

    I looked at this before I'm not sure it contains malicious code just produces a huge amount of FP's to try and force the gullible to buy.

    It maybe some of the FP's that have been removed by the programme are important files and that's causing the lock ups.

    It's a good example of why every good security set up needs decent imaging software to replace infected systems with a clean backups.

    If you don't have that system restore might let you roll back to a pre-install state.

    If it is the Spyware Cease itself that causing the issues Jmonge is right MBAM is excellent at cleaning up after this particular rogue.

    Cheers
     
  8. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    Can anyone find it listed as a download at Softpedia? If not then just having the award posted at their site qualifies it as a rogue.

    Soft.JPG
     
  9. gery

    gery Registered Member

    Joined:
    Mar 8, 2008
    Posts:
    2,175
    WOT reports the site as poor reputation but Norton 360 says it is clean wonder why this is ok with Nortono_O o_O o_O
     
  10. Retadpuss

    Retadpuss Suspended Member

    Joined:
    Apr 4, 2009
    Posts:
    226
    it is a rogue.
     
  11. gery

    gery Registered Member

    Joined:
    Mar 8, 2008
    Posts:
    2,175
    is there something wrong with Norton then?
    AVG also does not mark it as bad
     
    Last edited: Aug 7, 2009
  12. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,741
    Location:
    UK
    I think it's more to do with a classification issue. Norton analysts probably determined there's no malicious code in the file. I note there doesn't appear to be a category for fraudulent/rogue software at Norton Safe Web.
     
    Last edited: Aug 7, 2009
  13. andyman35

    andyman35 Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    2,336
    No mention of it on Softpedia they obviously just nicked the 100% award logo.:shifty:

    In other respects this would appear to belong to the class of rogue that actually has some real functionality mixed in with the dodgy FPs,which probably keeps it hovering within the grey area.
     
    Last edited: Aug 7, 2009
  14. Keyboard_Commando

    Keyboard_Commando Registered Member

    Joined:
    Mar 6, 2009
    Posts:
    690
  15. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
  16. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,741
    Location:
    UK
    That'll be your own block page for the domain which we can't see; K9 does have it listed under the Spyware/Malware Sources category, which is why it's blocked for you.
     
  17. simisg

    simisg Registered Member

    Joined:
    Nov 6, 2008
    Posts:
    412
    Location:
    Greece
    i have microsoft security essentials in my pc and not detect this rogue and others.....from this site http://www.spywareremoversolution.com/ why microsoft alow these rogues ?? its all about money ? malwarebytes detects all as rogues......and wot says red sites.....
     
  18. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,741
    Location:
    UK
    Some AVs are better than others at detecting rogues as rogues. Many of these files are clean; if you submit for analysis, some virus analysts will tell you the files don't contain malicious code, and they often don't. They need more analysis and the applications looked into in more detail as to what they're trying to do. Trouble is there's so many out there now and they look authentic with one goal in mind: to try and extract your hard earned cash to fix what they claim are viruses or system errors. This is why they're rogues.
     
  19. ohblu

    ohblu Registered Member

    Joined:
    Jul 26, 2008
    Posts:
    79
    Location:
    Colorado
    I got it fixed using System Restore.

    She says she bought a program called Registry Easy for $10 that came with Spyware Cease. She says she never scanned the computer with Spyware Cease, only with Registry Easy. It was during the scan with Registry Easy that the computer locked up. When I started it in normal mode, it was super slow then froze. Hijack This showed that Spyware Cease was a running process and installed in the Program Files folder. Other than that, there was no other indications of malware.

    Is Registry Easy considered rogue software too? If so, is there anyway to get her $10 back?
     
  20. Toby75

    Toby75 Registered Member

    Joined:
    Mar 10, 2006
    Posts:
    480
    Guess it's real easy to get a McAfee secure seal these days. Just give 'em $1800/yr and you can get the seal even if your product is a rogue. Isn't that just friggin wonderful.
     

    Attached Files:

  21. the Tester

    the Tester Registered Member

    Joined:
    Jul 28, 2002
    Posts:
    2,854
    Location:
    The Gateway to the Blue Hills,WI.
    ohblu,
    I don't know if Registry Easy is a rogue but apparently they are looking for developers! Seriously.
    I see the website has a "McAfee Secure" logo at the top right corner just like in Toby's screenshot.


    http://www.registryeasy.com/about-us.php

    Evidently A-Squared detected them as malware and d-listed them earlier this year.

    http://forum.emsisoft.com/Default.aspx?g=posts&t=4303


    In June IObit Security 360 classified it as a rogue.

    http://forums.iobit.com/showthread.php?t=2976

    So there are two conflicting opinions on whether Registry Easy is malware/a rogue or not.
     
    Last edited: Aug 8, 2009
  22. ohblu

    ohblu Registered Member

    Joined:
    Jul 26, 2008
    Posts:
    79
    Location:
    Colorado
    She says she got it from a website called clkbank.com and paid $10. What are the thoughts on that? I'm trying to get information on this website. Registry Easy's website charges $34.95 so I want to make sure she didn't give out her credit card number to crooks.
     
  23. JRViejo

    JRViejo Super Moderator

    Joined:
    Jul 9, 2008
    Posts:
    97,410
    Location:
    U.S.A.
  24. the Tester

    the Tester Registered Member

    Joined:
    Jul 28, 2002
    Posts:
    2,854
    Location:
    The Gateway to the Blue Hills,WI.
    Do you know when she bought the license for the program?
    According to clickbank's policy she may be able to get a refund if it's within 60 days of purchase. Clickbank is evidently just a retail website.
    Cheesesoft is the developer of both SpywareCease and Registry Easy.That's the connection for the two programs.


    http://www.clickbank.com/return_policy.html
     
    Last edited: Aug 8, 2009
  25. ohblu

    ohblu Registered Member

    Joined:
    Jul 26, 2008
    Posts:
    79
    Location:
    Colorado
    Ok. Thanks. She bought it sometime this week. But how can a refund be issued? I mean, usually when you purchase software, the sale is final. Also, what reason should she give them for wanting to get a refund? The software messed up her computer?
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.