Webroot SpySweeper anyone??

Discussion in 'other anti-malware software' started by SamSpade, Feb 2, 2008.

Thread Status:
Not open for further replies.
  1. SamSpade

    SamSpade Registered Member

    Joined:
    Oct 22, 2006
    Posts:
    415
    I bought a SpySweeper subscription about 3 years ago, and at first I thought it was the cat's meow -- thorough sweeping and good proactive defenses, etc., regular updates, and most importantly, my system never got a baddy -- I have always used a good AV, too, so those two reasons worked, it seemed.

    Then I noticed about 18 mos ago it was running very heavy. So I took it out, even though I had just bought an extension until 2009.

    I know it is now up to version 5.5, AND I and I'm wondering if it has lightened up a bit, or does it still lock into almost every conceivable part of the OS?? Anybody has experience with the latest SpySweeper??
     
  2. EliteKiller

    EliteKiller Registered Member

    Joined:
    Jan 18, 2007
    Posts:
    1,138
    Location:
    TX
  3. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
    I'm using the Spy Sweeper WITHOUT antivirus, and it has never been heavy on my system. I have 512 MB RAM though. I don't know why it became heavvy on your system. By definition speed depends on some combination of hardware/software and how you use that, including possible errors.

    I believe we are at version 5.5.7.

    But before you install it, keep in mind that Webroot tries to install the Spy Sweeper with the ask.com toolbar, and the 'search assistant' by default ! I think that those two have spyware/adware characteristics. Not good for a security product ! If you want to install the Spy Sweeper, I suggest you use a customized install so that you'll avoid those two (I wonder if they also try to sneak in a google toolbar).

    Inserting the ask.com toolbar/IAC is becoming an infamous practice in the security industry. Even Zonealarm is into it ! (For more info, I suggest googling sunbeltblogspot, IAC, ask.com toolbar, Webroot)

    And I wonder what they do with your credit card number ... they currently have an auto-renewal policy ... Paying (in January) for the extension of the subscription was in more than one way strange ... I won't elaborate on that. I wonder if Webroot can be trusted ...
     
  4. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
    Elitekiller, before I started writing my post yours wasn't there. I must be slow ...
     
  5. Dieselman

    Dieselman Registered Member

    Joined:
    Jan 6, 2008
    Posts:
    795
    It has always been heavy. No need to run a real time spyware program. Just run a scan once a week with SuperAntiSpyware free and Spybot.
     
  6. EliteKiller

    EliteKiller Registered Member

    Joined:
    Jan 18, 2007
    Posts:
    1,138
    Location:
    TX
  7. SamSpade

    SamSpade Registered Member

    Joined:
    Oct 22, 2006
    Posts:
    415

    So what to do if a spy gets in between scans and sends home all kinds of confidential information (passwords, etc.)o_O Real time seems as important for spies as for virii, no?




    |||
     
    Last edited: Feb 3, 2008
  8. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408

    Prevention is better then cure. :D
     
  9. Dieselman

    Dieselman Registered Member

    Joined:
    Jan 6, 2008
    Posts:
    795
    Thank you...............Spyware just doesn't come walking in. You let it in by installing something or visiting some site where you need to install an active x plugin. Comodo tells me all I need to know about whats going on and NOD32 keeps me pretty well protected. I only have had 1 spyware problem years ago but Comodo 2.4 stop it in its track because bells and whistles went off about some unknown program trying to connect. I clicked deny cause I did not know what it was. Then I ran a spyware scan and presto. It was gone. I good firewall and virus scan is all you need in real time mode. Then run a spyware scan once a week with whatever program you chose.
     
  10. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408
    Your Welcome.
     
  11. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
    If I did that I would quickly regret it !
     
  12. Dieselman

    Dieselman Registered Member

    Joined:
    Jan 6, 2008
    Posts:
    795
    No you would not. What are you using for an AV and FW?
     
  13. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
    (partial quote)

    Not knowing NOD32 (antivirus I believe) or Comodo: Since I started using Counterspy I virtually never get spyware (1 adware program and an occasional cookie over the past 6 months).

    But before that: even with the Spy Sweeper and the older version of the Spyware Doctor giving real-time protection, I got spyware on a regular basis, and not just cookies. And (at least since IE 7 is the way it is now, with me using elevated security settings) it never had to do with installing ActiveX, or installing a program (except of course spyware that was a program and not part of a program or attached to it somehow).

    I can't really explain the discrepancy between our experiences ... except if you were just visiting mainstream sites (not safe anymore).
     
  14. Dieselman

    Dieselman Registered Member

    Joined:
    Jan 6, 2008
    Posts:
    795
    You have know idea what NOD32 is. Its only one of the best AV on the market. If you keep getting spyware then maybe you should change you surfing habits. Use Firefox or Opera. I have never known anyone to keep getting spyware unless they are just clicking away. Invest in good protection and you will be fine. Obviously Counterspy isn't good if you keep getting spyware. Comodo is a firewall BTW. I visited alot of different sites. Sites I cannot mention and never have gotten a thing. So I will suggest again to change your security set up and surfing habits.
     
  15. SamSpade

    SamSpade Registered Member

    Joined:
    Oct 22, 2006
    Posts:
    415

    Well, sure, I know that. But I run nod32 (past 18 mos.) and I'm running Online Armor (both FW and HIPS), but I still got some strange nasty a few days ago, something called <Trojan.Net-PhakeRU>, a file with 12 registry entries. I found them using SuperAS free; i.e., only on-demand. According to <http://www.superantispyware.com> this is a trojan that lifts passwords, etc, and phones them somewhere. Point is, I only caught the sucker *after* it was on my machine. Either this puppy's a false pos or nod32 and OA fell down. Oh, I'm behind a router, too.

    Any ideas how it got in?? I don't do porn sites or other risky places.


    //
     
  16. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,654
    Location:
    Sydney, Australia
    What exactly did SAS remove? Do you have logs on it?
     
  17. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    By chance was this on your Lenovo thinkpad T60p with a password manager installed ?

    If so, do you recall installing or noticing if a Password Manager Browser Helper Object was already installed ?

    From Castle Cops GUID list....BF468356-BB7E-42D7-9F15-4F3B9BCFCED2

    From File Research Center....Trojan.Net-PhakeRU
    If not in this thread, perhaps in another thread, this could be looked at further. Also, the logs mentioned earlier would be of interest.

    Bubba
     
    Last edited: Feb 3, 2008
  18. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408
    Oh if only that were true............
     
  19. Dieselman

    Dieselman Registered Member

    Joined:
    Jan 6, 2008
    Posts:
    795
    Thats all I ever needed with any of my pc's. Never got any spyware or viruses. Safe surfing and good protection. I also use web based email which is safer then OE.
     
  20. SamSpade

    SamSpade Registered Member

    Joined:
    Oct 22, 2006
    Posts:
    415
    Hi Mike. Yes, I have these from my generated from the SAS scan log [edit: and now at second take, I see that SAS is flagging a file from my computer (Lenovo/IBM Thinkpad) Client Security app --> false positiveo_O?]:


    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 02/01/2008 at 03:27 PM

    Application Version : 3.9.1008

    Core Rules Database Version : 3393
    Trace Rules Database Version: 1385

    Scan type : Complete Scan
    Total Scan Time : 01:38:31

    Memory items scanned : 531
    Memory threats detected : 0
    Registry items scanned : 5975
    Registry threats detected : 12
    File items scanned : 40757
    File threats detected : 1

    Trojan.Net-PhakeRU
    HKLM\Software\Classes\CLSID\{BF468356-BB7E-42D7-9F15-4F3B9BCFCED2}
    HKCR\CLSID\{BF468356-BB7E-42D7-9F15-4F3B9BCFCED2}
    HKCR\CLSID\{BF468356-BB7E-42D7-9F15-4F3B9BCFCED2}
    HKCR\CLSID\{BF468356-BB7E-42D7-9F15-4F3B9BCFCED2}#AppID
    HKCR\CLSID\{BF468356-BB7E-42D7-9F15-4F3B9BCFCED2}\InprocServer32
    HKCR\CLSID\{BF468356-BB7E-42D7-9F15-4F3B9BCFCED2}\InprocServer32#InprocServer32
    HKCR\CLSID\{BF468356-BB7E-42D7-9F15-4F3B9BCFCED2}\InprocServer32#ThreadingModel
    HKCR\CLSID\{BF468356-BB7E-42D7-9F15-4F3B9BCFCED2}\ProgID
    HKCR\CLSID\{BF468356-BB7E-42D7-9F15-4F3B9BCFCED2}\Programmable
    HKCR\CLSID\{BF468356-BB7E-42D7-9F15-4F3B9BCFCED2}\TypeLib
    HKCR\CLSID\{BF468356-BB7E-42D7-9F15-4F3B9BCFCED2}\VersionIndependentProgID
    C:\PROGRAM FILES\LENOVO\CLIENT SECURITY SOLUTION\TVTPWM_IE_COM.DLL
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF468356-BB7E-42D7-9F15-4F3B9BCFCED2}


    |||
     
  21. SamSpade

    SamSpade Registered Member

    Joined:
    Oct 22, 2006
    Posts:
    415

    Just noticed your post, Bubba, thanks. YES!! You got it exactly: ThinkPad T60p, with password manager. Is this a *real* baddy, or just a FPo_O


    |||
     
  22. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    For me it would confirm that those are valid files used by your LENOVO thinkpad password protection software.

    I would suggest re-installing the LENOVO password protection software and re-scan but select check only if possible. If it re-finds those same entries, follow appropriate procedure for reporting a possible false positive.

    Bubba
     
    Last edited: Feb 3, 2008
  23. SamSpade

    SamSpade Registered Member

    Joined:
    Oct 22, 2006
    Posts:
    415

    Done. Thanks for the input. ;)

    Sam


    |||
     
  24. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
    I'm currently using Virusscan Plus 2008, including their firewall. Among (?) other things to prevent the installation of spyware, McAfee uses scripts as part of it's engine !

    I intend to drop McAfee, I'm just considering waiting for the the new version of Counterspy with antivirus, or get something else.

    But before McAfee 2007 I had an earlier version of McAfee, with virusscan 10 or 11 and firewall version 7 (or close). I got lots of spyware !
     
  25. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
    Only 1 adware program in 6 months isn't bad !

    I wouldn't know how to respond to the rest of your statement (or invest time trying to).
     
Thread Status:
Not open for further replies.