CounterSpy killed McAfee

Discussion in 'other anti-malware software' started by cmwilson, Sep 29, 2006.

Thread Status:
Not open for further replies.
  1. cmwilson

    cmwilson Registered Member

    Joined:
    Mar 15, 2006
    Posts:
    15
    I'm on the second day of a free trial of CounterSpy. I did a scan and removed some spyware, and now suddenly my McAfee IS9 said I was no longer protected and to reinstall Security Suite. Which I did, though it still isn't working right, but that's beside the point here.
    Is CounterSpy not compatible with McAfee?
    Is there anything that is?
    Do I really need anti-spyware if I'm running McAfee and try to surf safely?
     
  2. eburger68

    eburger68 Privacy Expert

    Joined:
    Mar 4, 2002
    Posts:
    244
    cmwilson:

    I have not haeard of any serious compatibility problems between CounterSpy 1.5 (the version I assume that you're trialing) and MCAfee VirusScan.

    Although you say so explicitly, I assume you performed the scan and remove with CounterSpy, so why don't we take a look at teh CounterSpy scan log to see what it detected an removed. If you could, please open CounterSpy, then do the following:

    1. Navigate View >> Spyware Scan >> Spyware Scan History

    2. Select the scan you'd like to view

    3. Hit "View Details"

    4. Copy and paste the relevant portions into a response here.

    Once we get a copy of your log, we can better assess just what's going on.

    Best,

    Eric L. Howes
    Director of Malware Research
    Sunbelt Software
     
  3. farmerlee

    farmerlee Registered Member

    Joined:
    Jul 1, 2006
    Posts:
    2,585
    Dump mcafees antispyware if you are using counterspy, its much better.
     
  4. Martijn2

    Martijn2 Registered Member

    Joined:
    Jul 24, 2006
    Posts:
    321
    Location:
    The Netherlands
    CMwilson says he got Mcafee Internet security 9 (not antispyware).

    And i would hold counterspy together with mcafee, both compliment eachother good for detection spyware.
     
  5. cmwilson

    cmwilson Registered Member

    Joined:
    Mar 15, 2006
    Posts:
    15
    Here's the info you asked for. I notice a mcafee dll right at the top. I saw it at the time, but I couldn't figure out how to unselect it from the list. I made the (evidently erroneous) assumption that the dll wouldn't be removed, just the spyware.

    This is the result of my second scan with CounterSpy. The result of the first scan is very long, too long to post here, but it also has some McAfee components in it. That scan did not cause McAfee to fail.

    Why does CounterSpy think McAfee is spyware?


    Spyware Scan Details
    Start Date: 9/28/2006 6:00:19 PM
    End Date: 9/28/2006 6:39:57 PM
    Total Time: 39 mins 38 secs

    Detected spyware

    YouCouldWinThis Adware (General) more information...
    Details: YouCouldWinThis is a program which creates advertisement's on user's PC according to their surfing habits.
    Status: Deleted

    Infected files detected
    c:\program files\mcafee\mps\mcpopup.dll

    Infected registry entries detected
    HKEY_CLASSES_ROOT\Interface\{9D573D0E-663C-435F-BF31-2C4497373C41}
    HKEY_CLASSES_ROOT\Interface\{9D573D0E-663C-435F-BF31-2C4497373C41}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
    HKEY_CLASSES_ROOT\Interface\{9D573D0E-663C-435F-BF31-2C4497373C41}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
    HKEY_CLASSES_ROOT\Interface\{9D573D0E-663C-435F-BF31-2C4497373C41}\TypeLib {90A52F08-64AC-4DC6-9D7D-4516670275D3}
    HKEY_CLASSES_ROOT\Interface\{9D573D0E-663C-435F-BF31-2C4497373C41}\TypeLib Version 1.0
    HKEY_CLASSES_ROOT\Interface\{9D573D0E-663C-435F-BF31-2C4497373C41} IWindowEventHandler
    HKEY_CLASSES_ROOT\Interface\{B1E68D42-02C4-465B-8368-5ED9B732E22D}
    HKEY_CLASSES_ROOT\Interface\{B1E68D42-02C4-465B-8368-5ED9B732E22D}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
    HKEY_CLASSES_ROOT\Interface\{B1E68D42-02C4-465B-8368-5ED9B732E22D}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
    HKEY_CLASSES_ROOT\Interface\{B1E68D42-02C4-465B-8368-5ED9B732E22D}\TypeLib {90A52F08-64AC-4DC6-9D7D-4516670275D3}
    HKEY_CLASSES_ROOT\Interface\{B1E68D42-02C4-465B-8368-5ED9B732E22D}\TypeLib Version 1.0
    HKEY_CLASSES_ROOT\Interface\{B1E68D42-02C4-465B-8368-5ED9B732E22D} IDocEventHandler
     
  6. eburger68

    eburger68 Privacy Expert

    Joined:
    Mar 4, 2002
    Posts:
    244
    cmwilson:

    CounterSpy isn't targeting McAfee's files -- it's targeting the registry keys, which are used by a number of badware apps (Google those long numbers known as CLSIDs and take a look at the results). The CounterSpy scan engine has logic that allows it to take Reg keys and then find the associated files on the hard drive -- which is apparently what happened here.

    In any case, thanks for posting that log. These false positives will be corrected in the next update to CounterSpy's definitions.

    You mention having done another scan that produced a very long log. If you'd care to email me that log at ehowes(at)sunbelt-software.com, I'd be happy to take a look at it as well.

    Best,

    Eric L. Howes
    Sunbelt Software
     
    Last edited: Sep 29, 2006
  7. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Hello Eric,

    Would that McAfee Popup Blocker dll reported in the scan log above be the McAfee file he's mentioning :doubt:

    Bubba
     
  8. eburger68

    eburger68 Privacy Expert

    Joined:
    Mar 4, 2002
    Posts:
    244
    Bubba:

    Yes, that is a McAfee file. My point, though, was that our definitions don't target that file. The log file is reporting what was actually detected and removed. And the McAfee file was detected and removed not because we explicitly and knowingly targeted McAfee in our definitions, but because the scan engine tracked down the file associated with the Reg key -- a Reg key that happens to be used by a number of other apps as well.

    Best,

    Eric L. Howes
     
Loading...
Similar Threads
  1. ronjor
    Replies:
    1
    Views:
    250
Thread Status:
Not open for further replies.