Seems Ewido missed spyware

Discussion in 'other anti-malware software' started by MikeBCda, Aug 31, 2005.

Thread Status:
Not open for further replies.
  1. MikeBCda

    MikeBCda Registered Member

    Joined:
    Jan 5, 2004
    Posts:
    1,627
    Location:
    southern Ont. Canada
    Re: Suf60runtime?

    Interesting update because I found this via a roundabout route -- Google brought me right back here.

    Tonight's Ad-Aware def updates is suddenly turning this up with "Found Favoriteman Item!" header. I haven't installed anything new other than Belarc in ages, so I have to assume I've had it all along and Lavasoft has just now added it to their defs. They rate it as 8, which if you're familiar with their system is very poor (lower means less harmful).

    Two locations on my XP system -- the System32 folder, and the system restore folder. I've cleaned both out, and will keep my fingers crossed -- that 8 rating from Lavasoft means they're now very concerned about it.
     
  2. Rainwalker

    Rainwalker Registered Member

    Joined:
    May 18, 2003
    Posts:
    2,106
    Location:
    USA
    Greetings..........just did a scan with Ad-Aware and it found Favoriteman................how did it get by Ewido?
    Also, it is a BHO...i think...so how come Spyware Guard saw nothing ?................false positive :doubt:
     
  3. theshadow

    theshadow Guest

    I personally wouldn't rely on Ewido for my anti-spyware needs, from what I understand it's more of an anti-trojan. Nothing bad about Ewido, just that I don't think it can detect all spyware, it also misses some keyloggers too. For the heck of it, I just ran a fully updated Ad-aware on my xp sp2 machine and didn't get a detection for Favoriteman. I hope it's only a FP for you though.
     
  4. chaos16

    chaos16 Registered Member

    Joined:
    Feb 14, 2005
    Posts:
    1,004
    my adaware has found favouriteman as well.
     
  5. Mainza

    Mainza Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    19
    Location:
    Croatia
    I thought that ewido is one of the better programs when i did a scan with spysweeper it didnt found anything but ewido found a couple of traces even a radmin and netwatcher. o_O
     
  6. Don Pelotas

    Don Pelotas Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2,257
    Because Spyware Guard is not that effective anymore, which is why a new version has been in the works for some time.

    No scanner/guard catches everything, even the good ones like Ewido. You could add Microsoft AntiSpyware, it adds BHO protection and along with a hostfile you would be a lot less likely to be hit by spy/adware. :)
     
  7. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
  8. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    I would agree with Topper in regards to the latest AdAware definitions....especially in regards to your findings of Favoriteman\iun6002.exe. This particular item is making the rounds in regards to a False positive on other message boards and as usual will be commented to in a timely matter. I would also ask you to right click the iun6002.exe file and post what it says concerning it's properties. Many programs....one of which you may have unknowingly used....utilize a program called Setup Factory for installations.

    Threads to watch elsewhere:

    Ad-Aware f/p with SE1R64 31.08.2005 ??
     
    Last edited: Sep 1, 2005
  9. Rainwalker

    Rainwalker Registered Member

    Joined:
    May 18, 2003
    Posts:
    2,106
    Location:
    USA
    A big thanks to all..

    Properties: SUR60Runtime
    720kb File Version 6.0.1.4.
    2002 Indigo Rose Corp.
    Product Name: Setup Factory 6.0 Runtime Module

    So should i keep it or dump it Bubba :doubt:
    and thanks again :)
     
  10. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    For now I would definetly treat this as a False Positive. Spybot incorrectly had this item at one time and a number of months back we dealt with this same False positive. I have also moved your thread to a more appropriate Forum since this is neither an Ewido issue nor trojan software issue IMHO.
     
  11. dog

    dog Guest

    Just to share ... what I posted on another board regarding this this detection to further enforce the F/P status. ...
     
  12. TheQuest

    TheQuest Registered Member

    Joined:
    Jun 9, 2003
    Posts:
    2,301
    Location:
    Kent. UK by the sea
    Hi, Rainwalker and dog

    Might mean nothing.

    They are not the same, Re: SUR and SUF.

    Take Care,
    TheQuest :cool:
     
    Last edited: Sep 1, 2005
  13. Rainwalker

    Rainwalker Registered Member

    Joined:
    May 18, 2003
    Posts:
    2,106
    Location:
    USA
    Thanks Quest..........typo
     
  14. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    False positives have been addressed by Lavasoft.

    SE1R64 31.08.2005 Build 75 available
     
  15. Rainwalker

    Rainwalker Registered Member

    Joined:
    May 18, 2003
    Posts:
    2,106
    Location:
    USA
  16. Rainwalker

    Rainwalker Registered Member

    Joined:
    May 18, 2003
    Posts:
    2,106
    Location:
    USA
    Just got update and scanned ..............this time found THREE instances..................Ad-Aware log showed 3am activity............what is that all about ??........i am in bed at 3am and the computer is off o_O
     
Loading...
Thread Status:
Not open for further replies.