Jump to content


Photo

Problem installing Bazooka


  • Please log in to reply
12 replies to this topic

#1 asbinjax

asbinjax

    Member

  • New Member
  • Pip
  • 4 posts

Posted 03 July 2004 - 05:36 PM

I had a problem installing Bazooka, a Spyware Removal tool that I read about.

After downloading and then double-clicking to install it, Pest Patrol immediately reported that a Keylogger was present. I didn't get the full name of it, but it strated with trojan32 and had the word keylogger in it. I aborted the installation.

I found Bazooka on another website and downloaded it again with the same results.

Anyone know if it is one of those rogue programs that pretends to be a Spyware Tool and installs something bad? Or did I just get it from two sites that had corrupted it?

Thanks for any info.

#2 New Raider

New Raider

    Member

  • Full Member
  • Pip
  • 33 posts

Posted 03 July 2004 - 05:45 PM

You are correct.
Bazooka installs with many sample Trojans, adware, and keystroke logger programs to allow you to do a sweep and delete all of them, much like a popup blocker site urges you to sample multiple popups and pop unders.
I suggest downloading Spy Sweeper instead.
No spyware samples come with it.
If you have Pest Patrol, you better get Spy Sweeper imediatly! :alarm:

#3 ErikAlbert

ErikAlbert

    Typical User

  • Full Member
  • PipPipPipPipPip
  • 787 posts

Posted 04 July 2004 - 02:57 AM

There is nothing wrong with Bazooka Spyware Scanner.
I'm using this software for months.

There is only ONE homepage for downloading this software is :
http://www.kephyr.co...supportus.phtml

ALWAYS DOWNLOAD software from the homepage of the manufacturer.
No wonder you guys get infected with malware.
Pay more attention what and where you download software.
ErikAlbert
Simplicity is always brilliant.

#4 asbinjax

asbinjax

    Member

  • New Member
  • Pip
  • 4 posts

Posted 04 July 2004 - 05:19 PM

There is nothing wrong with Bazooka Spyware Scanner.
I'm using this software for months.

There is only ONE homepage for downloading this software is :
http://www.kephyr.co...supportus.phtml

ALWAYS DOWNLOAD software from the homepage of the manufacturer.
No wonder you guys get infected with malware.
Pay more attention what and where you download software.

Ok, thanks for your advice.

I did download a copy from the manufacturer's website the first time.

To make sure I didn't make a mistake or remember it incorrectly, I just tried it again, from your link.

I downloaded a copy from the mirror1 link, which is from keyphr.com and tried to install it, got the same error message.

I downloaded a second copy from the mirror2 site, which is www.bysoft.se and I got the identical message.

I get a Pest Patrol warning that 'TrojanSpy.Win32.ghostKeyLogger.C' has been detected. It has a PVT id of 1780703887.

I did not install from either copy of the bazookasetup.exe files.

Any further advice?

#5 ErikAlbert

ErikAlbert

    Typical User

  • Full Member
  • PipPipPipPipPip
  • 787 posts

Posted 04 July 2004 - 05:29 PM

asbinjax
In that case, I can only assume that PestPatrol gives a false positive.
I scanned the Bazooka download-file "bazookasetup.exe" with TrojanHunter and PC-Cillin, nothing and ran even Spysweeper after installing Bazooka, again nothing.
Tomorrow I will download Pest Patrol and test it myself.

Edited by ErikAlbert, 04 July 2004 - 05:32 PM.

ErikAlbert
Simplicity is always brilliant.

#6 ErikAlbert

ErikAlbert

    Typical User

  • Full Member
  • PipPipPipPipPip
  • 787 posts

Posted 04 July 2004 - 07:22 PM

asbinjax,
Honest is honest.
I downloaded the trial version of PestPatrol, updated it and ran it.
You are right asbinjax, the file contains a keylogger as you said. My sincere apologizes.
Jesus Christ, I considered this website as one that could be trusted all the way.

I have an email-address of Kephyr and I'm going to send a polite report about this.
If Kephyr sends me a reply I will tell you about it.

My advice : do NOT install Bazooka Spyware Scanner, until we know more.

I have send a polite email to Kephyr on Monday, 2003.07.05 at 03.20 AM (Belgian Time)
I'm waiting for an answer .

Edited by ErikAlbert, 04 July 2004 - 08:26 PM.

ErikAlbert
Simplicity is always brilliant.

#7 Untouchable J

Untouchable J

    Advanced Member

  • Full Member
  • PipPipPip
  • 205 posts

Posted 05 July 2004 - 05:44 AM

Have you tried Spybot S&D 1.3 yet? Its considered "the best" spyware removal tool from various internet security forums. Its a trusted program and its free. A "must have tool" for spyware proctection.

Download Spybot S&D 1.3

:thumbsup:

#8 ErikAlbert

ErikAlbert

    Typical User

  • Full Member
  • PipPipPipPipPip
  • 787 posts

Posted 05 July 2004 - 07:36 AM

Hello asbinjax,
FALSE POSITIVE !!!
Please read these emails concerning this matter.

---------------------------------------------------------------
This is the answer from Kephyr to me and I quote :

"Hello Erik,

Thank you for your letter. PestPatrol is giving a false alarm. There is no
keylogger in Bazooka. I have attached my correspondance with PestPatrol
support center below for your information.

Please let me know if I can be of further assistance.

Best regards
Roger Karlsson"
---------------------------------------------------------------
This is the answer from "Pest Patrol" to "Kephyr" and I quote :

"Hi

Ticket Number: 74096
Entered on 06/30/2004 at 09:25:27 by Paul Hallas:
Hi Roger

Thank you for contacting the PestPatrol support team. Although we take
every precaution to eliminate false alarms, they do occasionally happen.

The information that you have supplied has been submitted to our research
laboratory for further analysis.


If you require further advice about false alarms, please see:
http://pestpatrol.co...falsealarms.asp

Regards,
Paul Hallas"
----------------------------------------------------------------
My advice : You can install "Bazooka Spyware Scanner" without any risk.
I'm glad this is over !!!
Please confirm you have read this post. Thank you !!!

Edited by ErikAlbert, 05 July 2004 - 07:47 AM.

ErikAlbert
Simplicity is always brilliant.

#9 rosso_acido

rosso_acido

    Earl of Mysterious Briefcases

  • Full Member
  • PipPipPipPip
  • 286 posts

Posted 05 July 2004 - 08:12 AM

Definitely a F/P (although not exactly unfounded - but please read on before jumping to conclusions).

I'd made a post in the old SWI forums (which unfortunately I can't locate at the moment, as the site seems to be down) in which there was a probable explanation for this problem.

The programme used for creating the installation executable for Bazooka is called Ghost Installer. This isn't evident in the latest versions, but in the older ones it was clearly visible at the bottom of the various dialogue boxes that opened during installation. According to a brief research I'd done at the time, there seems to be a company affiliated in some way with Kephyr (although, I repeat, this is just an unconfirmed deduction of mine, based on some information I collected) which makes a keylogger by the name of Ghost Keylogger. Pest Patrol targets this one, which (probably) also uses Ghost Installer as its installation executable.

It appears that it has absolutely nothing to do with Bazooka itself, however. I personally use the Kephyr site as reference for the removal of diallers (mainly) and have recommended Bazooka to a few people who are using it with no problems whatsoever.

As I already said, there's more documented info on this matter in that old post of mine. As soon as the SWI site is back up, I'll be able to make a direct reference to it. :)

Best,
Rosso :wave:

Edited by rosso_acido, 05 July 2004 - 09:02 AM.

I am the iron anchor.

#10 ErikAlbert

ErikAlbert

    Typical User

  • Full Member
  • PipPipPipPipPip
  • 787 posts

Posted 05 July 2004 - 10:08 AM

rosso acido,

I hope that the programmers of Kephyr and PestPatrol will work together to solve this problem.
The contact between both companies has been made.
I learned one good lesson in my job : always contact the RIGHT people, when there is a problem and I admit that finding the right people, isn't always easy.

The REAL truth is hidden in the SOURCE computer programs and without the source programs you can't prove anything and I don't need to tell you, that the screen never shows what is really happening behind the screen.
That's the big problem for us, users, we can only make guesses based on what we have seen on the screen and what we have seen on our harddisk.
After a successfull removal of a spyware, I'm always wondering what the malware program really did behind my back ?
Without the source program, you will never know the truth.
Well that's my opinion like many other opinions in this forum :D
Have a nice day.

Edited by ErikAlbert, 05 July 2004 - 10:11 AM.

ErikAlbert
Simplicity is always brilliant.

#11 rosso_acido

rosso_acido

    Earl of Mysterious Briefcases

  • Full Member
  • PipPipPipPip
  • 286 posts

Posted 05 July 2004 - 05:13 PM

The REAL truth is hidden in the SOURCE computer programs and without the source programs you can't prove anything and I don't need to tell you, that the screen never shows what is really happening behind the screen.

True. :)

That's the big problem for us, users, we can only make guesses based on what we have seen on the screen and what we have seen on our harddisk.
After a successfull removal of a spyware, I'm always wondering what the malware program really did behind my back

Again true, but to a certain extent. I don't claim to be anything much more advanced than the average but alerted user - the difference is I'm voluntarily testing a few freeware programmes in their various stages of development, so when I install them on my PC, I have to know what more or less they do, out of pure scientific curiosity if nothing else.

There's a very nice monitoring utility called Total Uninstall, through which you can see all the changes performed on your system by the installation of a programme, and through which you can also uninstall the monitored application while reversing all the changes that have been made. I've been using it for a long time, and it's now become a routine matter for me to use it for any new programme I decide to install on my PC. This, of course, only works when you knowingly install a programme and are able to understand what the changes it makes are and whether they're dangerous for your system or not.

I've been through a major hijack myself a long time ago, when I was still unaware of even the existence of spyware on the Web. This was what led me to this forum here in the first place, and incited me to fight spyware in any way that I can. From what I see in your posts you don't so much believe in cure as you advocate prevention. I agree with you, but again to a certain extent. It's very difficult to persuade people to use any kind of preventive measure against malware. I've had very dear friends ask for my help in getting rid of viruses multiple times but never taking my advice of even trying an antivirus programme - not even one they won't have to pay for. The same happens with spyware. They only worry about it when their computer becomes barely usable, and a few days after you've painstakingly helped them disinfect it they go and get infected again. You might say it serves them right - anyone might be tempted to say that, and I confess to my shame that I've said that quite a few times myself.

But that's life, and this kind of accidents can happen even to people who normally know how to avoid them. This is why I believe cure is as important as prevention. No programme can work miracles and no one can claim they are invulnerable. But the more we are willing to learn, the better prepared we can be to face an unwanted occurence. And to return to the subject at hand, I never meant to speak against Kephyr and their product. I've already said that I find the Kephyr site very helpful in terms of information and spyware removal directions. I've installed Bazooka on my test PC, and monitored its installation with Total Uninstall. Nothing suspicious was revealed when I reviewed the changes made to the system, so I suppose it's safe to use. What I meant to do in my previous post was to offer a possible explanation for the F/P Pest Patrol detects, in perhaps not very accurate, layman terms. I'm not a programmer and I've repeatedly admitted that I can be of a lot more help in troubleshooting technical or mechanical matters than parsing HJT logs, but I believe that those who might be interested in any kind of info and know the right way to "decode" it may eventually find some use for it.

I do apologise for the lengthy post. I hope I've made my views clear. And once again, I clarify that I never meant to badmouth or even doubt anyone's integrity. I know of many reputable companies that launch PC monitoring programmes into the market along other popular utilities that have nothing to do with spyware. I certainly don't mean to say that Kephyr is one of them. I wouldn't be able to prove it anyway, nor do I intend to do so as long as their products are actually malware-free.

For the record (SWI came back online, but it's a little slow) I finally managed to find my post in the old forum and can now reference you to it.

My post concerning Bazooka. The rest of the thread contains some useful info as well. :)

Take care,
R. :wave:

Edited by rosso_acido, 05 July 2004 - 05:31 PM.

I am the iron anchor.

#12 asbinjax

asbinjax

    Member

  • New Member
  • Pip
  • 4 posts

Posted 05 July 2004 - 08:50 PM

asbinjax,
Honest is honest.
I downloaded the trial version of PestPatrol, updated it and ran it.
You are right asbinjax, the file contains a keylogger as you said. My sincere apologizes.
Jesus Christ, I considered this website as one that could be trusted all the way.

I have an email-address of Kephyr and I'm going to send a polite report about this.
If Kephyr sends me a reply I will tell you about it.

My advice : do NOT install Bazooka Spyware Scanner, until we know more.

I have send a polite email to Kephyr on Monday, 2003.07.05 at 03.20 AM (Belgian Time)
I'm waiting for an answer .

ErikAlbert -
Thanks for your efforts in duplicating the problem I was seeing, and in contacting the author.

I read the report of the false positive too, that's encouraging, I would hate to see any site intentionally distribute a tool that does harm. I look forward to Pest Patrol's answer after they have investigated it.

I also read the posts and followed the link from rosso_acido and I agree - there is a coincidence there.

I'll keep watching the thread.

#13 ErikAlbert

ErikAlbert

    Typical User

  • Full Member
  • PipPipPipPipPip
  • 787 posts

Posted 05 July 2004 - 09:56 PM

asbinjax,
Thank you for your reply. I was a little worried, that you didn't come back for reading the good news.
It would be indeed a pity that Kephyr would lose its good reputation. That was one of the reasons why I contacted Kephyr so fast. Bad news travels much faster than good news.

By the way : when I ran PestPatrol for the first time, it detected also 20 other malwares :D . So I deleted those 20 as well.
Weird isn't it. Bazooka, Spybot, Ad-Aware, Spysweeper, Omniquad AntiSpy, SpywareGuard, TrojanHunter never detected those 20 malwares.
That's why I'm going to keep PestPatrol.
So you did a good job for me too. I'm paid for my efforts :D

Another thing, I quote a line of your last post :
"I look forward to Pest Patrol's answer after they have investigated it."
I don't think that PestPatrol or Kephyr, will contact me again, but I'm sure that PestPatrol will contact Kephyr again.
It will also take some time to correct this false positive and make a new version (with other improvements) for the users.

Good luck with Bazooka Spyware Scanner !!!
ErikAlbert
Simplicity is always brilliant.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button