Wierd experience with CAYahooAntispy

Discussion in 'other anti-malware software' started by Mors_Victrix, Aug 28, 2008.

Thread Status:
Not open for further replies.
  1. Mors_Victrix

    Mors_Victrix Registered Member

    Joined:
    May 25, 2008
    Posts:
    24
    Hi! Rcently I've downloaded CAYahooAntispy, an antispyware program that comes with the Yahoo! toolbar, but seems to be working just fine also without it (removed the toolbar because it took too much space on my browser, looked ugly and my Firefox allready has a multiple search toolbar (all in one - google, yahoo, others).

    After removing the toolbar I ran a scan (for the first time) and it found to my suprise spyware. I was suprised, because I just had a ''scan day'' and ran a scan with each of my AV and AS apps (look at signature for more info...) and removed all found... :cautious:

    After a quick inspection it as said found spyware and asked if I want to make a full scan. It finished scanning the full scan (251GB of used space on a 300GB disc) in 701 seconds... :blink:

    It reported it found ISTbar, eMule (p2p) :rolleyes: , Mirar (toolbar), Trymedia (Adware), Estalive (Adware) and uTorrent (says its a trojan!!!).

    I've done no action for found objects, but closed and again scanned a full scan with Malwarebytes' Anti-Malware, SUPERAntiSpyware Free Edition, AntiVir Free, SpyBot S&D and SpyCatcher... NOTHING found.

    I ran a scan with CAYahooAntispy again and it found: KoolyNoody (downloader), Trymedia (Adware), eMule (p2p), uTorrent (trojan)
    I again don't do any action, but just close the application. Opened it again and scaned again. This time the same detections. Oh, and the second and third time the toolbar took A LOT longer then the first time to finish the scan.

    All of this a bit wierd and suspicious. Culd be just a few FP, but why does it report the 2nd and 3rd scan 1 totally differen spyware? The program updated itself when I installed it, no new updates after first scan.

    So I uninstalled the software and reinstalled it back together with the toolbar. Ran a scan and this is what it found: ISTBar (hijacker), eMule, Mirar, TryMedi, Estalive, uTorrent.

    With mixed feelings I allowed eMule and uTorrent (excluded it) and removed the rest.

    Any thoughts on this?

    P.s.: I downloaded and installed it also on my girlfriends laptop, she had one spyware found the first time she ran it, after that nothing.
     
  2. Mors_Victrix

    Mors_Victrix Registered Member

    Joined:
    May 25, 2008
    Posts:
    24
    Does anybody know anything about this program/has experience with it? Is it good or just a rogue?
     
  3. emperordarius

    emperordarius Registered Member

    Joined:
    Apr 27, 2008
    Posts:
    1,218
    Location:
    Who cares
    Don't even bother installing that thing. Whenever I install that thing it detects Kazaa(which I NEVER installed) and other ghost spyware entries. I think it's just a stupid way to advertise their toolbar.
     
  4. vijayind

    vijayind Registered Member

    Joined:
    Aug 9, 2008
    Posts:
    1,413
  5. emperordarius

    emperordarius Registered Member

    Joined:
    Apr 27, 2008
    Posts:
    1,218
    Location:
    Who cares
    They used the Norton engine before.All it found were cookies, but at least it didn't make this ridiculous false positives. Switching to CA was a bad move.

    @vijayind: I read the KaZaa lite article. I didn't have KaZaa lite installed.
     
  6. vijayind

    vijayind Registered Member

    Joined:
    Aug 9, 2008
    Posts:
    1,413
    There you go : http://www.ca.com/securityadvisor/pest/pest.aspx?id=453060292
    Kazaa is also a threat (due to Brilliant Digital Adware)

    Also if you look, many other vendors also seem to be flagging KaZaa and uTorrent as malware.
     
  7. emperordarius

    emperordarius Registered Member

    Joined:
    Apr 27, 2008
    Posts:
    1,218
    Location:
    Who cares
    I think that you don't get my point. I don't have Kazaa installed, and never installed it. So how come CAYahooAntiSpy detected Kazaa(as well as other non existent threats) on my pc?
    PS:I'm sure that uTorrent is NOT malware. In the link you gave before it showed a Kaspersky detection that was a FALSE POSITIVE. So detecting uTorrent as malware is WRONG
     
  8. vijayind

    vijayind Registered Member

    Joined:
    Aug 9, 2008
    Posts:
    1,413
    One good thing about PestPatrol is that its dumb :D
    So it doesn't have any major heuristic functionality, but is a signature based scanner. If you link in the KaZaa link earlier, it lists file,reg. it looks for to identify KaZaa. Maybe you had the same/similar file.

    I don't know about uTorrent. I don't use and I have never tried it. But as per CA, other vendors like Sunbelt,Panda and Norman also flag it as malware.:cautious:
     
  9. webster

    webster Registered Member

    Joined:
    Feb 23, 2004
    Posts:
    285
    Location:
    Denmark
  10. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    Oh that's friggin thrilling to know
    :mad:
     
  11. emperordarius

    emperordarius Registered Member

    Joined:
    Apr 27, 2008
    Posts:
    1,218
    Location:
    Who cares
    Nope, never heard of it before:eek:
     
  12. Mors_Victrix

    Mors_Victrix Registered Member

    Joined:
    May 25, 2008
    Posts:
    24
    Thank you. Those were my assumptions, but I wanted to hear from somebody else to be sure. It would be a shame to throw away a free app that detects what others fail, and also I was thinking about how a company like Yahoo! culdn't afford spoiling its reputatin by missleading people and abusing their trust like that.

    ...frankly, I think it's a scam to make people believe they are getting a good, free AS application by installing Yahoo! toolbar, when in fact it's just a bad placebo. What if somebody removes lets say Superantispyware or some other good AS application, just because he thinks it wasn't dooing it's job and that this poor excuse for an AS app has actually cleaned his pc... :mad:

    Has the Google vs. Yahoo! competition really made Yahoo! so desperate, that it started using such corrupt tactics?

    If so, I really hope people learn about this and stop using Yahoo! once and for all.
     
    Last edited: Aug 31, 2008
  13. fcukdat

    fcukdat Registered Member

    Joined:
    Feb 20, 2005
    Posts:
    569
    Location:
    England,UK
    Hmm well IIRC, back sometime when i last tested Pestpatrol& PP online scanner around 2 years ago then they had an issue with detecting registry values inserted by either SpywareBlaster or IE SpyAds in the following part of the registry.

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains

    They were blatent falsepositives and although reported to PP on numerous times over the years by many folksfrom the tech forums they remained:thumbd:

    Of course to the uneducated user that ment PP had found malware that others missed but of course the truth is that these are not really malware detections.Just false detections and hence why other softwares were'nt seeing them:D

    Now y'all know why PP has the reputation for being FP generator:ouch: : but even more dubious was CA's inaction to address these then *well known* FP issue's:shifty:
     
  14. webster

    webster Registered Member

    Joined:
    Feb 23, 2004
    Posts:
    285
    Location:
    Denmark
    Re: Weird experience with CAYahooAntispy

    Joost is made by Kazaa and Skype developers. Don`t know why they put that entry there. A-Squared found it, and it kept coming back.
     
  15. lordpake

    lordpake Registered Member

    Joined:
    Aug 7, 2004
    Posts:
    563
    Location:
    Helsinki ~ European Union
    Must be either false positive, or potentially-unwanted-application/riskware-not-a-virus type of detection.

    Classifying uTorrent as malware would be as silly as classifying eMule as such. It's clean safe application :)
     
  16. vijayind

    vijayind Registered Member

    Joined:
    Aug 9, 2008
    Posts:
    1,413
    I tried VirusTotal, only 2 out of 76 failed. As suspicious ( Esafe and PrevX). I am guessing the detection earlier, where because uTorrent in in UPX packer.
     
Thread Status:
Not open for further replies.