Jump to content


Photo

Spyware Doctor LIES!


  • Please log in to reply
21 replies to this topic

#1 Malleable

Malleable

    Member

  • Full Member
  • Pip
  • 41 posts

Posted 28 October 2004 - 11:34 AM

OK, I was looking off a link from this forum a couple minutes ago. I went to Major Geeks to download Spyguard and Spyware Blaster on my NEWLY cleaned machine.

When closing out some windows I see one up from Spyware Doctor. Hmmm, I never clicked to get this window up, but maybe I hit a button by mistake at Major Geeks and didnt notice a screen popping up?

So I hit there FREE SCAN. Well instead of just scanning, it wants to download a free trial. OK whatever, I can just uninstall it if I dont like it. I run the trial and up pops about 12 spyware things that have NO WAY of getting on my machine!

I have Aluria, Adaware, Spybot S&D already installed, and have them geared to run automatically with a boot up. Nothing found from these guys, but this Spyware Doctor seems to find stuff. Bull crap I say.

Anti-spyware programs are great, but anyone that has to lie to you about stuff on your machine is NOT a company I would consider purchasing from.

Beware of Spyware Doctor.

Mal

#2 VashonDude

VashonDude

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 1,255 posts

Posted 28 October 2004 - 12:15 PM

Does this program provide a way of saving the scan results? If so, could you post the scan results here?

-- LB
Want to help in the fight against malware? Join the SWI boot camp.

#3 atomas31

atomas31

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 28 October 2004 - 12:48 PM

Hi Vashondude and Malleable,

As for saving a scan results, you can. What I does after a scan results is clicking on log and then copy and paste this log on Word and save it. Don't worry malleable, spyware doctor found a few spyware on my system too, wich I suspect to be false/positive. In fact, I have send them a copy of my log and still wanting their answers!

If you want Vashondude, I can post a copy of my logs and confirm to me what are or not false/positive?

Thanks,
Atomas31

#4 Malleable

Malleable

    Member

  • Full Member
  • Pip
  • 41 posts

Posted 28 October 2004 - 01:45 PM

Well if its just false positives, I guess I will let them slide. I was thinking that they just dropped in a few positives, that werent really there, so they could scare me into purchasing there product.
But the fact that Aluria, Spybot S&D and Adaware didnt find anything doesnt leave me wanting Spyware Doctor.

I actually removed SWD already, I think the logs are gone. And with three detectors on my system I dont really need SWD. I just thought Id see how it works. Coming up with Spyware I have seen before, but I know couldnt possibly be on my machine didnt leave me with a warm fuzzy though.

Thanks for the replies,
Mal

#5 VashonDude

VashonDude

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 1,255 posts

Posted 28 October 2004 - 01:49 PM

If you want Vashondude, I can post  a copy of my logs and confirm to me what are or not false/positive?

View Post


Go ahead and post it.

-- LB
Want to help in the fight against malware? Join the SWI boot camp.

#6 atomas31

atomas31

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 28 October 2004 - 01:58 PM

If you want Vashondude, I can post  a copy of my logs and confirm to me what are or not false/positive?

View Post


Go ahead and post it.

-- LB

View Post


Hi, here it is :

General Information
________________________________________
Spyware Doctor scan started:
2004-10-27 20:06:37
Spyware Doctor scan finished:
2004-10-27 20:10:24
Total items scanned:
75797 items
Total problems found:
19 items
Total problems ignored:
0 items
Reference file date:
2004-10-28 00:04:09

Scan. Tool Details
________________________________________
Tools used for the Scan:
Process Scanner
LSP Scanner
Registry Scanner
General Scanner
Browser Scanner
Cookie Scanner
Disk Scanner

Details
________________________________________
Problem Name (Location) Problem Type Risk
007 Keylogger (HKCR\clsid\{48E59293-9880-11CF-9754-00AA00C00908}) Registry *
007 Keylogger (HKCR\Interface\{48E59291-9880-11CF-9754-00AA00C00908}) Registry *
007 Keylogger (HKCR\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}) Registry *
FlashGet (HKCU\Software\Stilesoft)
Registry *
IEPlugin (HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl) Registry *
Super-gals.com (HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xxxtoolbar.com) Registry *
Virtual Bouncer (HKCR\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}) Registry *
Virtual Bouncer (HKCR\CLSID\{48E59294-9880-11CF-9754-00AA00C00908}) Registry *
Virtual Bouncer (HKCR\CLSID\{48E59295-9880-11CF-9754-00AA00C00908}) Registry *
Virtual Bouncer (HKCR\InetCtls.Inet)
Registry *
Virtual Bouncer (HKCR\InetCtls.Inet.1)
Registry *
Virtual Bouncer (HKCR\Interface\{48E59291-9880-11CF-9754-00AA00C00908}) Registry *
Virtual Bouncer (HKCR\Interface\{48E59292-9880-11CF-9754-00AA00C00908}) Registry *
Virtual Bouncer (HKCR\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}) Registry *
Zango Search Assistant (HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\i-lookup.com) Registry *
Zango Search Assistant (HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\offshoreclicks.com) Registry *
Zango Search Assistant (HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\teensguru.com) Registry *
Zango Search Assistant (HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xxxtoolbar.com) Registry *
Spyblocs (C:\WINDOWS\system32\aamd532.dll)
file *




Legend
________________________________________

* Very Dangerous Spyware
* Medium-Risk Spyware
* Low-Risk Spyware
Learn more about PCTools at http://www.pctools.com



I believe most of them are false/positive!

#7 Malleable

Malleable

    Member

  • Full Member
  • Pip
  • 41 posts

Posted 29 October 2004 - 04:49 AM

I had three of your four Zango ones listed in mine.

#8 atomas31

atomas31

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 29 October 2004 - 10:36 AM

And if I am not mistaking those Zango's are all false/positive!

#9 VashonDude

VashonDude

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 1,255 posts

Posted 29 October 2004 - 10:49 AM

And if I am not mistaking those Zango's are all false/positive!

View Post


Depends on if the site is in the Restricted or Trusted Zone. This area of the registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\

is where sites in either of those 2 zones are listed. A value (which didn't show up in the report) is used to determine if that site is a Trusted site or a Restricted site. You'd want to look in the Trusted zone (which is accessible via Internet Options in IE) to see if those sites are there. If they don't show up there, then they're in the Restricted zone (which is a good thing).

-- LB
Want to help in the fight against malware? Join the SWI boot camp.

#10 atomas31

atomas31

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 31 October 2004 - 08:20 AM

Yep, Vashondude! They are in the restricted zone! So they are for sure False/positive but what about the rest of the log, any certain idea???

I think they might be all false/positive but I am not sure at 100%!


Thanks,
Atomas31

#11 wyaneking

wyaneking

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 04 November 2004 - 04:39 AM

i've had the 007 Keylogger come up a few times. i'm not sure if ad-aware or spy bot search and destory find this ones but it never came up in a search in both of thoese programs. just in spyware doctor

#12 VashonDude

VashonDude

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 1,255 posts

Posted 04 November 2004 - 10:01 AM

Yep, Vashondude! They are in the restricted zone! So they are for sure False/positive but what about the rest of the log, any certain idea???

I think they might be all false/positive but I am not sure at 100%!

View Post


They might be killbits set by SpywareBlaster, but I'm not certain.

I downloaded the free version of Spyware Doctor, but haven't installed it yet. I'm curious to see what it finds on my computer (which is heavily protected).

-- LB
Want to help in the fight against malware? Join the SWI boot camp.

#13 atomas31

atomas31

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 05 November 2004 - 08:36 AM

Yep, Vashondude! They are in the restricted zone! So they are for sure False/positive but what about the rest of the log, any certain idea???

I think they might be all false/positive but I am not sure at 100%!

View Post


They might be killbits set by SpywareBlaster, but I'm not certain.

I downloaded the free version of Spyware Doctor, but haven't installed it yet. I'm curious to see what it finds on my computer (which is heavily protected).

-- LB

View Post


Don't worry Vashondude, I am sure Spyware Doctor will find something on your system!!! Most certainly a few False/positive :-)

As for killbits, if I am not mistaking only "super-gals.com" found by Spyware Doctor is actually a killbits from spyware blaster as for the rest of my log... who knows???

Atomas31

#14 Bruceslog

Bruceslog

    Member

  • Full Member
  • Pip
  • 2 posts

Posted 29 July 2005 - 06:53 PM

Yep, Vashondude! They are in the restricted zone! So they are for sure False/positive but what about the rest of the log, any certain idea???

I think they might be all false/positive but I am not sure at 100%!

View Post


They might be killbits set by SpywareBlaster, but I'm not certain.

I downloaded the free version of Spyware Doctor, but haven't installed it yet. I'm curious to see what it finds on my computer (which is heavily protected).

-- LB

View Post


Don't worry Vashondude, I am sure Spyware Doctor will find something on your system!!! Most certainly a few False/positive :-)

As for killbits, if I am not mistaking only "super-gals.com" found by Spyware Doctor is actually a killbits from spyware blaster as for the rest of my log... who knows???

Atomas31

View Post


-----------------------------------------------------------------------------------

This SpyWare Doctor has me wasting a day also... found it today on download.com and decided to try it ( Was rated 5 stars ). It supposedly found a keylogger named SpyAnytime Keylogger. Funny thing is that it doesn't point me to a spcific file or registry entry for theis keylogger. it says it is in Multiple locations... yet Spyware Doctor lists all of the locations that it finds my WinVNC app at....
here is a part of the log list it produced..

Spyware Doctor Activity Report
Generated on 7/29/05 11:06:57 AM
Spyware Doctor Homepage PC Tools Homepage Technical Support
Scans (basic information only):
Scan Results:
scan start: 7/29/05 11:07:06 AM
scan stop: 7/29/05 11:17:34 AM
scanned items: 70760
found items: 28
found and ignored: 0
tools used: General Scanner, Process Scanner, Hosts scanner, LSP Scanner, Registry Scanner, Cookie Scanner, Browser Defaults, Favorites and ZoneMap Scanner, ActiveX Scanner, Disk Scanner

Infection Name Location Risk
SpyAnytime Keylogger multiple High
Common Components for VNC Software HKU\.DEFAULT\Software\ORL\VNCHooks Info
Common Components for VNC Software HKU\.DEFAULT\Software\ORL\VNCHooks## Info
Common Components for VNC Software HKU\.DEFAULT\Software\ORL\VNCHooks\Application_Prefs Info
Common Components for VNC Software HKU\.DEFAULT\Software\ORL\VNCHooks\Application_Prefs## Info
Common Components for VNC Software HKU\.DEFAULT\Software\ORL\VNCHooks\Application_Prefs\WINVNC.EXE Info
Common Components for VNC Software HKU\.DEFAULT\Software\ORL\VNCHooks\Application_Prefs\WINVNC.EXE## Info
Common Components for VNC Software HKU\.DEFAULT\Software\ORL\VNCHooks\Application_Prefs\WINVNC.EXE##use_GetUpdateRect Info
Common Components for VNC Software HKU\.DEFAULT\Software\ORL\VNCHooks\Application_Prefs\WINVNC.EXE##use_Timer Info
Common Components for VNC Software HKU\.DEFAULT\Software\ORL\VNCHooks\Application_Prefs\WINVNC.EXE##use_KeyPress Info
Common Components for VNC Software HKU\.DEFAULT\Software\ORL\VNCHooks\Application_Prefs\WINVNC.EXE##use_LButtonUp Info
Common Components for VNC Software HKU\.DEFAULT\Software\ORL\VNCHooks\Application_Prefs\WINVNC.EXE##use_MButtonUp Info
Common Components for VNC Software HKU\.DEFAULT\Software\ORL\VNCHooks\Application_Prefs\WINVNC.EXE##use_RButtonUp Info
Common Components for VNC Software HKU\.DEFAULT\Software\ORL\VNCHooks\Application_Prefs\WINVNC.EXE##use_Deferral Info
Common Components for VNC Software HKCU\Software\ORL\VNCHooks Info
Common Components for VNC Software HKCU\Software\ORL\VNCHooks## Info
Common Components for VNC Software HKCU\Software\ORL\VNCHooks\Application_Prefs Info
Common Components for VNC Software HKCU\Software\ORL\VNCHooks\Application_Prefs## Info
Common Components for VNC Software HKCU\Software\ORL\VNCHooks\Application_Prefs\WINVNC.EXE Info
Common Components for VNC Software HKCU\Software\ORL\VNCHooks\Application_Prefs\WINVNC.EXE## Info
Common Components for VNC Software HKCU\Software\ORL\VNCHooks\Application_Prefs\WINVNC.EXE##use_GetUpdateRect Info
Common Components for VNC Software HKCU\Software\ORL\VNCHooks\Application_Prefs\WINVNC.EXE##use_Timer Info
-------------------------------------------------------------------------------------------------



Me Thinks that the makers of this Spyware Doctor would love to scare me into paying for the full version to remove this keylogger it "found" ??

#15 Lord of The Rings

Lord of The Rings

    Lord of The Rings

  • Full Member
  • Pip
  • 57 posts

Posted 27 August 2005 - 11:04 AM

Dear Malleable, VashonDude et al, :D

Perhaps I am being stupid? :gack: But this has happened to me more than once, is it possible that the website is in fact downloading these pieces of Spyware, along with their program, :evilgrin: and then very conveniently "finding" them, just to show how good it is? :scratchhead:

"Properties" will soon show you who wrote them, and when they arrived in your computer. If the dates match, then you know who inserted them. :techsupport:

Best of Luck, :lol:

Edited by Lord of The Rings, 27 August 2005 - 11:09 AM.

Lord of The Rings
aka Mike Werner
Welcome to The Lubbock Lights.

#16 secret-squirrel

secret-squirrel

    Member

  • Full Member
  • Pip
  • 21 posts

Posted 30 August 2005 - 05:11 AM

Dear  Malleable, VashonDude et al, :D

Perhaps I am being stupid? :gack:  But this has happened to me more than once, is it possible that the website is in fact downloading these pieces of Spyware, along with their program, :evilgrin:  and then very conveniently "finding" them, just to show how good it is? :scratchhead:

"Properties" will soon show you who wrote them, and when they arrived in your computer. If the dates match, then you know who inserted them. :techsupport:

Best of Luck, :lol:

View Post


I don't think this is the case. I checked out the installer and did some testing, and it only downloads and installs itself, nothing extra. I do feel there are an excessive number of 'interesting entries' by this program (as was described in another topic here).

#17 VashonDude

VashonDude

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 1,255 posts

Posted 30 August 2005 - 09:13 PM

Perhaps I am being stupid? :gack:  But this has happened to me more than once, is it possible that the website is in fact downloading these pieces of Spyware, along with their program, :evilgrin:  and then very conveniently "finding" them, just to show how good it is? :scratchhead:

View Post


Not likely. If that was the case, then Spyware Doctor would've ended up on the rogue list at Spyware Warrior.

-- LB
Want to help in the fight against malware? Join the SWI boot camp.

#18 Lord of The Rings

Lord of The Rings

    Lord of The Rings

  • Full Member
  • Pip
  • 57 posts

Posted 10 September 2005 - 01:46 PM

Dear Vashondude,

I take your point, but doesn't that mean that Spyware Doctor is programmed to locate and identify pieces of script that are not spyware. Surely if this was so, by now the Powers that Be at Spyware Doctor (who obviously read this forum) would have removed these programs from their list? If not, then why not, as they appear to continue marketing their program complete with these faults.

I ask this, not to annoy you, but to improve my knowledge, and gain some insight into the program concerned. That is to say if the program is suspect, should we still be promoting it?

Sincerely,
Lord of The Rings
aka Mike Werner
Welcome to The Lubbock Lights.

#19 theCaptain

theCaptain

    Member

  • Full Member
  • Pip
  • 30 posts

Posted 13 September 2005 - 02:07 PM

Dear  Malleable, VashonDude et al, :D

Perhaps I am being stupid? :gack:  But this has happened to me more than once, is it possible that the website is in fact downloading these pieces of Spyware, along with their program, :evilgrin:  and then very conveniently "finding" them, just to show how good it is? :scratchhead:

"Properties" will soon show you who wrote them, and when they arrived in your computer. If the dates match, then you know who inserted them. :techsupport:

Best of Luck, :lol:

View Post


A common tactic of "rogue" Anti-spyware companies is to generate false positives in order to get you to purchase their product. Some more legit companies are more liberal with their definitions. But I highly doubt that Spyware DR. is generating the files or even liberal. Spyware has a great tendency to hide itself, and reappear when you reboot even after it's been "cleaned".

#20 Lord of The Rings

Lord of The Rings

    Lord of The Rings

  • Full Member
  • Pip
  • 57 posts

Posted 13 September 2005 - 04:44 PM

Having read all of your replies, It would seem then that showing false positives is OK but claiming to fix false positives is not? :eek: Although these false positives don't actually cause any computer problems, I am sure that they cause a great deal of stress in the new computer owner, and then "persuade" him/her to buy the useless Anti-Spyware program, he/she has been allowed to test. :gack:

Personally, and I am ready to be convinced otherwise, the guys that create a program that shows false positives, to sell their product (fraud) are just as bad as those that create actual spyware. One takes your money to pay for their services. The other forces the uninitiated to pay for services to cure the problems they actually create, whilst making money. :techsupport:

Or am I wrong? :gasp:
Lord of The Rings
aka Mike Werner
Welcome to The Lubbock Lights.

#21 MacDaddy

MacDaddy

    Member

  • Full Member
  • Pip
  • 66 posts

Posted 16 September 2005 - 01:00 PM

Just to add my input to the Spyware Doctor debate.

I've been running Spyware Doctor every week for around 12 months now and found it to be nothing but a superb program, often picking up cookies left behind by Ad-Aware etal. A part from last month where it picked up 12 registry entries as the block-checker program which infact were Spyware Blaster protection entries (a problem which Spyware Doctor corrected within a week), Spyware Doctor has never generated false positives in any scan I have performed. I also run regular scans on my parents computer and this also doesn't generate false positives.

One point I will say is that Spyware Doctor is known to sometimes use a too generic definitions file which can generate the 12 registry entries I mentioned above, however to suggest that it is a tactic of Spyware Doctor to deliberately generate false positives is unlikely.

Mac

#22 SyberCorp

SyberCorp

    Programmer and Technician

  • Full Member
  • Pip
  • 15 posts

Posted 10 October 2005 - 10:05 PM

Dear  Malleable, VashonDude et al, :D

Perhaps I am being stupid? :gack:  But this has happened to me more than once, is it possible that the website is in fact downloading these pieces of Spyware, along with their program, :evilgrin:  and then very conveniently "finding" them, just to show how good it is? :scratchhead:

"Properties" will soon show you who wrote them, and when they arrived in your computer. If the dates match, then you know who inserted them. :techsupport:

Best of Luck, :lol:

View Post


Okay... first thing I have to ask is, which version of Spyware Doctor are you all using?

Second... as far as the multiple locations thing for SpyAnytime Keylogger and the listing of entries for the WinVNC... It says Multiple Locations because the entries (files) are in multiple different directories or locations in the registry. The WinVNC entries that it lists are all in the HKCU\.DEFAULT\Software\...\... key. Meaning that they're all in the same section. For some reason the programmers for Spyware Doctor chose to have it NOT list the locations of an infection if it has Multiple Locations. Most likely just because it could take up too much of the screen.

As for the false positives from ALL of you guys' complaints, I have personally verified each and every one of the entries found with Spyware Doctor. I have found ZERO false positives with version 3.2.1.359 (with the latest updates to 10/10/2005).




Member of UNITE
Support SpywareInfo Forum - click the button