Are this false positives or is Spywaredoctor real good? ;)

Discussion in 'privacy problems' started by ronny, Jul 28, 2004.

Thread Status:
Not open for further replies.
  1. ronny

    ronny Registered Member

    Joined:
    Feb 18, 2004
    Posts:
    231
    Location:
    Belgium
    I tried Spyware Doctor2.0 and to my great astonishment :eek: it found the following spyware which non of the respected spywarescanners like S&D, Adaware, Pestpatrol,Spysweeper,...found.
    So i suspect they are false positives.But i want to be sure , you never know...
    So i would appreciate it if someone could have a look at it. (Yes i send an email to the support also)

    Download Accelerator
    Tool name: Disk Scanner
    Problem location: C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\ChanDir\MMJB\MMC.xml
    Problem type: file
    Problem risk level: Very dangerous
    Problem description: changes browser settings other than homepage, without user permission, displays popup/popunder ads that cannot be closed by clicking a 'close' (X) button in the upper right of the frame, silently connects to an unintended site (with or without redirecting the address request) during a browser session, to transmit usage or other information to that site, silently connects to the Internet after reboot and without user awareness or consent in that session, silently tracks sites visited along with identification of the user/machine by GUID, IP address, email address, name, SSN#, phone number, credit card info, or other identifier
    stays resident in background after exiting browser. Tracks your downloads and reports this info to a central server.

    NewtonKnows
    Tool name: Disk Scanner
    Problem location: C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\Bar.dll
    Problem type: file
    Problem risk level: Very dangerous
    Problem description: Displays ads, and a silly dog on your browser. NewtonKnows comprises a IE search-hijacker and toolbar, and a targeting pop-up system that works across many browsers. Speech-bubble-style site links pop up in the bottom-right corner of the browser window whilst browsing. When a targeted site is visited, NewtonKnows sends a request back to its controlling servers include the hostname of the site being viewed, and a unique ID. This can be used to track your usage of different web sites. If you entered an e-mail address at the time of install, such a browsing record is personally identifying. The privacy policy explicitly allows NewtonKnows's makers to combine personally identifying web usage records with other databases (which might include, for example, addresses and telephone numbers), and to use this database for marketing. NewtonKnows also has a silent self-updating feature which allows its controlling server to execute arbitrary unsigned code.

    SuperBar
    Tool name: Disk Scanner
    Problem location: D:\Program Files\Starship\data\settings.cfg
    Problem type: file
    Problem risk level: Very dangerous
    Problem description: SuperBar is an IE toolbar offering search and form-filling features. Adds links to the results of other search engines, dressed up to look as if they come from the search engine itself; in fact they are from the site greasycow.com. The software can download and execute arbitrary code silently from its controlling servers. The SuperBar licence includes a clause stating that third-party software may be installed through this mechanism.

    SuperBar
    Tool name: Disk Scanner
    Problem location: C:\Program Files\GameSpy Arcade\Profiles\33634864\settings.cfg
    Problem type: file
    Problem risk level: Very dangerous

    SuperBar
    Tool name: Disk Scanner
    Problem location: C:\Program Files\GameSpy Arcade\Profiles\(default)\settings.cfg
    Problem type: file
    Problem risk level: Very dangerous

    Download Accelerator
    Tool name: Registry Scanner
    Problem location: HKLM\software\classes\.vsl
    Problem type: registry key
    Problem risk level: Very dangerous
    thers).

    TinyBar
    Tool name: General Scanner
    Problem location: multiple
    Problem type: general malware
    Problem risk level: Medium
    Problem description: TinyBar is adware, a hijacker and a downloader. An Internet Explorer toolbar, TinyBar installs no actual software, but adds registry entries that use the Windows system file shdocvw.dll to display a web page as a toolbar. This page may be stored locally or fetched from the internet every time an IE window is opened; it generally contains a search feature and/or link buttons, pointed at a generic portal such as tinybar.com (or at least 18 others).
     
    Last edited: Jul 28, 2004
  2. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Hey Ronny,

    I would not recommend this as a replacement to Adaware, Spy Sweeper or Spybot( the top tier). Even tho there were a few false positives relating to entries found in my Restricted Zone....All anti-malware applications will have some level of false positives.

    Also....I'm not to found of the....We found it and you pay us to fix it mentality by buying our product. Many of the rogue programs are sucking in users with that tactic....and even tho this PCTools program is not found in the Rogue/Suspect Anti-Spyware Products list....I'll reserve final judgement as time goes on.
     
  3. Eldar

    Eldar Registered Member

    Joined:
    Jul 12, 2004
    Posts:
    2,126
    Location:
    Vilvoorde (Belgium)
    Hi ronny, Bubba, ;)
    I sent them a request about my following question:
    Their response:

    My final response
    As of today Spyware Doctor has been removed from my system. :D
    Eric L. Howes may add it to the rogues list.
     
  4. eburger68

    eburger68 Privacy Expert

    Joined:
    Mar 4, 2002
    Posts:
    244
    Eldar:

    I'm sorry to hear that you've had some problems with Spyware Doctor. While I would not recommend it as a replacement for Ad-aware, Spybot S&D , or Spy Sweeper at this time, I don't foresee adding this to the Rogue/Suspect Anti-Spyware list.

    I have tested Spyware Doctor, and it in no way resembles the other programs that populate the rogues list. The biggest problem with Spyware Doctor, in my judgment, is an immature definitions database. That will take time to improve, but the program itself is solid so far as I can tell.

    Best,

    Eric L. Howes
     
  5. ronny

    ronny Registered Member

    Joined:
    Feb 18, 2004
    Posts:
    231
    Location:
    Belgium
    Thanks Eldar for letting us know. I got the same answer from them.
     
  6. Eldar

    Eldar Registered Member

    Joined:
    Jul 12, 2004
    Posts:
    2,126
    Location:
    Vilvoorde (Belgium)
    Thanks, Eric, for your concern. ;)
    The rogue list was only my opinion at that time, because I was really angered by their response. Of course it's still your opinion which I value most.
    As you already know I had problems with ZeroSpyware, for which I thank you very much.
    In any case Spyware Doctor has been removed and will stay that way.

    You're welcome. ;)
    PCTools responded to my other duplicate thread here: http://spywarewarrior.com/viewtopic.php?p=23863#23863

    I haven't had time to respond yet, but will when the time permits.
    So the story continues ...

    Regards,

    Eric
     
  7. Rita

    Rita Infrequent Poster

    Joined:
    Jun 28, 2004
    Posts:
    6,863
    Location:
    wilds of wv
    hey Bubba
    i so agree with you--on the we found it you pay us to fix it mentality or you buy the key etc. etc. etc.have a great day bubba
    rita :)
     
  8. rechtobt

    rechtobt Registered Member

    Joined:
    Sep 8, 2004
    Posts:
    4
    C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\Bar.dll
    Hi,
    the above cited entry was indentified as "very dangerous" spyware by spywaredoctor on my computer, too. Recommended isolating by spywaredoctor had the consequence that Ulead Photo Express did not
    start any more because the file Bar.dll was missed now. Furthermore,
    there was an analog entry for Photo Impact 8.0 - with the same consequences. Restoring the backup of spywaredoctor resolved these
    issues.
    Thus one should state that spywaredoctor finds so called "false positives"
    in some cases. But it also indentifies most entries correctly which are found by Adaware...
    Nevertheless, i've removed spywaredoctor at once. The deinstallation was not clean as RFA found 7 remained registry entries.
    Rechtobt
    Concluding remark: As i think the designation "false positives" is an illogical one. It would made more sense to say "false negatives" because in itself useful entries are wrongly reported to be malicious.
     
  9. hazzaq

    hazzaq Guest

    got same false positive from Spywaredoctor.

    NOT AT ALL CONVINCED BY THIS PROG
     
  10. Anguish

    Anguish Guest

    Im have also Ulead Photo Express 2.0 SE installed in my computer.
    Once, i used a adware/spware remove to carry out a full scan, the program removed the bar.dll file.
    Now i can't used the Photo Express as it says "Component file - bar.dll not found. Please reinstall the program to fix the problem."
    Its even more sick that i can't find the disc to reinstall it...
    Damm adware cleaners...
     
  11. still_longhorn

    still_longhorn Registered Member

    Joined:
    Oct 3, 2004
    Posts:
    256
    Hi guys!


    I would never replace them, too. Nor would I knowingly junk a potential part of my arsenal. I am not too computer literate, thus, my heavy dependence on third party apps. If the experts say it won't do any harm by deleting critical system files or valid registry entries, I'd keep the app.


    still longhorn
     
  12. trev

    trev Registered Member

    Joined:
    Mar 30, 2005
    Posts:
    3
    I usually rename dll files to dl0 instead of deleting.
    Easy to search for- and they seem to stay registered.
    If not try this site for useful tool(s) including dll reg tool..... http://www.e-systems.ro/
    IMHO Ulead seem 'too big' to harbour real spyware for long.
    My digicam needs it-so I can rename bar to the correct dll ext when needed if worried' which i aint too much ' !!
    Rock on..pass the head pills !!
     
  13. pctools

    pctools Registered Member

    Joined:
    Nov 24, 2004
    Posts:
    29
    Thank you for your message.

    I am from PC Tools, maker of Spyware Doctor.

    We have come a long way since the version 2 as mentioned at the beginning of this forum dated Feb 2004.

    Our latest version of Spyware Doctor is 3.2 which can be downloaded at: www.pctools.com

    Should you have any problems with this new release version, please submit a new ticket and a technician will assist you shortly.
    http://www.pctools.com/support/submit.php?ref=1-17-9&subject=Product Support&guide=site

    Thank you.

    PC Tools
     
  14. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,221
    I tried Spyware Doctor on my old computer with W98. My computer also had the scanner which I think is what uses Ulead. I may be incorrect in that and the computer is gone.
    I had the latest version of Spyware Doctor, and it did not identify Ulead as spyware. I don't recall that I got any false positives.

    Jerry
     
  15. MissMelissaG

    MissMelissaG Guest

    I have a folder in my MusicMatch file named Commom with lots of Application extensions and xml files, one of which is mmc.xml. My computer was hacked, and from the log files, it looks like the genuine Musicmatch files were manually overwritten by rogue files, at which point the Common directory was created. Unfortunately, the typical Spyware programs didn't flag the problem. I'm going to download Spyware Doctor and see if it catches my mmc.xml file as well. I wouldn't write those flags off as false positives so quickly...I've seen how easy it is to have "real" files overwritten by dirty ones.

    Thanks,
    Melissa
     
  16. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    In such instances an anti-trojan scanner (such as TrojanHunter, TDS-3, Ewido or A2) would be a more appropriate choice than a spyware scanner. The first two have trial downloads available and the last two have free versions which you can use to scan your system.

    If you have reason to believe that only your MusicMatch files were affected, then uninstalling and reinstalling the application should fix the problem also - but a scan would still be prudent to catch anything hidden elsewhere.
     
Loading...
Thread Status:
Not open for further replies.