Is this a Spyware Doctor FP?

Discussion in 'other anti-malware software' started by Ziji, Mar 5, 2006.

Thread Status:
Not open for further replies.
  1. Ziji

    Ziji Registered Member

    Joined:
    Mar 5, 2006
    Posts:
    4
    This may be an obvious question to you but seeing as I cannot get a response from PC Tools, please could someone confirm for me that the following are FP's:-
    Spyware Doctor identifies the following registry items as Altnet Software:-

    HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/System32/atl.dll
    HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/System32/atl.dll##
    HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/System32/atl.dll##.Owner
    HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/System32/atl.dll(2359626E-7524...

    I have had the paid for version of SD for about 8 months now and although this is only the second FP which is not in a temp directory, I am sufficiently concerned that I will not renew subscription and go for Spysweeper next time if this is false positive. Thanks
     
  2. dog

    dog Guest

  3. Ziji

    Ziji Registered Member

    Joined:
    Mar 5, 2006
    Posts:
    4
    I did a search for atl.dll on my pc and it says all instances are "ATL module for Windows XP", Company: Microsoft Corporation, the most recent date created is April 2005.

    ProcessLibrary.com says about atl.dll "Should not be disabled, required for essential applications to work properly".

    Therefore it is a FP. Although I did get responses from PC Tools, most recently "Your log file has been escalated to our Malware Research Center for in-depth analysis" they have not gone as far as to admit this is a FP. It has been said in other threads here this is worst problem with SD.
     
  4. Ziji

    Ziji Registered Member

    Joined:
    Mar 5, 2006
    Posts:
    4
    Pleased to report that this FP has now been fixed in a recent SD update.
     
  5. Detox

    Detox Retired Moderator

    Joined:
    Feb 9, 2002
    Posts:
    8,507
    Location:
    Texas, USA
    Good to hear; and thanks for updating us on it :cool:
     
  6. Hard Rocker

    Hard Rocker Registered Member

    Joined:
    Jan 27, 2005
    Posts:
    258
    Location:
    Quebec, CANADA
    Hi,:)

    In my opinion SpySweeper would be a much better choice in terms of reliability and customer support ( SS has a toll free # for tech support ).

    At last count Spyware Doctor had produced a total of 116 detections on my PC before I got rid of it several months ago. They were all F/P's. Some legitimate software .... UnHackMe, Macromedia, (if I remember correctly) and even my AOL 9.0 software was flagged as "a dialer". I would never have this program back on my PC. I also believe that PC tools has a program for cleaning the registry. If their antispyware product produces so many F/P's I personally can only imagine what trusting this registry cleaner would lead to.

    On a different note SpySweeper did produce a F/P this week .... something called Ultraview Plus .... it was supposed to be a system monitor malware. I contacted their tech support by telephone .... was informed in a matter of minutes that it was a F/P .... and the SpySweeper definitions were updated shortly after to address this problem.

    You be the judge .... :rolleyes:

    Good Luck !!
    HR
     
  7. Ziji

    Ziji Registered Member

    Joined:
    Mar 5, 2006
    Posts:
    4
    I like the sound of that.

    I trialed both Spyware Doctor and Spysweeper and was impressed at the time with SD's OnGuard protection. There is much said about their effectiveness or not as scanners but what about realtime protection?
     
  8. Hard Rocker

    Hard Rocker Registered Member

    Joined:
    Jan 27, 2005
    Posts:
    258
    Location:
    Quebec, CANADA
    I also have CounterSpy which I use for realtime protection instead of SpySweeper. CounterSpy runs at windows startup. I just choose to configure things in this manner.

    However, when I do open SpySweeper I often leave it's active protection running when online .... along with CounterSpy. Since I have installed the Build 709 version of SpySweeper it is showing : Threats blocked by shields as 6 .... so far.

    Hope this helps. :)
    HR
     
  9. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    ATL.DLL is often included with some malware I've seen. TrojanSpy BRISS was a classic example. See http://www.sophos.com/virusinfo/analyses/trojbrissa.html

    There are many cases in history where false alarms are simply the result of adding detection for a file in a package, without proper checking what that file actually is. We even had a simple text file included with TDS-3 get detected by some scanner.
     
  10. JRCATES

    JRCATES Registered Member

    Joined:
    Apr 7, 2005
    Posts:
    1,203
    Location:
    USA
    Thanks for the tip and for providing some professional input into this, Gavin. Perhaps this explains why it is being flagged, since legitimate malware does use this item that is being flagged. It would be a shame to see Ziji make a decision based off of only his second FP in 8 months with a product.....and he even said that the problem has already been resolved by PC Tools via an update. Besides, HR's hatred for Spyware Doctor is legendary by now.....I've used Spyware Doctor for the past year with only a couple of FPs (one pertaining to the Hosts file scanning, and one with SpywareBlaster's added registry protection, which was fixed by SD), and I've also ran it along with UnHackMe AND Macromedia with NO problems what so ever. But I've gotta give HR credit, though....I don't think I've seen him pass on an opportunity to take a shot at SD over the past several months.....:p ;)
     
  11. Hard Rocker

    Hard Rocker Registered Member

    Joined:
    Jan 27, 2005
    Posts:
    258
    Location:
    Quebec, CANADA
    So you can honestly say that Spyware Doctor's process guard never flagged UnHackMe as malware then ?

    And BTW I think that it is your problem with anyone criticizing this software that is legendary here ( take the case with Mandy ) and not the other way around !!

    Quite simply ANY software that produces a large number of F/P's continuously does not remain on my PC .... Pest Patrol, Trend Micro, Spyware Doctor, and Omniquad's Antispy ( if I remember correctly .... this one was some time ago ) After installing it and running a scan .... just under 300 detections were produced !! I uninstalled it immediately.

    As well, many other members here at Wilders also report high numbers of F/P's with Spyware Doctor. If you are happy with this software then fine .... it does NOT bother me in the least. Making snide comments about other people who have had a less than successful experience with Spyware Doctor just reflects badly on your maturity level.

    'Nuff said .... :(

    HR
     
  12. JRCATES

    JRCATES Registered Member

    Joined:
    Apr 7, 2005
    Posts:
    1,203
    Location:
    USA
    Yes, I honestly can. Both have run resident side-by-side for several months now without any problem at all.

    LOL....nice, I remember Mike (LowWaterMark - Administrator) explaining in the exact the thread you're talking about that it contained "posters that created different usernames and were posting under fake accounts" in that thread, all to attack both the product, as well as other forum members. Here's a snapshot for Mike's comment:

    ------------------------------------------------------------------------------------------------------------------

    http://img213.imageshack.us/img213/9929/lmwfraudcomment2aj.png

    -------------------------------------------------------------------------------------------------------------------

    Lighten up, HR. I was only making a lighthearted comment on the fact that you have voiced your displeasure with Spyware Doctor on numerous occasions. It certainly wasn't intended as any "slam" on YOU or anyone else. But I do question why you seem to have chosen to react so angrily and seriously to a comment that was intended as a harmless little comical remark. I certainly don't see the need to make any snide comments about ME....I was only joking. You, on the other hand, do not appear to be......
     
    Last edited: Mar 18, 2006
  13. Hard Rocker

    Hard Rocker Registered Member

    Joined:
    Jan 27, 2005
    Posts:
    258
    Location:
    Quebec, CANADA
    Let's set this straight JR. I am an easy going person. Just check through any of my posts.

    Therefore you will not find any sarcastic comments directed to any member here at Wilders other than within that last posting to you.

    When you say I have a hatred for a product that is legendary and I don't miss a chance to slam SpyWare Doctor you should be aware of some earlier postings .... particularily the one that says that I liked the cookie monitor feature in Spyware Doctor. Also, the thread that accused Spyware Doctor of supporting " Malware " where I state that although the product had performed poorly for me .... I did NOT feel that Spyware Doctor was guilty of supporting malware. This does not sound like someone who looks for any opportunity to slam a particular software .... to me at least. lol :rolleyes:

    Also, be aware that I'm not the one starting these threads .... as I also mentioned some time age to you .... I just report and give my opinion on one software performing better than another .... from MY experiences.

    Enough said .... for me anyway !!
    HR
     
  14. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    Ok folks,

    any more O/T comments will be removed. Please stick to the original issues here and leave personal remarks out.



    snowbound
     
  15. Chris12923

    Chris12923 Registered Member

    Joined:
    May 31, 2004
    Posts:
    1,097
    You said "this is only the second FP which is not in a temp directory". Does this mean there have been other false positives located in the temp directory? If so did PCTools determine them to be false positives? If not how was it determined?

    Were all 116 of these detections determined by PCTools to be false positives? If not how was the determination made? Also I beta test for Greatis Software maker of UnHackMe. Spyware Doctor has never detected any beta or final release of UnHackMe as malware on my PC. If any software detects UnHackMe as anything besides legitimate software please send me a pm here at Wilders or post to the Greatis forum at http://www.greatissoftware.com/forums/ or contact Greatis Support at http://greatissoftware.com/techsupport/open.php

    Was this a file that was detected or reg entry or something else?

    SpyWare Doctor's guard is very good. If it is possible for you to install one or more of the popular Anti Spyware tools visit some known malware sites see what gets blocked, scan, clean if necessary. Reinstall Spyware Doctor visit the same sites see what gets blocked, scan, clean if necessary. I think you will be pleasantly suprised with the results of Spyware Doctor.

    JR this is very true. 2 false positives in 8 months is very minimal and I would be willing to say that most other antispyware vendors have had this many if not more. According to another post above even Spysweeper has some false positive just this week.

    I second JR. As stated above I have yet to see Spyware Doctor detect UnHackMe as malware.

    Sorry the post was so long but I'm just trying to get some info for myself and also hope it might help others as well.

    Thanks,

    Chris
     
  16. Hard Rocker

    Hard Rocker Registered Member

    Joined:
    Jan 27, 2005
    Posts:
    258
    Location:
    Quebec, CANADA
    Hi Chris,:)

    I no longer have SpyWare Doctor on my PC. I uninstalled it quite some time ago so I'll try and answer as accurately as possible. For the UnHackMe detection by process guard .... SWD had been on my PC previous to installing UnHackMe. My licence for UnHackMe was initiated in June 2005. As far as when process guard detected UnHackMe as malware it seemed to be sometime shortly after that. I would think around 4 to 6 weeks .... but this is only a rough estimation. On this claim to SWD flagging UnHackMe .... I will stand by it 100% As well, sometime before I uninstalled SWD .... it had produced a detection in my AOL 9.0 program software .... pertaining to a "dialer". For me that was it for this software and I uninstalled.

    PC Tools had even responded in a thread here at one point .... apologizing for all of the false positives with Spyware Doctor.

    For the SpySweeper F/P .... Here goes : SS name for malware was Ultraview plus .... HKEY Local /software/classes/AppID/director.exe

    I did email PC Tools on a couple of occasions pertaining to F/Ps but I never received any replies. Another member here at Wilders did complain about having 108 F/Ps with SpyWare Doctor recently. And BTW Chris I appreciate the civil approach to all of this. I also have no problem standing up for any posts that I have made here at Wilders. I am not an advanced PC user but I can assure you that when I claim that a software (any software) has made a certain detection .... It HAS. (lol) Do not hesitate to ask me for any more info that you think may be of assistance.:D

    HR:D
     
    Last edited: Mar 19, 2006
  17. JRCATES

    JRCATES Registered Member

    Joined:
    Apr 7, 2005
    Posts:
    1,203
    Location:
    USA
    Thanks for intervening to maintain and keep civility in these forums, snowbound. It certainly wasn't my intention of taking the thread O/T, I simply made a lighthearted comment that was intended to be humerous. I certainly didn't expect or intend for the reaction from HR that ensued. But I appreciate you helping to ensure that these threads do remain civil and that any type of flaming or personal attacks are frowned upon.

    And Chris, glad to hear that you can vouch for my experiences with your own as well, given your ties to PC Tools and Greatis Software. Thanks as well :thumb:
     
  18. Hard Rocker

    Hard Rocker Registered Member

    Joined:
    Jan 27, 2005
    Posts:
    258
    Location:
    Quebec, CANADA
    Here is a screenshot of the Spyware Doctor Process Guard / UnHackMe detection.

    Located it today on my Maxtor one touch external hard drive.


    2006-03-24_223021.png

    HR
     
  19. Mover

    Mover Registered Member

    Joined:
    Oct 1, 2005
    Posts:
    165
    The only thing that screen shot tells me is that you clicked on 'Add application' and manually chose that path. I don't know how you see it as indicating detection ?
     
  20. Hard Rocker

    Hard Rocker Registered Member

    Joined:
    Jan 27, 2005
    Posts:
    258
    Location:
    Quebec, CANADA
    When Spyware Doctor's process guard first detected UnHackMe as malware I chose to "ignore" that detection .... and that choice was reflected where you see it.

    I did NOT in any way input that myself. In fact there was another application in there as well .... until I uninstalled that program several months ago.

    At this point in time posting that screenshot is the only way I have to show this detection actually took place unless you can suggest another.

    The version of Spyware Doctor that made this detection was 3.2.1.359 and that detection by the Process Guard feature of Spyware Doctor goes back to May or June of 2005 I'm sure.

    Maybe if I remove UnHackMe from this location .... and run another scan it would get flagged again. For now I'll wait for Chris to respond and see what he thinks.

    Thanks for the input though.

    HR
     
    Last edited: Mar 25, 2006
  21. Chris12923

    Chris12923 Registered Member

    Joined:
    May 31, 2004
    Posts:
    1,097
    Try this and see what happens. Maybe something else on your PC is causing SD to detect it falsely because I have been using both these programs long before the dates you posted and have never had the problem. Thanks for updating me and please let me know what happens when you switch locations.

    Thanks,

    Chris
     
  22. Hard Rocker

    Hard Rocker Registered Member

    Joined:
    Jan 27, 2005
    Posts:
    258
    Location:
    Quebec, CANADA
    Will do .... I'll post back later. After I replied to Mover and thought a bit more about running this "new scan" it hit me that I won't be scanning with the same Spyware Doctor definitions that I scanned with when originally picking up the UnHackMe detection. There are about 6 months worth of newer Spyware Doctor definitions that have been added.

    Anyway I'll give it a shot. :doubt:

    HR:cool:
     
  23. Mover

    Mover Registered Member

    Joined:
    Oct 1, 2005
    Posts:
    165
    Thats possible. I've had NAV and SD interact with each other a while ago until a fix was put in. By the way, IMHO ALL detection type software will give you FP at times. Nothing is perfect and to test definitions against ALL software available is simply not feasible.
     
  24. Smokey

    Smokey Registered Member

    Joined:
    Apr 1, 2002
    Posts:
    1,513
    Location:
    Annie's Pub
    May i give my 2 cents?

    I don't see any valuable in the whole discussion.

    Spyware Doctor has FP's, that's a fact.
    But please name me one, just one AS without FP's.
    Even the so beloved Spysweeper has FP's.

    I have tested and used so many AS's, and none of them is perfect.
    Like everything.
    A bit thinking before push the delete-button is highly recommended, you can call it common sense.
    And this kind of thinking concern all (security) software, not only AS-ware.

    Now back to Spyware Doctor and the FP's.
    I didn't notice, this piece of top-notch software has (remarkable) more FP's then other AS-programs.
    It's a great program, and beat most of simultaneous software.
    I know earlier versions too, and the present one, v3.5.1, is a great improvement against previous ones.
    It's a good piece of software, and gives you adequate protection.

    Therefore i give Spyware Doctor the rating "reliable", and for sure i don't do this with a lot of other AS-programs.
    Please don't ask me to which programs i'm pointing, you don't get an answer.
    'Cause bashing at Wilders is not allowed (and that's a very good rule).
     
  25. Hard Rocker

    Hard Rocker Registered Member

    Joined:
    Jan 27, 2005
    Posts:
    258
    Location:
    Quebec, CANADA
    Smokey, :)

    I DO agree with you for the most part as this was a discussion that was between Chris and myself .... and perhaps should have been carried out by PM.

    And yes .... ALL antispyware programs DO produce FP's from time to time ..... even SpySweeper and CounterSpy which are my 2 main programs.

    I do not "bash" any software but will offer my input when another member posts .... what is better a. / or / b.

    My only "beef" with Spyware Doctor was numerous FP's on my PC.

    If Spyware Doctor performs good for you that's fine and well. If I was to worry every time someone here criticized one of my software products .... I just happen to use the "most hated" product here at Wilders for my Antivirus and Firewall ( no need to say more .... right ) .... lol .... and it does not bother me in the least. For the same reasons as you .... and Spyware Doctor .... this product has performed well for me.

    Sorry .... if you were offended in any way .... it was certainly not intended.

    HR:D
     
Loading...
Thread Status:
Not open for further replies.