Spyware Doctor injecting code into all Windows Systems and Security Apps

Discussion in 'other anti-malware software' started by Rilla927, Feb 27, 2006.

Thread Status:
Not open for further replies.
  1. Rilla927

    Rilla927 Registered Member

    Joined:
    May 12, 2005
    Posts:
    1,710
    Hi everybody,

    I put Antihook 2.5 on one of my system's (laptop) for the first time and let it run for almost a week in finger print mode and then switched it to normal mode. When I switched to normal mode I discovered (through the prompts) Spyware Doctor v3.5.1 wanted to inject code into a lot of Windows System Files, it wanted permission to modify Windows NT Kernal, it also wanted to inject code into Look'n'Stop FW and Nod32 so I blocked it. Is this normal behavior for this program?

    At the same time on my desktop I have Kav Suite and Anti Hacker popped up 4 or 5 times saying the .exe (for Spyware Doc) was modified. I did legitamately update it once. But the rest are unexplainable.

    Last week when I attempted to install Spyware Doctor on laptop, Nod32 flagged a file in spyware doctor saying there was an infection and stopped the installation immediately. I also noticed SD has been running 50,000-65,000 mem usage. I have never encountered this before.

    If anyone that has these same programs can shed some light on these issues I would appreciate it.

    Thanks;)
     
  2. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,055
    Location:
    The Netherlands
    I have noticed that some anti malware apps will always try to modify certain processes, they probably do this in order to get complete control over your system, if I´m correct AntiHook is doing it also. So if it´s a legitimate app I guess it´s not a problem. :shifty:
     
  3. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Indeed, some security software does behave in this fashion - SpySweeper being one example and System Safety Monitor used to do this also. One of the downsides of running multiple security applications is that you do need to configure them to allow each others' actions.
     
  4. Rilla927

    Rilla927 Registered Member

    Joined:
    May 12, 2005
    Posts:
    1,710
    @Rasheed and Paranoid,

    I learned of this through Antihook, it's Spyware Doc wanting to do all the injecting code/modifying to everything.

    You are saying I should allow this through Antihook for Spyware Doctor to do this stuff?

    I knew there would be prompts to allow/block when I put Antihook in normal mode, but I never expected to see an app injecting code into other processes. It freaked me out.

    Do either of you use Antihook?

    Thanks for your replies!;)
     
  5. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,702
    Hello,
    First questions you should ask yourself - Do you doubt the copy of Spyware Doctor you have? Did you download the program from its home site? Because anomalies you experience might be related to a cracked version, clone etc.
    Now, concerning injection - Spyware Doctor is supposed to protect memory processes in real time. So to do that, it needs to 'communicate' with memory processes, including nod and others, so in case they are infected (dll, hooked etc), it can intercept and stop the malevolent behavior.
    Anti-hook simply recognizes this sort of behavior. In case of Spyware Doctor, this (should) be benign, but imagine something else was trying to inject its code into a process.
    BTW, don't freak out. I know of dozens of applications that do this.
    Mrk
     
  6. Rilla927

    Rilla927 Registered Member

    Joined:
    May 12, 2005
    Posts:
    1,710
    I'm always a bit skeptical I guess. It's funny all of a sudden sometimes when you install a new program you discover things you never knew about the programs thats on your computer (whats going on behind the scenes).

    I did get it from PC Tools. I thought maybe malware got into SD itself.

    Okay so this is common for apps to do this. Thanks for helping me to understand.;)
     
  7. Italtony

    Italtony Registered Member

    Joined:
    Feb 24, 2006
    Posts:
    8
    Location:
    Italia-UK-Germany
    Sometimes all these apps can make people paranoid I think...just by the way of course.

    ANTonio.
     
  8. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,221
    I can relate to that. I uninstalled some programs, such as Watcher, because did not understand what the programs were it flagged. When I did work it through it was always an alright program, but it was enough of a pain with my limited knowledge that I ditched it.

    I think some of us near average users can be overloaded with information that we do not know what to do with.

    Jerry
     
  9. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,055
    Location:
    The Netherlands
    Hi,

    No I do not use AntiHook myself but I do know that AH will also try to modify processes itself (I use PG) so basically it´s a question of trust. For example, I have installed Super ADBlocker and it wants to do a whole lot: Install a service/driver, inject code into all process and add several autostart entries. In other words, it´s acting like freaking malware! I mean all this for an adblocker? No thank you. :gack:

    http://www.superadblocker.com/
     
  10. Rilla927

    Rilla927 Registered Member

    Joined:
    May 12, 2005
    Posts:
    1,710
    @Italtony

    I agree:D

    JerryM

    I agree:D

    Rasheed187

    You are correct. Paranoia takes over before the common sense I guess, for me.

    Wow, I don't blame you! I will stay clear of that program.:)
     
Loading...
Thread Status:
Not open for further replies.