Spyware Doctor scan found CommonName- FP?

Discussion in 'other anti-malware software' started by dcdc, Jan 12, 2007.

Thread Status:
Not open for further replies.
  1. dcdc

    dcdc Registered Member

    Joined:
    Nov 22, 2004
    Posts:
    195
    Location:
    Boston area
    A recent full scan with Spyware Doctor found adware CommonName on my machine based on 8 HKCU Registry keys, but I wonder if this is a false positive.

    First, I run a lot of antispyware as active protection: Spy Sweeper, Spyware Doctor itself (free version), Windows Defender, Spybot, and Spyware Blaster. NIS also includes an AS app now. Very rarely have I found any true spyware.

    Scans from the above (except SD, of course), as well as scans with Ad-Aware, AVG AS (formerly ewido), a-squared, and Super Antispyware have all failed to detect anything suspicious.

    I used regedit to verify the keys, which basically agree with what SD found:

    HKCU\Software\Microsoft\Current Version\Ext\Stats\{00000000-0000-0000-0000-000000000000} is the first key.

    The others are the same with additional fields, mostly \iexplore...

    The question is, of course, is this spyware? I tend to doubt it based on the other scans, but can I safely remove it by deleting all 8 keys with regedit?

    I must note that System Restore is no longer working (again); it cannot seem to go back to any restore point. Also, I do not have an alternative backup system e.g. am external drive, so if I screw up the registry, I'm screwed big time.

    Anyone have any experience with this adware? I have checked some forums via a Google search for CommonName, but found little that was relevant.

    Thanks for any posts.
     
  2. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    have you run superantispyware?
    its in my sig.
    it sounds like an fp to me.
    lodore
     
  3. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Hello,

    I have NEVER EVER found a single entry by Spyware Doctor that was NOT a FP. Besides, you cannot disinfect without buying the product - which makes the entire concept ... interesting.

    You're not screwed if you wish to play around.

    You can create Ultimate Boot CD for Windows. Then, you can export the registry keys that you wish to delete. This means that even if your system is unbootable, you'll be able to boot from CD and restore the missing keys.

    You can also try to repair your installation.

    There is always more than a single solution to a problem.

    Mrk
     
  4. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    your right most things detected by the free trial of spyware doctor is fp's
    lodore
     
  5. MaB69

    MaB69 Registered Member

    Joined:
    Dec 9, 2005
    Posts:
    540
    Location:
    Paris
    Hi all,

    Two hours ago i made a scan with A² and found nothing then i tried SD.

    The Doctor found me a FP and an advertising cookie (from superantispyware forum) o_O

    No comment

    MaB
     
  6. dcdc

    dcdc Registered Member

    Joined:
    Nov 22, 2004
    Posts:
    195
    Location:
    Boston area
    Thanks for the posts.

    Yes, I did run a full scan with Super Antispyware, and found nothing.

    About Spyware Doctor, I am going to assume barring good evidence to the contrary that it is a reputable app. It is on the recommended list at Eric Howes' Spyware Warrior site, for instance, and it and Spy Sweeper normally test out at the top in the various AS tests I have read in the computer mags like PC World and PC Magazine. Of course, the results depend on the exact testing methodologies used.

    For those who have doubts about the integrity of AS apps, take a look at the extensive list of rogue/suspect AS at Spyware Warrior. LOTS of apps listed there. Yes, of course it is suspicious when a free scan reveals a load of malware, which you can then have removed if you shell out $29.95 or whatever for the AS you just scanned with.

    I have run the free version of SD for a couple of years or so. Rarely has it found anything, either genuine spyware or false positives, maybe 3 or 4 or the latter. The only error it consistently makes is that it flags a couple of the IE tweaks from Spybot as possible web hijackers. The free version won't let me ignore them, but I am !00% certain of what they are.

    Except for the above mentioned Spybot (which I do support), none of the other AS apps that I know of offer full-featured free versions beyond an initial trial period if they have one - why should they?

    I like SD because it offers active protection in the free version with no expiration, but it does not let you remove (alleged) items found in scans. By contrast Ad-Aware will let you remove these found items, but does not offer active protection.

    Others, including I think Counterspy, time you out after the 30-day trial of the full version. If I recall, a-squared drops you back to the free, limited feature version after the trial period. Trojan Hunter times you out for life; I tried downloading again quite some time after the initial trial, and could not get it to go. So they all have their enticements to get you to buy.

    Lodore, are you suggesting that the FPs found in the free version of SD are not found by the paid version? If so, that's pretty damning, I must say, and thoroughly dishonest.

    I never liked Pest Patrol because it has a reputation for FPs, and from the free scans I have done, it appears justified. But it's also recommended by Spyware Warrior, and PP has been around for quite a while now.

    Mrkvonic, thanks for the suggestion about Ultimate Boot CD. I'll look into it. I want to get some kind of registry cleaner, but since I do not have a backup system in place, I am very reluctant to mess with the registry in any way, lest I wind up with a machine that is unbootable and unfixable by myself.

    Options are limited when your skill level is as well.
     
  7. dcdc

    dcdc Registered Member

    Joined:
    Nov 22, 2004
    Posts:
    195
    Location:
    Boston area
    Let me add one additional point about Spyware Doctor. It no longer offers any tech support for unregistered users, i.e those who run the free version, and I can really hardly blame them for that. Tech support costs money, and I am not a paying customer. As such, I was not able to communicate with them before posting here.

    I think a few AS companies will offer tech support to free subscribers, at least during the trial period. Spybot of course does have free tech support, but it is rather slow. I think a lot of it is done by volunteers, much like those who moderate on Wilders, so one can hardly complain.
     
  8. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    This occurs with AVG AS/Ewido but not with a-squared. You have to uninstall the trial version before installing the free version :)
     
  9. fcukdat

    fcukdat Registered Member

    Joined:
    Feb 20, 2005
    Posts:
    569
    Location:
    England,UK
    If you are open to suggestions then a combo of Spywareblaster+WinPatrol+SAS free will offer a better level of protection against emerging threats when added to resident AV/firewall etc

    SpyBot has some useful tools on top of teatimer but is widely reguarded as slipping fastly behind the leaders in the antispyware field.This could all change overnight should a new and improved version be released but i've not seen any plans on this.

    The one thing i do know for fact is that that the golden trio of SpywareGuard+Adaware+Spybot in their current incarnations cannot deal with the trojans that are being dev'ed at the moment.A good look at most HJT forums will bear testiment to this unfortunetly :'(

    HTH:)
     
  10. btman

    btman Registered Member

    Joined:
    Feb 11, 2006
    Posts:
    576
    I thought the free version didn't allow updates, meaning even if it was fixed you wouldn't see it fixed anyway. Least when my paid version ran out, I couldn't update.
     
  11. dcdc

    dcdc Registered Member

    Joined:
    Nov 22, 2004
    Posts:
    195
    Location:
    Boston area
    Which AS are you referring to, Spyware Doctor?

    I never had the paid version of SD, just the free, so I cannot comment on my experience in that regard. However, the free version has always allowed updates since I have had it, usually 5 times a week - never on weekends in my experience.

    I almost always update all the AS I have that offers active protection on a daily basis; the others that are passive and used only for occasional scans I only update just before a scan. Why update passive protection?

    There may be some exceptions but as I recall every free version of an AS that I have tried in the past 3 years or so, maybe a dozen or so reputable ones, has offered updates for as long as the free trial period runs. Some terminate completely at 30 days.

    Trojan Hunter will not let you download a new version once your 30 day trial expires, not ever it appears. I tried a complete uninstall a few months after the expiration, removing the folders and everything, and no luck. By contrast, some time ago I tried Counterspy (which at one time shared technology with Giant AS, which morphed into Windows Defender eventually), and some time after its 30 day trial was up, I was able to download a fresh version. I didn't like it, and never tried it again. I can't remember which way the Zero Spyware trial period went - I didn't care for that one either.

    Probably plenty of people will 'roll over' to a new download an AS that has a trial period of the full version, but I don't feel all that comfortable about doing it myself. A trial is a trial. If I find a particular app to be mediocre or offer little incrementally over what I already have, I may try it again some time later, but that's it.
     
  12. dcdc

    dcdc Registered Member

    Joined:
    Nov 22, 2004
    Posts:
    195
    Location:
    Boston area
    Thanks fot this correction. I wasn't sure.
     
  13. dcdc

    dcdc Registered Member

    Joined:
    Nov 22, 2004
    Posts:
    195
    Location:
    Boston area
    Thanks for your post.

    Super Antispyware does seem to be an up and coming AS app.

    I had WinPatrol for some time but eventually uninstalled it. I don't think it added to what I already had running. What I found particularly annoying was that when a change to my system occurred such as a new Active X installed or a new startup program, both Spy Sweeper and to a lesser extent Spybot would give me an alert almost instantly. About a minute later WinPatrol would come along with its own alert. Too late to do any good then. I also thought WP did not catch as much as it should for an app that was offering active protection.

    Sadly, I agree that the venerable Spybot is not the AS standout it once was based upon what I have read. Development apparently depends in part on volunteers, and updates are relatively infrequent. There are also annoying bugs that don't get fixed, and I find it very quirky that Immunization updates are performed independently of the 'main' updates. Still, I imagine those who have been active in AS a long time (not me) are fond of Spybot.

    As for Ad-Aware, I believe it too is no longer a leader in AS solutions.

    SpywareGuard has not updated in a couple of years I think. It may well need new heuristics to be effective now.

    There is Rootkit Revealer from sysinternals (recently bought by Microsoft), the same company that offers Process Explorer. I use PE to monitor my system daily if something does not seem quite right. I would encourage everyone to download this freebie - Task Manager on steroids.
     
  14. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    @dcdc, from what i have read there is alot of fp's in spywaredoctor.
    and i did also read quite a few times that the free version that didnt remove anything detect stuff all fp's and when they brought it to remove what was found in the non remove version. they then ran a scan with the paid version they just brought and it found nothing.
    so if pc mag's test only the paid version they wont know about the fp's in the non remove version.
    lodore
     
  15. dcdc

    dcdc Registered Member

    Joined:
    Nov 22, 2004
    Posts:
    195
    Location:
    Boston area
    lodore,

    If what you say about Spyware Doctor producing different scan results in the paid and free versions is true, and I don't doubt you, that's disgraceful and dishonest. :(

    It does make sense that testers would not use the free versions for testing, so they would not pick up on any false positives.

    Bummer. Glad I didn't pay for SD I guess.

    Spy Sweeper is still my principal AS anyway.
     
  16. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    i used to like spysweeper but 5.2 is to buggy and a resourse hog.
    my dad renewed it because it was only £10
    but i think superantispyware pro is definatly better.
    lodore
     
  17. dcdc

    dcdc Registered Member

    Joined:
    Nov 22, 2004
    Posts:
    195
    Location:
    Boston area
    Spy Sweeper 5.2 does have a slider to let you adjust how much CPU time the app consumes during scans.

    As far as a resource hog, you can't beat Spyware Doctor. This is where I have found the previously mentioned Process Explorer invaluable. When SD loads at startup, it hogs literally 90-100% of the CPU time in two chunks that last an incredible 5.5-6 minutes on my machine. I literally can't do anything until it finishes loading. So what I do is either turn it on a few minutes before I plan on using it, or else click on Stand By rather than shut it off if I plan on returning in a little while. If I am not going to be on the internet, I'll shut it down.

    I hear all the time how this app and that app are hogs, but I seldom see it in practice except during a scan, and then what do you expect if the program is scanning your entire system? I watch them all on PE's table and graph (which gives you a 10 minute view if you stretch the window out), and rarely do I see much hogging of CPU time by any of them EXCEPT if there is a conflict between AS when one is scanning and the other one doesn't like it.
     
  18. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    if you let spysweeper load up on startup it doubles the startup time of my pc.
    so i use it on demand only.
    when i tell it to open it takes about 2minutes to load up and uses lots of cpu during that time.
    spysweeper is bloated. 4.5 wasnt to bad.
    5.0 was horrible as is 5.2
    lodore
     
  19. dcdc

    dcdc Registered Member

    Joined:
    Nov 22, 2004
    Posts:
    195
    Location:
    Boston area
    Let me add this postscript to the CommonName detection I reported at the start of this thread.

    I ran a full scan a couple of days ago, and CommonName is no longer being detected. Although I update the definitions daily, this was only the second full scan since the problem initially arose.

    Now one interpretation might be that SD realized at some point that the detection was a false positive, and the error was corrected in an update. A more cynical viewpoint might be that the FP was planted, and was eventually removed after some period of time, ultimately to be replaced by another one perhaps.

    Who knows.
     
  20. ejr

    ejr Registered Member

    Joined:
    Nov 19, 2005
    Posts:
    538
    My experience with Spyware Doctor is that it is one giant false positive. I had 2 false positive in 2 months. It would have been 3 FP's but I stopped using the MVP Hosts file.

    The final straw for me was when Spyware Doctor detected the entire ESET File (which contains NOD32) as 162 infections of a trojan. I uninstalled that day and have been happier since.

    If they could get rid of the FP's they would have a verty solid product (better than Spysweeper in my opinion). But they simply can't or don't want to get rid of the FP's.
     
  21. dcdc

    dcdc Registered Member

    Joined:
    Nov 22, 2004
    Posts:
    195
    Location:
    Boston area
    It's difficult to know what to make of Spyware Doctor. I read the various AS tests in PC World, PC Magazine, and random other sources, and Spy Sweeper and Spyware Doctor usually finish neck and neck in first place, with the others a distant second. Of course the test results depend on your testing parameters, but even so.

    I suppose you could say that these apps test out best because they are advertisers in the magazines, but others advertise as well, so that's not a particularly convincing argument.

    Also, Consumer Reports, which accepts no advertising, came out with the following ratings of 12 AS apps in Sept. 2006:

    F-Secure AS 2006 - 89
    Webroot Spy Sweeper 4.5 - 89
    Spyware Doctor 3.8 - 88
    Trend Micro AS 3 - 85

    In this instance F-Secure comes out tied for first.

    Some people may want to claim that CR does not know what they are doing, but I beg to differ. They're not stupid.

    By the way, Microsoft Windows Defender beta finished dead last at 12th, score 43.

    I myself never liked Pest Patrol. It had an apparently well deserved reputation for false positives. Whenever I would go to their site for a free scan, it would always come up with all sorts of things, none of which I believed were genuine malware.
     
Loading...
Thread Status:
Not open for further replies.