Disspy results

Discussion in 'other anti-malware software' started by toploader, Oct 9, 2005.

Thread Status:
Not open for further replies.
  1. toploader

    toploader Registered Member

    Joined:
    Aug 19, 2005
    Posts:
    707
    ok decided to try out a free spyware scanner called Disspy Lite

    revved it up and let it fly - it's a sporty little number and it scans a disk relatively quickly. i scanned with a couple of other well known scanners before this one - both reported clean.

    it turned up 2 suspicious items

    1 - netobserve -unvise32.exe
    2 - Lop.com - dnserror.htm

    further investigation confirmed that unvise32.exe is in the system in the Windows Folder (date modified 1999??!) - the question is - is it a false positive?

    greatis software has this to say about unvise32.exe but it also appears to be a legitimate file too - part of Mindvision Firestorm if this is the case then it's probably something that was used by the computer manufacturer when installing software onto the machine at the factory.

    as for dnserror.htm - i don't quite know what to make of that? again it is in the system in programfiles/real/realplayer/datacache/webresources - this file can indicate that there is a LOP browser hijacker in the system - but my IE browser is fine.

    at the moment i haven't deleted anything - false positive or not false positive?....
     
  2. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    Almost all I'm finding on unvise32.exe is actual spyware. I would send it in to a trusted anti-malware company, though, just to be sure. Try sending to whoever makes you AV. The HTML looks like it came in through RealPlayer, and is probably fine.. I would probably still delete it, just run RealPlayer again before emptying the recycle bin.
     
  3. FPsurely

    FPsurely Guest

  4. toploader

    toploader Registered Member

    Joined:
    Aug 19, 2005
    Posts:
    707
    thanks Notok - the htm file is in the webresources folder (whatever that is) the only other file in there is webresources.ini

    i've tried a variety of scanners and had a number of times when a scanner seems to pickup on something in realplayer or quicktime or serif pageplus etc
     
  5. toploader

    toploader Registered Member

    Joined:
    Aug 19, 2005
    Posts:
    707
    cheers FPs - there seems to be a variation in this file name - specifically the quicktime variant - unvise32qt.exe

    all a bit confusing - i think i will put it thru virustotal initially - following up on notok's suggestion
     
  6. toploader

    toploader Registered Member

    Joined:
    Aug 19, 2005
    Posts:
    707
    i had a peek in the windows folder and i've got both unvise32.exe and unvise32qt.exe - i think you are probably right FPs it probably is a false positive related to quicktime installation.
     
  7. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Well, I installed and ran Disspy today too and it found a serious spyware on my computer (finally a scanner that detects something).
    So I would take the reported malwares of Disspy seriously, even when they look like false positives.
     
  8. fpimsure

    fpimsure Guest

    If you like scanners that will detect something (even if it's false), you should try Etrust Pest Patrol. Or VBA32 with paranoid heuristics. It will pick up quite a few things. :)
     
  9. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    That's why I'm thinking about buying and installing ShadowUser, in stead of running all these scanners.
    My discipline on the internet is obvious not enough to protect my computer and I'm not planning to run 20 incomplete scanners either.
     
  10. toploader

    toploader Registered Member

    Joined:
    Aug 19, 2005
    Posts:
    707
    hi Erik - yes i agree so i'm taking it seriously - though past experience has taught me to be skeptical. i've had quite a few false positives so with a new scanner i tend to be very cautious.
     
  11. toploader

    toploader Registered Member

    Joined:
    Aug 19, 2005
    Posts:
    707
    jotti's comes up clean - nothing found
     
  12. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    The one Disspy found on my harddisk was C:\WINNT\iun6002.exe
     
  13. goforit

    goforit Guest

    I think you should go for it! Vikorr who I highly respect uses it and recommends it highly, so it should be excellent.

    Another one that you should consider is Firstdefense-ISR. It's a little pricy but it seems more powerful according to Peter.

    I personally recommend Acronis True Image for backups myself.
     
  14. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    My very first forum was SWI and I was already impressed by ShadowUser, when member spy1 wrote his first post about SU at SWI many months ago
    I was quite surprised or better disappointed that SU didn't get any attention at all at SWI.
    So I'm very glad that Wilders has members, like Vikorr and others, who are using SU in practice and share their experiences.
    I'm not a security expert, but I'm not stupid either.
    Software like SU have TOO MANY advantages for users compared with traditional softwares, but I'm not in a hurry. I prefer to read the experiences of other member first before I spend $70 on SU :)
     
  15. goforit

    goforit Guest

    Yes spy1 is also a respected member of Wilders, he doesn't post much now, but he is a long time member (more so than Vikorr I believe).

    The problem with SWI I think is they focus only on free stuff. That's why they don't care about SU. I really believe though you get what you pay for.

    Indeed, VIkorr and others are a credit and blessing to this forum. Unlike some others I could mention who only like to argue.
     
  16. toploader

    toploader Registered Member

    Joined:
    Aug 19, 2005
    Posts:
    707
    had a google to see if anyone has reported it as a false positive and found this discussion

    always difficult to decide who to trust in these cases so always best to treat it seriously until proven otherwise.
     
  17. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Yes, I have read this one, but I didn't take any risk. I removed the file immediately and if my pc is in trouble sooner or later, so be it.
    I'm still here and I rebooted my computer already. So it can't be that bad :D
     
  18. StevieO

    StevieO Guest

  19. toploader

    toploader Registered Member

    Joined:
    Aug 19, 2005
    Posts:
    707
    thanks for that Stevio - well there was at least one satisfied user there who thought Disspy found something the others missed.

    the program is well presented at first glance - the update took quite a long time to download 36k - but hey it's free.

    it seems to want to run all the time (warning message if try to close it) - whether that means it's offering any real time protection i'm not sure.

    i will keep it installed for the time being and use it as on-demand - i've disabled it from starting at boot.

    i expect i will give bazooka a run out next. :)
     
  20. StevieO

    StevieO Guest

    Hi,

    I installed Disspy today with Total Uninstall and before connecting to the Internet, which i always do this way. Well it was off doing a scan on it's own before you could say FP !

    It found two items i checked up on which were FP's, it listed them as Adware in two .DATs. No big deal as such when compared to the likes of Pest Partol which i have found throws up very many more, but there they were. I wonder if Jo Web would have deleted these in error ?

    Summary:

    Total Components Found: 1
    Total Cookies Found: 0
    Total Files Found: 2
    Total Folders Found: 0
    Total Memory Process Found: 0
    Total Registry Key Found: 0
    Total Registry Key Value Found: 2

    After a ReBoot the excellent Watcher App - https://www.wilderssecurity.com/showthread.php?t=91287 - automatically showed up these new entries.


    File C:\WINDOWS\SYSTEM\VBZIP11.DLL
    File C:\WINDOWS\SYSTEM\vbuzip10.dll
    File C:\WINDOWS\SYSTEM\shdocvw.oca
    File C:\WINDOWS\SYSTEM\scrrun.dll
    File C:\WINDOWS\SYSTEM\REGTOOL5.DLL
    File C:\WINDOWS\SYSTEM\COMDLG32.OCX
    File C:\WINDOWS\SYSTEM\DisspyUninstall.exe


    I then went Online and did an Update and then OffLine and ReScanned. It found only the same two FP's.

    I think the warning box it displays after the scan as in my Screen Shot, is way OTT pronouncing that you should " remove the files immediately to avoid severe damage to your PC " In fact i'd say the info is Dangerous in itself as some people could delete genuine needed files etc which could lead to all sorts of problems ! It should caution you to check up on them at the very least before doing anything.

    http://img432.imageshack.us/img432/7606/disspy19hi.png

    It does say in the left pane that you can't UpDate unless you go Pro, but you obviously can as i did ! Anyway i'll keep it for a while and see how it goes.


    StevieO
     
  21. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,695
    Hi,
    I decided to run Pest Patrol just for fun.
    It detected Opera as ezula ...
    Mrk
     
  22. Well it flagged a file found in opera's directory for me too as ezula. But i don't know if it's a legimate opera file.
     
  23. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,695
    Hi,
    It flagged opera.exe as a pest ... my my ...
    Dangerous program for non-experienced...
    Mrk
     
  24. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    LOOOL. Well PestPatrol is famous for its false positives.
    PestPatrol reported Bazooka also as spyware. I don't know if it is fixed.
    Another reason for me to use ShadowUser.

    EDIT:
    I'm also going to use that Watcher App. Interesting to know which new objects are on your harddisk after installing a new software. Thanks StevieO
     
    Last edited: Oct 10, 2005
  25. toploader

    toploader Registered Member

    Joined:
    Aug 19, 2005
    Posts:
    707
    i've installed the watcher and it has done it's initial scan.

    my question is - is it actually running in real time? it's in the autostart list and scans at boot up but there is no icon in the tray and i can't see it in task manager anywhere. does anyone know the name it uses in task manager?

    does it only report changes at boot up? or will it report changes whenever they happen?

    the website also mentions a post install check option in the start menu i don't see that either?
     
    Last edited: Oct 10, 2005
Loading...
Thread Status:
Not open for further replies.