Spy Sweeper F/P ?

Hi all

Thought I would add Spy Sweeper (free trial) to my arsenal. First scan yielded what I believe to be a false positive :

"Sdbot Trojan Horse : Risk Rating Critical"
Location: C:\Windows\adiras.ini

Scanned with Ewido, Boclean and Kav 5....nothing. Jottis' online...nothing.

Curious also that this very same problem was posted by betauser2 on January 2nd 2006...don't know if this was submitted to Webroot for analysis....but surprised that Webroot have not addressed this problem (that is assuming that this one is indeed a false positive).

Another question if I may....is it usual to restrict removal of spyware only until you actively subscribe (pay?) for trial software as seems to be the case for Spy Sweeper ? (this is also true for the scan results and quarantine functions as far as I can make out).

Not attempting for one minute to bash this product after only very limited use....but can anyone assist

 

Anyone....

Or do I head down to Castle Cops

 

I've got SpySweeper and I haven't seen that (or any other) false positive, not that that means anything as far as your computer is concerned!. I suppose you could try reporting it to Webroot via their support system, but they may not be too interested while you are using a trial version.

As for the trial version being only part functional, I believe that is quite common. The more unscrupulous software vendors are alleged to rig their software to 'find' non existent problems in order to encourage users to buy the full program, but I am not suggesting that Webroot do that.

 

Thanks Togg

I'll take your advice and report this to Webroot.

Your response poses another interesting question....is there truly a lower level of support for trial version users ?. Surely Software Vendors dont discriminate.....or do they

Thanks once again

 

I have seen a few programs where it was clearly indicated that the trial was 'crippled' so that it would only demonstrate its abilities, but not do the whole job, until it was paid for. Trouble is I can't remember any of them now!

The fact that you have checked with three other programs, (all of which seem to have good reputations) and one online scanner, would suggest that this sdbot finding is more than a little suspect. Any program, however good, can make these sorts of errors and it may be that you have something demonstrating 'trojan like' behaviour.

According to the database of a program I have called, appropriately, Trojan Remover, Backdoor sdbot is a remote access trojan controlled through IRC channels. Do you have any active IRC (chat) programs or an ADSL modem like betauser2 had? Googling adiras.ini does produce some odd looking responses, many in German!

 

Togg

I do not currently (or ever on this PC) have an active IRC (chat). I have an ADSL Modem (installed about 3 months ago having subscribed to Tiscali Broadband)....as betauser2 alluded to, this could be the connection. Also, a search for Adiras.exe on my system yielded nothing. Do I conclude that an .ini file. without the .exe it is associated with, is harmless ? (irrespective wether a false positive or not ?).
Still intend to post at Castle Cops and contact Webroot direct.

Many thanks for your responses and all your help.

 

Hi dvk01, the information about spysweeper,s two trial versions is new to me. Can u please give a link to full trial version. Thanks

 

Thanks dvk01

Adiras.ini file opened in notepad...contents :

[RASSettingNT]
Device="USB ADSL WAN Adapter"
DeviceType=ISDN
PhoneNumber=adsl
ConnectionName=Internet ADSL
ShortcutName=Internet ADSL
[RASSetting9X]
Device="USBADSL-LINE0"
DeviceType=ISDN
PhoneNumber=adsl
ConnectionName=Internet ADSL
ShortcutName=Internet ADSL
[Connection]
ShortcutName=Connection
FolderName=
IconConnection=

The .ini file has a creation date of 17/2/03....my PC was purchased in Oct 05with ADSL Internet Broadband connection 2-3 months later.

Thanks once again for your trouble and advice.

 

Thanks again dvk01....will report this to SS.

Terry

 

Really nice thinking. Thanks