Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

Spyhunter...not too good I'd say...

 
Post new topic   Reply to topic    Spyware Warrior Forum Index -> Anti-Spyware and Security Software Discussion
View previous topic :: View next topic  
Author Message
mikey
Malware Expert


Joined: 12 Feb 2004
Last Visit: 08 Oct 2015
Posts: 1073
Location: CenTex

PostPosted: Fri Apr 27, 2007 3:36 pm    Post subject: Spyhunter...not too good I'd say... Reply with quote

All the recent talk about Spyhunter, which I've known over quite few years to be notorious for sleazy marketing practices, has caused a bit of interest in seeing for myself if the product is worthy of all the attention. I think not.

I don't wish to be involved in the festive thread initiated by Enigma but I do want to post about the performance I just wittnessed from their product. I spent yesterday and today running a scan with their product...here's my informal review of what I experienced.

http://www.hc-si.info/spyhunter/Spyhunter.html
_________________
-

UbuntuStudio...community supported multi-media development optimization.

-
Back to top
View user's profile Send private message Visit poster's website
MysteryFCM
Malware Expert


Joined: 28 Aug 2004
Last Visit: 03 Feb 2017
Posts: 865
Location: Tyne & Wear, UK

PostPosted: Fri Apr 27, 2007 3:41 pm    Post subject: Reply with quote

Nice one Mikey Smile
_________________
Regards

Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net
Back to top
View user's profile Send private message Visit poster's website
mikey
Malware Expert


Joined: 12 Feb 2004
Last Visit: 08 Oct 2015
Posts: 1073
Location: CenTex

PostPosted: Mon Apr 30, 2007 12:47 pm    Post subject: Reply with quote

I'm kinda curious about a couple of things. I don't suspect anything wrong from these things but I just find them curious.

After reporting such a failure in their signatures the other day, I thought I'd check for fixes. So I hit the update button to see if there were any new signatures. Well, Spyhunter proceeded to DL another file. But when I looked at the GUI, it had the same original date noted for the db. Why?

Out of more curiosity, I also looked at the packet capture from the update. This is where I found another curiosity. In the request was a 'username' & 'password'. Why?

Anyway, I just found this curious and was wondering if anyone could explain these two things.

Ref; http://www.hc-si.info/spyhunter/Spyhuntercapture1.html
_________________
-

UbuntuStudio...community supported multi-media development optimization.

-
Back to top
View user's profile Send private message Visit poster's website
roger_m
Warrior Addict


Joined: 24 Feb 2006
Last Visit: 01 Oct 2017
Posts: 605
Location: Blackwater, Australia

PostPosted: Mon Apr 30, 2007 12:58 pm    Post subject: Reply with quote

mikey wrote:
After reporting such a failure in their signatures the other day, I thought I'd check for fixes. So I hit the update button to see if there were any new signatures. Well, Spyhunter proceeded to DL another file. But when I looked at the GUI, it had the same original date noted for the db. Why?


I just did an update and the new defiintions file has the current date and is larger in size than the old one - so I don't know why you had that problem Mikey. Did the SpyHunter show that is using a newer definitions database after updating?

Anyway not really serious program since as it stands SpyHunter is not worth using at this point due to it's poor detection and false posatives...
Back to top
View user's profile Send private message
mikey
Malware Expert


Joined: 12 Feb 2004
Last Visit: 08 Oct 2015
Posts: 1073
Location: CenTex

PostPosted: Mon Apr 30, 2007 3:06 pm    Post subject: Reply with quote

Yea, I don't know what's up with the db display. However, I've now found something that is WRONG...something I missed earlier.

Anyway, I was sitting here playing with the settings to run different scans. What I noticed was that every time I started a new scan, after a few moments of generation, Spyhunter sent data back to the mothership. The data is hashed so I have no idea what it is even tho the response is a thankyou for sending a log I never approved transfer for.

If unapproved encrypted data transfers weren't bad enough, it appears that a GUID is included in the transfer.

I don't know about you guys but I don't trust Enigma enough to send them any data...especially encrypted and identifying.

The link below is a zip file which contains copies of the Fiddler capture in complete sessions. If you extract the contents to any folder, you can open the index.html file and you will see a list of the sessions. There is two links next to each item listed. They are labled as 'c' & 's'. The 'c' is the post and the 's' is the response. The response is always the same but the post is always different.

I don't think I need to spell out the ramifications.

http://www.hc-si.info/spyhunter/spyhuntersessions.zip
_________________
-

UbuntuStudio...community supported multi-media development optimization.

-
Back to top
View user's profile Send private message Visit poster's website
MysteryFCM
Malware Expert


Joined: 28 Aug 2004
Last Visit: 03 Feb 2017
Posts: 865
Location: Tyne & Wear, UK

PostPosted: Mon Apr 30, 2007 3:12 pm    Post subject: Reply with quote

If you check the config file in the app's folder, the GUID is used to identify the installation (noticed this when I ran it and the uninstallation decided to fail to remove it's folder) .... I'm still working on the encrypted/hashed stuff ....
_________________
Regards

Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net
Back to top
View user's profile Send private message Visit poster's website
mikey
Malware Expert


Joined: 12 Feb 2004
Last Visit: 08 Oct 2015
Posts: 1073
Location: CenTex

PostPosted: Mon Apr 30, 2007 3:21 pm    Post subject: Reply with quote

BTW I forgot to mention that the zip is;

spyhuntersessions.zip
MD5 246DAEB24D213A5C79529B6C24B33A5A
241kb(246,832)
_________________
-

UbuntuStudio...community supported multi-media development optimization.

-
Back to top
View user's profile Send private message Visit poster's website
mikey
Malware Expert


Joined: 12 Feb 2004
Last Visit: 08 Oct 2015
Posts: 1073
Location: CenTex

PostPosted: Mon Apr 30, 2007 3:27 pm    Post subject: Reply with quote

MysteryFCM wrote:
If you check the config file in the app's folder, the GUID is used to identify the installation (noticed this when I ran it and the uninstallation decided to fail to remove it's folder) .... I'm still working on the encrypted/hashed stuff ....


Cool, let us know if you find out anything about it. At a glance, it could be as simple as base64...that would be too easy.
_________________
-

UbuntuStudio...community supported multi-media development optimization.

-
Back to top
View user's profile Send private message Visit poster's website
MysteryFCM
Malware Expert


Joined: 28 Aug 2004
Last Visit: 03 Feb 2017
Posts: 865
Location: Tyne & Wear, UK

PostPosted: Mon Apr 30, 2007 3:31 pm    Post subject: Reply with quote

Unescaping the first level is simple ......... just the rest of it thats not so simple (already checked for base 64).

I'll post here once it's done Smile
_________________
Regards

Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net
Back to top
View user's profile Send private message Visit poster's website
MysteryFCM
Malware Expert


Joined: 28 Aug 2004
Last Visit: 03 Feb 2017
Posts: 865
Location: Tyne & Wear, UK

PostPosted: Mon Apr 30, 2007 3:43 pm    Post subject: Reply with quote

Copy of 2 of the unescaped files if someone wants to help decrypt them ...

http://mysteryfcm.co.uk/misc/enigma_software_group/0279_c_unescaped.zip
_________________
Regards

Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    Spyware Warrior Forum Index -> Anti-Spyware and Security Software Discussion All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group