General Question

[R. McCarty]

I'm pretty satisfied with Microsoft Anti-Spyware, but have a
question. I use most all the standard tools/programs - sort of
a cross-check on each other. Occasionally, one of the tools
will pick up something the others do not. Specifically, I've run
Webroot's Spy Audit. It continuously says that my PC has an
instance of "ABetterInternet". However, all the other tools that
claim to detect it don't pick it up. Is there some singular site
that has Spyware listings where a user can do some manual
checking for the presence of Spyware/Malware ? or decide it
is just a "False Positive".

Specifically I use & run:
(1.) Microsoft AntiSpyware (Daily Scan)
(2.) AdAware 1.06 (Weekly)
(3.) SpyBot 1.04 (Weekly)
(4.) SpyAudit 4.0 (Weekly)
(5.) SpySubtract (Weekly)

On-Line Scans:
(1.) ZoneAlarm Cookie Scanner (Weekly)
(2.) CA's PestScan (Weekly)
(3.) Panda On-Line Scan (Occassionally)
(4.) Trend-Mirco's Scan (Occasionally)

My system is pretty locked down with eTrust 7, ZA Free &
a number of IE Zone changes, but this stuff changes so often
that you can't ever get too confident you're protected.

 

[Steve Wechsler [MVP]]

R. McCarty,

Specifically, what location is ABetterInternet being detected in ?
Have you tried AdAware's VX2 plugin ? :
http://www.lavasoft.nu/software/addons/vx2cleaner.shtml

Steve Wechsler (akaMowGreen)
MS-MVP 2004-2005
==============
*-343-* FDNY
Never Forgotten
===============

 

[R. McCarty]

Yes, I read a number of forum postings to get a handle on it.
One recommended the VX2 Plug-in & I did run it and it said
the system was clean of it.
That's the problem with some of these tools, they pick up or
find items but offer no cleaning facility.Maybe it is just a false
positive. I would prefer to use just one or two products and
not have to constantly update definitions & engines.
The Spy Audit tool only identifies it as AdAware, but won't
give any details as to modules or Registry keys. It's the first
time I've tried something from WebRoot - supposedly their
stuff get high marks. This Spyware stuff is like untangling
Christmas Tree lights.

 

[Bill Sanderson]

Good question--and not an easy one to answer. So here's my answer, fwiw:

To answer this you need to know the details of what the other product is
detecting as present. Then you need to compare those details with someones
listing of what constitutes the threat in question.

Since there's no agreed upon definition of spyware, this isn't easy to do.

I used to go by Sunbelt's threat listings, since they are published, and
sometimes have some detail. If a threat is covered by the established
antivirus vendors, their published information will sometimes include enough
detail that you can decide whether what is being called out by the other
product is sufficient to be worried about.

Since the current trend seems to be to conceal this information, or treat it
as an important trade secret rather than publish it publicly, there's a real
problem in trying to get clear information about a given threat. Even in
the case of true viruses, where there's general agreement about the
definition--the naming issue can make this process difficult.

So--at this point, I'd look hard at the details of what is detected, if you
can find that information. If you can't, I'm not sure that the detection is
worth bothering with. If you get details, the next question is whether what
is detected is sufficent to constitute something "live"--i.e. is there
executable code in addition to an ini file or a registry entry. However,
even if all there is is a registry entry, it might be that the executable is
new enough not to be detected, so we can't feel safe.

There just isn't any hard and fast rule, I think. You want to be sure that
what is being flagged is not a false positive, and that it isn't some
harmless remnant of some past event which a cleaner might have missed.

My understanding is that there is some effort now being made to create a
broader industry association whcih might giive some commonality to the
definition of spyware, but whether this will result in anyplace we can look
such things up, and when, seems very unclear.

For now there's Google, and the attendant difficulty of trying to interpret
what you find into something useful. That and using the best tools you can
find reference to, for a given threat, and trusting those tools.

--

 

[blkwlnt64]

Mr McCarty, Dollars to donuts what it is finding is an
entry in your Favorites file that you saved which had
instructions on how to get rid 'abetterinternet'
and 'abetterinternet' was mentioned in the title. I have
had this happen to me several times and all were 'false
positives'. >-
----Original Message-----