CounterSpy 1.5.77

Discussion in 'other anti-malware software' started by rdsu, Sep 26, 2005.

Thread Status:
Not open for further replies.
  1. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,537
    I found the hook on WinPatrol Startup entries, and just remove it... ;)
     
  2. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii

    Well, now you have seen your first. I have done just what you described and Sun starts again at boot on my XP Pro SP1a. The ONLY way to not have Sun running in systray was for me to uninstall the product. This has been true for EVERY version including the betas. It's a shame because it has the best data base and doesn't recommend "ignore" for a lot spyware like MSAS does but you CANNOT use it as an on demand scanner only. :(

    Then, of course, who would use it as a real time scanner anyhow? No one, with all the RAM usage. Very sad.
     
  3. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,024
    Location:
    Christchurch, UK
    I have only used CounterSpy as an on-demand scanner.

    Use a Startup Manager such as the free Starter. After you carry out an on-demand scan use the startup manager to disable "sunasDtServ.exe" which places itself in the startup processes. Also make sure you have "sunasServ.exe also disabled.

    Then on your next on-demand scan, simply disable sunasDtServ.exe again. Works for me.
     
  4. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,208
    Location:
    Fayetteville, Ga
    Is it really using that much ram? After boot I can go into Task Man. and total mem. for Sun is over 75,000 . I can open Ewido and do a Mem. scan and 33 seconds later Sun is using about 7,000 and stays there . It may be using it at boot and just kind of holds on to it, but not actually using it.
     
  5. Piecan

    Piecan Registered Member

    Joined:
    Oct 17, 2004
    Posts:
    59
    Location:
    Essex UK
    Sorry to be dumb but where do I find this and what is the hook called? I had a look in msconfig and Start Up is that where it would be? Thanks!
     
  6. feverfive

    feverfive Registered Member

    Joined:
    Jun 17, 2005
    Posts:
    121
    As I posted on dslreports' security forum, it's a bit ironic that CS is exhibiting some of the same annoyances as spyware programs themselves (for some users at least):
    --it's a resource hog
    --the user has to jump through a bunch of hoops to make it not run in the background
    --it's generally a pain in the butt

    I've uninstalled it, & I hope Subelt puts out a worthy version soon. If not, I'll move on to something else. At least I got a few months out of the $20 I spent on the previous version.
     
  7. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,537
    If will see that entry if you have the WinPatrol PLUS and choose the "Startup Programs" section...

    On the free version you don't have theses kind of protection :(
     
  8. controler

    controler Guest

    I uninstalled it months ago
     
  9. toploader

    toploader Registered Member

    Joined:
    Aug 19, 2005
    Posts:
    707
    i was interested in purchasing counterspy as it's cheap and i believe it to be a top 3 scanner for trojans and spyware. i decided to wait for the new version - i hope they get their act together and fix it. i would not want to run it realtime - just as a backup scanner - is there an option when installing to switch realtime off?
     
  10. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,537
    Yes, it have, but on the current version sometimes 2 processes starts automatically and use about 55MB. This is the reason for this dissatisfaction about this version...
     
  11. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,306
    Regarding the issue of uninstalling MSAS when both MSAS and CS are on the same computer, here is the reply to my question since upgrading to CS 1.5.77.
    "Jerry,

    There should be no issues with the unloading of MS AntiSpyware no wthat
    you have 1.5 of CounterSpy.

    Warm Regards,

    Jamie L. Hudson MCP XP
    Consumer Support Technician

    Sunbelt Software
    Email: support@sunbelt-software.com "

    I might add that there seems to be no slowdown or problems with CS after upgrading. I found that it uses no more resources than Spyware Doctor.

    Jerry
     
  12. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii

    Yeah...but it doesn't STAY disabled until the next on demand scan. As soon as you reboot it is back in the systray. And disabled is not enough anyhow as it is still running in the background. It is almost "spyware" itself the way it behaves. I have to actually uninstall it to keep it from running in the background silently. I assume this behavior is designed to keep spyware from disabling CS real time scanner. But it poses a problem for those of us who just want an on demand scanner. I think perhaps Sunbelt should provide a separate version for those of us who just want on demand scanning.
     
  13. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,024
    Location:
    Christchurch, UK
    Not here. It stays disabled and no services are running in the background. I have ran it this way for over 8 months.
    As stated previously, the only time I see the CS icon in the system tray is when I initially select the startup scan. After I use Starter I never see it again or any background services UNTIL I carry out an on-demand scan again.

    The only security programs I run in real time are an AV and a firewall. I would not have purchased CS unless I could run it as only an on-demand scanner.
     
  14. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,306
    It would seem to me that the best defense would be to prevent malware from getting on your computer. Why then do you want only an on demand scanner instead of realtime protection?
    Thanks,
    Jerry
     
  15. toploader

    toploader Registered Member

    Joined:
    Aug 19, 2005
    Posts:
    707
    hi jerry - i've tested counterspy in a simulated driveby download - it doesn't stop the payload from installing - it fires off lots of popup warnings but once installed the spyware resists attempts to close it down in realtime. basically counterspy is overwhelmed.

    a scan with counterspy showed 50+ infected files 4 memory infections and 490+ infected registry entries. i also used the same simulation with Winsonar - WS kills the driveby at birth in fact you don't even know it's done it except for a little red warning window - result you don't have to spend the next 3 or 4 hours trying to remove all the spyware from your system in the hope that everything is going to return to normal.

    that doesn't mean that counterspy can't play a useful backup role as an on-demand scanner - i think it it one of the best in that capacity - in case the primary defence shield does miss something.
     
    Last edited: Oct 9, 2005
  16. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,208
    Location:
    Fayetteville, Ga
    How would Online Armor or Process Guard do with your driveby simulation?
     
  17. toploader

    toploader Registered Member

    Joined:
    Aug 19, 2005
    Posts:
    707
    i would like to know that too William :D in PG's case i can't install the trial version as it needs administrator rights to install - my test box doesn't belong to me and doesn't run under admin and i can't change that. not sure if OA also needs Admin. OA is going thru some major development changes so i'm waiting a while to see how it matures.

    They are both products i take seriously - they are both contenders for primary defence shield (if i was paying money) if winsonar can do a good job for free then i'm happy to stick with that. (waiting to see if the rumoured new version materialises to see how good that is) one could add some basic registry protection in the form of regprot free or regdefen free or winpatrol free or MJ RW and have a reasonably secure setup. (using firefox or opera)

    i'm always on the look out for new free software that can plug a defence hole.
     
  18. Edwin024

    Edwin024 Registered Member

    Joined:
    Nov 14, 2004
    Posts:
    1,008
    Firefox has lost it's immunity so it seems... So I'm using Opera now and hopefully they will keep their act together.
     
  19. Mongol

    Mongol Registered Member

    Joined:
    Jul 24, 2004
    Posts:
    1,581
    Location:
    Houston, TX
    I'm hoping the new Firefox 1.5 version is really tightened down...:eek: :rolleyes: :D
     
  20. Dasher62

    Dasher62 Guest

    I also wrote to CounterSpy Support about the outrageous demand on system resources. No reply yet. But, like others, after running ewido, the Sunthreatengine memory usage drops from 44,000 to around 9,000. Appears they released this way too early.
     
  21. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,306
    Thanks for the reply, Toploader.
    Jerry
     
  22. bluesman821

    bluesman821 Registered Member

    Joined:
    May 28, 2003
    Posts:
    7
    I tried to disable realtime scan and then shut down CS,thinking I would use it for on demand scanning only.I went to task manager and had to end both processes for CS. A couple of hours later when I checked my email and noticed something not right,I went to task manager and the two processes for CS were active again.I know for a fact that I had killed them in task manager earlier.

    What a shame as I liked the former version of CS and because of the heavy footprint I had to uninstall it completely. Shame on Sunbelt.
     
  23. Dasher62

    Dasher62 Registered Member

    Joined:
    Oct 11, 2005
    Posts:
    3
    I received a response from support today regarding CS 1.5.77's....excessive CPU consumption. This was the response and now it seems to work fine with minimal taxing of my CPU:

    Douglas,

    To resolve this issue we will have to clear out your trusted sites in
    Internet Explorer, these items where placed there by spyware programs.

    First right click on the CounterSpy icon down by the time on the lower
    right and choose shutdown. Then run the following utility to clear out
    your Internet Explorer trusted sites.

    http://www.sunbelt-software.com/ihs/cscietrustreset.exe

    Next run the following utility to reset the information in CounterSpy.

    http://www.sunbelt-software.com/ihs/cscapreset.exe


    Warm Regards

    Joe Ackerman
    Consumer Tech Support

    Technical Support
    Sunbelt Software
    email: Support@Sunbelt-Software.com
    Voice: 877-673-1153 (toll free)
    Web: http://www.sunbelt-software.com
    Physical Address:
    101 N Garden Ave,
    Suite 120
    Clearwater, FL, 33755
    United States
     
  24. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Do you by chance add sites to your Restricted Zone either manually yourself or via another program ?

    If so....you might want to check to see if they are still there.

    It appears that script file(CSCIETrustReset.vbs) contained inside that cscietrustreset.exe file removes not only an individuals Trusted Sites BUT Restricted Sites also.

    Sorry for the contained language but I am posting the whole content of the vbs file and bolded what I feel is important.

    CSCIETrustReset.vbs:

    By deleting all Site entries this will definetly bring down someones CPU usage especially if they are using a program that has approximately 15,000 entries in it. This has been mentioned to the Dev folks on numerous occasions and I have to assume this vbs file is a mistake by someone because it is a known fact with numerous Beta testers that these large Hosts files and Restricted Site databases are a contributing factor to some of the high CPU usage users are experiencing. Deleting all of an individuals Domains sites(Trusted and Restricted) is not the answer IMHO....it's a bandaid.
     
    Last edited: Oct 11, 2005
  25. Stephanos G.

    Stephanos G. Registered Member

    Joined:
    Mar 29, 2005
    Posts:
    720
    Location:
    Cyprus
    Deleting all of an individuals Domains sites(Trusted and Restricted) is not the answer IMHO....it's a bandaid.
    __________________


    agree
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.