Real Time Defender acts like Spyware

Discussion in 'other anti-malware software' started by enthios, Nov 11, 2008.

Thread Status:
Not open for further replies.
  1. enthios

    enthios Registered Member

    Joined:
    Aug 22, 2008
    Posts:
    17
    I installed Real Time Defender about a month ago. The first thing I did was block access to RTD's Update.exe, and block the Update.exe from accessing the network.. Since then I've noticed that if I don't touch the keyboard or mouse for about 30 minutes, I get an RTD pop-up that says "Svchost -----> A0187940.exe", which I block "this time". I jotted down the file name of the exe, intending to locate it when time permits.

    Today the pop-up appeared again and did a quick search for A0187940.exe (obviously a sys restore backup file), found it and ran it to see what it is and what it does. Surprise surprise it's RTD's Update.exe. It calls home to www.RTdefender.com. Only it couldn't call home because it couldn't find it's url list.

    Now the mystery: Is RTD spyware? Is some Other malicious program searching (even in sys restore files?) for a program with network access know how? If RTD, it is certainly tenacious and determined and goes to great lengths to find a way out to the mother ship. The question is why. I'm beginning to think that RTD is a lot smarter than we realize, and is showing a definite lack of moral scruples. The term "morally bankrupt" comes to mind.

    A penny for your thoughts. . . . .

    Enthios
     
  2. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,632
    Location:
    U.S.A. (South)
    I make great use of RTD and have for months but i must admit that this is the very first report i heard of like that from it. In fact no outgoing signals have been noted of me since day one so i could only suggest for you to be sure that you at least disable the UPDATES checkmark in it to avoid such an odd reocurrance of that nature.

    EASTER
     
  3. enthios

    enthios Registered Member

    Joined:
    Aug 22, 2008
    Posts:
    17
    Ah yes! Thank you Easter. I haden't checked that as it was the first thing I disabled when I installed RTD last month. I've found RTD to be the only HIPS that really works. Have tried many, but others could not "really" protect a programs virtual memory. Just because there's a check box saying "protect virtual memory" doesn't mean it will. In Malware Defender the checkbox "Protect this app from being accessed by other processes" did not protect my firewall from being corrupted and disabled by injection from lsass.exe.

    However I am amazed at the length to which RTD went to find a copy of it's Update.exe, and even found it when the name had been changed, and in a sys restore file at that! Growing weary of the security and vulnerability problems with Windows, and now testing "Linux-Mint" which looks to be a VERY(!) viable replacement. The future looks to belong to Linux NOT Windows.

    Thanks again.

    Enthios
     
Loading...
Thread Status:
Not open for further replies.