eTrust PestScan false positives?

Discussion in 'privacy problems' started by jmorlan, Apr 12, 2005.

Thread Status:
Not open for further replies.
  1. jmorlan

    jmorlan Registered Member

    Joined:
    Jan 29, 2005
    Posts:
    69
    I just ran the free CA PestScan web scanner at...

    http://store.ca.com/dr/v2/ec_main.e...atrolScan&client=ComputerAssociates&sid=35715

    and they found 47 pests on my computer. That is an exageration because "47" is the total number of entries under each main "pest." In fact there were only 12 main "pests" as follows. I expanded the entries I am particularly curious about:

    VNC Server 4.0 - Commercial RAT

    BargainBuddy - Adware
    C:\WINDOWS\system32\instsrv.exe

    VNC - Commercial RAT

    VNC Viewer 4.0 - Commercial RAT

    ISTbar - Hijacker
    hkey_local_machine \software\classes\typelib\{11269241-f241-11cf-bd9a-00aa00575603}

    LowerMyBills.com - Tracking Cookie
    DealTime - Tracking Cookie
    PriceGrabber - Tracking Cookie
    One-Time-Offer - Tracking Cookie
    CoolSavings.com - Tracking Cookie
    Com.com - Tracking Cookie
    Cdfreaks - Tracking Cookie

    VNC is installed on purpose so the three main entries for it are all false positives.

    My preliminary research indicates that instsrv.exe is used to install programs to run as a service and its presence does not necessarily indicate that "Bargain Buddy" is installed. In fact I am sure Bargain Buddy is not installed.

    The typelib regkey seems to enable the VB 5 - IShellLinkA Interface(ANSI) via C:\WINDOWS\system32\SHELLLNK.TLB. Again this appears to be something which could be installed by any programs and is not specific to ISTbar - Hijacker which is also not on my computer.

    Thus I believe these three (six if you count each VNC entry) are false positives.

    I wonder if the others are real or false positives. One reason I'm curious is that none of them were detected by AdAware, SpyBot S&D, or MS Antispyware except for VNC which was detected by MS before I placed it on its ignore list.

    If I were a less trusting person, I might think that CA is trying to scare me into buying their product
     
Thread Status:
Not open for further replies.