Webroot Spy Sweeper Installing Malware??

Discussion in 'other anti-malware software' started by beto_nl, Aug 2, 2008.

Thread Status:
Not open for further replies.
  1. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    Point here is that the toolbar is NOT a trojan, it's a toolbar that may or may NOT "spy" on you. It's not some wicked software that's going to toss everything there is to know about you to everyone who wants to get there hands on it (your ISP on the other hand does do that). It's a simple toolbar that uses Ask.com's search engine as an OPTION, it does not "take over" anything. It's the same thing as Google's toolbar and Google shares a hell of a lot more about you than Ask probably ever will.

    If you choose "Custom" installation and UNCHECK the toolbar install OPTION, it does NOT get installed. I am running it now, it is NOT there. All you saw with the TEMP thing was the software unpacking it's files to PREPARE for installation, not actually installing, software does that, it's a fact of life. Is Spy Sweeper any good? That's opinion based on individual results, but let's not throw a company under the bus because some AV A: Flags an FP. B: Mislabels a threat. C: Is too stupid or aggressive to be able to tell a real threat from a potential threat.
     
  2. ejames82

    ejames82 Registered Member

    Joined:
    Mar 23, 2007
    Posts:
    156
    you do have a very good point about the ask toolbar. i have been asking for quite some time whether it has "reformed/rehabilitated", truthfully, i don't know. if the ask toolbar is still spying, then that makes the offense that much more reprehensible. it was a poor choice to align with the ask toolbar in the first place, because of it's bad reputation..
    is the ask toolbar still spying? if so, then they are hypocritical.
    none of these companies should be pushing their toolbars. we want what we want. no extras. there shouldn't be any tricks to try to put it on a users machine. a newbie isn't going to realize they've downloaded it until it's too late, and probably won't know how to remove it either, so they will be stuck with it. they know that if the option is "opt-out" that there is a certain percentage of newbies that will download it by mistake. a newbie is not going to know how to do a custom installation. that's what ask.com is hoping for.
    you can call it "throwing them under the bus", i call it criticizing. it was all about the money, and to heck with everything else. i criticize spy sweeper for the path they chose to take, not the scanner.
     
  3. Longboard

    Longboard Registered Member

    Joined:
    Oct 2, 2004
    Posts:
    3,223
    Location:
    Sydney, Australia
    Agree, the egregious "opt-out" sucks.
    Cant blame the vendors for wanting revenue, but, it has to be clearly spelt out. Not only the presence of the toolbar, but why it is there.
    Not in 0.5 point font at the end of 40 page EULA/Disclaimer document :rolleyes:

    Lol: that is a frighteningly long list of 'reputable' vendors pushing the ask toolbar = immediately turns to other vendors.
    I read Kevin McAleavy re Comodo and the tool bar: despite the -ahem- noninjurious nature of Ask, the issue does raise hackles all over.

    Almost need a list now of vendors who DO NOT include 'little gifts' for the purchaser.

    As to OP and Spysweeper: flick it: you wont regret it.
     
  4. beto_nl

    beto_nl Registered Member

    Joined:
    Aug 2, 2008
    Posts:
    20
    The point is that I have a new system with programs that i'm using for the first time such as Vista and Bullguard.

    I decided to disable Windows defender and try other softwares such as Spy Sweeper.

    - In the very beginning of the installation(SpySweeperSNRSetup_EN.exe) Bullguard throws the "askBarSetup.exe" fromTEMP into quarantine

    - Installation proceeds ( and YES I choose for CUSTOM installation) but the askBar install screen is not there anymore (so nothing to uncheck), probably because of Bullguard!

    So Bullguard gets all wound up and if it's a false positive I dont mind, I'ts a tool bar anyway and then I say to myself ok, askBar stuff is gone; But what happens at the end of installation? Spy Sweeper tries to allocate askBarSetup.exe in TEMP again! ( see screenshot of first message)

    Maybe so let's make it a big MAYBE if Bullguard was not
    conflicting with spy sweeper I could get the askbar install
    screen and uncheck it and maybe really getting free of askBar, but how can you now really be AWARE of what kind of background activities Spy sweeper is performing?
    I even read in another forum that spy sweeper was trying to install adware during UPDATE.
    I am zipping and sending the whole file (SpySweeperSNRSetup_EN.exe) to Bullguard
    and let's see what they have to say about it

    And why the heck a security program should
    be teamin up with a programs like askBar that have or had such a bad rep and therefore creating all these kind of conflicts with Anti-virus programs, be cause Bullguard is not the only one, NOD32 does it as well, unless they slowly start, one by one to team up with spy sweeper, toolbars, and all these crap.

    All I did here is expose a conflict between 2 so called security programs...you take the conclusions you want

    Good Luck!
     
  5. Longboard

    Longboard Registered Member

    Joined:
    Oct 2, 2004
    Posts:
    3,223
    Location:
    Sydney, Australia
    No probs with what you posted.
    If I was you I'd be happy that BG is finding this as a mal. ;)

    The link from BillP/WinPatrol blog is interesting reading: integrity in short supply these days.
    BG not the problem.
    :thumb:
     
  6. beto_nl

    beto_nl Registered Member

    Joined:
    Aug 2, 2008
    Posts:
    20
    Sure! Spy Sweeper is long gone...BG stays.

    Nice blog by the way; i just installed the WinPatrol.
    Talking about integrity, what about SpyBot? It offers a kind off real-time watch( tea timer) and you get
    a little more grip on some background activities..
    Cheers
     
  7. emperordarius

    emperordarius Registered Member

    Joined:
    Apr 27, 2008
    Posts:
    1,218
    Location:
    Who cares
    IMO Spybot detection's pretty outdated nowadays, and the Tea timer just notifies about every registry key modification/creation/deletion, annoying.
     
  8. Longboard

    Longboard Registered Member

    Joined:
    Oct 2, 2004
    Posts:
    3,223
    Location:
    Sydney, Australia
    As sad as it is I tend to agree.
    SpyBot was one of the first 'anti' tools I ever had, donated to the cause and never really had any issues. Price was spot on. :)
    TeaTimer for me now can be a complete pain.
    SS&D has barely kept pace, not a bad on demand tool, some nice features, but for real time ?? not so sure anymore. Still under active devt, never really lost my affection for them, sad to see it off :'( , just not here any more.
    Still a great admirer of PK's efforts.
     
  9. DVD+R

    DVD+R Registered Member

    Joined:
    Aug 2, 2006
    Posts:
    1,979
    Location:
    The Antipodes
    NOD32 Instantly detected it as a Variant and Quarentined it so it didnt even get the chance to ask whether I wanted to install it or not (which I didnt)
     
  10. beto_nl

    beto_nl Registered Member

    Joined:
    Aug 2, 2008
    Posts:
    20
    Bullguard allows the installation of Spy Sweeper but disables
    AskBar install screen ( it won't appear on custom install anymore) The problem is ( I think) Spy Sweeper will try
    to allocate it again sooner or later.

    Perhaps that's why NOD32 won't even allow the whole installation to proceed ( I think)
     
  11. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
    Sigh... Seriously

    - either disable the darned AV temporarily if it can't be configured to not trigger on such stuff and follow the instructions I've given above to avoid the toolbar installation,
    - or report a bug to the AV vendor and ask them to classify this correctly and make PUA configurable
    - or ask Spy Sweeper vendor to remove the toolbar and come back a couple years later to check
    - or don't install the free Spy Sweeper and finally move on...

    (as I've already told you couple days ago)

    Ranting here over and over again how your AV triggers alert on install won't get you an inch further. We already know that your AV and others detect this toolbar so repeating it over and over again doesn't bring any new useful information to this thread... :rolleyes:
     
  12. beto_nl

    beto_nl Registered Member

    Joined:
    Aug 2, 2008
    Posts:
    20
    Perhaps we can end this discussion highlighting some excellent remarks posted on this thread ( among others of course):

    Best Regards
    Beto_nl
     
  13. DVD+R

    DVD+R Registered Member

    Joined:
    Aug 2, 2006
    Posts:
    1,979
    Location:
    The Antipodes

    Step Off your Mule, Fly Boy :cautious:

    Who in their right mind would disable protection just to install a most definate kind of Trojan Variant..i. Its called Stupidity in its extreme to sugest such, In any light facts are these, the most thourough of AV will Block time and time again any such type of attempt to access the registry....and thats what they're supposed to do if they have any realist backbone to them.
     
  14. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
    Thanks for you insight; now may I suggest that you re-read this thread and check out facts. It's not a trojan, it's a damn toolbar. But sure you are free to let yourself controlled by AV misinformation, instead of using common sense and being the one who ultimately controls your computer.
     
  15. DVD+R

    DVD+R Registered Member

    Joined:
    Aug 2, 2006
    Posts:
    1,979
    Location:
    The Antipodes

    Listen!... Its a Variant of Win32/ Adinstaller application, if you dont know what that is then look it up and read about it :rolleyes:
     
  16. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
    Yeah, which is an adware installer and no trojan, so yeah - go follow your own advice before posting more misinformation here. TIA.

    Adware vs. Trojan
     
  17. DVD+R

    DVD+R Registered Member

    Joined:
    Aug 2, 2006
    Posts:
    1,979
    Location:
    The Antipodes
    I said VARIANT didnt I, or are you too obsessed to stamp your claim on lunacy to have read that, anyway, theres a moth in this room that I have to chase, so go amuse someone else with your BS, your now growing misfortunate
     
  18. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    Oh for petesake people, it's a freaking FP already, Comodo has the same issue with their Ask toolbar! For crying out loud, if it's that damn big of a deal don't install Spysweeper PERIOD! If it were a for real trojan someone please enlighten me as to why Comodo would use it. And NO, the toolbar does NOT silently install if you uncheck the option, learn how software works before going ape-sh*t about temp directories. If you actually spend your time Googling about the toolbar, you'll see a LOT of AVs flagging it and nobody is giving two squirts of pee because it's determined as an FP.

    At this point you got two choices, install or don't. If you're gonna get mad about companies putting in evil toolbars, you better start pointing your fingers in a lot of directions because tons of them do that now and they will continue to do so for revenue purposes.

    Edit: Without launching back into a tirade, seriously, it's a simple FP. Go Google it and see. You guys know by now that toolbars are almost always classified as "bad" by AVs and all. Some TRULY are bad, but not all, again, seeing as how Comodo is using Ask also. And as far as the temp thing goes, entries are left over post-install sometimes. The install file for Ask is there even if you don't actually install it, so the temp folder will still show that during the install process the file was "prepared for installation". If you clean your temp files out, it's gone, don't panic.

    But really, if it seriously does worry you, don't install Spysweeper. The Google Toolbar and Ask Toolbar might not be the most welcome, but I have extremely serious doubts that they are any more dangerous as far as privacy/risk as any other program thats ends information back to its servers (meaning damn near all software).
     
    Last edited: Aug 4, 2008
  19. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
    Yeah, and Sun is a variant of Moon... and black is a variant of white. :D

    s/room/head/ perhaps, that'd explain all the FUD you are speading here.
     
  20. DVD+R

    DVD+R Registered Member

    Joined:
    Aug 2, 2006
    Posts:
    1,979
    Location:
    The Antipodes
    Personally I dont give a toss!, I installed it without the toolbar, And NOD32 Quarentined and submitted it to ESET for Analysis. I'm just stating a fact to Lord Such up there ^^^...and anyway its Adinstaller WHICH MEANS IT WILL SOONER OR LATER DIRECT YOU TO SOME CRAP OR OTHER YOU COULD DO WITHOUT!


    Case closed:
     
  21. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
    If you have no arguments, start shouting and spreading more FUD. :rolleyes: So yeah indeed, case closed and so should be this thread.
     
  22. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    Read my post above guys and go do a search...then calm down :) Lest we face the wrath of the Mods button of choice "delete".
     
  23. BlueZannetti

    BlueZannetti Registered Member

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Folks,

    How about dropping the posturing rhetoric a notch or two?

    Depending on perspective, the detection could be viewed as a false positive or not. Ad based content is a grey zone whether anyone likes that or not. Further, it appears that the detection is generic, which reinforces the tentative nature of the assignment.

    As for the thread title.... get a grip folks. Don't have a stroke on every antimalware product alert or notification. Life is too short. Pay attention to what these products flag, do some homework on the notification, and make a decision that's right for you and your needs.

    Blue
     
  24. BlueZannetti

    BlueZannetti Registered Member

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    We are already there. Want the discussion closed? Continue down this particular road.

    Blue
     
  25. DarkButterfly

    DarkButterfly Registered Member

    Joined:
    Jul 18, 2008
    Posts:
    82
    Sun is a star. Moon is a natural satellite/secondary planet. Two different things.

    Black is not a variant of white, nor is white a variant of black. White is the opposite of black, and black is the opposite of white. Or if you wish, white, means presence of light, and black, absense of it.

    Now OT, Ask.com toolbar used to be considered malware (adware/spyware) because the folks who owned it before weren't nice people, if you understand what I mean.
    Now, it seems things have changed, because Ask.com has new owners, and they seem to be taking the right approach to make Ask.com decent.

    That was the short story. If you (everyone) wants the whole story, dig for it.

    And if I well recall, Spysweeper asks the user if wishes to install Ask.com toolbar. Therefore, not considered adware. As far as I understand adware, it installs without the user's consent. Does not seem to be the case with SS.

    Perhaps, it is time for AV and AS developers to take a look into it and update their signatures not to treat it as malware.
     
    Last edited: Aug 4, 2008
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.