SpySweeper False Positive

Discussion in 'other anti-malware software' started by bch, Sep 12, 2004.

Thread Status:
Not open for further replies.
  1. bch

    bch Guest

    Downloaded the Google Toolbar a few days ago. A scan with SpySweeper is flagging the Google Toolbar falsely as BrowserVillage Sidebar. An example of one of the CLSIDs it wants to delete is AA58ED58-01DD-4D91-8333-CF10577473F7. Checked this on Tony Klein's BHO list and it is associated with the Google Toolbar and not BrowserVillage Sidebar.

    Also scanned with AdawareSE, Spybot, PestPatrol, SpySubtractPro, and AOL Spyware Protection. The programme BHO Demon is correctly showing the Google Toolbar and not BrowserVillage Sidebar.

    Have emailed Webroot's UK office and have just advised them on their Support page.

    This is for information in case anyone else is troubled with this false positive.
     
  2. bch

    bch Guest

    SpySweeper also found Marketscore on my machine. I went to Start/Search/All Files and Folders and typed in Marketscore. It found an Internet Explorer shortcut to Marketscore which had not been on my machine prior to updating the definitions from SpySweeper. I deleted this and SpySweeper stopped flagging it.

    Ironically, I have been running SpySweepers's IE Favourites Shield and know for a fact that I did not add Marketscore to my IE Favourites list. I am the only user of this machine. It was definitely not on my machine prior to updating the definitions from SpySweeper.

    (I have posted this on the other thread concerning SpySweeper.)
     
  3. azumi21

    azumi21 Registered Member

    Joined:
    Aug 16, 2004
    Posts:
    129
    i wouldn't trust a google toolbar installed on my browser (no matter what is is identified as). i would delete it.
     
  4. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,350
    Location:
    The Netherlands
    There's nothing wrong with the Google toolbar; in fact it's one application I couldn't do without...

    A glaring False Positive indeed, and I reckon SpySweeper will hasten to correct it...
     
  5. bch

    bch Guest

    Thank you for your responses and I have to agree with Tony Klein about the Google Toolbar. (Your BHO Demon is an excellent programme and I'm pleased I've had the opportunity to tell you that.) I haven't heard anything from SpySweeper. On checking, they haven't opened the ticket left on their support forum. I'm sure the matter will be resolved but am still curious as to how the Marketsco IE Shortcut got onto my machine.
     
  6. bch

    bch Guest

    Just updated the latest definitions from SpySweeper and the programme is no longer flagging BrowserVillage Sidebar so the matter has been resolved. Its still flagging Marketscore but no doubt this will be resolved in due course.
     
  7. bch

    bch Guest

    Apologies, Tony Klein. I have just realised that you are not the author of the BHODemon programme but rather the BHO List.
     
  8. bch

    bch Guest

    Received an email from SpySweeper instructing me to upgrade from version 3 to version 3.2.0 (Build 146) Spyware Definitions 383. (Another 12 months updates thrown in). Having done another scan it now doesn't flag Marketscore but it flags the Google Toolbar again but, this time, as WebSearch Toolbar. Scanned with PestPatrol and SpySubtractPro which found nothing plus I simply do not have WebSearch Toolbar on this machine or the associated files that come with it.

    I've emailed SpySweeper again with this information so they can look into it.
     
  9. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,748
    Location:
    The Netherlands
    I wonder why the definitions is 383.
    Mine says as in the screenshot.

    Gerard
     

    Attached Files:

  10. bch

    bch Guest

    gerardwil.

    Definitely says 383 in respect of version 3.2.0.
     
  11. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,748
    Location:
    The Netherlands
    OK, lets say it different: I wonder why mine says 504 if that makes any difference.
     
  12. bch

    bch Guest

    gerardwil.

    Tried to post a screenshot but I must have to be a fully fledged member before I have that facility. Have checked the webroot site and it is showing version 3.2.0 as the latest version. You might try the Options section in SpySweeper and clicking on "Update Programme" to see if you can get the latest version.
     
  13. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,748
    Location:
    The Netherlands
    Ofcourse I did that and it says I have the latest version.
    Also I asked webroot and they give me very fast a ticket, but that is still open for about 5 days :oops:
    Cheers,

    Gerard
     
  14. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,748
    Location:
    The Netherlands
    Today my ticket is gone without giving me any answer :oops:

    Am still having 3.1.0.134 and used spywaredefinitions : 504

    Trying to update it keeps saying: you have most recent definitions.

    o_O

    Gerard
     
  15. bch

    bch Guest

  16. Don Pelotas

    Don Pelotas Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2,257
    Hi Gerard

    Here's a direct Link to the Webroot updatepage, unfortunately Webroot is not quick to ad the newest builds ( mine is 3.2.0 build 142 definitions 395) to the update server, so we have to check the forums and help each other out. :)

    Regards
     
  17. bch

    bch Guest

    Downloaded the latest definitions (numbered 395) and SpySweeper is no longer flagging the Google Toolbar as some other toolbar.
     
  18. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,748
    Location:
    The Netherlands
    Hi,

    Just to let you know that Webroot e-mailed me the solution. They send me a link to download another copy of Spy Sweeper. Installed it and now says: version 3.2 (build 146) spyware definitions 397.
    New expire date september 19 2005.
    So I am happy now again :D

    Gerard
     
Loading...
Thread Status:
Not open for further replies.