Spy Sweeper F/P ?

Discussion in 'other anti-malware software' started by ftwynne59, Apr 17, 2006.

Thread Status:
Not open for further replies.
  1. ftwynne59

    ftwynne59 Registered Member

    Joined:
    May 24, 2005
    Posts:
    185
    Hi all

    Thought I would add Spy Sweeper (free trial) to my arsenal. First scan yielded what I believe to be a false positive :

    "Sdbot Trojan Horse : Risk Rating Critical"
    Location: C:\Windows\adiras.ini

    Scanned with Ewido, Boclean and Kav 5....nothing. Jottis' online...nothing.

    Curious also that this very same problem was posted by betauser2 on January 2nd 2006...don't know if this was submitted to Webroot for analysis....but surprised that Webroot have not addressed this problem (that is assuming that this one is indeed a false positive).

    Another question if I may....is it usual to restrict removal of spyware only until you actively subscribe (pay?) for trial software as seems to be the case for Spy Sweeper ? (this is also true for the scan results and quarantine functions as far as I can make out).

    Not attempting for one minute to bash this product after only very limited use....but can anyone assist o_O
     
  2. ftwynne59

    ftwynne59 Registered Member

    Joined:
    May 24, 2005
    Posts:
    185
    Anyone....o_O o_O o_O

    Or do I head down to Castle Cops :doubt:
     
  3. Togg

    Togg Registered Member

    Joined:
    Jun 24, 2003
    Posts:
    177
    I've got SpySweeper and I haven't seen that (or any other) false positive, not that that means anything as far as your computer is concerned!. I suppose you could try reporting it to Webroot via their support system, but they may not be too interested while you are using a trial version.

    As for the trial version being only part functional, I believe that is quite common. The more unscrupulous software vendors are alleged to rig their software to 'find' non existent problems in order to encourage users to buy the full program, but I am not suggesting that Webroot do that.
     
  4. ftwynne59

    ftwynne59 Registered Member

    Joined:
    May 24, 2005
    Posts:
    185

    Thanks Togg

    I'll take your advice and report this to Webroot.

    Your response poses another interesting question....is there truly a lower level of support for trial version users ?. Surely Software Vendors dont discriminate.....or do they :doubt:

    Thanks once again :)
     
  5. Togg

    Togg Registered Member

    Joined:
    Jun 24, 2003
    Posts:
    177
    I have seen a few programs where it was clearly indicated that the trial was 'crippled' so that it would only demonstrate its abilities, but not do the whole job, until it was paid for. Trouble is I can't remember any of them now!

    The fact that you have checked with three other programs, (all of which seem to have good reputations) and one online scanner, would suggest that this sdbot finding is more than a little suspect. Any program, however good, can make these sorts of errors and it may be that you have something demonstrating 'trojan like' behaviour.

    According to the database of a program I have called, appropriately, Trojan Remover, Backdoor sdbot is a remote access trojan controlled through IRC channels. Do you have any active IRC (chat) programs or an ADSL modem like betauser2 had? Googling adiras.ini does produce some odd looking responses, many in German!
     
  6. ftwynne59

    ftwynne59 Registered Member

    Joined:
    May 24, 2005
    Posts:
    185
    Togg

    I do not currently (or ever on this PC) have an active IRC (chat). I have an ADSL Modem (installed about 3 months ago having subscribed to Tiscali Broadband)....as betauser2 alluded to, this could be the connection. Also, a search for Adiras.exe on my system yielded nothing. Do I conclude that an .ini file. without the .exe it is associated with, is harmless ? (irrespective wether a false positive or not ?).
    Still intend to post at Castle Cops and contact Webroot direct.

    Many thanks for your responses and all your help.:)
     
  7. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    Spysweeper have 2 forms of free trial

    a free scan only with no fix capabilities and a free full version that scans & fixes

    Many of the larger download sites have the free scan only version as do webroot themselves ( the full version is somewhat buried on their site)

    The reason for this seems to be that many affiliates complained that too many people were trialling SS & fixing problems & never buying it so they were losing income

    A lot of affiliates and I am one do not subscribe to this view and I will only have links to the full trial version that fixes as in my view you can only find out how effective an antispyware is by fixing things. Pure detections are nothing and anybody can build a scanner that finds everything but fixes nothing

    The adiras.ini might be a fp or might be genuine the file is normally part of a modem installation but is also used by malware with that name

    .ini files generally are text files that tell an exe file what to do so if you open it in notepad and paste the contents back here we should be able to tell whether it is a FP or not

    Most av's will NOT detect any .ini files regardless of whether used by genuine or malware as on their own they are harmless
     
  8. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Hi dvk01, the information about spysweeper,s two trial versions is new to me. Can u please give a link to full trial version. Thanks
     
  9. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    in my signature

    lots of links

    I wouldn't post a direct link here as I am an affiliate & I don't think it's fair to use this forum to gain possible sales
     
  10. ftwynne59

    ftwynne59 Registered Member

    Joined:
    May 24, 2005
    Posts:
    185
    Thanks dvk01

    Adiras.ini file opened in notepad...contents :

    [RASSettingNT]
    Device="USB ADSL WAN Adapter"
    DeviceType=ISDN
    PhoneNumber=adsl
    ConnectionName=Internet ADSL
    ShortcutName=Internet ADSL
    [RASSetting9X]
    Device="USBADSL-LINE0"
    DeviceType=ISDN
    PhoneNumber=adsl
    ConnectionName=Internet ADSL
    ShortcutName=Internet ADSL
    [Connection]
    ShortcutName=Connection
    FolderName=
    IconConnection=

    The .ini file has a creation date of 17/2/03....my PC was purchased in Oct 05with ADSL Internet Broadband connection 2-3 months later.

    Thanks once again for your trouble and advice.:)
     
  11. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    That is definitely a FP as that is the ini file for the adsl modem without a doubt

    It looks like SS has found that one on name alone so it should be reported to them
     
  12. ftwynne59

    ftwynne59 Registered Member

    Joined:
    May 24, 2005
    Posts:
    185
    Thanks again dvk01....will report this to SS.

    Terry
     
  13. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Really nice thinking. Thanks
     
Thread Status:
Not open for further replies.