ZeroSpyware

Discussion in 'other anti-malware software' started by hollywoodpc, Mar 6, 2006.

Thread Status:
Not open for further replies.
  1. Stallcup

    Stallcup Registered Member

    Joined:
    Aug 22, 2005
    Posts:
    9
    Thanks for the explanation. Please be advised that the load time at my log on is substantially increased by the addition of ZeroSpyware, and I do not have an excessive number of items in startup. I will try the new version as soon as it is available and report the results here.

    What flexibility? The second user only has the flexibility not to start ZeroSpware. If the second user wants ZeroSpyware, it must be started manually. Since ZeroSpyware is installed on the computer, it is safe to assume that is is wanted. So I repeat my question: What flexibility? Also note that the startup of ZeroSpyware by the 2nd user de facto increases his/her log on time, so the long log on time ZeroSpyware is now trying to shorten is daisy chained to all subsequent users. Doesn't seem logical to me.

    I do not quite understand what you are saying, so let me state what I think you mean. The number of components in quarantine may be increased by items found in subsequent scans, but not necessarily by the total number of items found, because some of those items will be killed/terminated. I understand this completely, and it means the total net number of components in quarantine may increase as a result. However, this does not apply to my situation because the number of components decreased in my case. This lack of communication is my fault because I did not make that clear in my question.

    Understand the reasoning behind the startup selection, but as Blue Zanetti pointed out, and lotuseclat79 illustrated, wouldn't starting as a service both accomplish, and improve, ZeroSpyware's startup goal and eliminate the conflict with, I'll name it now, Window's Defender? Please note that it is my opinion that this is a Window's Defender problem, not ZeroSpyware's.

    Again, thank you for your comprehensive response AshleyH.
     
    Last edited: Apr 23, 2006
  2. ellison64

    ellison64 Registered Member

    Joined:
    Oct 5, 2003
    Posts:
    2,570

    Hmm...i just downloaded the trial version ,and like most of the posts found it visually likeable ,and even tried the instant chat support (didnt know whether it would work with 98se).However it detected 102 entries all to do with a webdialer....heres some of the detected components...
    Components:

    HKEY_CLASSES_ROOT\interface\{6539bf65-6fe7-11d0-9e8c-00a02457621f}\: 1
    HKEY_CLASSES_ROOT\interface\{6539bf65-6fe7-11d0-9e8c-00a02457621f}\(default): 1
    HKEY_CLASSES_ROOT\interface\{6539bf65-6fe7-11d0-9e8c-00a02457621f}\ProxyStubClsid\: 1
    HKEY_CLASSES_ROOT\interface\{6539bf65-6fe7-11d0-9e8c-00a02457621f}\ProxyStubClsid\(default): 1
    HKEY_CLASSES_ROOT\interface\{6539bf65-6fe7-11d0-9e8c-00a02457621f}\ProxyStubClsid32\: 1
    HKEY_CLASSES_ROOT\interface\{6539bf65-6fe7-11d0-9e8c-00a02457621f}\ProxyStubClsid32\(default): 1
    HKEY_CLASSES_ROOT\interface\{6539bf65-6fe7-11d0-9e8c-00a02457621f}\TypeLib\: 1
    HKEY_CLASSES_ROOT\interface\{6539bf65-6fe7-11d0-9e8c-00a02457621f}\TypeLib\(default): 1
    HKEY_CLASSES_ROOT\interface\{6539bf65-6fe7-11d0-9e8c-00a02457621f}\TypeLib\Version: 1
    HKEY_CLASSES_ROOT\interface\{6e644935-51f7-11d0-8d41-00a0248e4b9a}\: 1
    HKEY_CLASSES_ROOT\interface\{6e644935-51f7-11d0-8d41-00a0248e4b9a}\(default): 1
    HKEY_CLASSES_ROOT\interface\{6e644935-51f7-11d0-8d41-00a0248e4b9a}\ProxyStubClsid\: 1
    HKEY_CLASSES_ROOT\interface\{6e644935-51f7-11d0-8d41-00a0248e4b9a}\ProxyStubClsid\(default): 1
    HKEY_CLASSES_ROOT\interface\{6e644935-51f7-11d0-8d41-00a0248e4b9a}\ProxyStubClsid32\: 1
    HKEY_CLASSES_ROOT\interface\{6e644935-51f7-11d0-8d41-00a0248e4b9a}\ProxyStubClsid32\(default): 1
    HKEY_CLASSES_ROOT\interface\{6e644935-51f7-11d0-8d41-00a0248e4b9a}\TypeLib\: 1
    HKEY_CLASSES_ROOT\interface\{6e644935-51f7-11d0-8d41-00a0248e4b9a}\TypeLib\(default): 1
    HKEY_CLASSES_ROOT\interface\{6e644935-51f7-11d0-8d41-00a0248e4b9a}\TypeLib\Version: 1
    HKEY_CLASSES_ROOT\interface\{ee05dfe2-5549-11d0-9ea9-0020af3d82da}\: 1
    HKEY_CLASSES_ROOT\interface\{ee05dfe2-5549-11d0-9ea9-0020af3d82da}\(default): 1
    HKEY_CLASSES_ROOT\interface\{ee05dfe2-5549-11d0-9ea9-0020af3d82da}\ProxyStubClsid\: 1
    HKEY_CLASSES_ROOT\interface\{ee05dfe2-5549-11d0-9ea9-0020af3d82da}\ProxyStubClsid\(default): 1
    HKEY_CLASSES_ROOT\interface\{ee05dfe2-5549-11d0-9ea9-0020af3d82da}\ProxyStubClsid32\: 1
    HKEY_CLASSES_ROOT\interface\{ee05dfe2-5549-11d0-9ea9-0020af3d82da}\ProxyStubClsid32\(default): 1
    HKEY_CLASSES_ROOT\interface\{ee05dfe2-5549-11d0-9ea9-0020af3d82da}\TypeLib\: 1
    HKEY_CLASSES_ROOT\interface\{ee05dfe2-5549-11d0-9ea9-0020af3d82da}\TypeLib\(default): 1
    HKEY_CLASSES_ROOT\interface\{ee05dfe2-5549-11d0-9ea9-0020af3d82da}\TypeLib\Version: 1
    HKEY_CLASSES_ROOT\typelib\{ee05dfe0-5549-11d0-9ea9-0020af3d82da}\: 1
    HKEY_CLASSES_ROOT\typelib\{ee05dfe0-5549-11d0-9ea9-0020af3d82da}\1.0\: 1
    HKEY_CLASSES_ROOT\typelib\{ee05dfe0-5549-11d0-9ea9-0020af3d82da}\1.0\(default): 1
    HKEY_CLASSES_ROOT\typelib\{ee05dfe0-5549-11d0-9ea9-0020af3d82da}\1.0\FLAGS\: 1
    HKEY_CLASSES_ROOT\typelib\{ee05dfe0-5549-11d0-9ea9-0020af3d82da}\1.0\FLAGS\(default): 1
    HKEY_CLASSES_ROOT\typelib\{ee05dfe0-5549-11d0-9ea9-0020af3d82da}\1.0\0\: 1
    HKEY_CLASSES_ROOT\typelib\{ee05dfe0-5549-11d0-9ea9-0020af3d82da}\1.0\0\win32\: 1
    HKEY_CLASSES_ROOT\typelib\{ee05dfe0-5549-11d0-9ea9-0020af3d82da}\1.0\0\win32\(default): 1
    HKEY_CLASSES_ROOT\typelib\{ee05dfe0-5549-11d0-9ea9-0020af3d82da}\1.0\HELPDIR\: 1
    HKEY_CLASSES_ROOT\typelib\{ee05dfe0-5549-11d0-9ea9-0020af3d82da}\1.0\HELPDIR\(default): 1
    HKEY_LOCAL_MACHINE\software\classes\interface\{6539bf65-6fe7-11d0-9e8c-00a02457621f}\: 1
    HKEY_LOCAL_MACHINE\software\classes\interface\{6539bf65-6fe7-11d0-9e8c-00a02457621f}\(default): 1
    HKEY_LOCAL_MACHINE\software\classes\interface\{6539bf65-6fe7-11d0-9e8c-00a02457621f}\ProxyStubClsid\: 1
    HKEY_LOCAL_MACHINE\software\classes\interface\{6539bf65-6fe7-11d0-9e8c-00a02457621f}\ProxyStubClsid\(default): 1
    HKEY_LOCAL_MACHINE\software\classes\interface\{6539bf65-6fe7-11d0-9e8c-00a02457621f}\ProxyStubClsid32\: 1
    HKEY_LOCAL_MACHINE\software\classes\interface\{6539bf65-6fe7-11d0-9e8c-00a02457621f}\ProxyStubClsid32\(default): 1
    HKEY_LOCAL_MACHINE\software\classes\interface\{6539bf65-6fe7-11d0-9e8c-00a02457621f}\TypeLib\: 1
    HKEY_LOCAL_MACHINE\software\classes\interface\{6539bf65-6fe7-11d0-9e8c-00a02457621f}\TypeLib\(default): 1
    HKEY_LOCAL_MACHINE\software\classes\interface\{6539bf65-6fe7-11d0-9e8c-00a02457621f}\TypeLib\Version: 1
    HKEY_LOCAL_MACHINE\software\classes\interface\{6e644935-51f7-11d0-8d41-00a0248e4b9a}\: 1
    Now im not saying that the 102 entries detected are notfrom a web dialer (though i cant remember any time when i had a webdialer installed) but every other antispyware ive tried ,like adaware,spybot,superantispyware,spysweeper kaspersky online scan and my own antivir doesnt detect anything at all.So obviously im erring on the side of caution here.How can i be certain whether the entries are legitamate detections?
    ellison
     
  3. egghead

    egghead Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    443
    Location:
    The Netherlands
    1. spyware installs itself without you knowing it :eek: :eek:

    2. when other AS progs dectect spyware how you know this is legitimate ? :doubt: :doubt:
     
  4. ellison64

    ellison64 Registered Member

    Joined:
    Oct 5, 2003
    Posts:
    2,570
    1.Id know it if i had a web dialer installed or trying to install.I use SSM ,antivir and application firewall.Im pretty confident one if not all would detect a common webdialer.One of the entries point to a help diectory.Ive never known a malicious webdialer with one of those before.
    2.I usually weigh up the evidence with a few reputable scanners.In this case either ZS is wrong or its better than the others ive been using
    ellison
     
  5. Eldar

    Eldar Registered Member

    Joined:
    Jul 12, 2004
    Posts:
    2,126
    Location:
    Vilvoorde (Belgium)
    My bet ellison, it's a false positive. :doubt:
    I've had some experience with those false positives from ZS before.
    Did a full scan with Ewido, Spy Sweeper and Ad-Aware and none of them ever found anything related to what ZS reported.

    Else it's a super anti-spyware program. :D ;)
     
  6. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,161
    Location:
    UK / Pakistan
    Why don,t u make an HJT scan and post the log to some forum alongwith this log to know the truth.
     
  7. ellison64

    ellison64 Registered Member

    Joined:
    Oct 5, 2003
    Posts:
    2,570
    Ive done the next best thing and talked to an online assistant ,using the ZS direct link.He wasnt sure but gave me the link to post the log too for further investigation.Im now awaiting the results.Im pretty sure its a false positive.There were no files detected...just 102 reg entries.I dont think a hijack this log would be much help in this case as practically all the entries are typelib or interface entries,with 2 pointing to a help directory.The majority are like the ones i posted.
    ellison
     
  8. ellison64

    ellison64 Registered Member

    Joined:
    Oct 5, 2003
    Posts:
    2,570
    I think so too.Im going to give it a fair crack of the whip though ,as i am impressed by its very low (w9:cool: resource usage. and no noticable slowdown.
    ellison
     
  9. AshleyH

    AshleyH Registered Member

    Joined:
    Mar 16, 2006
    Posts:
    16
    Sorry for the delay getting back to the group.

    Ellison64

    First, and most important, that does appear to be a false positive. The registry keys that are causing this have been removed from our database.

    Stallcup

    I do know about the slow log-on time. I had the same problem on my laptop (sometimes 4 minute boot time!) until we put out a upgrade with a fix. If you want to compare the Lite Edition to the Full Version, send me a PM with the user name and email you want for registration, and I will comp you a year license. You should notice a big difference.

    For the user-switching issue, we assumed additional users would not want the default set to run, as we thought it might be distracting. We can change this default in later versions - it is an issue that hasn't been brought up before (or if it was, I never heard about it).

    For the component count - I figured out this particular issue (there was a little communication breakdown on our side as well). The number of components quarantined is smaller than the number of components detected, because ZeroSpyware defaults to kill all active spyware. This is why there may be less components in the quarantine - they are terminated before they can be quarantined.

    Finally, we are planning to develop ZS so it can run as a service, but the current design will only allow it to run as a regular executable.

    Hope this helps.

    Thanks again for the feedback,
    Ashley Harrison
     
  10. ellison64

    ellison64 Registered Member

    Joined:
    Oct 5, 2003
    Posts:
    2,570
    Thanks for the reply Ashley.I also recieved an email from support confirming the false positives.I am however a little concerned , that after updating the database ,there are still 24 registry entries (included in the original log) that are flagged as webdialer.Most alarming though is that i tried the ZS le version ~(uninstalled completley the trial version) and performed a current database update.It was showing the same database defenitions version (2.00.0387.0004)as the trial version and that detected the same webdialer only with 40 registry entries.I guess there may be teething troubles with new builds ,but why would there be a discrepancy between the 2 scanners that are supposedly using the same database?
    ellison
     
  11. AshleyH

    AshleyH Registered Member

    Joined:
    Mar 16, 2006
    Posts:
    16
    Hi Wilders Readers,

    This thread is heading a little too far into the product specific, customer support area. I would like to ask people to send specific questions to support@fbmsoftware.com or support@zerospyware.com, and either I or a member of our customer support group will do our best to provide a quick response.

    If there are general questions you have about the company or our products that are not support-type enquiries, please feel free to post them.

    Thank you,
    Ashley Harrison
    FBM Software, Inc.
     
  12. SDS909

    SDS909 Registered Member

    Joined:
    Apr 8, 2005
    Posts:
    333
    I would like to update my plight posted earlier here to say that my issues with FMBSoftware and ZeroSpyware regarding a refund have been resolved in a satisfactory manner.
     
  13. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,161
    Location:
    UK / Pakistan
    That,s nice.
    Ashley H! So whats, new from ur side so far?
     
  14. 19monty64

    19monty64 Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    1,302
    Location:
    Nunya, BZ
    I have been following this thread and gave Zero a try. Seems good so far but I found that I could not abort the scan after (accidently) initiating scan. After abort & minimize, I noticed the ram-usage and reopened Zero & sure enough it was still scanning...(I had right-clicked on a single file to perform specific scan, but it started full scan)...anyone else notice thiso_O?
     
  15. 19monty64

    19monty64 Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    1,302
    Location:
    Nunya, BZ
    I tried a scan of specific folders and it started a full scan, but at least it let me abort the scan this time. When I exitted out it gave me the message about minimizing to system-tray even though I have checked the box to not show this message again, twice nowo_O I've had a couple of instances of settings not being remembered, such as the scheduled scan (I may also have a false-positive result from a scan)
     
  16. SDS909

    SDS909 Registered Member

    Joined:
    Apr 8, 2005
    Posts:
    333
    For what its worth, it crashed 2-3 times on me when I tried scanning. I just tested it again a couple weeks ago.

    Nice interface, but still not the product for me.
     
  17. 19monty64

    19monty64 Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    1,302
    Location:
    Nunya, BZ
    Not very functional for the size of the app., I already uninstalled.
     
  18. AshleyH

    AshleyH Registered Member

    Joined:
    Mar 16, 2006
    Posts:
    16
    Hi All,

    First off, I should mention that ZeroSpyware Free Edition is finally available on Download.com. It has the same scanning engine as the Lite Edition (free version that was already on Download), but includes intrusion detection and system immunization against spyware installers. It also has full scheduling capabilities, so it is a bit of an improvement over LE. It has also been upgraded to detect and remove some of the newer, harder to remove spyware, such as those using rootkits. It doesn't have the detailed scaning or vulnerability assessment of the full Consumer Edition however.

    It is still a big file (around 20MB), so people with slow connections shouldn't bother with it, unless they have a lot of time to allow the download.

    There is also free customer support for all Free Edition users (via email or live chat), so that should help people use it.

    19monty64: I'm not sure I understand what happened. I just ran a scan (I run FE) and was able to abort it without a problem. As for setting not being remembered, I'll look into that.

    I really shouldn't go on much more, as I don't want to abuse posting policies. I suggest you contact customer support through live chat, and they can help out. You can tell them I referred you, and that should also help expedite any responses.

    Thanks,
    AshleyH
     
  19. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    10,027
    Hello,
    I have noticed that quite a number of AS applications fall for the inproc and stub entries as false positives...
    Mrk
     
  20. 19monty64

    19monty64 Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    1,302
    Location:
    Nunya, BZ
    The scan that I could't abort was in explorer, with the right-click option to scan with Zero. With my a/v the right-click option to scan is just for the file that I right-clicked on. The scan from the interface was able to abort
     
  21. 19monty64

    19monty64 Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    1,302
    Location:
    Nunya, BZ
    I realize there are a lot of false-positives, but the scan I did found a trojan named after an a/s-app. which I thought odd, so I doubled-clicked for more info, and that brought up the name of the software co. that makes that app.
     
  22. RandRahl

    RandRahl Registered Member

    Joined:
    Jun 26, 2006
    Posts:
    2
    Hello.

    Is there any specifics as to the name of the trojan that was detected?

     
  23. 19monty64

    19monty64 Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    1,302
    Location:
    Nunya, BZ
    c:\windows\iun6002(runtime-file), identified as spyware vanisher, distributed by microsmarts, used to show false-positives to goad the user into buying...
     
  24. RandRahl

    RandRahl Registered Member

    Joined:
    Jun 26, 2006
    Posts:
    2
    Hi monty,

    thanks for this info. any specific file?

    again, thanks.

    :)

     
  25. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,161
    Location:
    UK / Pakistan
    Hi Ashley, i want to ask two things.
    1- What type of intrusion detection it has? Is it like HIPS?
    2- Why it,s a so big download, 20 MB. It is bigger than even my AV+firewall together. I suspect it might be slowing down the system.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.