Wierd experience with CAYahooAntispy

Hi! Rcently I've downloaded CAYahooAntispy, an antispyware program that comes with the Yahoo! toolbar, but seems to be working just fine also without it (removed the toolbar because it took too much space on my browser, looked ugly and my Firefox allready has a multiple search toolbar (all in one - google, yahoo, others).

After removing the toolbar I ran a scan (for the first time) and it found to my suprise spyware. I was suprised, because I just had a ''scan day'' and ran a scan with each of my AV and AS apps (look at signature for more info...) and removed all found...

After a quick inspection it as said found spyware and asked if I want to make a full scan. It finished scanning the full scan (251GB of used space on a 300GB disc) in 701 seconds...

It reported it found ISTbar, eMule (p2p) , Mirar (toolbar), Trymedia (Adware), Estalive (Adware) and uTorrent (says its a trojan!!!).

I've done no action for found objects, but closed and again scanned a full scan with Malwarebytes' Anti-Malware, SUPERAntiSpyware Free Edition, AntiVir Free, SpyBot S&D and SpyCatcher... NOTHING found.

I ran a scan with CAYahooAntispy again and it found: KoolyNoody (downloader), Trymedia (Adware), eMule (p2p), uTorrent (trojan)
I again don't do any action, but just close the application. Opened it again and scaned again. This time the same detections. Oh, and the second and third time the toolbar took A LOT longer then the first time to finish the scan.

All of this a bit wierd and suspicious. Culd be just a few FP, but why does it report the 2nd and 3rd scan 1 totally differen spyware? The program updated itself when I installed it, no new updates after first scan.

So I uninstalled the software and reinstalled it back together with the toolbar. Ran a scan and this is what it found: ISTBar (hijacker), eMule, Mirar, TryMedi, Estalive, uTorrent.

With mixed feelings I allowed eMule and uTorrent (excluded it) and removed the rest.

Any thoughts on this?

P.s.: I downloaded and installed it also on my girlfriends laptop, she had one spyware found the first time she ran it, after that nothing.

 

Does anybody know anything about this program/has experience with it? Is it good or just a rogue?

 

Don't even bother installing that thing. Whenever I install that thing it detects Kazaa(which I NEVER installed) and other ghost spyware entries. I think it's just a stupid way to advertise their toolbar.

 

CAYahooAntispy is CA PestPatrol 8.0 in new bottle. Same issue here as well.
As per Pest Patrol KaZaa is a threat. And uTorrent is a trojan.

Hence the detections.

 

They used the Norton engine before.All it found were cookies, but at least it didn't make this ridiculous false positives. Switching to CA was a bad move.

@vijayind: I read the KaZaa lite article. I didn't have KaZaa lite installed.

 

There you go : http://www.ca.com/securityadvisor/pest/pest.aspx?id=453060292
Kazaa is also a threat (due to Brilliant Digital Adware)

Also if you look, many other vendors also seem to be flagging KaZaa and uTorrent as malware.

 

I think that you don't get my point. I don't have Kazaa installed, and never installed it. So how come CAYahooAntiSpy detected Kazaa(as well as other non existent threats) on my pc?
PS:I'm sure that uTorrent is NOT malware. In the link you gave before it showed a Kaspersky detection that was a FALSE POSITIVE. So detecting uTorrent as malware is WRONG

 

One good thing about PestPatrol is that its dumb
So it doesn't have any major heuristic functionality, but is a signature based scanner. If you link in the KaZaa link earlier, it lists file,reg. it looks for to identify KaZaa. Maybe you had the same/similar file.

I don't know about uTorrent. I don't use and I have never tried it. But as per CA, other vendors like Sunbelt,Panda and Norman also flag it as malware.

 

If you use Joost http://www.joost.com/ it creates a Kazaa registry entry.

 

Oh that's friggin thrilling to know

 

Nope, never heard of it before

 

Thank you. Those were my assumptions, but I wanted to hear from somebody else to be sure. It would be a shame to throw away a free app that detects what others fail, and also I was thinking about how a company like Yahoo! culdn't afford spoiling its reputatin by missleading people and abusing their trust like that.

...frankly, I think it's a scam to make people believe they are getting a good, free AS application by installing Yahoo! toolbar, when in fact it's just a bad placebo. What if somebody removes lets say Superantispyware or some other good AS application, just because he thinks it wasn't dooing it's job and that this poor excuse for an AS app has actually cleaned his pc...

Has the Google vs. Yahoo! competition really made Yahoo! so desperate, that it started using such corrupt tactics?

If so, I really hope people learn about this and stop using Yahoo! once and for all.

 

Hmm well IIRC, back sometime when i last tested Pestpatrol& PP online scanner around 2 years ago then they had an issue with detecting registry values inserted by either SpywareBlaster or IE SpyAds in the following part of the registry.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains

They were blatent falsepositives and although reported to PP on numerous times over the years by many folksfrom the tech forums they remained

Of course to the uneducated user that ment PP had found malware that others missed but of course the truth is that these are not really malware detections.Just false detections and hence why other softwares were'nt seeing them

Now y'all know why PP has the reputation for being FP generator : but even more dubious was CA's inaction to address these then *well known* FP issue's

 

Re: Weird experience with CAYahooAntispy

Joost is made by Kazaa and Skype developers. Don`t know why they put that entry there. A-Squared found it, and it kept coming back.

 

Must be either false positive, or potentially-unwanted-application/riskware-not-a-virus type of detection.

Classifying uTorrent as malware would be as silly as classifying eMule as such. It's clean safe application

 

I tried VirusTotal, only 2 out of 76 failed. As suspicious ( Esafe and PrevX). I am guessing the detection earlier, where because uTorrent in in UPX packer.