Disreputable anti-parasite software

Discussion in 'Computer Security' started by George Orwell, May 9, 2009.

  1. Stolen from what used to be on:

    Disreputable anti-parasite software

    Prevention > how to stay parasite-free Cures > reputable anti-parasite
    software Worse than disease > not-quite-so-reputable anti-parasite
    software Database > of known parasites Definition of terms > what’s
    targetted and why About this site > disclaimers, copyright, contact
    Links > other parasite sites Parasites < introduction and detector
    Non-recommended anti-parasite software

    * The backstabbers... * The unwanted... * The hypocrites... * The

    The issue of parasites, spyware and adware has received a lot of
    publicity recently. This has resulted in an explosion of anti-parasite
    tools, many of them incompetent or even outright harmful, often
    produced by the same kind of bandwagon-jumping ethics-free affiliate
    marketing firms that brought us the parasite problem in the first

    Such companies do not always have the talent to research malware,
    produce targeting databases and write removal software. So many of the
    programs are copies of other applications—either through licensing
    questionable databases and software sold on the open market from other
    companies, or in some cases simple code theft.

    Some companies do not even bother with the targeting database and just
    report completely bogus results. Either way, the result is typically a
    bunch of false positives coupled with a plea to spend money to remove

    And some supposed anti-parasite software actually does nothing of the

    Note: if you work for one of the companies whose software is listed
    here, and believe any of the information is inaccurate or misleading,
    please do get in touch and I will be happy to correct any mistakes
    and/or advise on how the problems might be ‘fixed’. The backstabbers

    Anti-parasite programs which themselves install parasites.

    All products from mynetprotector.com, including MyNetProtector
    Anti-Spyware, have been seen to install multiple parasites, typically
    BargainBuddy, Delfin, FavoriteMan/ATPartners, IEDriver, PurityScan/M2,
    TopText, webHancer, WildMedia/StatBlaster and the NetShagg parasite,
    which is controlled by SJB Enterprises—the company behind

    MyNetProtector Anti-Spyware also fails to detect any actual spyware;
    actually targets cookies, not parasites. Scumware Remover

    Scumware Remover (scumware-remover.org) masquerades as an anti-spyware
    application but is actually just a dropper for its author’s
    SmartestSearch parasite. SpySpotter

    SpySpotter (spyspotter.com) is an anti-spyware application from Oemtec
    Ltd (oemtec.com). It has been bundled with iMesh so is considered a
    parasite in its own right; when installed stand-alone, it also bundles
    Oemtec’s Oemji toolbar (oemji.com) parasite and PopupBlockade.

    The Oemji toolbar code is based on the ZipClix parasite, from MWorld
    Holdings, who also produce the Httper, PopupBlockade, and
    InternetWasher parasites and appear to be part of the same
    as Oemtec. Malwhere

    Malwhere (malwhere.com) is a process lister by Ran Geva/Softbulldog.
    Each running process is displayed, with known process-based threats
    highlighted (Malwhere does not detect other types of program). For
    unknown executable names it does a web search for information.

    Malwhere bundles the SaveNow/Save, ClockSync and Search parasites.
    Meanwhile other products from Softbulldog also install
    FavoriteMan, CommonName/InternetKeywords, BargainBuddy/URLCatcher and
    Delfin. UControl

    UControl is a spyware removal application from WhenU (whenu.com),
    into some versions of their SaveNow/Search parasite. It also bundles
    the SaveNow/Save parasite and ClockSync.

    UControl is based on the scanner from Aluria’s Spyware Eliminator,
    which is generally considered a reasonable anti-parasite program
    (though Aluria’s reputation in general has been harmed by the
    partnership with WhenU). SpyBan

    SpyBan (spyban.net) is an anti-spyware application from NicTech
    Networks (nictechnetworks.com), who also operate the
    system-destabilising and extremely difficult-to-remove Look2Me
    parasite. SpyBan installs Look2Me when loaded, which can then install
    other parasites.

    The SpyBan website has disappeared but the software is still available
    from some download sites. Terminexor

    Terminexor is a complete and unauthorised copy of the code of the free
    anti-parasite application Spybot Search&Destroy, with some of the
    strings in the executable file hacked to change the name.

    Terminexor is distributed by Flashpoint Media (flashpoint.bm) and
    silently bundles the FlashTrack/Xmod and BroadcastPC parasites, both
    which are operated by Flashpoint.

    Terminexor is believed no longer to be promoted. SpyAssault

    SpyAssault (spyassault.com) claims to be a spyware remover, but
    provides no such software. Instead, it installs the FavoriteMan/Ss32
    parasite. SpyAssault is controlled by Razor Media, the same company
    that operate this and some other variants of FavoriteMan, as well as
    the ClickTheButton, DailyWinner, SvcMM and WhileYouSurf parasites.

    SpyAssault is believed no longer to be operating. The unwanted

    Anti-parasite software that is unsolicited commercial software in its
    own right. VirtualBouncer

    VirtualBouncer (virtualbouncer.com) and its sister program
    by Spyware Labs (spywarelabs.com) have long been installed through
    drive-by-downloads and undisclosed bundling from other parasites,
    including some that are loaded by exploitation of Internet Explorer
    security holes.

    When loaded, VirtualBouncer opens repeated spyware warning dialogue
    boxes, demanding payment to remove what it says it has detected (which
    it refuses to divulge; probably nothing at all). WareOut

    WareOut (wareout.com) is a spyware removal application from ‘Coteco
    LLC’ which is installed silently by CoolWebSearch/msbho and other
    CWS-related IE security holes. Its scanner generates false positives
    and even installs fake spyware ‘threats’ of its own to ensure it can
    find something to ask for payment to remove.

    The server for WareOut—and its sister application PopClose
    (popclose.com) by ‘Rove Digital’—is hosted in a netblock at at EstHost
    (esthost.com, in the atrivo.net netblock), which also serves myriad
    hijacker sites, security hole exploits and blog-spammers connected to
    CoolWebSearch. It is in fact only one IP address away from the
    fastsearchweb.com group of hijackers that installs WareOut by security
    holes. For this reason it is believed that Coteco/Rove (who seem to
    have no other presence; Rove are not related to rovedigital.com) are
    simply another name for this CWS affiliate. SpyBlast

    SpyBlast (spyblast.com) is a supposed anti-spyware application from
    advertising.com, that opens pop-up ads.

    Installed by unrequested ActiveX drive-by-downloads and considered a
    parasite in its own right.

    SpyBlast is believed no longer to be operating. AdProtector

    AdProtector was a spyware remover from RedV (redv.net, formerly
    web3000.com) which useed RedV’s EasyInstall adware as the installer.
    RedV are now believed to be defunct. The hypocrites

    Anti-parasite software that is marketed by companies involved in
    writing, distributing or controlling parasites themselves.

    SpywareNuker (spywarenuker.com, nuker.com) and its variant pcOrion
    (pcorion.com) is a spyware remover application from TrekBlue
    (trekblue.com). TrekBlue, aka TrekData or Trek8 LLC, is a company
    formed by employees of Lions Pride Enterprises who didn’t leave to
    SJB Enterprises (operators of MyNetProtector and the Netshagg

    Lions Pride Enterprises themselves operated the wnad parasite. Trek8
    controlled and may still operate the InContext parasite (aka AdGoblin,
    adsincontext.com). Trek8 also owned BlueHavenMedia, who promote and
    distribute heavily parasite-infected downloadable applications such as
    Kazoom and ICQBoom. BHM is now operated by Software Delivery Systems,
    Inc (softwareds.com), whose current relationship with Trek8 is

    The original SpywareNuker application was a licensed clone of BPS
    Spyware Remover (bulletproofsoft.com), and had all the same problems
    (including using an unauthorized copy of the free anti-parasite
    application Spybot Search&Destroy’s targets database. The
    currently-available version SpywareNuker/pcOrion 2004/2005 is a
    complete rewrite and fixes these problems at least, however Trek8’s
    reputation remains deservedly tainted.

    SpywareNuker has also been widely promoted through spam.

    SpywareAvenger (spywareavenger.com) is a commercial-only spyware
    removal application from iDownload.com. iDownload control the
    Pugi/iSearch parasite, which they have installed through aggressive
    ActiveX drive-by downloader scripts and exploitation of Internet
    Explorer security holes. iDownload’s isearch.com is also the target of
    the ILookup/Hot parasite. MyPCTuneUp

    MyPCTuneUp (mypctuneup.com) is a site operated by DirectRevenue
    (direct-revenue.com) that offers to remove software by its
    ‘partner’—ie. the parasites written and controlled by DirectRevenue

    MyPCTuneUp removes variants of the Transponder parasite from Host and
    BI onwards, IPInsight and GrandStreet, but not before installing using
    the Transponder/Thinstaller, which leaks significant amounts of system
    information to its controlling server. JimmySurf

    JimmySurf (jimmysurf.com) is a commercial-only internet cleaner
    that now also claims to remove spyware. It is sold by Surf Protect
    aka ClickSpring LLC, who operate the MediaTickets and PurityScan
    parasites. Warnet

    Warnet is a commercial-only spyware remover from C2 Media, who operate
    the lop parasite. Believed no longer to be operating. Kill All

    Kill All Spyware (killallspyware.com) is a commercial-only spyware
    remover from Mainstream Dollars (mainstreamdollars.com), part of the
    iClicks Internet Inc group that signed the initial Ineb variant of
    ILookup and hosts many of its other variants.

    Kill All Spyware was promoted in adware links from ILookup. #1 Spyware

    #1 Spyware Killer (1spywarekiller.com) is a spyware remover
    from ‘Kitten Holding Corp’ (evilbucks.com). The whois information is
    again the same as that for many variants of ILookup, including
    ILookup/Waeb which has been seen to advertise it. SpywareHelp

    The SpywareHelp service promoted at spywarehelp.net is operated by
    Odysseus Marketing Inc (odysseusmarketing.com) who also control the
    ClientMan parasite. The dodgy dealers

    Anti-parasite software that is marketed abusively. SpyWiper

    SpyWiper and its variant SpyDeleter are commercial-only spyware
    removers operated by MailWiper (mailwiper.com). They are promoted
    through homepage-hijacking parasite installers loaded through IE
    security hole exploits by SmartBotPro (smartbot.net) sites.
    SpyWiper/SpyDeleter is believed no longer to be in operation.

    Rob Martinson (MailWiper), Sanford Wallace (SmartBotPro) and Walt
    (Odysseus Marketing) are closely connected, a trifecta of infamous
    old-school spammers. Ad-Eliminator

    Ad-Eliminator (ad-eliminator) and its successors Spy-Control
    (spy-control.com), SpyOut (spyout.net) and Ad-Protect (ad-protect.com;
    all variants have many, many alternative promotional site URLs) are
    spyware scanners from Global Entertainment Solutions (gesworld.com),
    Israeli marketing firm that normally sends spam promoting dodgy Green
    Card sites.

    Ad-Eliminator was promoted by an enormous and lengthy campaign of
    e-mail and Windows Messenger service spam advertising
    constantly-changing site addresses with misleading scare-tactics
    that spyware had been ‘detected’ on the receiver’s machine. A similar
    misleading spam campaign has also now started for Spy-Control.

    Additionally, the Spy-Control variant installs a search toolbar
    targeted at www.searchmeup.com, a site normally associated with
    CoolWebSearch hijackers.

    XoftSpy by Paretologic (paretologic.com): downloads promoted by the
    RichFind parasite.

    SpywareStormer (spywarestormer.com) by Error Guard (errorguard.com),
    Security IGuard (securityiguard.com) by Rex Services and PAL Spyware
    Remover from PAL Soloutions (palsol.com): widely promoted by some
    CoolWebSearch variants.

    BPS Spyware&Adware Remover (bulletproofsoft.com) uses an unauthorised
    copy of the database from the free anti-parasite application Spybot
    Search&Destroy. Adware Remover Gold (adwareremovergold.com) by
    Cyberheat Inc, as a licensed clone of BPS, is in the same situation.
    Adware Remover Gold is also advertised by e-mail spam.

    InterESoft NoSpyX (nospyx.com): commercial-only spyware remover also
    widely promoted by e-mail spam. Others

    There are dozens of other anti-parasite applications that either are
    marketed abusively or simply aren’t much good (usually both). Eric
    Howes maintains a comprehensive list of rogues at Spyware Warrior.

    Parasite home... CC

    Il mittente di questo messaggio|The sender address of this
    non corrisponde ad un utente |message is not related to a real
    reale ma all'indirizzo fittizio|person but to a fake address of an
    di un sistema anonimizzatore |anonymous system
    Per maggiori informazioni |For more info
    George Orwell, May 9, 2009
    1. Advertisements

  2. George Orwell

    me Guest

    me, May 10, 2009
    1. Advertisements

  3. Although mechanical examples of computers have existed throughout
    history, the first resembling a modern computer were developed in the
    mid-20th century,Although mechanical examples of computers have
    existed throughout history.{{http://farm3.static.flickr.com/
    Agile Consulting, May 13, 2009
  4. Elsewhere in our roundup Samsung's latest digital video camera has
    a function you don't often see on video cameras: time-lapse. And
    LG turns to wireless to ...{{http://farm3.static.flickr.com/
    Agile Consulting, May 13, 2009
  5. Technically, a computer is a programmable machine. This means it can
    execute a programmed list of instructions and respond to new
    instructions that it is given. Today, however, the term is most often
    used to refer to the desktop and laptop computers that most people use.
    Agile Consulting, May 13, 2009
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.