How is Tenebril Anti-spyware?

They say that the tool creates dummy files in order to prevent re-installation. I wonder how good is this anti-spyware when compared to the likes of Giant/MS.

 

Ghsot Surf 2005, has AntiSpyware integrated with cookie, temp, cache, history cleaner, file shredder, anonymous surfing and an encryption tool!

Nice package.

http://www.anti-software.com/ghost-surf.html

 

i would rate spycatcher as a good back up anti-spyware program, but be careful when running it with other anti spyware programs (webroot's spysweeper does not like anything tenebril,the registery keys tenebril uses are the same as some spyware registery keys. the reason for this i do not know,but i think it might be it is making the computer seem like it has spyware to keep the spyware from infesting your system..this is a guess i am not a expert.) get the full version of ghostsurf 2005 it is a anonymizer/browsercleaner(makes your ip address hidden when surfing but not your e-mail address if you send email. in addition some web sites will not work using it or you will get a timed out error because the signal your computer sent has to go around the planet once or twice. ) it's the one with spycatcher and ghostsurf in the same package. if you use the older ghostsurf 2.1 use it only for it's anonymizer program,the anti-spyware program thats in 2.1 does not update or can be manualy updated and is very very out of date and somtimes corrupts the spycatcher definitions when spycatcher updates. and just plain ghostsurf 2005 without spycatcher you have less features.in the test that is quoted below spycatcher was not fully tested...i would use it in addition to spybot with spywareblaster and ad-aware or giant or spysweeper.

 

http://spywarewarrior.com/asw-test-results-4.htm

You can find more info on the asw test by Eric L. Howes.

one of the worst performers on that test and I do recall they use some contradictory techniques, I will try to find out more of them.

cheers

 

I know that they use the "REINSTall shield" which replaces the spyware with dumy files thus allowing the spyware to think that it allready installed itself in this system therefore it prevents any further installation of that specific spyware.
I think it's a cool idea, except that other anti-spyware scanners think that theyt spyware still exists and it decides to report it.
I also like their parachute approach, which is just a delete sattelite that loads so when you clean the system it will reboot the system in to a safe mode so it can remove any persistant spyware and replace the persistant spyware with it's "reinstall shield" file. (which is 0 in size but looks like the real file).
The problem I am haveing now is that the detection rate is good but not great.

Anyhow, sorry that I did not log it but I am typing from an infected system.

 

i just updated spycatcher to 3.5 and here is some obsevations about it,there is two diffrent scan results known spyware and suspicious files if you have suspicous files do not delete them...double check heck triple check what spycatcher thinks is suspiscious before you start deleteing stuff on your computer treat spycatcher's suspicious files like a hijackthis! entry or a registeryedit trying to save a lot of headaches and cursing at your computer because you erased a important file (spycatcher reported window updates files as suspicious and registery entrys that games use as suspicous) i repeat be careful of what you delete! its a good tool just dont get delete happy.

 

I was going to start a new thread but did a search and decided to just stay with this one since it is directed mostly at GhostSurf
I have used GhostSurf since the 2's and now use the platinum 2005.
For some reason it is detecting a TDS-3 file as a JapaneseKeylogger in the FOUND section. Deleting it doesn't stop TDS-3 since TDS has i'ts protection
kick in and replace it. The other file they are detecting as found is just labled dropper with no info on it.
Still waiting to hear back from tenebril on this.
This is a system I reformated a couple weeks ago.

Bruce

 

While that seems to be the case since we did not moderate it properly....we'll now get back to the thread topic....How is Tenebril Anti-spyware?....and those wishing to discusss Ghost Surf can do so in the proper Forum.

Regards,
Bubba

 

Hi guys,

I found Ghostsurf Platinum 2005 on sale at Amazon UK for almost half price and bought it. Just wondering if anybody has tested the most recent version of Spycatcher which is advertised as a breakthrough including protection against phishing. I disabled MSAS in realtime and am running this for a couple of days instead and on the first scan it picked up two pests, Ezula TopText and EAnthology. I'm quite dubious about how it found these since I have had MSAS running in resident and finding no infections in the daily scan, but then most spyware programmes miss stuff so it might be that. I will probably go back to MSAS in resident but this looks a useful addition for on demand scanning.

EDIT: I did find a pretty up to date review of Spycatcher which covers the latest version 3.5. The review is only a month old so is maybe more relevant than other articles. Looks like very powerful software although a bit of care is needed when using it as the authore explains:

Technology News: Reviews: Spycatcher Deadly to Spyware - But Watch Out
http://www.technewsworld.com/story/40987.html

 

Don't trust it's SUSPICIOUS findings since it will find ADOBE ACROBAT and many other usefull extensions as SUSPICIOUS SPYWARE.


What I hate about that review is that it sounds more like the manual for the software or an advertisement for it's functions (he doesn't state anything more then the manual stated). He does not state test procedures nor it's results or comparissions against others. He does not show that the delete satellite actually works nor that the reinstallation shield actually works.


Also I don't know where to report the freaking spyware. I have sent about 20 reports via the software interface in order to allow the engineers to look at my suspicious files and exclude stuff like ADOBE or GOOGLE toolbar. But even after a few weeks they are still there. SO I guess they never get my suspicious files and I do't know how to send them.

 

I have Adobe Acrobat and on the scan I did the only things it turned up were the two infections I mentioned above, but yes you have to be very wary of deleting 'suspicious files'. About the other stuff regarding tests I agree, I have only been able to find a few reviews. It didn't fare well in the SpywareWarrior tests but those results were from last year. Since then there has been a new version (3.5) with a lot of new features.

 

Does spycatcher have a *quarantine* zone?

That is a very bad situation. Until Tenebril gets that sort of thing straightened out, I will not consider purchasing or even trialling their product.

 

Just to support what others have said. I have found SpyCatcher 3.5 effective, but one must use it with caution. Like another poster, it found an alleged copy of Japanese Keylogger in TDS3, but having confirmed that this was false with DiamondCS support, I have added this to the allowed list.

Before I installed SpyCatcher, Panda Titanium AntiVirus 2005 was finding the same spyware almost daily. This has now stopped, so SpyCatcher must be doing something right. I also have AdAware SE and Spyware Blaster.

 

I gave up on running A-S often. I can't even remember the last time I had spyware that these apps found (other than just cookies) I suppose running IE at default may bring back some action.I just ran MS-AS and spybot - as usual, nothing.

 

Hi again

I did get an answer to e-mail I sent asking why they detect TDS-3
and other ligit software as bad. In my case TDS was not found as just a suspicious file but rather a FOUND file.
I have posted their responce in another thread but will repost in this one.
Their tech support wrote back to me saying they don't take those finds out of their software because if SPYcatcher finds a file like that, it DOES phone home for whatever reason behind your back. At first I thought, wow how stupid of them, then after more thought, I figured I would rather have them show me then
hide it. It just comes using their technology.
I would rather tech support at least ask me to send them the file for inspection.
After they inspect it, I would like an e-mail back explaining in detail as to what the file is and does exactly to cause the flag.

We all know Adobe using behind your back files to keep checking the internet.
At first it might be caused by a programs autoupdate feature but that turned out a wrong assumption.

I know I been testing way too much software these days and this causes me to not dedicate enough time to any one program.
At the moment Rootkitrevealer is driving me nuts with each build.
One build they detect certian keys, the next they don't then the next they do again LOL

I will try to get some detailed info from tech support on some of the issues with Spycatcher and if any of you beat me to it, please post and let us all know what you found.

Bruce

 

Hi,

For me too, Spycatcher 3.5 detect more than 60 false/positives (suspicious and non suspicious). On them, you can count two files from TDS-3 detect has Japaness Keylogger. And like few others it's been almost 4 month that I am sending report so they can solve the issue. Their technical support have send me a few answer like those one :

"Let me inform you why this issue has occurred, SpyCatcher identifies those
files installed in the systemroot directory without vendor signatures as
malicious as this directory is targeted by malicious programs."


"The issue is due to the lack of digital signature on these files. I would
request you to make sure that SpyCatcher is not disabling any legitimate
files, before disabling the files from the suspected spyware page.
Tenebril is currently working on this issue, to bring up a solution which
will make sure that no legitimate files are deleted accidentally from the
computer."

It seems that spycatcher 3.5 identifie every files that lack of vendor signature has suspicious or spyware!!!

Atomas31

 

I tried 3.5 and it throws off many false positives. It thought process guard and my firewall where spyware!! I would stay away from 3.5

I am running counter spy now.