Confessions of a spyware scanner

ok until i bought my new computer i didn't take spyware very seriously.

but i decided now was a good time - the first program i installed was ad-aware se free - running that showed up one or two problems which ad-aware dealt with.

surfing the internet i came across quite a few posts saying ad-aware didn't detect everything - indeed no scanner detected everything - so i decided to research what's out there and what to add to my system.

and this is where the fun starts....

next i installed a trial version of ewido which said i had a paradrop trojan on my system recovery partition i gave it permission to delete it then wondered whether i should have let it mess with my recovery partition. about that time my system froze and i had to reboot - i decided i didn't trust ewido and uninstalled it.

decide it was probably a good idea to have anti-virus even though i'm on dialup so installed avg free. later read that avg anti-virus couldn't catch a cold and that avast was king of the free hill - have decided to stick with avg for the time being.

next i installed steganos anon browsing software from a magazine cover disk -the idea being that i could avoid a lot of spyware if i was anon on the net.
the browser ran like a snail - after i did a scan with ad-aware which said i had COOL WEB SEARCH! spyware on the computer - thankfully ad-aware appears to have dealt with it ok. i decided steganos was a waste of disk space and uninstalled it.

then i installed ashampoo system optimiser (another magazine cover disk) to do a general cleanup of my system including the registry and dll cleanup. half way through it's scan ashampoo disappeared - i tried it again - same thing - decided ashampoo wasn't very stable and uninstalled it.

next up i installed spywareblaster which is still there working away silently.
then tightened up my browser security settings a smidgin.

there are quite a few sites out there offering free system and spyware scans - i decided to try some to see how good these scanners were.

first up was pcflanker which said i needed to do more work on my browser (something about blocking referrers?) but said my overall security was good.

after visiting flanker i ran an ad-aware scan that showed no problems.

next i tried the free scanner - spyware eliminator from aluria.

whoah! now the cookies are cooking! aluria says i got PERFECT KEYLOGGER running!! - the very last thing you want on your system is a keylogger as it negates all other system security - it transmits back everything you type in - bank account passwords, credit card details - nothing can stop it - as a good keylogger can waltz round your firewall with ease - blowing a raspberry as it transmit's all your intimate secrets to some dissaffected teenager in the middle of nowhere.

needless to say i'm now feeling a tad nervous - if aluria is right then my banking and credit card details are compromised as i regularly shop and bank online.

an ad-aware scan reveals nothing so what next!?

i go to a website that purports to help with uninstalling perfect keylogger and click on a link that downloads another scanner called SPYHUNTER onto my system. it shows no problems - but now i read on cnet that spyhunter far from being regarded as a good scanner is spyware itself!! yikes!! now i got spyware ontop of spyware WHO CAN YOU TRUST IN THE VIRTUAL PARADISE OF THE MATRIX?

well next up to bat is the xoftspy free scanner - i run that and no mention of perfect keylogger or spyhunter instead it says i got more spyware in the shape of the IBIS TOOLBAR data miner! but no mention of perfect keylogger?

so now in theory i have 3 additional types of spyware on my system and no two scanners agree on anything! do i have to buy every scanner in order to be sure i've deleted everything?

well time to download spybot s&d. spybot scans and doesn't pick up any hint of PERFECT KEYLOGGER or IBIS TOOLBAR but it does reveal 19 other bits of spyware including MEDIAPLEX , ADVERTISING.COM , AVENUE A inc, NOADAWARE, DSO EXPLOIT and SPYHUNTER!!

having deleted that little lot i go to to uninstall spyhunter only to find that spybot got there before me. a later scan revealed more remnants of spyhunter to delete. so still the question is what about perfect keylogger and ibis toolbar.

ok who ya gonna call - pctools spywaredoctor that's who! - i download it and run the free scan. still no mention of keylogger or toolbar but it says i got ROGUE SPYWARE?? installed, plus a SAHAGENT running on behalf of SHOPATHOME.

as all these commercial scanners are free trials i can't delete what they reveal. so now i got three different lots of spyware revealed by three different scanners and still NONE OF THEM AGREE ON ANYTHING!! do i buy all three ??

a search on aluria reveals others who say the aluria scanner picked up a keylogger that no other scanner confirmed - so at the moment i'm thinking that perfect keylogger is a spurious false positive same possibly for ibis tool bar and sahagent.

THE ONLY SCANNERS I TRUST AT THE MOMENT ARE AD-AWARE AND SPYBOT - the others don't seem consistant enough to shell out bucks for!!

all the scanners have done their dirty work and i say again - WHO DO YOU BELIEVE!

your thoughts most welcome
regards
toploader

 

Uninstall Aluria and XoftSpy, both have a bad reputation in the past and too many false positives.

Good Anti-Spywares are :

Microsoft Windows AntiSpyware Beta (Microsoft)
http://www.microsoft.com/athome/security/spyware/software/default.mspx

SpywareGuard (Javacool Software)
http://www.javacoolsoftware.com/spywareguard.html

SpywareBlaster, Ad-aware and Spybot are good, but you have these already. So keep them.

Please watch your post for awhile and give members enough time to answer your questions.

 

Hi toploader,

Best to click the link in my sig to know all about rogue anti-spyware.
Use the trusted ones like MSAS, Webroot Spy Sweeper, CounterSpy, Ad-Aware, ...

 

And just a note, I have used ashampoo utilities for quite a while and it does an excellent job of keeping my registry and system clean. It might have been incompatable with something else on your computer.

 

Also install the following PREVENTING tools,

IE-SPYAD
http://www.spywarewarrior.com/uiuc/resource.htm
which will update the Restricted Zones of MS Internet Explorer in order to protect you against visiting thousands of infected websites.

MVPS Hosts
http://www.mvps.org/winhelp2002/hosts.htm
which will update the Windows Hosts File to protect you,
against visiting thousands of infected websites.

 

Concerning emails :

IGNORE and DELETE all your spam-emails, without even opening them.

All spam-emails want only three things from you and do NOT believe their beautiful stories.
1. Your money and your credit card data
2. Your identity in order to commit crime in YOUR name and at YOUR expense.
3. Damage your computer with malwares

An anti-spam software can help you with removing spam-emails.

A short story of one of these spam-emails.
A mother of 3 children, lost 950 EUROS (all her savings) recently, because she thought she won 500,000 EURO after reading one of these Lottery Scam Emails and that is just one example of the MANY victims of spam-emails.

 

thanks for your replies so far - i will leave it a little while and then respond to each of your posts in turn - thanks again.

just to say i'm a brit - wondering how long his computer can remain a virgin in a world infested with every conceivable type of scumware. (not very long methinks)

 

well best advice is stop downloading all that stuff. Read lots of wilders forum
see and read what everyone is using. This forums filled with very knowledgeable experts that will not steer you wrong.. I stongly suggest A2 ( asquarred) free scanner updated daily with a huge database that will find and fix alot. You have to clean up what these other rogue spyware scanners left behind.

Trustworthy spyware scanners: adaware SE, spybot Search and destroy,
spysweeper, spywareguard and spywareblaster. that should layer your security. Also goto www.tune-up.com and clean up your registry.

ace utilities is a good registry cleaner also.

 

hi Erik thanks for starting the ball rolling - my first port of call for choosing what scanner to try was http://anti-spyware-review.toptenreviews.com

as you can see they recommend spy eliminator as numero uno just ahead of counterspy.

so when the supposed top dawg finds a keylogger it's difficult not to treat it seriously.

i wanted to try counterspy but the download is on the large side for my dial up link.

microsoft beta is something i'm aware of but at the moment i have a rule - no beta software on my system. so when it finally is released to the public i might consider it - though counter spy are slagging it off as not as rigourous as their own product. i read somewhere that spywareguard is no longer maintained i don't know whether that is true or not.

 

thanks for the link Eldar, when spyware eliminator said i had a keylogger on my system i searched for help to remove it and found this site http://www.2-spyware.com/remove-perfect-keylogger.html

half way down the page in red is a link saying download removal software.

being a trusting soul i clicked the link thinking that would solve my problems when in fact it increased them by adding spyhunter to my system. i'm a little wiser now thanks to the wonders of hindsight.

i forgot to mention in my original post that after running spybot i gave the free webroot scan a go - it found nothing.

there in lies the problem of who to trust - do i trust webroot who says i'm clean or do i distrust webroot cos it didn't find what spy eliminator found - likewise can i trust what spy eliminator says - either i buy em all or i buy none - at the moment i am favouring the latter option.

PC Magazine gave the new beta 1.5 counterspy a glowing review perhaps when it is finally released i might consider giving it a trial.

 

hi Bigc - it's nice to have a forum where one can sound off about all this - thanks for the vote of confidence in Ashampoo - i don't know why it crashed when i was running it so i thought best to uninstall it.

Wintasks Pro seems to be a rated product - i don't know if anyone here has used it?

http://www.lidownloads.com/partners/sites/personalcomputertutor/wintasks/

 

thanks for the links Erik - i will check em out

 

i use hotmail - i don't use resident email on my computer like outlook express as like IE it's a prime target for viruses and worms.

i had a very clever scam email in my box a while ago. it purported to be from a bonafide solicitor in the UK informing me that i had been left some money in a will by an Arab Sheik.

i checked out the solicitor and he was genuine but there was one thing that made me suspicious and that was the telephone numbers listed were mobiles rather than landline. so i found the landline number and rang the solicitor who confirmed it was a scam.

the scammer was masquarading as the solicitor using his name and address but using his own cell phones to intercept any calls. clever but not clever enough.

 

i agree Beefcarver - my downloading is over for the time being i've seen enough to know that no commercial security product is 100% so the best way is not to download anything be it anti-spyware, grokster, mp3s, video clips, games etc etc.

i also am putting the brake on online shopping and banking for a while.

everyone has their favourite security software but i don't think one can ever be 100% certain that the system is 100% secure - already there are reports of next generation rootkit trojans that are totally undetectable by any current software and could easily take over your computer and install keyloggers and remote control software.

security software is always going to be one jump behind the hackers - always playing catch up - i just don't think it's safe enough to type any personal details be it financial or otherwise on a computer.

 

here is an article that illustrates how easy it is for some scumbag to gain access to your details and clean you out....

http://it.asia1.com.sg/newsdaily/news001_20040520.html

 

and here's an article on the capital of email scammers....

http://www.startribune.com/stories/154/5551534.html

 

has anyone tried this bit of freeware - is it safe and effective? http://www.freedownloadscenter.com/Utilities/Anti-Virus_Utilities/PC_Security_Test_2005.html

i'm tempted to buy a cheapo machine just for test purposes and to load it up with viruses trojans keyloggers and spyware then run all the rated antispyware scans to check just how real the scan reports really are.

 

to me the most dangerous threat is the keylogger once one of those has installed itself it can transmit all your personal details to an email address.

looking at the june test results of pcmag http://common.ziffdavisinternet.com/util_get_image/10/0,1425,sz=1&i=100352,00.gif one thing is perfectly clear all the freebie spyware scanners AD-Aware, Spybot and Microsoft utterly failed to detect one keylogger between them they are utterly useless in that respect - likewise Norton the security industry leader scored zero - indeed only one of the contestants was able to remove any at all and even then missed half of them completely.

A truly dismal showing from the supposed creme de la creme and the main reason why i won't be buying any of the commercial products til they sharpen up their act considerably.

 

Rather than trying out different antispyware programmes, it might be better to look at how this malware got onto your computer in the first place. If you're using IE, switching to an alternative browser would be the first step.

Step two, which you've already taken, is to be more careful about what you download. If you download from websites, make sure they're kosher. If you like filesharing, use a clean P2P application. Video and audio files are safe, although in some countries sharing them may be against the law. Downloading games and applications is not just illegal, it's insane: a ballpark figure is that a third of the executables distributed on P2P networks contain malware.

 

hi Meltdown i agree P2P is a big no no - i certainly didn't get any of the grunge from using them - i'm not sure how many of those scans were giving me false positives - i don't believe either aluria or xoftspy though i can't be certain until i find a decent spyware scanner.

i found a file called showWnd.exe which is supposed to be a trojan http://www.greatis.com/appdata/d/s/showwnd.exe.htm but i didn't really believe it - i searched a bit more and found this post http://www.bleepingcomputer.com/forums/ShowWndexe-is-not-always-a-virus-t27411.html which goes along with what i thought - that it is a legit file if you are running certain machines.

one thing i have added to the system is winpatrol i decided to give it a chance to do it's stuff and see how it performs.

as i say the main thing i want is to keep keyloggers out - a-squared do a free scanner but again i don't know how effective it is at detecting keyloggers - i also found this link http://www.snoopfree.com/default.htm which confidently claims to detect all keyloggers. i'm wondering whether to give it a try.

the easiest solution to spyware is to buy a Mac as 90% of scumware is aimed at Windows.

 

toploader,
Recently there was a discussion about SpywareGuard and WinPatrol at this link :
https://www.wilderssecurity.com/showthread.php?p=535487#post535487
Read especially the posts written by Rico.
Based on that info, I removed WinPatrol, because the combination MSAS + SpywareGuard offers more protection, while WinPatrol and MSAS+SG overlap eachother.

 

You're welcome.
I've been down that road too, when I first started.
Tried Maxion Spykiller, ZeroSpyware (= not a rogue anymore) but found out through the link I've in my sig now.
I don't trust those sites who put up rogue anti-spyware. It's all about money and NOT at cleaning your PC, some even put spyware on it.
Trust the advice from Eric L. Howes and the people here.
Educate yourself by reading on this forum.
A lot of info to be found here, so you can improve your security without spending too much money on bad software.

I would trust Spybot and Webroot and all the other free or not free apps mentioned here.
I've learned it the hard way and it was also very expensive buying those rogues.

If you really want to buy trusted anti-spyware, I would recommend those I mentioned before.
See my sig for what I'm running on my system with no problems at all.
Of course false positives is always possible, but it's been really a long time since I had one.
Look it first up on the internet or ask about it here, before removing it.

Better have more then one AS on your system, because what one scanner can't find, the other probably will.
Trial them first before purchasing it, so you know it runs without problems on your system.

Haven't given it a spin yet, but will when it's released.
Renewal price for CounterSpy is $10, so that's not a lot.
It's a very good AS.

Good luck.

 

cheers Eric, so many combinations - so little memory left in my machine :grin:

i don't have spywareguard but i don't want spybot and winpatrol getting their knickers in a twist as they fight it out for supremacy so i may have to dump one if they can't get along together.

wouldn't it be nice to have one program that does it all (free of course)

 

it really would be nice if Microsoft could produce a system that had some semblance of security in it instead of us having to get so many third party products - what it needs is interactive AI where you can say "hey windows do i have any keyloggers in my system?" and windows goes away looks at itself and says "hmmm there does seem to be something hooking into me which is suspicious i will check to see if it's sending data to the internet - if it is i will show you what it's sending out - i will keep a log - why don't you type some stuff and see if it comes up in my log then you will know it's a keylogger - if it is just press the red button and i will unhook it and block it"

 

i also like the idea of a virtual reality inspection hatch where one can "climb down" into the machine with a torch and search the virtual sewers and back alleys for lurking malcontents - the whole thing would be 3d graphics like a computer game it would appear real the scumware would appear human, in fact maybe this is already the case and we really are living in the matrix thinking it's real.