SpySubtract

Hi. I hope I'm in the right section here! I have Intermute's SpySubtract for trial and it has picked-up two suspects which my other anti-spywares (including Spybot and AdAware) have not reported. They are Conducent Technologies Inc. and New Media Properties LLC. Can anyone tell me if these are real nasties or just false positives please.? Cheers, Haba.

 

I believe Spysubtract provides a little info of what and where it found the entry. Having said that....does Spysubtract reference the below registry key in reference to finding Conducent and New Media. If you could also post a screen shot or a little more info....we can then determine if it's a False Positive.

HKCU\software\microsoft\windows\currentversion\internet settings\zonemap\domains

 

Hi Bubba,

If it can help Habari42, here's the log of my latest scan with spysubtract (to me, it seems to be all false/positives but who knows?) :

Time=Wed Feb 02 13:43:04 2005
Product Version=1, 0, 1, 53
OS Version=Microsoft Windows XP Home Edition Service Pack 2 (Build 2600)

Started Scanning
Internet Cookies
Programs in Memory
Windows Registry
Found '' in 'SOFTWARE\ScreenSaver.com\Relevant Knowledge'
Found '' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1'

Internet URL Shortcuts
Files and Directories
Found 'easymp3.exe' in 'C:\Program Files\EasyMP3'
Found 'GPInstall.exe' in 'C:\WINDOWS'
Found 'uninstall.exe' in 'C:\WINDOWS\Web'

Finished Scanning

Atomas31

 

Thanks Bubba. I've had problems with the Screenshots I wanted to post.!! Firstly, "Save As" in Paint only offered Options Bitmap .bmp or .dib (not valid for the purpose) and secondly,the "Manage Attachments" button was dead - no signs of any "Browse"or "Upload"!! As far as I know, I was following your directions correctly, so I don't understand what went wrong but I hope you can put me right.!! Anyway,the answer to your question above is Yes in the case of New Media, but after domains\was "searchsquire3". (CWS ?). In the case of Conducent,the details were "AdGateway Timesink,TsAdBot,Gp-Install." I have had trouble with Gp-Install before, which was interfering with a download. Hope this info: will be sufficent. Cheers, Haba.

 

Hi Atomas. Just to say that I appreciate your response and the only entry in your log that seems suspicious to me is "Found 'GPInstall.exe' in 'C:\WINDOWS'" This is because I experienced it interfering in a download (blocking the install stage) and when I tracked down an address and sent several emails asking for help, they completely ignored me. They also ignored emails from Spyware-Stopper.com. I'll now wait to see what Bubba has to say. Cheers, Haba.

 

Haba....I feel we are still going to find these are False positives given the fact they found them in the Domains reg key but I would like a little info Please.

Also....I just downloaded and installed the 30 day Pro version which is 2.64 just so we can be on the page as I ask questions.

Questions\Request:
1)which version are you using
2)are you using Spybot's Immunize feature....or any other software that places entries in Internet Explorers Restricted Zone
3)via the Spysubtract program....would you mind selecting View Log....which should open up either wordpad or notepad with the info. Copy and paste all that info into a post here in this thread Please.

 

Hi Bubba. To answer your questions:----- 1)Since my last email I have updated SS and now have Product Version 2.60/Definitions Version 2.59 which are said to be "up-to-date", although you have Version 2.64. 2)Yes, I use Spybot Immunise and also have Spyblocker and Spystopper, both of which have "blocked" lists and Searchsquire.com is in Spyblocker's list. 3) This is a copy of the latest log since, I uplifted:----------

"Machine=N0V2I8
Time=Fri Feb 04 12:22:40 2005
Product Version=1, 0, 1, 49
OS Version=Microsoft Windows 98 SE

Started Scanning
Programs in Memory
Finished Scanning
Started Scanning
Files and Directories
Found 'GPInstall.exe' in 'C:\WINDOWS'
Programs in Memory
Internet URL Shortcuts
Internet Cookies
Found 'com.com' in 'Internet Explorer Cache'
Windows Registry
Found '' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1'
Finished Scanning"
You can see that New Media has gone, com.com cookie has been added and the Registry entry has changed. Over to you,please. Cheers, Haba.

 

"Files and Directories
Found 'GPInstall.exe' in 'C:\WINDOWS'"

• According to InCtrl5(an install monitoring program)....GPInstall.exe is part of a Spyblocker install....and if you check the properties of that file you can then confirm that it is indeed a False positive by Spysubtract.
  
  Partial InCtrl5 log:
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyBlocker(2) "UninstallString"
  Type: REG_SZ
  Data: C:\WINDOWS\GPINSTALL.EXE "/

"Windows Registry
Found '' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1'"

• If you look in the registry location found in the above scan result....it will probably match the below pic of a Spybot Immunize entry as far as the 0x00000004 (4) entry is concerned. The IP may differ....but in any case if it is a (4) Dword value....it signifies a site placed in IE's Restricted Zone and would be a False positive by Subtract.

 

Thanks again Bubba for all the detailed info: I have now found that the com.com entry is,infact, CNet. To summarise,is it the case that all the entries in both my logs and Atomas' log are false positives, which appears to indicate a rather poor performance by SpySubtract.? I rather like it's format etc. but it's reliability seems doubtful. As the subject has already been raised in this thread, could I refer back to my second posting, in which I described my screenshots problems and ask if you can tell me how to get
over them please.? Cheers, Haba.

 

IMO....yours are definetly False positives....and the chances are good that Atomas's entries are also....but that would have to be confirmed by them.

Each and every legit program of this kind has False positives periodically. If Spysubtract False positives were on a scale of 1 to 5....with 5 being no False positives....I would have to give Spysubtract a 3 based on the threads I have read or been involved in....but I'm sure their track record will improve....or they will be left behind.

Would you doublecheck the Manage Attachments button again Please....and is it showing as a button to you or a link.

 

More thanks Bubba.!! The more I see of SpySubtract,the more I like it, so in view of your rating, I'll give it a fair trial. I consider the inclusion of CWShredder a useful plus. I have two problems in trying to carry out the directions in your step-by-step overview. 1)At Screenshots 8, the only choices I have are Bitmaps .bmp or.dil -- none of the valid extensions you quote are in the "Save as Type" options. 2)At Image Posting 2/3,"Manage Attachments" is a button but nothing happens when I hit it. I'd like to solve, this because I often want to use screenshots in the various Forums I subscribe to. Hope you can help. Cheers, Haba.

 

There is known problem concerning Win98 SE's MS Paint after installing Office 2000 as noted at the link below. Even if you do not have Office 2000....my suggestion would still be to look over the below Microsoft Knowledgebase article and see if it may help resolve that problem. While that might fix your MS Paint problem....you also might want to consider installing other image software such as Ifranview, Snagit, MWsnap....etc....until you can sort the MS Paint problem out.

This MSKB article---> http://support.microsoft.com/?kbid=299953&sd=RMVP

What do you see if you go to this below link ?

https://www.wilderssecurity.com/newa...791&posthash=f4da6904e70aaac1cad78874ac570dce

 

What do you see if you go to this below link ?

https://www.wilderssecurity.com/newa...791&posthash=f4da6904e70aaac1cad78874ac570dce[/QUOTE]

Hi Bubba. I'll look into the Paint problem but in the meantime, this is what the link gets me:-----------

"habari42, you do not have permission to access this page. This could be due to one of several reasons:

Your user account may not have sufficient privileges to access this page. Are you trying to edit someone else's post, access administrative features or some other privileged system?
If you are trying to post, the administrator may have disabled your account, or it may be awaiting activation.
If you are trying to start a thread in the HijackThis forum section, please be aware that we no longer process new, unsolicited HijackThis Logs here.
Log Out Home" Help,please.!! Haba.

 

Hi Bubba. Please see my posting of 06/02. I had no luck with the MSKB article, I'm sorry to say. I was stuck at step 2 because my HKEY-LOCAL-MACHINE entry had "Import" after "Graphics Filters" instead of "Export"as quoted. Any ideas yet on my heartbreaking rejection,please.?!!! Cheers, Haba.

 

Hi Bubba. Could you have a look at my postings of 06/02 and 10/02, please? Cheers, Haba.

 

Hi. Can someone tell me if Bubba has left the building.!!! Several of my replies and a private message have not produced any response and it's getting quite worrying. Cheers, Haba.

 

habari....my online time has been limited lately and I personally have given as many replies as I can in an attempt to assist you but I honestly don't have the answer that will fix your problem. If others do....hopefully they will speak up.

 

OK Bubba,that's fair enough. Thanks for all your help and I'll keep dropping in to see if anyone else picks up this thread. Cheers, Haba.

 

We certainly did not ignored postings and we certainly do not ignore emails sent to us.

have you even tried the forum?

one of the questions regarding gpinstall file...

http://spyblocker-software.com/IPB/index.php?showtopic=1807


sorry you had this experience anyway.

Inf./Opt.

 

Hi Habari, I have spoken to Paul concerning this a lot of times regarding software wrappers and gp install...

I am moderator at SpyBlocker Forums, and we allways try to answer emails, answer our posts...I tried to locate your concern/posts at the forum and couldn't find a member Habari...like you won't find Infinity (I am Optimizer )

anyway I still believe it is a false positive, I am sure of it. like so many apps have their false positives. We fight spyware just like Wilders so why in the world making spyware or installing spyware on MILLIONS of computers

another thing, IF gp install is spyware I will draw my conclusions and step back of everything but knowing Paul he did his investigation far better then me and he surely is a respectable person who I trust unendlessly!

I will keep you informed regarding this matter and I'll speak to Paul this evening.

sincerely

Inf./Opt.

 

why don't you try to email spysubtract and ask what is the issue in this case?

I'll email spysubtract too regarding their flagging.


Inf.

 

Thank you Inf/Opt. I have only just seen your postings. Im afraid I've got quite muddled over your Wildings/Skyblocker connections but I think this thread went off track from my posting of 10/02. The GP Install angle was a side issue which seems to have rather taken over the thread since Bubba's posting of 28/02. With regard to contacting SpySubtract -- I hope you have better luck than I've had,as I've been locked in battle with their TechSupport for several weeks.!! Their system is appallingly complicated and demands the submission of masses of data and continuous "updating"of the issue. It has almost driven me to drink (any excuse,I suppose !!) and,so far, has produced no results at all. I have tried to get my complaints to a Management level but no success up to now. It's a pity, because I'm quite impressed with the ap itself, but the Support side is hopeless. Cheers. Haba.

 

I too am having considerable problems getting someone technical enough to look at my SpySubtract problem (more false +ves - looks like a scam to me). The sales and support staff know nothing about the technical side of the product - I need to talk to a programmer! Looks like I won't be able to recommend SpySubtract to any of my colleagues, since they seem so incommunicado. I had a similar problem with M$ tech supp, and they eventually gave me an answer 5 months (yes that's right!) after I had solved the problem myself. Sometime, a simple Google will do more to answer your questions than any tech support department! Is it me, or are people getting less and less technical nowadays, and more moronic?!? When Longhorn is released, how will people cope with maintaining basic security settings, when they're gonna have to text-edit XML files!