Curious - Can a CWS variant cause a virus alert?

  • Thread starter Thread starter Jan Il
  • Start date Start date
J

Jan Il

Hi all -

I'm curious about a situation that a poster stated in the following in
regards to a suggestion to use these programs to see if they would help
resolve their problem;

Quote/Except for CWShredder and Hijack This. I've received virus alerts
when downloading them, so will not use them./End quote

I am really surprised at this statement, as I have not heard or seen anyone
make such a statement, or that this might be possible by a variant of CWS.
Is this possible?

I'd truly appreciate any input on this issue.

Jan :)
 
It IS possible, depending on what AV the person is using. I can't give
an example of THAT particular issue but I have seen many virus removal
tools being detected as viruses or trojans by the Antivirus program made
by the same people as the removal tool. Sometimes (depending on the AV
scanner) it will detect elements that are common in trojans etc but
there IS such thing as a "good trojan".
Hope this helps to clarify,
sh4d03
 
sh4d03 said:
It IS possible, depending on what AV the person is using. I can't give
an example of THAT particular issue but I have seen many virus removal
tools being detected as viruses or trojans by the Antivirus program made
by the same people as the removal tool. Sometimes (depending on the AV
scanner) it will detect elements that are common in trojans etc but
there IS such thing as a "good trojan".
Click to expand...

I was just so surprised to hear this about these programs, it just caught me
off base.

Thank you for the clarification, I really appreciate it.

Jan :)
 
Hi all -

I'm curious about a situation that a poster stated in the following in
regards to a suggestion to use these programs to see if they would help
resolve their problem;

Quote/Except for CWShredder and Hijack This. I've received virus alerts
when downloading them, so will not use them./End quote

I am really surprised at this statement, as I have not heard or seen anyone
make such a statement, or that this might be possible by a variant of CWS.
Is this possible?

I'd truly appreciate any input on this issue.
Click to expand...

Scanner false alarm problems aren't all that rare. There have been
cases of one major product antivirus alerting on another. This occurs
because scanners use heuristics, and not just signatures. In general,
it's a good idea to take scanner alerts with a grain of salt. It's
never a good idea to set a scanner to delete files before you get a
chance to assess the situation. The use of more than one scanner for
"second opinions" is highly recommended.

Scanners will also misidentify sometimes, announcing malware X when
malware Y is actually present.

These false alarm and misidentification problems occur with both
Trojan and antivirus scanners.


Art
http://www.epix.net/~artnpeg
 
Hi Art -
Scanner false alarm problems aren't all that rare. There have been
cases of one major product antivirus alerting on another. This occurs
because scanners use heuristics, and not just signatures. In general,
it's a good idea to take scanner alerts with a grain of salt. It's
never a good idea to set a scanner to delete files before you get a
chance to assess the situation. The use of more than one scanner for
"second opinions" is highly recommended.

Scanners will also misidentify sometimes, announcing malware X when
malware Y is actually present.

These false alarm and misidentification problems occur with both
Trojan and antivirus scanners.
Click to expand...

I know there are possibilities of AV's giving false alerts to existing files
on the machine, and some types of general programs during download, but, I
had not heard of anything regarding these programs during downloading. The
poster did not state what AV they were using, so it will be interesting to
see which one he has and which site he was downloading from. As you no
doubt are aware, there is a program out called SpyBlaster claiming to help
keep crud off the system, and when you click the link it leads back to
'SpywareBlaster'. But, it is from various links. I found that very
suspicious. Maybe I'm just a Nervous Nell, but, when something named that
close to a legitimate and well known and trusted program, has several
different links that go to the SpywareBlaster home page, I tend to be wary
of the links.

Thank you very much for the additional information, I really appreciate it.

Jan :)
 
I know there are possibilities of AV's giving false alerts to existing files
on the machine, and some types of general programs during download, but, I
had not heard of anything regarding these programs during downloading. The
poster did not state what AV they were using, so it will be interesting to
see which one he has and which site he was downloading from. As you no
doubt are aware, there is a program out called SpyBlaster claiming to help
keep crud off the system, and when you click the link it leads back to
'SpywareBlaster'. But, it is from various links. I found that very
suspicious. Maybe I'm just a Nervous Nell, but, when something named that
close to a legitimate and well known and trusted program, has several
different links that go to the SpywareBlaster home page, I tend to be wary
of the links.
Click to expand...

Is this the SpywareBlaster you mean?:

http://www.javacoolsoftware.com/

If so, it seems from the description that it's aimed primarily at IE
users having activex enabled <shudder>. It allegedly blocks spyware
from being downloaded for such high risk and unknowledgeable users.

Programs like that are unnecessary when Mozilla or one of its cousins
is used in place of IE. Gone then is all the nervousness about links,
etc.
Thank you very much for the additional information, I really appreciate it.
Click to expand...

You're wecome.


Art
http://www.epix.net/~artnpeg
 
Is this the SpywareBlaster you mean?:

http://www.javacoolsoftware.com/

If so, it seems from the description that it's aimed primarily at IE
users having activex enabled <shudder>. It allegedly blocks spyware
from being downloaded for such high risk and unknowledgeable users.

Programs like that are unnecessary when Mozilla or one of its cousins
is used in place of IE. Gone then is all the nervousness about links,
etc.
Click to expand...

I continue to use SpywareBlaster as it prevents tracking cookies
in Mozilla/Firefox. Between my HOSTS, SpywareBlaster and WinPatrol,
Adaware never finds anything.
You're wecome.

Art
http://www.epix.net/~artnpeg
Click to expand...

BoB
 
I continue to use SpywareBlaster as it prevents tracking cookies
in Mozilla/Firefox. Between my HOSTS, SpywareBlaster and WinPatrol,
Adaware never finds anything.
Click to expand...

I like to run lean and mean without all kinds of useless
encumberances. AdAware/Spybot never find anything on my PC either
except maybe new tracking cookies. My autoexec.bat file is set to
clean out various cache and temp folders, including cookies (which are
harmless anyway).

..
Art
http://www.epix.net/~artnpeg
 
Is this the SpywareBlaster you mean?:

http://www.javacoolsoftware.com/
Click to expand...

No, I have SpywareBlaster, and I know it is a good app, the one I am not
sure of why it is doing what it's doing is this one.

http://www.ryckz.com/

Here it is promoted the same as SpywareBlaster, and when you click the link
it takes you to the SpywareBlaster home page. While it does lead to the
SpywareBlaster home page, which is a legitimate program, it is from
questionable sites first. Perhaps it is legit. I dunno, we have not found
anything on it yet. As it has the similar name and promotion exactly as
SpywareBlaster, which in the end, it is, is very confusing to people who are
not that computer savvy. This is how my elderly cousin wound up buying
SpyHunter, which really did a number on his system, instead of getting
SpywareHunter. Guess I'm just more alert to same looking or sounding names
these days. So to me, this one looks suspect.

Thank you for the update and additonal information.

Jan :)
 
I like to run lean and mean without all kinds of useless
encumberances. AdAware/Spybot never find anything on my PC either
except maybe new tracking cookies. My autoexec.bat file is set to
clean out various cache and temp folders, including cookies (which are
harmless anyway).

Art
http://www.epix.net/~artnpeg
Click to expand...

Available space on drive C: 34935MB of 38152MB (FAT32). I strive
to be lean and mean here too. Monthly defrag takes only minutes.

1,234MB of used space is backup material, so less than 2gig is
actually programs and data. A small removable HD stores another
copy of backup data.

BoB
 
No, I have SpywareBlaster, and I know it is a good app, the one I am not
sure of why it is doing what it's doing is this one.

http://www.ryckz.com/

Here it is promoted the same as SpywareBlaster, and when you click the link
it takes you to the SpywareBlaster home page. While it does lead to the
SpywareBlaster home page, which is a legitimate program, it is from
questionable sites first. Perhaps it is legit. I dunno, we have not found
anything on it yet. As it has the similar name and promotion exactly as
SpywareBlaster, which in the end, it is, is very confusing to people who are
not that computer savvy. This is how my elderly cousin wound up buying
SpyHunter, which really did a number on his system, instead of getting
SpywareHunter. Guess I'm just more alert to same looking or sounding names
these days. So to me, this one looks suspect.

Thank you for the update and additonal information.

Jan :)
Click to expand...

Just my 2¢, but http://www.ryckz.com/ looks like the usual
personal web page recommending many of the malware detection
programs recommended in these NGs. Google's reference to it
is buried several pages down.

BoB
 
BoB said:
Just my 2¢, but http://www.ryckz.com/ looks like the usual
personal web page recommending many of the malware detection
programs recommended in these NGs. Google's reference to it
is buried several pages down.
Click to expand...

I realize that this does appear legitimate, I don't disagree with that, my
care, for lack of a better word at the moment, is that too many similar and
confusing names are coming out of the woodwork, and many of them are /not/
legitimate, and they are very misleading. I am seeing and hearing about a
lot of people being duped into clicking on what /appears/ to be a legitimate
site, then getting waylaid by a deceptive link on that site that appears to
be legitimate. There was a case here not long ago that I wondered about. A
poster said that when then downloaded Adaware or SpyBot, I don't recall at
the moment, he got a virus/worm/bug, etc a nasty. It seemed really out in
left field, and I don't remember if anyone asked where he downloaded it
from, or if he said. That's sort of the area I am curious about I guess.
Not the message that I question so much, but, how legit is the messenger?

Jan :)
 
Back
Top