Jump to content


Photo

RemoveIT Pro 2.4 SE


  • Please log in to reply
10 replies to this topic

#1 danmega0

danmega0

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 13 March 2006 - 05:08 PM

It appears to be great antimalware/antispyware program. it helps me alot
hxxp://www.incodesolutions.com/downloads/removeit_pro.exe
:D :wave:

Link deactivated.

#2 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 13 March 2006 - 07:19 PM

Bad link - should be http://www.incodesol...om/removeit.php

RemoveIT Pro 2.4 SE in only simple antivirus protection that only scans for viruses from database.
- For full and powerfull protection check out our RemoveIT Pro 3.2.2006 Enterprise. RemoveIT Pro 3.2.2006 has High level protection technology (HLP) and virus removal filters which filts all new executable files.
- RemoveIT Pro 3.2.2006

News: 19.02.2006

What is new?
Version 2.4.2006 SE (19.2.2006)
- Database engine rewritten.
- Virus names added.
- Primary fast detection at AMD 2800+ only 5 sec.
- False positives bug fixed.

RemoveIT Pro 2.3 SE?
- Full support for upgrading database and whole program via internet.
- From now RemoveIT Pro has hash virus detection which make
RemoveIT Pro far more powerfull.
- If some virus is detected, RemoveIT Pro takes his hash and clean all his
relative files from your computer.

Doesn't sound as though it's any improvement on the tools that are already available. Not recommended.
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#3 racooper

racooper

    Master of my own Domain

  • Retired Staff
  • PipPipPipPipPip
  • 1,420 posts

Posted 13 March 2006 - 09:03 PM

Just did some quick testing. My laptop (which I know is clean) had four hits - four false positives.

20:22:27: Infected file (Sys32.Reboot)C:\WINDOWS\system32\Reboot.exe
20:22:27: Infected file (Sys32.zip)C:\WINDOWS\system32\zip.exe
20:22:27: Infected file (Win32.Spyware.DsktopSurveil)C:\WINDOWS\iun6002.exe
20:22:27: Infected file (Sys32.unvise32qt)C:\WINDOWS\unvise32qt.exe
20:22:27: 4 Dangerous files has been found on your computer.
Click on "Fix" button to fix selected tasks.


reboot.exe - Option^Explicit reboot tool
zip.exe - info-zip command line utility
iun6002.exe - Indigo Rose Software uninstall tool (setup packaging program)
unvise32qt.exe - Quicktime Uninstaller

Some discussion at the Avast forums:

http://forum.avast.c...63931#msg163931
http://forum.avast.c...p?topic=18942.0

#4 danmega0

danmega0

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 14 March 2006 - 05:44 AM

C:\WINDOWS\iun6002.exe is part of spyware try to google it

iun6002.exe (desktop surveillance personal spyware) - Details

Finding a program by the name of iun6002.exe running on your computer is usually a sign that you may have a spyware program known as 'desktop surveillance personal' installed on your computer. This process was potentially installed manually by a user using an installation package (possibly with another application). The 'desktop surveillance personal' process may perform actions such as recording your key-strokes and taking screen-shots

iun6002.exe is considered to be a security risk, not only because spyware removal programs flag desktop surveillance personal spyware as spyware, but also because a number of users have complained about its performance.

desktop surveillance personal spyware is likely spyware and as such, presents a serious vulnerability which should be fixed immediately! Delaying the removal of iun6002.exe may cause serious harm to your system and will likely cause a number of problems, such as slow performance, loss of data or leaking private information.

Edited by danmega0, 14 March 2006 - 06:42 AM.


#5 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Retired Staff
  • PipPipPipPipPip
  • 15,830 posts

Posted 14 March 2006 - 10:27 AM

I don't think so:
http://www.indigoros...e=hybrid&t=4718
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#6 teacup61

teacup61

    RIP

  • Emeritus
  • PipPipPipPipPip
  • 4,064 posts

Posted 14 March 2006 - 12:21 PM

try to google it


I googled it and found someone else that googled and came up with this :

http://forum.worldst...8267#post438267

I checked file on google and from what I could learn, this is a false positive.


I can google some more if you like.
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

Posted Image
Posted Image

#7 racooper

racooper

    Master of my own Domain

  • Retired Staff
  • PipPipPipPipPip
  • 1,420 posts

Posted 14 March 2006 - 09:12 PM

danmega0, be straight with us...how long have you worked for InCode Solutions?

iun6002.exe will be installed by ANY application installer that is built with Setup Factory, be it legitimate or malicious. The presence of this file on a machine is NOT an indication of infection, just as finding unwise.exe (WISE installer) or unins000.exe (InnoSetup) on a system would not indicate an infection even if malware used that application to build it's installer. Symantec's detection of this file (and several others that are part of Setup Factory) is blatently incorrect.

Oh, can you please reference the source where you got that information about iun6002.exe?

Edited by racooper, 14 March 2006 - 09:14 PM.


#8 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Retired Staff
  • PipPipPipPipPip
  • 15,830 posts

Posted 15 March 2006 - 03:53 AM

I wonder if danmega0 is Damjan Irgolic, as in

Made by Damjan Irgolic © Copyright InCode Solutions 2006, All rights reserved

seeing as, judging by the forums:
http://www.incodesolutions.com/forum/
this appears to be a one-person show.
The Technical support subforum makes interesting reading. :scratchhead:
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#9 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Retired Staff
  • PipPipPipPipPip
  • 15,830 posts

Posted 10 April 2006 - 05:28 AM

Update, danmega0 has continued to post links to his product in these forums, so I have suspended his account for 30 days.

danmega0, this is not a venue for you to advertise your product, especially seeing as you chose not to be honest about it, if you continue I will make the suspension permanent. It is not my intention to stifle debate about new products, but if you have a new product you need to be honest about that, and be prepared to debate its merits and demerits. Simply posting links to it in other peoples threads is not acceptable.
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#10 Pierre (aka Terdef)

Pierre (aka Terdef)

    Member

  • Ambassador
  • Pip
  • 18 posts

Posted 24 June 2007 - 03:57 AM

Hello,

A French webmaster was talking about RemoveIT Pro these days and notice my card in « La Crapthèque » at http://assiste.com.f...moveit_pro.html

On the June 20, 2007, he wrote to some of his contacts by e-mail, including me in the diffusion of this e-mail and he also included there Damjan Irgolic (InCode Solutions), author of RemoveIT Pro, asking him a denial in connection with my classification in crapware of this software and explanations.

Here is some of the sequence of exchanges.


RemoveIT Pro

I have notify Pierre Pinard to remove RemoveIT Pro from site because RemoveIt Pro has nothing with crapware like site http://assiste.com said.

Best regards!
Damjan


Assiste.com
I issue a new analysis of the software and wrote this, in French on my board, at
http://assiste.forum...p=106604#106604
I notice the fact that, creating empty files (0 characters) named with names in the database (based on random names algorithm !) of RemoveIT Pro will generate alarms with suggestions to delete these dangerous files !
zqeenlkr.exe - 1 occurrence(s) sur tout Google !
zqbtletr.exe - 1 occurrence(s) sur tout Google !
zjtbreln.exe - 1 occurrence(s) sur tout Google !
zernlcnz.exe - 1 occurrence(s) sur tout Google !
xtztnert.exe - 1 occurrence(s) sur tout Google !
xrnelsxs.exe - 1 occurrence(s) sur tout Google !
xlxektlr.exe - 1 occurrence(s) sur tout Google !
xjjhlbqn.exe - 1 occurrence(s) sur tout Google !
xhzenqnj.exe - 1 occurrence(s) sur tout Google !
xblkenwj.exe - 1 occurrence(s) sur tout Google !
wtnkhhkh.exe - 1 occurrence(s) sur tout Google !
And so on …
I, then, wrote to Damjan Irgolic :

Hello,

I regret to bring to your attention that, in the current state of my analysis of RemoveIT Pro,
this one does not comprise any criterion justifying its exit of "La Crapthèque".

Worse: the thorough analysis that I was brought to lead makes it possible to declare that
this product does not have at all its place among the security tools for computers and privacy on the Internet.

Thank you to inform me on the operation of "High-level protection technology (HLP)" Sincerely

Sincerely

Pierre Pinard
Assiste.com




Thank you for your email!

This 3 detected threats are not false positives if you think that.

Win32.BKZECSLK or BKZECSLK.EXE is dangerous accorording to Prevx, see details
http://spywarefiles......lk%2Eexe.html
Win32.hpxdfjax or hpxdfjax.dll is also dangerous accorording to Prevx, see details
http://spywarefiles....EQWCSW.EXE.html

If you have different information about this files please let me know.
You can't threat some AV program like crapware because you think that some located threats are legitimate.
First you have to prove that this threats are false positives.
You dont know nothing about RemoveIT Pro and you cannot judge about some AV program because you are not experts in antivirus field and you dont know how viruses spread them selfs so please remove your review.
Please also note that fruther files from your forum are also dangerous with random filenames generated by trojans.





Hello

Reproduced in http://assiste.forum...pic.php?t=16896
Note that I register Eric Howes in the mailing list of this conversation.
Note that the intervention of Damjan Irgolic which I answers here relate to my analysis of yesterday of its software, analysis which is at http://assiste.forum...p=106647#106647

You say
This 3 detected threats are not false positives if you think that.

Win32.BKZECSLK or BKZECSLK.EXE is dangerous accorording to Prevx, see details
http://spywarefiles......lk%2Eexe.html
Win32.hpxdfjax or hpxdfjax.dll is also dangerous accorording to Prevx, see details
http://spywarefiles....EQWCSW.EXE.html

Forgery! You have twists in your basic reasoning. Never a file is dangerous! Only the contents of a file, whose name as no imports, is more or less dangerous or not at all. That dangerous contents were seen in a file named "thing" at one moment of reason does not allow at any moment to declare that the file "thing" is definitively dangerous: the name of a file is completely without interest and “a fortiori” if it is a random names.

You say
First you have to prove that this threats are false positives.
Yes! They are false positives ! I created these 3 files on my system and they are empty (0 character) but you declare them as dangerous files and suggest me removing them. How do you want that I qualify a software which tells me a similar ineptitude?

But we will not beat in connection with anti-virus technologies if you think that I am not qualified.

It has been years that we denounce the attempts made at detection by envelopes (appearances of the things). All were stopped. No software publisher uses it because it would be instantaneously swept scene.

The last attempt that I stopped was the gaminery "The Remover" in July 2004. See http://assiste.com.f...ue/remover.html

In January 2005 I pinned Spybot Search and Destroy with matter of a detection per envelope (see page 43 of my “Anti-virus and Anti-trojans Comparative” in "Spybot detects CommomName" at » http://assiste.com.f...t_Antivirus.pdf )

Detection by envelope is a heavy fault. No tool having such intrigues will never be authorized to quote. This step was already pathetic 15 or 20 years ago whereas one could already make signatures of contents, even summarily with crc16 or 32. Today, even the md5 or sha1 are on the bolster bus as collisions will be probably obtained soon on demand and the successors of these algorithms are under development.

Random names are, by nature, innumerable and unnamable.

The detection of the code contained is the bare minimum today. Even more, we are not besides there for a long time with polymorphism and hooker (rootkit). The behaviour analysis is necessary. Walk ahead is that of sandbox and other virtualisation “a la” Geswall. It is not a chance if AV Comparative classification emphasizes the multi-engine ones with virtualisation (see before last column of the table at http://assiste.com.f..._assassine.html

I asked you to inform me thoroughly on the technology employed in the Entreprise version of your tool. You scorned my opening. You must understand that it is impossible for me to align me on a simple advertising declaration of the editor of a software. The doubt is the engine of the critical direction.

Cordially

Pierre Pinard
Assiste.com





You can think what you want about RemoveIT Pro but I do know that RemoveIT Pro is helping many people to resolve viruses problem and it is succesful in many cases with threats.
RemoveIT Pro uses filename check to locate viruses, filename check is very effective if you like it or not because many trojans change source of its self and have different MD5 on each infection so filename are one of the ways thing that detect them.
Please also note that standard home user will not create file with trojan filename just to test RemoveIT Pro and it will not judge about some program if it has no experience in programs field. Like I said before you are not expert in antivirus field so please be so kind and remove your review.

Best regards!
Damjan




Hello

The card RemoveIT Pro in "La Crapthèque" have been updated
http://assiste.com.f...moveit_pro.html

I believe that he refuses to answer my request for information on the technology of the version "Enterprise" of RemoveIT Pro.
I thus think that:
· either it does not exist
· or he knows that it is not credible.

In these 2 cases, RemoveIT Pro reinforces his presence in "La Crapthèque".

RemoveIT Pro wrote:
You can think what you want about RemoveIT Pro

Fortunately!

RemoveIT Pro wrote:
RemoveIT Pro use filename check to locate viruses

We had understood it! It seems that Damjan Irgolic don't have anything to add to defend at least what he calls "the Enterprise version" of its product? Would this be quite simply because there is nothing more inside? And there would even be a server side version ... However I insist heavily so that it speaks to me about it! All occurs, in his remarks, as if there were only one technology, that of the file names.

RemoveIT Pro wrote:
many trojans change source of its self and have different MD5 on each infection

Precisely, this is why I said to you that the analyses had to use behavioural, sandbox, virtualisation like Geswall...

RemoveIT Pro wrote:
so filename are one of the ways

Not! They change also file name (random names!). It is useless and puerile to collect random file names as they only be used once. This is reason why the villains of the Net develop generators of random names: so that they appear only one time and thwart research by envelope.

RemoveIT Pro wrote:
standard home user will not create file with trojan filename just to test RemoveIT Pro and it will not judge about some program if it has no experience in programs field

This signs your step: you take the users for stupid and you thus believe yourselves authorized to sell anything to them because they are inefficient! Beautiful mentality! There is more than 10 years that I communicate on the Net in order to inform the users and you come to preach the obscurantism and his commercial exploitation! I will not allow it to you.

RemoveIT Pro wrote:
you are not expert in antivirus field

Indeed! I am only 35 years old in the compiler, language and system theory. I do not even have 30 years of expertise and consultant in data processing and systems of organization. I was originator, leader projects and I directed teams of data-processing development during 30 years only just to kill time in front of the coffee machine. Assiste.com became the most important French-speaking resource in the world about computers security and privacy because I do not know what I am talking about... The co-optation of the site, the forum and myself within the ASAP (Alliance of Security Analysis Professionals) was undoubtedly done by inefficient notorious (and incidentally MVPs)

· I am thus smelled authorized to give an opinion on your product and on your total lack of expertise as regards antivirus scanners and, more generally, as regards informations systems security
· I feels a duty to communicate this judgement to the greatest number

RemoveIT Pro wrote:
please be so kind and remove your review

We will break there because there is nothing to wait nor to hear from somebody who do not want to defend his product when one gives him the opportunity to do that and which has for only one argument to throw to the face of its interlocutor a peremptory and final "you are not expert in antivirus" without the knowledge of which he has in front of him.

Cordially

Pierre Pinard
Assiste.com


Edited by Pierre (aka Terdef), 24 June 2007 - 04:45 AM.

Pierre (aka Terdef)
Assiste.com - ASAP
administrator
Computers security, Internet privacy and dirty tricks

#11 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Retired Staff
  • PipPipPipPipPip
  • 15,830 posts

Posted 24 June 2007 - 08:04 AM

Thank you for the update Pierre, it makes interesting reading, and only goes to confirm my origional suspicions of this product and its author.

Suzi, if you read this, another one for the Rogue/Suspect list possibly?
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.




Member of UNITE
Support SpywareInfo Forum - click the button