Disspy results

ok decided to try out a free spyware scanner called Disspy Lite

revved it up and let it fly - it's a sporty little number and it scans a disk relatively quickly. i scanned with a couple of other well known scanners before this one - both reported clean.

it turned up 2 suspicious items

1 - netobserve -unvise32.exe
2 - Lop.com - dnserror.htm

further investigation confirmed that unvise32.exe is in the system in the Windows Folder (date modified 1999??!) - the question is - is it a false positive?

greatis software has this to say about unvise32.exe but it also appears to be a legitimate file too - part of Mindvision Firestorm if this is the case then it's probably something that was used by the computer manufacturer when installing software onto the machine at the factory.

as for dnserror.htm - i don't quite know what to make of that? again it is in the system in programfiles/real/realplayer/datacache/webresources - this file can indicate that there is a LOP browser hijacker in the system - but my IE browser is fine.

at the moment i haven't deleted anything - false positive or not false positive?....

 

Almost all I'm finding on unvise32.exe is actual spyware. I would send it in to a trusted anti-malware company, though, just to be sure. Try sending to whoever makes you AV. The HTML looks like it came in through RealPlayer, and is probably fine.. I would probably still delete it, just run RealPlayer again before emptying the recycle bin.

 

Actually I'm pretty sure it's a false positive. Pest Patrol also likes to alert on this file.

This has being discussed in this forums quite a bit.

Also see here

http://www.pcreview.co.uk/forums/showthread.php?p=6739993#post6739993
https://www.wilderssecurity.com/archive/index.php/t-75244.html

etc

 

thanks Notok - the htm file is in the webresources folder (whatever that is) the only other file in there is webresources.ini

i've tried a variety of scanners and had a number of times when a scanner seems to pickup on something in realplayer or quicktime or serif pageplus etc

 

cheers FPs - there seems to be a variation in this file name - specifically the quicktime variant - unvise32qt.exe

all a bit confusing - i think i will put it thru virustotal initially - following up on notok's suggestion

 

i had a peek in the windows folder and i've got both unvise32.exe and unvise32qt.exe - i think you are probably right FPs it probably is a false positive related to quicktime installation.

 

Well, I installed and ran Disspy today too and it found a serious spyware on my computer (finally a scanner that detects something).
So I would take the reported malwares of Disspy seriously, even when they look like false positives.

 

If you like scanners that will detect something (even if it's false), you should try Etrust Pest Patrol. Or VBA32 with paranoid heuristics. It will pick up quite a few things.

 

That's why I'm thinking about buying and installing ShadowUser, in stead of running all these scanners.
My discipline on the internet is obvious not enough to protect my computer and I'm not planning to run 20 incomplete scanners either.

 

hi Erik - yes i agree so i'm taking it seriously - though past experience has taught me to be skeptical. i've had quite a few false positives so with a new scanner i tend to be very cautious.

 

jotti's comes up clean - nothing found

 

The one Disspy found on my harddisk was C:\WINNT\iun6002.exe

 

I think you should go for it! Vikorr who I highly respect uses it and recommends it highly, so it should be excellent.

Another one that you should consider is Firstdefense-ISR. It's a little pricy but it seems more powerful according to Peter.

I personally recommend Acronis True Image for backups myself.

 

My very first forum was SWI and I was already impressed by ShadowUser, when member spy1 wrote his first post about SU at SWI many months ago
I was quite surprised or better disappointed that SU didn't get any attention at all at SWI.
So I'm very glad that Wilders has members, like Vikorr and others, who are using SU in practice and share their experiences.
I'm not a security expert, but I'm not stupid either.
Software like SU have TOO MANY advantages for users compared with traditional softwares, but I'm not in a hurry. I prefer to read the experiences of other member first before I spend $70 on SU

 

Yes spy1 is also a respected member of Wilders, he doesn't post much now, but he is a long time member (more so than Vikorr I believe).

The problem with SWI I think is they focus only on free stuff. That's why they don't care about SU. I really believe though you get what you pay for.

Indeed, VIkorr and others are a credit and blessing to this forum. Unlike some others I could mention who only like to argue.

 

had a google to see if anyone has reported it as a false positive and found this discussion

always difficult to decide who to trust in these cases so always best to treat it seriously until proven otherwise.

 

Yes, I have read this one, but I didn't take any risk. I removed the file immediately and if my pc is in trouble sooner or later, so be it.
I'm still here and I rebooted my computer already. So it can't be that bad

 

Hi all,

Mixed feelings about it here, that's why i didn't go ahead at the time with it

https://www.wilderssecurity.com/showthread.php?t=69166

But anyways i've DL it and will install it soon and report back.


StevieO

 

thanks for that Stevio - well there was at least one satisfied user there who thought Disspy found something the others missed.

the program is well presented at first glance - the update took quite a long time to download 36k - but hey it's free.

it seems to want to run all the time (warning message if try to close it) - whether that means it's offering any real time protection i'm not sure.

i will keep it installed for the time being and use it as on-demand - i've disabled it from starting at boot.

i expect i will give bazooka a run out next.

 

Hi,

I installed Disspy today with Total Uninstall and before connecting to the Internet, which i always do this way. Well it was off doing a scan on it's own before you could say FP !

It found two items i checked up on which were FP's, it listed them as Adware in two .DATs. No big deal as such when compared to the likes of Pest Partol which i have found throws up very many more, but there they were. I wonder if Jo Web would have deleted these in error ?

Summary:

Total Components Found: 1
Total Cookies Found: 0
Total Files Found: 2
Total Folders Found: 0
Total Memory Process Found: 0
Total Registry Key Found: 0
Total Registry Key Value Found: 2

After a ReBoot the excellent Watcher App - https://www.wilderssecurity.com/showthread.php?t=91287 - automatically showed up these new entries.


File C:\WINDOWS\SYSTEM\VBZIP11.DLL
File C:\WINDOWS\SYSTEM\vbuzip10.dll
File C:\WINDOWS\SYSTEM\shdocvw.oca
File C:\WINDOWS\SYSTEM\scrrun.dll
File C:\WINDOWS\SYSTEM\REGTOOL5.DLL
File C:\WINDOWS\SYSTEM\COMDLG32.OCX
File C:\WINDOWS\SYSTEM\DisspyUninstall.exe


I then went Online and did an Update and then OffLine and ReScanned. It found only the same two FP's.

I think the warning box it displays after the scan as in my Screen Shot, is way OTT pronouncing that you should " remove the files immediately to avoid severe damage to your PC " In fact i'd say the info is Dangerous in itself as some people could delete genuine needed files etc which could lead to all sorts of problems ! It should caution you to check up on them at the very least before doing anything.

http://img432.imageshack.us/img432/7606/disspy19hi.png

It does say in the left pane that you can't UpDate unless you go Pro, but you obviously can as i did ! Anyway i'll keep it for a while and see how it goes.


StevieO

 

Hi,
I decided to run Pest Patrol just for fun.
It detected Opera as ezula ...
Mrk

 

Well it flagged a file found in opera's directory for me too as ezula. But i don't know if it's a legimate opera file.

 

Hi,
It flagged opera.exe as a pest ... my my ...
Dangerous program for non-experienced...
Mrk

 

LOOOL. Well PestPatrol is famous for its false positives.
PestPatrol reported Bazooka also as spyware. I don't know if it is fixed.
Another reason for me to use ShadowUser.

EDIT:
I'm also going to use that Watcher App. Interesting to know which new objects are on your harddisk after installing a new software. Thanks StevieO

 

i've installed the watcher and it has done it's initial scan.

my question is - is it actually running in real time? it's in the autostart list and scans at boot up but there is no icon in the tray and i can't see it in task manager anywhere. does anyone know the name it uses in task manager?

does it only report changes at boot up? or will it report changes whenever they happen?

the website also mentions a post install check option in the start menu i don't see that either?