Potential conflict: NOD32 and Spyware Doctor 5.0

I use both NOD32 and Spyware Doctor (SD). PC Tools released the RC1 for Version 5.0 last night. I did not yet install, but I have been following the porgress of this release candidate in the Spyware Doctor forum.

Another NOD32 user posted in the SD forum that NOD32 detects the following files as malware during installation of SD RC1 V5.0:

is-BQ3ER.tmp
is-2FQSV.tmp
is-62R3L.tmp

I will wait until this conflict is resolved to install the new version of Spyware Doctor but wanted to report it in this forum just in case nobody else had.

 

Re: Potential conflict: NOD32 and Spywae Doctor 5.0

Please , send mail to support@eset.com with your findings . Also send them a link where they can download Spyware Doctor's RC1 v5 and check them

 

Re: Potential conflict: NOD32 and Spywae Doctor 5.0

Also it conflicts with two executables from spyware doctor

swdsvc.exe
sdtrayapp.exe

 

Re: Potential conflict: NOD32 and Spywae Doctor 5.0

If it is being reported as "NewHeur_PE vírus" just temporarily disable AMON while installing Spyware Doctor, then turn it back on after finishing the installation. A "NewHeur_PE virus" detection (a heuristics detection) will mean that AMON won't prevent these files from being run nor will it flash the "Virus Found" warning while trying to run these files (that only happens on signature detections as far as I know).

 

Re: Potential conflict: NOD32 and Spywae Doctor 5.0

I managed to get Spyware Doctor 5 installed in safemode...never thought about disabling AMON...never dreamed that I would need to.

Now, when I boot up, NOD32 tells me that I have an infiltration.

Time Module Object Name Threat Action User Information
1/30/2007 18:52:47 PM Kernel file C:\Program Files\Spyware Doctor\swdsvc.exe probably unknown NewHeur_PE virus
1/30/2007 18:52:45 PM Kernel file C:\Program Files\Spyware Doctor\SDTrayApp.exe probably unknown NewHeur_PE virus
Same files as reported before, but it comes up everytime. Should I do something to fix this, or will an update take care of this in the near future?

Thanks,
-MrTimmy

 

Are ESET and PC Tools fighting?

On the 29th of January when PC Tools released their beta version of Spyware Doctor (version 5.0), NOD32 detected components of this product as malware.

Today, February 1st, Spyware Doctor V 4.0 (non beta) has detected BACKDOOR.AGENT.AIR on my machine which is composed of 162 files from ESET.

This looks like retalliation to me. Is PC Tools retalliating because ESET detected Spyware Doctor as malware? Is ESET cooperating with PC Tools on removing Spyware Doctor's beta from it's malware list? Are PC Tools and ESET possibly at odds with each other? And if so, can they please do so without putting innocent customers in the middle?

I took this up with PC Tools support but also felt that it was worth mentioning here.

 

Re: Potential conflict: NOD32 and Spywae Doctor 5.0

Thats what SD 5 beta is doing on my machine, have disabled most of onguard to stop it from deleteing vital nod32 components

 

Re: Potential conflict: NOD32 and Spywae Doctor 5.0

QUESTION: Should I uninstall and reinstall NOD32?

Spyware Doctor quaratined 162 of NODs files, but when I tried to have Spyware Doctor restore the quarantined files, only 143 got restored. There are 19 that SD will not restore and i have no idea if they are critical files.

I'm not gonna do anything for a day or two to see if these 2 vendors can work out their differences. But if they can't, I'm giving PC Tools SD the boot.

 

Spyware Doctor just cannibalized NOD32 2.7… I went to System Restore and went back 5 days to reset everything. After rebooting, I only get a black screen. No boot up, nothing. I’m on an old laptop to try and get some help. Any ideas out there?

 

Spyware Doctor v4.0 has caused me grief today by reporting every file in my ESET program folder and subfolders as being infected with the Backdoor.Agent.AIR. This includes text files so I don't think this is very likely! Am aware of the concept of alternate data streams which could hide information but a simple listing doesn't show any of these. Can malware hide the existence of alternate data streams?

Assuming that this is just a false positive I think it is such an unprofessional thing to do that Spyware Doctor is going to get vapourised.

 

I emailed support at both companies.

It might help to escalate the repair if others do the same.

support@pctools.com
support@eset.com

 

If this situation isn't resolved today, Spyware Doctor is off my machine. Even if it is resolved today, Spyware Doctor is likely off my machine.
This is SO unprofessional. I do believe this to be deliberate. As I stated above, my theory is that PC Tools is attacking ESET because NOD32 labelled their most recent beta as malware. The unknown is if ESET was willing to work with PC Tools to fix the problem as obviously, Spyware Doctor is not malware.

In any case, I am sitting here afraid to turn off my computer as I do not know if SD is going to delete critical files when I do. I can't seem to get the 12 remaining files that are quarantined out of Quarantine.

I have defended PC Tools in many a forum but NO LONGER. This is absurd.

 

As of this moment, I can't even do a system restore. I'm looking in to reseting the Bios

 

This is a frustraiting matter indeed, i decided to do a quick scan with SD and it too labeled the entire eset folder as an infection, i think that it is a retaliation indeed, this only happened after people mentioned that nod32 see's the new beta as malware.

 

This is ther last straw for me. I was willing to overlook the last false positive I got from Spyware Doctor. But I have now had 2 in 2 months and this one appears to be deliberate.

Once they resolve the issue, I am SO taking it off my machine.

 

Even resetting the Bios isn't helping. I get nothing. In talking with the manufacturer, they said if flashing the bios doesn't help then it's probably a hardware failure, perhaps the video card or mother board. The bottom line is send it to them for 2-3 weeks or take it in locally to be diagnosed.....

 

If true, this is totally unacceptable AND it would seem that Spyware Doctor is at risk of becoming the very thing that they are trying to protect us from: MALWARE.

I can understand the occasional false positive. Especially since they are dipping into so many low level areas of the operating system. However, the NOD32 infection tagging did not happen until AFTER the false positives occurred with NOD32 identifying Spyware Doctor as an infiltration.

Many of us on these forums are experts. Imagine what the average user must feel when they find that the protectors have become the predators.

 

An update to earlier.

I was doing a manual scan of my system with Spyware Doctor which led to the earlier message. Since then I have had my Nod32 installation trashed - presumably by Spyware Doctor. System Restore didn't help me - only went back a couple of days.

Eventually got everything up and running ok after booting into safe mode to uninstall Spyware Doctor and delete all remaining files in my ESET folder. After a reboot I then reinstalled Nod32.

Given that the original report from SpywareDoctor included the tiny readme.txt that I couldn't image being infected I am assuming this was a false message. However there's still a little doubt in my mind. Has anyone heard from PC Tools about this issue?

 

I got an email from Tech Support stating that it is a falase positive and will be resolve within 8 hours.

 

Thats reassuring, thanks. The big question will be will I reinstall Spyware Doctor. Going to think hard about that one.

 

Here is what PC Tools thinks is the problem :

...it's not a "pissing contest" what we believe has happened is a malware publisher has created a threat(s) that are designed to trick AV applications by creating fingerprints that when detected also detect other legimate AV products. i.e. get AV companies to detect each other...


Not sure if I buy that or not. Regardless, SD is coming off my machine. There have been too many ethical issues with this company like:

1. Putting adware in users SKYPE
2. Installation of the google toolbar by default on install. You must uncheck a box not to install the toolbar.
3. False positives
4. Limited "free trial" that detects but does not remove spyware (you must buy the product to remove what it detects). And of course, with the false positives, it tells you that you have Spyware when you don't. So it baits you to buy the program

For a PC Security company, they have a sleazy image. It's sad too, because I think the product has a HUGE upside. At one point in time, I thought it was the best product going and I still think that it has potential to be just that.

 

I can't even get into safe mode.... If I could, I would trash Spyware Doc. This is unacceptable.