Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

Webhelper Review: XOFTSPY
Goto page 1, 2  Next
 
Post new topic   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Anti-Spyware and Security Software Discussion
View previous topic :: View next topic  
Author Message
webhelper
SWW Expert


Joined: 11 Apr 2004
Last Visit: 16 Jul 2011
Posts: 1090

PostPosted: Sat Apr 17, 2004 11:39 pm    Post subject: Webhelper Review: XOFTSPY Reply with quote

I have installed xoftspy and reviewed it. Here is my findings and what my thoughts are

1. PARETOLOGIC is the website the software is installed from. However, any business IMO that registers their site under Domains By Proxy in order to keep their true identity a secret is not a company I want to give money to.

2. The site is big on ad hype and getting affiliates to sell for them.

3. Domain names that are advertising the xoftpsy are the same that I was collecting about 3 weeks ago and then they were advertising the Spyhunter.

4. The sites below are all registered under Domains By Proxy so the real owners are not shown. The IP's show they are either one or more virutal servers that can have multiple domain names per 1 IP address.

Bottom Line: Would you give your money to someone who you cannot find out about. There is no statements of who or how the reference file of adware is updated. And like any Pyramid scheme, the main push is to get affiliates to sell for you, so much of the ad hype is directed in that area instead of supporting the end user that buys the software.

IMO: This is a scam.


Whois:

Quote:

PARETOLOGIC
Domains by Proxy, Inc.
15111 N Hayden Rd., Suite 160
PMB353
Scottsdale, Arizona 85260
United States
Registered through: GoDaddy.com
Domain Name: PARETOLOGIC.COM
Created on: 17-Dec-03
Expires on: 17-Dec-04
Last Updated on: 22-Feb-04
Administrative Contact:
Private, Registration PARETOLOGIC.COM@domainsbyproxy.com
Domains by Proxy, Inc.
15111 N Hayden Rd., Suite 160
PMB353
Scottsdale, Arizona 85260
United States
(480) 624-2599 Fax --
Technical Contact:
Private, Registration PARETOLOGIC.COM@domainsbyproxy.com
Domains by Proxy, Inc.
15111 N Hayden Rd., Suite 160
PMB353
Scottsdale, Arizona 85260
United States
(480) 624-2599 Fax --
Domain servers in listed order:
NS.RACKSPACE.COM
NS2.RACKSPACE.COM


Sites found:


ParetoLogic.com:69.20.65.22

deletespyware.net:207.44.218.12
spybot-spyware.com:207.44.204.85
removespyware.net:207.44.204.85
trojan-scan.com:207.44.204.85
1spybot.com:207.44.204.85
softwho.com:207.44.204.85

spy-bot.net:209.170.32.21
spyware-detection.net:209.170.32.21
adwares.net:209.170.32.21

downloadspybot.com:209.170.32.71
no-spybot.com:209.170.32.71
spybot-download.com:209.170.32.71
spybotsearch.com:209.170.32.71

eshopnetworks.com:209.170.32.71


Also Altavista.com search for spybots&d returns the following:

Sponsored Matches About Become a sponsor
Spyware and Adware Scanner
Detect and remove harmful spyware and adware applications.
Also detects trojans, spybot spyware, malware and malicious PC worms.
Protect your PC. Download now for free. Partner.
1spybot.com


webhelper
_________________
Wächter der Geschichten:
http://www.webhelper4u.com/thewatcher.html
Member of ASAP Since 2004
Back to top
View user's profile Send private message Visit poster's website
CalamityKen
Warrior Addict


Joined: 06 Mar 2004
Last Visit: 26 Aug 2004
Posts: 611
Location: Ont. Canada

PostPosted: Sun Apr 18, 2004 12:23 am    Post subject: Reply with quote

Will be in hpHOSTS file.
_________________
Install IE-SPYAD and SpywareBlaster updated regularly available in the following links .
How did I get infected? http://boards.cexx.org/viewtopic.php?t=957
Calendar Of Updates http://www.dozleng.com/updates/index.php?&act=calendar
member
Back to top
View user's profile Send private message
Nick
Site Admin


Joined: 27 Feb 2004
Last Visit: 15 Jul 2014
Posts: 3913
Location: California

PostPosted: Fri Apr 30, 2004 11:10 pm    Post subject: Reply with quote

Can't believe I missed this on our own forum when looking for xoftspy info.

Anyways, another bad antispyware program to avoid.
Back to top
View user's profile Send private message
wawadave
Warrior Obsessed


Joined: 25 Jan 2004
Last Visit: 24 Jul 2009
Posts: 3448
Location: Illegitimus non carborundum

PostPosted: Sat May 01, 2004 8:27 am    Post subject: Reply with quote

bold little pricks arn,t they.
_________________
RFID tags! SPYWARE
Tired of proprietary Cor-pirationware?
http://www.openoffice.org/
Installing Vista http://tinyurl.com/2l9qyd
Back to top
View user's profile Send private message Send e-mail Visit poster's website
srdiamond15
Newbie


Joined: 29 May 2004
Last Visit: 30 May 2004
Posts: 1

PostPosted: Sat May 29, 2004 11:03 am    Post subject: More on Xoft Spy Reply with quote

When you run the program, it returns a phony list of severe threats to alarm the user.
_________________
Stephen R Diamond
Back to top
View user's profile Send private message
iceblue
Warrior Guru


Joined: 18 Jan 2004
Last Visit: 11 Apr 2006
Posts: 392
Location: Sydney

PostPosted: Sat May 29, 2004 12:07 pm    Post subject: Reply with quote

I wondered if that list was always the same,
or had a limited range...etc
If you have a copy of the output available, post it up,
(or screenshot?)

Ice
_________________
Smile Travel safely ! Smile
Back to top
View user's profile Send private message
webhelper
SWW Expert


Joined: 11 Apr 2004
Last Visit: 16 Jul 2011
Posts: 1090

PostPosted: Sat May 29, 2004 8:11 pm    Post subject: Reply with quote

Ok..this is going to be in 2 parts. The first the xoftpsy log then my AAW log. At any given time I have installed one of the Transponder variants for study. This one is the twaintech.dll and all its components.
I do have folder excluded as I have over 650 adware/spyware objects I keep for study..

There is one entry in the xoftspy log that could get a user in trouble:
10) SaveNow
Name: C:\WINNT\system32\vbar332.dll

Here is the properties of this file:
-- Version --------------------------------------------------------
File version: 3.0.6908
Company name: Microsoft Corporation
Internal name: VBAR332.DLL
Comments:
Legal copyright: Copyright İ Microsoft Corp. 1993-1996
Legal trademarks:
Original filename: VBAR332.DLL
Product name: Microsoft Visual Basic for Applications
Product version: 3.0
File description: Visual Basic for Applications Runtime - Expression Service

Xoftspy log:

Quote:

Starting Scanning (Smart Scan Mode)
Scanning running processes.
1) : C:\Program Files\XoftSpy\XoftSpy.exe
2) : System
3) : SMSS.EXE
4) : CSRSS.EXE
5) : WINLOGON.EXE
6) : SERVICES.EXE
7) : LSASS.EXE
8) : svchost.exe
9) : CCSETMGR.EXE
10) : CCEVTMGR.EXE
11) : spoolsv.exe
12) : CCPROXY.EXE
13) : svchost.exe
14) : NAVAPSVC.EXE
15) : regsvc.exe
16) : SAVSCAN.EXE
17) : mstask.exe
18) : stisvc.exe
19) : symlcsvc.exe
20) : vsmon.exe
21) : WinMgmt.exe
22) : svchost.exe
23) : C:\WINNT\Explorer.EXE
24) : zlclient.exe
25) : C:\Program Files\Common Files\Symantec Shared\ccApp.exe
26) : C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
27) : C:\Program Files\Common Files\symantec shared\CCLGVIEW.EXE
28) : C:\Program Files\Internet Explorer\iexplore.exe
29) : C:\WINNT\system32\NOTEPAD.EXE
30) : C:\Program Files\Microsoft Office\Office\WINWORD.EXE
31) : C:\WINNT\system32\NOTEPAD.EXE
32) : C:\Program Files\Internet Explorer\iexplore.exe
33) : C:\Program Files\TechSmith\SnagIt 6\SnagIt32.exe
34) : C:\Program Files\Softnik Technologies\Whois View\whoisview.exe
35) : C:\Program Files\Blighty Design\spade.exe
36) : C:\Program Files\XoftSpy\XoftSpy.exe
1) Alexa
Name: SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Type: Registry Key
2) Kontiki
Name: Software\Kontiki
Type: Registry Key
3) MSView
Name: TypeLib\{690BCCB4-6B83-4203-AE77-038C116594EC}
Type: Registry Key
4) SahAgent
Name: Software\WinSock2
Type: Registry Key
5) StopPop
Name: Interface\{4534CD6B-59D6-43FD-864B-06A0D843444A}
Type: Registry Key
6) VX2.BetterInternet
Name: vx2.vx2obj
Type: Registry Key
7) VX2.BetterInternet
Name: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{30000273-8230-4DD4-BE4F-6889D1E74167}
Type: Registry Key
8) Winpup32
Name: Interface\{48E59291-9880-11CF-9754-00AA00C00908}
Type: Registry Key
9) Winpup32
Name: Interface\{48E59292-9880-11CF-9754-00AA00C00908}
Type: Registry Key
10) SaveNow
Name: C:\WINNT\system32\vbar332.dll
Type: File
11) NavExcel
Name: C:\Program Files\NavExcel
Type: Folder
12) NavExcel
Name: C:\Program Files\NavExcel\NavHelper
Type: Folder
Scan Finished


AAW Log:
Quote:

Lavasoft Ad-aware Professional Build 6.181
Logfile created on:Saturday, May 29, 2004 11:49:26 PM
Using reference file:01R311 27.05.2004
______________________________________________________

Reffile status:
=========================
Reference file loaded:
Reference Number : 01R311 27.05.2004
Internal build : 243
File location : C:\Program Files\Lavasoft\Ad-aware 6\reflist.ref
Total size : 1172560 Bytes
Signature data size : 1152893 Bytes
Reference data size : 19603 Bytes
Signatures total : 25723
Target categories : 10
Target families : 487

Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Non Intel
Memory available:11 %
Total physical memory:253424 kb
Available physical memory:27052 kb
Total page file size:612468 kb
Available on page file:324248 kb
Total virtual memory:2097024 kb
Available virtual memory:2046780 kb
OS:Windows 2000

Ad-aware Settings
=========================
Set : Activate in-depth scan
Set : Safe mode (always request a confirmation)
Set : Skip non executable files
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry
Set : Scan my IE Favorites for banned sites
Set : Scan within archives
Set : Scan my Hosts file


05-29-2004 11:49:26 PM - Scan started. (Smart mode)

Listing running processes
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ThreadCreationTime : 05-29-2004 10:14:43 PM
BasePriority : Normal

#:2 [winlogon.exe]
FilePath : \??\C:\WINNT\system32\
ThreadCreationTime : 05-29-2004 10:14:58 PM
BasePriority : High

#:3 [services.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 05-29-2004 10:15:02 PM
BasePriority : Normal

#:4 [lsass.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 05-29-2004 10:15:02 PM
BasePriority : Normal

#:5 [svchost.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 05-29-2004 10:15:18 PM
BasePriority : Normal

#:6 [ccsetmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ThreadCreationTime : 05-29-2004 10:15:22 PM
BasePriority : Normal

#:7 [ccevtmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ThreadCreationTime : 05-29-2004 10:15:28 PM
BasePriority : Normal

#:8 [spoolsv.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 05-29-2004 10:15:40 PM
BasePriority : Normal

#:9 [ccproxy.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ThreadCreationTime : 05-29-2004 10:15:42 PM
BasePriority : Normal

#:10 [svchost.exe]
FilePath : C:\WINNT\System32\
ThreadCreationTime : 05-29-2004 10:15:43 PM
BasePriority : Normal

#:11 [navapsvc.exe]
FilePath : C:\Program Files\Norton Internet Security\Norton AntiVirus\
ThreadCreationTime : 05-29-2004 10:15:44 PM
BasePriority : Normal

#:12 [regsvc.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 05-29-2004 10:15:49 PM
BasePriority : Normal

#:13 [savscan.exe]
FilePath : C:\Program Files\Norton Internet Security\Norton AntiVirus\
ThreadCreationTime : 05-29-2004 10:15:53 PM
BasePriority : Normal

#:14 [mstask.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 05-29-2004 10:15:57 PM
BasePriority : Normal

#:15 [stisvc.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 05-29-2004 10:16:02 PM
BasePriority : Normal

#:16 [symlcsvc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\CCPD-LC\
ThreadCreationTime : 05-29-2004 10:16:05 PM
BasePriority : Normal

#:17 [vsmon.exe]
FilePath : C:\WINNT\system32\ZoneLabs\
ThreadCreationTime : 05-29-2004 10:16:08 PM
BasePriority : Normal

#:18 [winmgmt.exe]
FilePath : C:\WINNT\System32\WBEM\
ThreadCreationTime : 05-29-2004 10:16:26 PM
BasePriority : Normal

#:19 [svchost.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 05-29-2004 10:16:27 PM
BasePriority : Normal

#:20 [explorer.exe]
FilePath : C:\WINNT\
ThreadCreationTime : 05-29-2004 10:19:54 PM
BasePriority : Normal

#:21 [zlclient.exe]
FilePath : C:\PROGRA~1\ZONELA~1\ZONEAL~1\
ThreadCreationTime : 05-29-2004 10:20:07 PM
BasePriority : Normal

#:22 [ccapp.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ThreadCreationTime : 05-29-2004 10:20:08 PM
BasePriority : Normal

#:23 [naturalcolorload.exe]
FilePath : C:\Program Files\SEC\Natural Color\
ThreadCreationTime : 05-29-2004 10:20:13 PM
BasePriority : Normal

#:24 [cclgview.exe]
FilePath : C:\Program Files\Common Files\symantec shared\
ThreadCreationTime : 05-29-2004 10:22:18 PM
BasePriority : Normal

#:25 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ThreadCreationTime : 05-29-2004 10:28:40 PM
BasePriority : Normal

#:26 [notepad.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 05-29-2004 10:29:44 PM
BasePriority : Normal

#:27 [winword.exe]
FilePath : C:\Program Files\Microsoft Office\Office\
ThreadCreationTime : 05-29-2004 10:29:53 PM
BasePriority : Normal

#:28 [notepad.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 05-29-2004 10:53:33 PM
BasePriority : Normal

#:29 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ThreadCreationTime : 05-29-2004 11:10:58 PM
BasePriority : Normal

#:30 [snagit32.exe]
FilePath : C:\Program Files\TechSmith\SnagIt 6\
ThreadCreationTime : 05-29-2004 11:24:36 PM
BasePriority : Normal

#:31 [whoisview.exe]
FilePath : C:\Program Files\Softnik Technologies\Whois View\
ThreadCreationTime : 05-29-2004 11:26:48 PM
BasePriority : Normal

#:32 [spade.exe]
FilePath : C:\Program Files\Blighty Design\
ThreadCreationTime : 05-29-2004 11:31:56 PM
BasePriority : Normal

#:33 [wordpad.exe]
FilePath : C:\Program Files\Windows NT\Accessories\
ThreadCreationTime : 05-30-2004 3:45:55 AM
BasePriority : Normal

#:34 [filealyzer.exe]
FilePath : C:\Program Files\PepiMK Software\FileAlyzer\
ThreadCreationTime : 05-30-2004 3:47:36 AM
BasePriority : Normal

#:35 [notepad.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 05-30-2004 3:47:53 AM
BasePriority : Normal

#:36 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-aware 6\
ThreadCreationTime : 05-30-2004 3:49:00 AM
BasePriority : Normal

Memory scan result:
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects: 0
Objects found so far: 0


Started registry scan
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

StopPop Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : Interface\{4534CD6B-59D6-43FD-864B-06A0D843444A}


VX2.BetterInternet Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{000020DD-C72E-4113-AF77-DD56626C6C42}


VX2.BetterInternet Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Code Store Database\Distribution Units\{30000273-8230-4DD4-BE4F-6889D1E74167}


VX2.BetterInternet Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\twaintec


VX2.BetterInternet Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : TwaintecDll.TwaintecDllObj.1


VX2.BetterInternet Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : TypeLib\{690BCCB4-6B83-4203-AE77-038C116594EC}


VX2.BetterInternet Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : vx2.vx2obj


Registry scan result:
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects: 7
Objects found so far: 7


Started deep registry scan
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

VX2.BetterInternet Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000020DD-C72E-4113-AF77-DD56626C6C42}


Deep registry scan result:
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects: 1
Objects found so far: 8


ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

Tracking Cookie Object recognized!
Type : File
Data : administrator@atdmt[2].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Administrator\Cookies\


Tracking Cookie Object recognized!
Type : File
Data : administrator@clickagents[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Administrator\Cookies\


Tracking Cookie Object recognized!
Type : File
Data : administrator@fastclick[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Administrator\Cookies\


Tracking Cookie Object recognized!
Type : File
Data : administrator@server.iad.liveperson[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Administrator\Cookies\


Tracking Cookie Object recognized!
Type : File
Data : administrator@tmpad[1].txt
Category : Data Miner
Comment : www.searchtraffic.com
Object : C:\Documents and Settings\Administrator\Cookies\


Tracking Cookie Object recognized!
Type : File
Data : administrator@trafficmp[2].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Administrator\Cookies\

ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ


Deep scanning and examining files (C:)
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ


Scanning Hosts file..(C:\WINNT\system32\drivers\etc\hosts)
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

Hosts file scan result:
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
0 entries scanned.
New objects:0

Objects found so far: 14




Performing conditional scans
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

VX2.BetterInternet Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\twaintec


VX2.BetterInternet Object recognized!
Type : Folder
Category : Data Miner
Comment :
Object : c:\documents and settings\administrator\favorites\AT-Games


VX2.BetterInternet Object recognized!
Type : File
Data : dummy.htm
Category : Data Miner
Comment :
Object : c:\docume~1\admini~1\locals~1\temp\


VX2.BetterInternet Object recognized!
Type : File
Data : twaintec.ini
Category : Data Miner
Comment :
Object : c:\docume~1\admini~1\locals~1\temp\


VX2.BetterInternet Object recognized!
Type : File
Data : twtini.cab
Category : Data Miner
Comment :
Object : c:\docume~1\admini~1\locals~1\temp\


VX2.BetterInternet Object recognized!
Type : File
Data : twtini.inf
Category : Data Miner
Comment :
Object : c:\docume~1\admini~1\locals~1\temp\


VX2.BetterInternet Object recognized!
Type : File
Data : payload2.inf
Category : Data Miner
Comment :
Object : c:\winnt\inf\


VX2.BetterInternet Object recognized!
Type : File
Data : twtini.inf
Category : Data Miner
Comment :
Object : c:\winnt\inf\


VX2.BetterInternet Object recognized!
Type : File
Data : twaintec.dll
Category : Data Miner
Comment :
Object : c:\winnt\


VX2.BetterInternet Object recognized!
Type : File
Data : twaintec.ini
Category : Data Miner
Comment :
Object : c:\winnt\


Conditional scan result:
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects: 10
Objects found so far: 24


Reanalyzing Scan result...
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
The following objects have been removed from the result list:
c:\documents and settings\administrator\favorites\AT-Games


11:55:55 PM Scan complete

Summary of this scan
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
Total scanning time:00:06:28:318
Objects scanned:53197
Objects identified:24
Objects ignored:2
New objects:22


_________________
Wächter der Geschichten:
http://www.webhelper4u.com/thewatcher.html
Member of ASAP Since 2004
Back to top
View user's profile Send private message Visit poster's website
webhelper
SWW Expert


Joined: 11 Apr 2004
Last Visit: 16 Jul 2011
Posts: 1090

PostPosted: Sat May 29, 2004 8:15 pm    Post subject: Reply with quote

The following is all known Transponder files. Everyone is detected and cleaned by Adaware as I have personally installed, studied and submitted them for inclusion into the ref updates:

voiceip.cab
voiceip.dll
voiceip.inf
Belt.cab
Belt.exe
Belt.inf
Belt.ini
bi_prob.exe
biC.inf
Bi.dll
bi.ini
bi4.exe (self extracting)
bi4.inf
bi5.cab
bi5.exe (same as bi5.cab)
bi7.inf
bi9.cab
bi9.exe (same as bi9.cab)
bi9.inf
biini.inf
biJ.exe (self extracting)
biJ.inf
biK.cab
bik.exe (Same as bik.cab)
biK.inf
biini.cab
biini.inf
biini.ini
biK.exe (self extracting)
biK.ini
biK.inf
biO.cab (contains bi.dll, biO.inf, preInsBI.exe)
biO.exe
biO.inf
bi_reco.exe
preInsBI.exe
Biprep.exe
twaintech.dll
twaintech.ini
twtini.ini
tt_unadd.ini
tt_unadd.inf
tt_unadd.cab
bi_unadd.cab
bi_unadd.inf
bi_unadd.ini
Detected by adaware as clickalchemy
alchem.cab
alchem.exe
alchem.inf
alchem.ini
mxTarget.cab
mxTarget.dll
mxTarget.inf
mxtarget.ini
mxtini.cab
mxtini.inf
preInsMt.exe
tt_reco.exe (This is the one that removes all twaintech registry entries)
This variant like the bi and twaintech also use the offeroptimizer ad server for the
popup ads to users computers

wsebate2.exe (ebates)
lot64106.exe (Group Lotto Ads)
***************
_________________
Wächter der Geschichten:
http://www.webhelper4u.com/thewatcher.html
Member of ASAP Since 2004
Back to top
View user's profile Send private message Visit poster's website
wawadave
Warrior Obsessed


Joined: 25 Jan 2004
Last Visit: 24 Jul 2009
Posts: 3448
Location: Illegitimus non carborundum

PostPosted: Sat May 29, 2004 9:24 pm    Post subject: Reply with quote

thx webhelper for the update! Smile
_________________
RFID tags! SPYWARE
Tired of proprietary Cor-pirationware?
http://www.openoffice.org/
Installing Vista http://tinyurl.com/2l9qyd
Back to top
View user's profile Send private message Send e-mail Visit poster's website
adwarereport
Newbie


Joined: 01 Jun 2004
Last Visit: 28 Jul 2004
Posts: 7

PostPosted: Tue Jun 01, 2004 8:45 am    Post subject: Reply with quote

Hi everyone,

I'm the admin of http://www.adwarereport.com.

Until recently, I had XoftSpy listed as a rogue product. Two days ago, however, ParetoLogic has sent me reasonable answers for the objections that have been raised here and on other blogs/forums.

The full text of their response can be found at http://www.adwarereport.com/mt/archives/000004.html. I welcome your thoughts and comments.

-Rich
Back to top
View user's profile Send private message
iceblue
Warrior Guru


Joined: 18 Jan 2004
Last Visit: 11 Apr 2006
Posts: 392
Location: Sydney

PostPosted: Tue Jun 01, 2004 3:46 pm    Post subject: Reply with quote

Gday, Rich,

Thanks for your input into this.
We wouldn't want to brand any legit software as rogue,
and will of course have a closer look into this.

Maybe they have simply made some poor choices in their affiliate program and partnerships.
The trouble is when you run with the pack, you get branded a wolf.

I did notice that they didn't exactly nail down the details to some of their own questions
in the response to you, although there were lots of nice things in it.
Their treatment of the spybot issue is clearly suspect.
One thing I noticed, was that it was not signed.
Do you know any of these people or have any details of individuals to contact?

And their app doesn't appear to be picking up the parasite levels anywhere near where it should be. hmmm….

and then there are reports like this from trusted sources..


http://forums.net-integration.net/index.php?showtopic=13938&view=findpost&p=67701
Quote:
The name of the actual application is XSOFTSPY by ParetoLogic. They are clearly using a deceptive method of attracting customers by using spybot name. I also installed and scanned with the application. The fact it found spyware on my comp when I know absolutely none exisits really ticks me off. It logs that it found coolwebsearch, alexa, purityscan, gohip and lop on my comp. Give me a break. Those have never been on this comp...ever....and they were not found by Spybot, Ad-aware, CWShredder, or HijackThis, nor can I find the referred to registry keys or files it identifies on my comp.

Then it won't let you clean what it allegedly found unless you pay $39.95 for the registration code.


That's as of April 23. I see no reason to reconsider the rogue brand at the moment,
and I hope you find this quick assessment reasonable as well,
but let me know your thoughts.

In this game, where's there is smoke - there is usually fire,
and time will always tell.


Ice
_________________
Smile Travel safely ! Smile
Back to top
View user's profile Send private message
nomorespyware
Warrior Sleuth Expert


Joined: 19 Jan 2004
Last Visit: 04 Feb 2007
Posts: 219

PostPosted: Tue Jun 01, 2004 5:49 pm    Post subject: PC Pitstop Reply with quote

PC Pitstop still has them listed as bogus here: http://pcpitstop.ibforums.com/axslinger/helpfiles/bogus.htm

Stating:

Quote:
XoftSpy (download-spybot.com/paretologic.com/downloadspybot.com/no-spybot.com) - this may be a SpyHunter clone

Apparently they're in agreement with webhelper as to it's probable association with SpyHunter.

IceBlue has a good point, people are judged by the company they keep. I'll dig around and see if I can find anything more about them.
_________________
nomorespyware
Back to top
View user's profile Send private message Send e-mail
radio
Moderator & HJT Expert


Joined: 21 May 2004
Last Visit: 05 Aug 2011
Posts: 260

PostPosted: Tue Jun 01, 2004 7:24 pm    Post subject: Reply with quote

I was ready to give them the benefit of the doubt...

until I downloaded and tried the free scan directly from the paretologic.com site

it's very strange that I also have 7 items found, all either fake or false positives.




_________________
PcPitstop Forums
Back to top
View user's profile Send private message Visit poster's website
iceblue
Warrior Guru


Joined: 18 Jan 2004
Last Visit: 11 Apr 2006
Posts: 392
Location: Sydney

PostPosted: Tue Jun 01, 2004 7:42 pm    Post subject: Reply with quote

Rich,

I tested the scan on the link provided your adware report site for ParetoLogic.com
After backing up the registry,
I first I had to disable my Hosts file as that site is in hpguru's list of banned sites.
As a pre-check, I scanned with Ad-aware which found one tracking cookie.

Then XoftSpy scanned 41,000 objects compared to Ad-aware scanning 127,000.


Xoftspy found 7 registry items:
The Coolwebsearch and CWS.Oslogo (2) entries are registry entries for sites
in my Restricted Zones that I intentionally put there to protect my system.
The WinPup32 (2) entries look to be part of MS .inet setup.
The Bat/Mumu-A entry is actually part of standard legit video card setup.
The MainPean Dialer entry is part of my VDMSound setup.


XoftSpy got zero out of 7 correct. All false positives.
XoftSpy flagged legitimate applications and system processes as malware.


I backed up the files and clicked Remove. As predicted; the registration screen came up.
Pay up or stay infected with legitimate entries.....
I chose to stay infected with my own system's entries.


Well, I couldn't call any of this encouraging towards removal of XoftSpy from the crapware list.
You might want to try the same procedure and give this product an updated review.

Then again, looking at webhelper's comparision, you may prefer to drop that product altogether.
We can't have innocent victims removing legitimate files from their system
after paying good money for a scam product.


I'll check your site in a few days to see how you are progressing.

Thanks,

Iceblue

*Funnily enough, those entries are near identical to Radio's...
Either we have a clone system, or....... Rolling Eyes

_________________
Smile Travel safely ! Smile
Back to top
View user's profile Send private message
cpm
Junior Member


Joined: 05 Feb 2004
Last Visit: 28 Oct 2005
Posts: 28

PostPosted: Wed Jun 02, 2004 8:57 am    Post subject: Reply with quote

*warning* this link can seriously damage your bloodpressure

http://www.spybot-spyware-removal.com/
Quote:

XoftSpy will immediately download, so you'll be up and running with a faster computer in just minutes! Need three great reasons to download ?

REMOVES SPYWARE and CLEANS PC
FREE DOWNLOAD
UNLIMITED FREE 24/7 Customer Support

We are Enigmasoftwaregroup.com, and we've been a leading name in selling software online since 1999. We are #1 in customer service, and we won't rest until you are 100% satisfied.

Thank-you for taking the time to learn a little bit about Spybot Spyware Removal .com. We sincerely hope you'll find Us to be an indispensable part of your computer system!

Sincerely,
The Spybot Spyware Removal .com Development Team

Back to top
View user's profile Send private message
CalamityKen
Warrior Addict


Joined: 06 Mar 2004
Last Visit: 26 Aug 2004
Posts: 611
Location: Ont. Canada

PostPosted: Wed Jun 02, 2004 11:04 am    Post subject: Reply with quote

Quote:
*warning* this link can seriously damage your bloodpressure

Didn't bother me a bit. Wink

Now in my HOSTS file and on the way to the hpHOSTS file. Guy with axe
_________________
Install IE-SPYAD and SpywareBlaster updated regularly available in the following links .
How did I get infected? http://boards.cexx.org/viewtopic.php?t=957
Calendar Of Updates http://www.dozleng.com/updates/index.php?&act=calendar
member
Back to top
View user's profile Send private message
Moore
Moderator


Joined: 31 May 2004
Last Visit: 16 Jun 2014
Posts: 758
Location: °°.MooreLand.°°

PostPosted: Sat Jun 05, 2004 11:47 am    Post subject: Reply with quote

I wonder how many people they actually trick in to downloading this junk .

I'm always getting these emails from freshdevices but never read them , for a change I had a quick look and what do I see, exact same affliate program that was promoting the spybot ripoffs : >> LINK ! <<

Code:
hxxp://hop.clickbank.net/?linkbarter/xoftspy
hxxp://linkbarter.cb.kount.com/pop/1086460891/xoftspy/1/1/3/12902309/?linkbarter/xoftspy
hxxp://www.freshdevices.com/t/t.php?id=359


Quote:
Welcome to our affiliate program.
We provide industry leading products with the highest conversion rates in our field. We will reward you well for your efforts. You will earn a 50% commission on every XoftSpy sale. Your referrals are tracked and you will be credited whether a sale takes place now or 90 days later.

Who pays me?
An independent company called Clickbank handles the sales processing and payment to affiliates. They are the leader in digital information affiliation and credit card processing. To join this affiliate program you will need to sign up with ClickbBank -- this is free to do. Click here to sign-up.

When do I get paid?
Clickbank sends out checks twice a month. You can also log in and view real time stats.


[/url]


Last edited by Moore on Thu Jun 10, 2004 1:42 pm; edited 3 times in total
Back to top
View user's profile Send private message Visit poster's website
webhelper
SWW Expert


Joined: 11 Apr 2004
Last Visit: 16 Jul 2011
Posts: 1090

PostPosted: Sat Jun 05, 2004 7:07 pm    Post subject: Reply with quote

adwarereport
Read my final take on this matter and it stands..xoftspy is scam security software.

http://spywarewarrior.com/viewtopic.php?t=2678

I find, research, test, and submit to adaware new threats.
I also have tested every one of the security software that I have on my list of scams.

AS for your site adwarereport.com, I notice that many of the links and banners are show you as an affiliate. Also you own http://startupskills.com/ which you bill as "Resources and how to's for the technology entrepreneur"

To me that means that you have a monetary stake in what you write about because you want to market the software you advertise in order to make a profit and the startupskills.com looks like a site devoted to online marketing.

So it would be hard for me to seperate what is the actual and what is the marketing hype in order to make sales.
_________________
Wächter der Geschichten:
http://www.webhelper4u.com/thewatcher.html
Member of ASAP Since 2004
Back to top
View user's profile Send private message Visit poster's website
wawadave
Warrior Obsessed


Joined: 25 Jan 2004
Last Visit: 24 Jul 2009
Posts: 3448
Location: Illegitimus non carborundum

PostPosted: Sat Jun 05, 2004 7:12 pm    Post subject: Reply with quote

freash devices them selfs have allways been spyware free i never noticed the scamware on the site i mention it to the owner there and see what he has to say.
i useally don,t look at adds.
_________________
RFID tags! SPYWARE
Tired of proprietary Cor-pirationware?
http://www.openoffice.org/
Installing Vista http://tinyurl.com/2l9qyd


Last edited by wawadave on Sat Jun 19, 2004 6:44 am; edited 1 time in total
Back to top
View user's profile Send private message Send e-mail Visit poster's website
Dethevn
Junior Member


Joined: 09 Jun 2004
Last Visit: 24 Jun 2004
Posts: 16
Location: Maryland

PostPosted: Wed Jun 09, 2004 12:21 pm    Post subject: hmmm Reply with quote

my computer is rather messed up. I used spywareblaster (which was recommended) and found alot of stuff on my comp. Interestingly enough, xoftspy found nearly all of that stuff too. Which leads me to wonder, is it a scam? or mearly a badly coded piece of you-know-what? or both? I would be interested if someone got a hold of a registration key and see what it actually did.
_________________
~~~~~~~~~~~~~~~~~~~~~~~~~~~
Come get some! Q(>.<Q)
Back to top
View user's profile Send private message AIM Address
suzi
Site Admin


Joined: 27 Jul 2003
Last Visit: 27 Aug 2014
Posts: 10323
Location: sunny California

PostPosted: Wed Jun 09, 2004 12:44 pm    Post subject: Reply with quote

Dethevn - hi and welcome. SpywareBlaster does not find spyware in your computer. The list it shows is what it protects you from. It is not a list of spyware in your computer, and it does not remove spyware. It is a great program though and protects you from a lot of bad stuff.

Xoftspy has been shown to find false positives. The best programs to scan and remove spyware are Spybot Search & Destroy and Ad-aware. Both are free. There is info about them here -

http://www.spywarewarrior.com/viewtopic.php?t=26

I recommend that you download and run them. If you are still having problems after that, then you can use HijackThis and post a log in the HijackThis forum here.
_________________
Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn. Smile
Back to top
View user's profile Send private message Visit poster's website
DeleterFX
Warrior


Joined: 25 May 2004
Last Visit: 30 Apr 2008
Posts: 259
Location: Maine

PostPosted: Tue Jun 15, 2004 12:01 pm    Post subject: Reply with quote

Definatly a team effort on this one guys, great work. Im convinced they're a scamware operation. lousy punks I really dislike those enigma people
_________________
You've Been Deleted
CCSP Website

Member of The ASAP Since 2004
Back to top
View user's profile Send private message AIM Address
Mystique
Newbie


Joined: 18 Jun 2004
Last Visit: 27 Feb 2007
Posts: 8

PostPosted: Fri Jun 18, 2004 11:12 pm    Post subject: Reply with quote

Another interesting point would be that XoftSPY seems to scan and pickup so many incorrect values.
I run spywareblaster as well and have noticed that consistantly XsoftSpy would detect items which are not existant within my system, after testing out a few things and attempting to locate this so called source of spyware it seems that XoftSpy conflicts with spywareblaster in a destructive manner in which it deselects several known activeX components such as XXXtoolbar within Spywareblaster.

I'm not ruling out foul play is at hand here but in any case it is not very accurate and if given the benefit of the doubt it is a fairly poor product compared to better freeware alternatives.
Back to top
View user's profile Send private message
wawadave
Warrior Obsessed


Joined: 25 Jan 2004
Last Visit: 24 Jul 2009
Posts: 3448
Location: Illegitimus non carborundum

PostPosted: Sat Jun 19, 2004 6:50 am    Post subject: Reply with quote

Mystique wellcome here.
even by your own tests it come up scumware out and out. what type o program sets out to deliberately disable a legitimate program,thats ment to stop scumware like its self?
_________________
RFID tags! SPYWARE
Tired of proprietary Cor-pirationware?
http://www.openoffice.org/
Installing Vista http://tinyurl.com/2l9qyd
Back to top
View user's profile Send private message Send e-mail Visit poster's website
adwarereport
Newbie


Joined: 01 Jun 2004
Last Visit: 28 Jul 2004
Posts: 7

PostPosted: Sat Jun 19, 2004 10:41 am    Post subject: Reply with quote

Hi everyone,

I had completely forgotten about this thread until I saw it on Google.

When I tested the latest version of the software, I didn't receive any false positives in my testing of clean computers. I did find that it didn't provide coverage comparable to better products. They've also made some piss poor choices of affiliate partners, and claim that these unreputable affiliates have marketed their software as "spybot". If you look into their affiliate program these days, they have strict rules prohibiting this. To me, a sign of a reputable company is not that they don't make mistakes - but rather, that they own up to their mistakes and attempt to correct them.

The email was from a representative of the company, but I'm not going to post his email address here. I will send him the link and invite him to comment, however.

Various other comments:

1. To make a claim that a company is bogus simply because they've hidden their domain registration information is sensationalistic and illogical. There are a variety of reasons that a company might want to do this. In my eyes, it simply means that they are trying to protect their privacy. I receive several calls a week now from web hosting services and other telemarketers who've obviously gotten my information from WHOIS. For this reason alone, I may hide my future domain name registration (note that I haven't on any of my domains to date).

2. My site is for-profit. However, I am in the enjoyable position of being able to choose from tens of reputable spyware products to recommend. Case in point - XoftSpy pays a higher commission than my top picks, yet I've written honestly about them. I spend a lot of time reviewing software, and I do this with the expectation (albeit a risky one) of being compensated fairly for it. Instead of implying that my having a monetary stake in what I write about somehow pollutes my reviews, I challenge you to prove it. Put up or shut up. BTW, if you'd like to read about my views on marketing and integrity, I suggest you read my blog: http://www.startupskills.com. You might learn something.

3. I've found that there is a tremendous amount of obviously biased opinions regarding AdAware/Spybot S&D out there. Neither of these two products stood up to Webroot's Spy Sweeper or Aluria's Spyware Eliminator. Both of these products left behind massive amounts of spyware on my test PCs, as well as mine and my coworkers regular work PCs. Both are seriously lacking in the support and update department. I believe that there's nothing more than fanatical developer's religion behind this, or perhaps someone else with a monetary stake in a competing product.

In summary, here's what this thread really concludes:

1. XoftSpy uses private domain registration, and this is somehow supposed to imply that they are not a reputable spyware company. In reality, there are a variety of reasons a company might choose to register their domain anonymously, some are illegitimate, but most are not.

2. There has been some claims that XoftSpy detects 'false positives'. I've not been able to reproduce this, but I'll take it at face value. This could imply misleading marketing or merely bad code.

3. I think we all agree it's not that great of a product.

If anyone can conclusively prove that this product does not do what it claims to do or in any other way misleads consumers, please a permanent link to it here or on adware report. If the proof can stand up in a court of law, then I'll post it on adware report, citing you as both a SME (subject matter expert) and the source of the claim. This will absolve me of a legal responsibility for the claim and allow the information to disseminate to a wider audience (which is, after all, what everyone here wants ... right?). It will also make YOU legally responsible for your claims
Back to top
View user's profile Send private message
suzi
Site Admin


Joined: 27 Jul 2003
Last Visit: 27 Aug 2014
Posts: 10323
Location: sunny California

PostPosted: Sat Jun 19, 2004 10:51 pm    Post subject: Reply with quote

Richard I have a few comments on what you wrote.

Quote:
2. My site is for-profit. However, I am in the enjoyable position of being able to choose from tens of reputable spyware products to recommend.


It is quite obvious, in my opinion, that your site and your interest in spyware, comes from a totally different perspective than mine and most of the forum members here, as well as the community of anti-spyware sites like spywareinfo.com, tomcoyote.com, wilders.org and so on.

The two top products in your reviews just happen to be products that you advertise also. It does tend to make one wonder, I think. Even the big sites like PCMag.com have been written up as ranking products based on the money they receive for doing so.

I recall you told me in an email that you do not believe that any software should be free - that it lowers the profits for all companies, or something to that effect. And I see that you have Spybot Search & Destroy at the bottom of your list, which would be consistent with your views in that case, since it is free.

The concept of altruism, service to humanity, or in this case to the internet community, seems to be totally lost on you. I believe that Patrick Kolla, the developer of Spybot Search & Destroy, offers his software as a service to the victims of spyware. And Merijn, the developer of HijackThis and CWShredder (which you have not reviewed), is a hero to the anti-spyware community. His software has undoubtedly saved thousands if not hundreds of thousands of people from having to format and reinstall their operating system.

How you can say that is bad is beyond me. Those 2 free programs are the best spyware removal programs in existance in my opinion and allow people to remove malware that no other product, commercial or free, can remove.

I am not against capitalism and I am willing to pay a fair price for a good product, but I have never needed to purchase a spyware removal product. Ad-aware, the free version, and Spybot Search & Destroy have always been able to remove any spyware that I've had. Actually I have not had any spyware on my computer for a long time because of 2 free products by another altruistic developer who gives us SpywareBlaster and SpywareGuard free. And I donate to the developers of these great free programs too.

You said this
Quote:
3. I've found that there is a tremendous amount of obviously biased opinions regarding AdAware/Spybot S&D out there. Neither of these two products stood up to Webroot's Spy Sweeper or Aluria's Spyware Eliminator. Both of these products left behind massive amounts of spyware on my test PCs, as well as mine and my coworkers regular work PCs. Both are seriously lacking in the support and update department. I believe that there's nothing more than fanatical developer's religion behind this, or perhaps someone else with a monetary stake in a competing product.


But your opinion sounds very biased to me. Ad-aware, the free version, has very frequent updates as well as great support. Spybot Search & Destroy's updates are not as frequest but there is a support forum where the developer personally answers questions.

Quote:
if you'd like to read about my views on marketing and integrity, I suggest you read my blog: http://www.startupskills.com. You might learn something.


I went over to your startupskills site but I was distracted by the google ad that said
Quote:
Greedy Affiliates Wanted High commmissions free and easy Earn up to $1076 per posting
Another one is advertising 50% commission.

Also I see that you have google ads there for rogue products, like Noadware and Pal Spyware Remover, which you say you don't support.

http://www.startupskills.com/archives/000124.html

So what was that again about marketing and integrity? I guess I did not get to that part.
_________________
Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn. Smile
Back to top
View user's profile Send private message Visit poster's website
wawadave
Warrior Obsessed


Joined: 25 Jan 2004
Last Visit: 24 Jul 2009
Posts: 3448
Location: Illegitimus non carborundum

PostPosted: Sun Jun 20, 2004 8:08 am    Post subject: Reply with quote

Very well said Suzi!!!!
That part in his last posting where he,s asking for a tangible link to have as a barganing chip in a court room would be best advoided. This guy in my own personal opintion sound very slippery.
Like the russian mob needs to be whatched closely.
_________________
RFID tags! SPYWARE
Tired of proprietary Cor-pirationware?
http://www.openoffice.org/
Installing Vista http://tinyurl.com/2l9qyd
Back to top
View user's profile Send private message Send e-mail Visit poster's website
adwarereport
Newbie


Joined: 01 Jun 2004
Last Visit: 28 Jul 2004
Posts: 7

PostPosted: Tue Jun 22, 2004 11:49 am    Post subject: Reply with quote

Suzi, this is blatently rediculous on your part.

I don't choose the Google ads that appear on my site. Google does. You know this, and yet you feign ignorance. Aren't you the least bit worried about your credibility?

Software should not be free, because it costs something to produce. In fact, good software is quite expensive to produce. Giving away software makes it very difficult for full-service (ie: ones that offer real tech support, not mere "help" forums) companies to survive. Microsoft used the same tactics to unfairly bury much of their (often superior) competition, and you are advocating the same tactics.

I, too, used to believe that SpyBot S&D was a good product (until it ruined my Windows XP box). Both Spybot and Adaware fail to catch large amounts of spyware. There are tons of reports on review sites of Adaware melting down people's hard drives. Is "free" software really free, if it does all this? And why haven't you investigated these claims if you are, after all, such a advocate of these products?

You advised me on good sources to identify rogue products, and I voluntarily placed a list of these products on my site (and it's a high traffic page, btw). I know that you KNOW my site is a reputable source for information, because you had quite a bit of input into it. In fact, I offered to have you contribute to the site... a position that would have given you a much larger soapbox to stand on. In other words, if you are such a credible source, and if I have an interest in spreading false information, then why would I extend this offer?

It sounds to me like you are on a witch-hunt. XoftSpy has responded to the criticism levelled against them. I did not detect any false positives. And I am in no way affiliated with them.

Again, if no one is willing to stand up (non-anonymously) behind their claims, then really the case is closed.

-Rich
http://www.adwarereport.com
http://www.startupskills.com
Back to top
View user's profile Send private message
Moore
Moderator


Joined: 31 May 2004
Last Visit: 16 Jun 2014
Posts: 758
Location: °°.MooreLand.°°

PostPosted: Tue Jun 22, 2004 3:33 pm    Post subject: Reply with quote

adwarereport wrote:

Software should not be free, because it costs something to produce. In fact, good software is quite expensive to produce. Giving away software makes it very difficult for full-service (ie: ones that offer real tech support, not mere "help" forums) companies to survive. Microsoft used the same tactics to unfairly bury much of their (often superior) competition, and you are advocating the same tactics.


I really disagree with this comment Rich.

Some people care enough about their fellow internet users to not want to make a buck off them in return for protecting them and their online safety.

There are many great and thriving sites and forums that provide free software and technical support , and do so without needing to extort money from desperate people who just want to be able to use their computers without being driven crazy and they deserve to be protected.

The Spyware warrior forum and its fine staff are in a position to give their members the best advice and help they can , not to provide second rate information.. and I think they do a great job.

In my opinion companies that blatantly try to hijack existing known and reputable programs and name for their own purposes , to trick unsuspecting people and charge them for something they can get for free elsewhere deserve ever bit of bad publicity they get.

That is enough to make anyone suspicious and definitely doesnt build any form of trust between people.

If it's taken companies like Enigma months and months to start cleaning up their act , well maybe it's the dis-satisfaction of the community that is taking its toll on them , not the fact they planned on being a reputable anti-spyware company from the very beginning , only they know for sure , we can only judge them by their actions.

Webroots Spyware Sweeper is a good example of a now widely accepted commercial spyware remover.

They didnt feel the need to try and steal the identity of the already established anti-spyware programs to make their money and people are willing to pay for their product since its been proven to work effectively and has "GAINED" the trust of users within the internet community.

You obviously make money from the industry and would be expected to be protective of your own interests above those of others , thats natural , but to expect others to do the same is expecting a bit too much I think , but it's good to see people can still decide for themselves at the end of the day who they want to believe.
_________________
| Stop Malvertising | Outpost | Blocklist Pro | Hosts |
Back to top
View user's profile Send private message Visit poster's website
suzi
Site Admin


Joined: 27 Jul 2003
Last Visit: 27 Aug 2014
Posts: 10323
Location: sunny California

PostPosted: Tue Jun 22, 2004 5:36 pm    Post subject: Reply with quote

Quote:
I don't choose the Google ads that appear on my site. Google does. You know this, and yet you feign ignorance. Aren't you the least bit worried about your credibility?


Actually I did some research on the Google AdSense program before I saw those ads on your site. Here is what I found.

Quote:
Hello Suzi,

Thank you for your interest in Google AdSense. We offer the ability to prevent Google ads from specific sites from showing on your site. You control which advertisers show their ads on your site, and you can even set up a filter list for your Google AdSense account. You can filter up to 200 sites and manage your list online from within your account.

When you are ready to get started with Google AdSense, please visit:
https://www.google.com/adsense/application-1 . If you have any questions about the application process, please feel free to reply to this email.

Sincerely,

Martha
The Google Team


On Google's section about about the AdSense program
https://www.google.com/adsense/afc-online-overview

It says
Quote:
Competitive ad filters. You can block competitive ads, or other ads you want to keep off your site simply by specifying a URL to block.
Ad Review. Before ads appear on your site, they are reviewed using a combination of human and automated processes. The review process takes into account a variety of factors, including the quality of the ad and whether the ad is suitable for all audiences.
Sensitive content filters. At times, certain ads may not be appropriate to run on all pages. For example, Google automatically filters out ads that would be inappropriate on a news page about a catastrophic event.


(emphasis mine) Therefore I don't buy the statement that you have no control over the ads.

Quote:
You advised me on good sources to identify rogue products, and I voluntarily placed a list of these products on my site (and it's a high traffic page, btw). I know that you KNOW my site is a reputable source for information, because you had quite a bit of input into it. In fact, I offered to have you contribute to the site... a position that would have given you a much larger soapbox to stand on. In other words, if you are such a credible source, and if I have an interest in spreading false information, then why would I extend this offer?


Yes, you did extend the offer to me and I considered it but decided not to partly because I know we have fundamental differences of opinions about some basic issues. I appreciate the offer. My spyware blog gets upward of 4,000 to 5,000 visits a day, aside from the forum, which is a large enough soapbox for me. Wink

I put together the first list of rogue products on my blog - the post that was linked by CNET news back in February. I gathered that information from other forums and websites; it was not just an arbitrary decision on my part. The current list that I am using is from Eric L Howes, a university professor and well-known and respected anti-spyware expert.

The list is here:

http://www.spywarewarrior.com/rogue_anti-spyware.htm

Eric updates the list frequently. As you can see, he included XOFTSPY on the list. He is also the author of some free utilities, including IE-SPYAD, for blocking rogue and dangerous sites. You can see his site here:

https://netfiles.uiuc.edu/ehowes/www/main-nf.htm

Perhaps you should ask him why he included XOFTSPY on his list.

You say that Spybot Search & Destroy ruined your XP box, but I have used it many times on my XP machine without problems. The same for Ad-aware. I have not seen any documentation on the web about either of these two causing problems that you are citing. If you have some links that document that, I would like to see them.

Quote:
It sounds to me like you are on a witch-hunt.


I may be on a witch hunt but not for any one particular product. If you have read my blog, you would see that I have written about a number of other programs besides XOFTSPY.

Edit: Rich, I noticed you turned off the comments on your site which is completely understandable. But you also removed the comments written by iceblue about Xoftspy which disagreed with your reivew. I must admit, I am curious as to why that was done. I use MovableType also and I know that comments can be turned off without removing existing comments.
_________________
Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn. Smile
Back to top
View user's profile Send private message Visit poster's website
TMOV
Warrior


Joined: 04 Jun 2004
Last Visit: 25 Sep 2004
Posts: 80

PostPosted: Wed Jun 23, 2004 10:03 am    Post subject: Reply with quote

i wouldn't worry about a thief trying to get you into court.
he doesn't ever want to get in the position to be physically arrested by a law enforcement officer,such as, because the crime crosses state lines,he would be arrested by an appointed attorney with a badge and a gun and the powers of arrest and prosecution.
that is called a deputy attorney general or a deputy u.s. attorney;they are federal prosecutors.
so come out of hiding and we can accomodate all you criminals.
and all those that have given you safe haven like the hosting companies that are aware of your criminal behavior.
in fact by going after the hosting companies to prosecute would be like going after the attorneys that help the mob.
it's a much more effective way ,because you remove their legal mouth pieces.
at computercops there have been too many instances to count of people needing help to get what they thought was legitimate software, off their p.c.s' that now had to be removed by editing the registry or pay a ransom to the author to get the removal tools.
t
Back to top
View user's profile Send private message
suzi
Site Admin


Joined: 27 Jul 2003
Last Visit: 27 Aug 2014
Posts: 10323
Location: sunny California

PostPosted: Wed Jun 23, 2004 8:25 pm    Post subject: Reply with quote

Here are some more links which discuss Xoftspy, including comments by Eric Howes (posts as eburger68)

http://www.spywareinfo.com/forums/index.php?showtopic=37543

http://www.dslreports.com/forum/remark,9877664~mode=flat

Eric documented his testing of Xoftspy, including screenshots.

Quote:
Hi All:

I did a test install of XoftSpy downloaded from paretologic.com. Here's what I can tell you:

1. The interface is garbage, broken. On my box (Win2K w/SP4, IE6 w/SP1, Office 2K) the main program window and all dialog boxes were mangled, bleeding into surrounding screen elements (see "Main Window" above). Looks like a cheap "rent-a-coder" job -- not very well done.

2. The system scan flagged three items: 2 for CoolWebSearch, one for MSConnect. All were Registry keys and all were false positives. The MSConnect false positive was particularly hilarious as it flagged a Netscape Reg key for Sun Java 1.4.2_04. (See "Scan Results" above.)

3. When I attempted to remove/clean the flagged items, I got a notice box informing me that I had to register and pay (see "Register Notice" above).

I should note I performed this scan with the latest updates available (an "Update" check reported that there were no new updates available).

In short, based on my brief experience with this application, I'd give the same advice that I gave in the SpywareInfo thread: stay away, esp. given that there are excellent, free anti-spyware tools with a proven track record and a deserved reputation for doing the job right.

The performance of XoftSpy, I might add, is completely consistent with other dicey/questionable anti-spyware apps that I've tested: false positives used to goad unsuspecting users into paying for protection they don't need (at least not from said application).

Best,

Eric L. Howes


posted by MerlynTech:
Quote:
Here's what I know so far about XoftSpy.. It finds the cookies (known ones that I have and trust from sites such as dslreports, Elibrary (paid reference site), and Comcast)

It also states that I have the CoolwebsSearch hijacking (2 variants) Cwshredder, Spybot S&D, and Ad-Aware all disagree
It also says I have MSconnect dialer, Nothing else I have identifies this either.. I suspect they all false positives...
I also don't care about dialers (don't have a dial up modem at all and ain't no phone lines to my computer)
It will not allow you to remove anything without purchase..

It does uninstall fairly well only thing it left after an add/remove were two files in the prefetch folder..

This is just my 1st pass with the program.. From what I see so far I wouldn't buy it but I can't say yet it is rogue..


Quote:
MerlynTech:

That you and I got substantially similar results is rather damning. (Note: XoftSpy didn't flag any cookies on my box, but then I've moved all my IE folders to custom locations on drives other than C, which was the only drive the app scanned.) It looks like this application is simply flagging the same stuff on everyone's box and then demanding payment.

That performance is exactly what I'd expect from an application that is associated with SpyHunter domains and that gives the same vague information as other dicey anti-spyware apps on its home pages.

The uninstall, as you report, was fairly clean. Ad-aware and SpyBot have not found any questionable additions or modifications to my system.

Nonetheless, users would be advised to stick to anti-spyware applications with known track records and deserved reputations (see my post in the SpywareInfo thread for a short, incomplete list of suggestions).

Best,

Eric L. Howes


Hmmm...
_________________
Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn. Smile


Last edited by suzi on Sat Jul 03, 2004 1:21 pm; edited 1 time in total
Back to top
View user's profile Send private message Visit poster's website
lpselect
Newbie


Joined: 02 Jul 2004
Last Visit: 18 Jan 2005
Posts: 1

PostPosted: Fri Jul 02, 2004 7:46 pm    Post subject: Xoftspy - is this the act of an honest company? Reply with quote

a few days ago a windows error popped up on my screen. it said "Windows has detected Spyware on your computer. Download free Spyware Remover". when i click ok, my browser opens and i am taken to paretologic's xoftspy website. i am then "encouraged" to buy their software.

now this error popsup every ten minutes, and then twice more every ten seconds. all day, every day....in the middle of whatever i am doing.

this is not behavior i would expect from an honest company.

i contacted them, and of course no reply. i continued sending them email messages, until they finally replied. they said to remove some entries in my registry, but this didn't work. the message still pops up.

they have invaded my computer without invitation. they have caused damage to my computer and have wased MUCH of my time. this is so WRONG.

i'm sure marketing practices such as this is illegal, and if this continues i am taking legal steps.

this goes beyond hyping up one's product, or exagerating about one's product.

btw, if anyone else has experienced this and has a solution, please share it, as this is driving me NUTS.
Back to top
View user's profile Send private message
wawadave
Warrior Obsessed


Joined: 25 Jan 2004
Last Visit: 24 Jul 2009
Posts: 3448
Location: Illegitimus non carborundum

PostPosted: Fri Jul 02, 2004 7:58 pm    Post subject: Reply with quote

first unistall there program from add/remove.next d/l spybot search and destroy,update it,run it.d/l ad-ware do the same.
next d/l hijack this and run it and post a log file in the hijack this forum. post a short histry of the problem allso and what you have do so far.
_________________
RFID tags! SPYWARE
Tired of proprietary Cor-pirationware?
http://www.openoffice.org/
Installing Vista http://tinyurl.com/2l9qyd
Back to top
View user's profile Send private message Send e-mail Visit poster's website
TMOV
Warrior


Joined: 04 Jun 2004
Last Visit: 25 Sep 2004
Posts: 80

PostPosted: Fri Jul 02, 2004 9:45 pm    Post subject: Reply with quote

you need to run and post a hijacklog.
have you used adaware, cwshredder, spybot s&d,??
there's a real nice little disc and track cleaner ,free, called crapcleaner that will help you get the pest off the h/d.
if that's where it is.

advice!
get confirmation from reputable sites before putting anything else on your p.c.
Back to top
View user's profile Send private message
Scaramouche
Malware Expert


Joined: 06 Jul 2004
Last Visit: 03 May 2006
Posts: 141
Location: Manila, Philippines

PostPosted: Tue Jul 06, 2004 12:41 am    Post subject: Reply with quote

Sorry to necromantize this but I stumbled across http://www.adwarereport.com/mt/archives/000004.html on my own a little while ago while doing research and was immediately struck by how closely it resembled certain parts of http://www.anti-spyware-review.toptenreviews.com/ . (note the review breakdown graphs, down to the little blue checkmarks even)

I don't know if the two are in cahoots or one just stole the idea from the other, though both seem suspicious to me. I'm pretty sure the adwarereport guy used up whatever good will he had here regardless. My related question is; how can I tell a legitimate review source?

PS-my account activation email from here was classified as 'bulk' email by yahoo spam filter. Don't know what you guys can do about that but thought you ought to know.
Back to top
View user's profile Send private message Yahoo Messenger
TMOV
Warrior


Joined: 04 Jun 2004
Last Visit: 25 Sep 2004
Posts: 80

PostPosted: Tue Jul 06, 2004 10:08 am    Post subject: Reply with quote

[quote="Scaramouche"]Sorry to necromantize this but I stumbled across http://www.adwarereport.com/mt/archives/000004.html on my own a little while ago while doing research and was immediately struck by how closely it resembled certain parts of http://www.anti-spyware-review.toptenreviews.com/ . (note the review breakdown graphs, down to the little blue checkmarks even)

I don't know if the two are in cahoots or one just stole the idea from the other, though both seem suspicious to me. I'm pretty sure the adwarereport guy used up whatever good will he had here regardless. My related question is; how can I tell a legitimate review source?

PS-my account activation email from here was classified as 'bulk' email by yahoo spam filter. Don't know what you guys can do about that but thought you ought to know.[/quote]

i'm sure that you can open your browser and research the issue.
sounds like you can beat something to death again and again before you take some ones word for what is good.

as for spam????
you talk to yahoo about the filter.

not watching any longer.
Back to top
View user's profile Send private message
suzi
Site Admin


Joined: 27 Jul 2003
Last Visit: 27 Aug 2014
Posts: 10323
Location: sunny California

PostPosted: Tue Jul 06, 2004 1:38 pm    Post subject: Reply with quote

Hi Scaramouche, you are correct, there is a striking resemblance in the two sites you mentioned. They are both already listed on the Rogue/Suspect Anti-Spyware Sites on this page:

http://www.spywarewarrior.com/rogue_anti-spyware.htm

That page also has a list of recommended spyware removal programs too. There are two free excellent spyware removal programs on the list, so there is really no need to pay for one that I can see.

As far as the yahoo thing, thanks for mentioning it. I don't think there is anything I can do about it but you can click on the link that says "this is not spam" or something to that effect. Then Yahoo should not flag anything from this domain name as spam again.
_________________
Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn. Smile
Back to top
View user's profile Send private message Visit poster's website
webhelper
SWW Expert


Joined: 11 Apr 2004
Last Visit: 16 Jul 2011
Posts: 1090

PostPosted: Tue Jul 06, 2004 6:31 pm    Post subject: Reply with quote

Also to find out who owns the toptenreviews.com you have to use the following whois:
http://www.10-domains.com/Whois1.asp

Domain Name: toptenreviews.com
Registrant: Jerry Ropelato
7150 East 1000 North
Huntsville, Ut, 84317
US
eCatapult
jerryr@webpipe.net
+01.8017216277
+01.

Administrative Contact: Name: Jerry
Last Name: Ropelato
Address: 7150 East 1000 North
City: Huntsville
State: Ut
Zip Code: 84317
Country: US
Company:
Email: jerryr@webpipe.net
Telephone: +01.8017216277
Fax:

Billing Contact: Name: Jerry
Last Name: Ropelato
Address: 7150 East 1000 North
City: Huntsville
State: Ut
Zip Code: 84317
Country: US
Company:
Email: jerryr@webpipe.net
Telephone: +01.8017216277
Fax:

Technical Contact: Name: Jerry
Last Name: Ropelato
Address: 7150 East 1000 North
City: Huntsville
State: Ut
Zip Code: 84317
Country: US
Company:
Email: jerryr@webpipe.net
Telephone: +01.8017216277
Fax:

Domain Name Created On: 6/17/2003 7:24:00 AM
Domain Name Expires On: 6/17/2006

Name Servers: Name Server 1: NS.XMISSION.COM
Name Server 2: NS1.XMISSION.COM
_________________
Wächter der Geschichten:
http://www.webhelper4u.com/thewatcher.html
Member of ASAP Since 2004
Back to top
View user's profile Send private message Visit poster's website
ElGringo
Newbie


Joined: 13 Jul 2004
Last Visit: 14 Jul 2004
Posts: 2

PostPosted: Tue Jul 13, 2004 4:44 am    Post subject: Reply with quote

This morning, I ran into some serious problems trying to remove Bargain Buddy which AdAware 6.0 apparently did not remove. I searched the web for a specific remover and found this website http://www.paretologic.com/XoftSpySetup342.exe. I downloaded the software (and found a hacked serialnumber, see below) and ran it.

XoftSpy returned a very long list of hits and removed them all. Then I had to restart IE6 and guess what? An extremely annoying SideBar appaered in every single explorer window I opened or clicked through. I've just run AdAware 6.0 again and it does find and remove SideBar. I am almost positively sure the SideBar came with the XoftSpy download so I am happy I got a hacked serial and didn't pay for it.

Does anyone know any more on this?

ElGringo
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Anti-Spyware and Security Software Discussion All times are GMT - 8 Hours
Goto page 1, 2  Next
Page 1 of 2

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group