Final version of Spyware Terminator is out!!!!!!

Agree with you. I decided to test this program last week after reading the comment here at Wilders.
I first scan my computer with SuperAntispyware (which is my regular AS) then I scan it again using Spyware Terminator. It found 10 other malware but after looking very closely most of them were FP.

It's off my computer by now.

 

Off my computer TOO! Never fall again for Spyware Terminator as it gives you more burden than anything else!

 

The winlogon.exe problem was a small issue when optimizing our 2.0 database which affected only a small amount of 1.9 users. This was corrected very shortly after it was discovered.
It wasnt that we added it to our database as "bad", something caused 1.9 to misinterpret the database...that is all.


I didnt say "a lot of FP's" I said "People are getting the HashLib.dll FP a lot", in reference to that single FP.
I also said "A lot of these FP's are based...". That is for existing FP's of which there are only few reported...maybe 4 at most.

"At lot of these [four] FP's are based..." - better?


The FP's are not major ones. Outside of the winlogon.exe problem as experienced earlier, the FP's are very minor and will not cause any system instability.
We added a new set of definitions to the ST database, and we had testers test the additions. The definitions come from a highly trusted 3rd party website for spyware. The FP's generated from this database are not from improper dat's, just from previous malware which was named accordingly.

 

could you provide a list of the false positives?

 

My friends,

The false-positive items that you found were on the Threats or Unknown SW list?

Hope you only consider as a false-positives the items on the Threats list...

For me, ST works very well since the begin, so...

 

They are in the threats and we know about them. They will be fixed in the next database update.

 

Nice

 

Though, I cant exactly prove WeatherCheck to be safe.

When I search google for it, I get information that its an adware bundler from ASquared.

I installed the software. While I find no evidence of malware or adware, the program didnt work and there is no way to exit the program! It also adds itself to the Windows Startup without confirmation and has no way of removing it from there within the program.

edit: I see the problem with the WeatherCheck detection. It is detecting some ATi software as WeatherCheck. Though, WeatherCheck installs the same registry key..

edit #2: I downloaded WeatherCheck using the official installer from X10.com (as opposed to the first time which was from FreeDownloadsCenter). That one installed adware to the locations defined by ASquared.

Here is the install log from the install (adware highlighted in red):

*** Installation Started 08/06/2007 15:21 ***
Title: WeatherCheck (TM) Installation
Source: C:\setup_wcheckaol.exe | 08-07-2007 | 17:50:14 | 193752
File Overwrite: C:\Program Files\WeatherCheck\wthrtray.exe | 07-02-2004 | 12:24:36 | | 54784 | fda10391
Shell Link: C:\Documents and Settings\Owner\Start Menu\Programs\WeatherCheck\WeatherCheck.lnk
Link Info: C:\Program Files\WeatherCheck\wthrtray.exe | C:\PROGRA~1\WEATHE~1 | C:\PROGRA~1\WEATHE~1\wthrtray.exe | 0 | 1 | 0 |
RegDB Key: Software\Microsoft\Windows\CurrentVersion\Uninstall\WthrTray
RegDB Val: WeatherCheck
RegDB Name: DisplayName
RegDB Root: 2
RegDB Old: WeatherCheck
RegDB Key: Software\Microsoft\Windows\CurrentVersion\Uninstall\WthrTray
RegDB Val: C:\WINDOWS\UNWISE.EXE C:\PROGRA~1\WEATHE~1\Install.log
RegDB Name: UninstallString
RegDB Root: 2
RegDB Old: C:\WINDOWS\UNWISE.EXE C:\PROGRA~1\WEATHE~1\Install.log
Delete in-use files: On
RegDB Tree: Software\Microsoft\Windows\CurrentVersion\Run\X10Weax
RegDB Root: 2
Self-Register: C:\Documents and Settings\All Users\Application Data\x0ff\x0ff.dll
Self-Register: C:\Documents and Settings\All Users\Application Data\x2ff\x2ff.dll
User Rights: Admin







Carver: can you attach the x10net.dll file that was detected? I would like to analyze it.

 

Yes they were in the threats but now I don't exactly remember what they were.

Anyway if you say it will be fixed in the next release, I may give it another try.
Thanks

 

I have to say i never depend on ST to be a scanner but rather found it's HIPS features more of an asset then anything, and if FP's are just too much of a task, i would be satisfied if Spyware Terminator just concentrated it on becoming a full-blown HIPS only since that does seem to be it's biggest strengths.

 

The FP's mentioned in this thread have been fixed.

 

Hi, folks: Nice work done by ST's RAPID RESPONSE TEAM. I doubt the USA marine corp's team would have been able to do better than ST's. This will certainly prompt me to take a very serious second look at ST. A good dose of responsibility and reliability. Indeed. Thanks.

 

FP's = #1 priority.

 

OK, just rename .txt to .dll
[Edit]I just did a scan and Weather check and slimbrowser did not show up as threats, I guess they corrected it in the update I did at startup.[/Edit]

 

Carver, just to let you know, detection of this DLL file has been removed since it of course is a false positive.


edit #1: that is odd. the file's publisher is X10, the same as the DLL files includes with WeatherCheck. I will have to see if this is in fact an advertising DLL from X10.