Some more false positives

I would like to make a comment on Microsoft AntiSpyware
Beta1. I tried this beta today and did a full system scan
on all my harddisks with all 3 scan options turned on.

I got a few false positives:


[1] - Messenger Plus! (adware bundler)
* Detected (almost) all Messenger Plus! files and registry
settings.
* The sponsor (adware bundle) is not installed on my
system, it actually never was.
* It's listed a "adware bundler" even while (in my case)
the sponsor doesn't exist anywhere on my system. And it
isn't possible to get the Plus! sponsor either from the
files it detected. The only way is by downloading the Plus!
installer from some site, run it and choose to have the
sponsor installed. Even whe using the auto update feature
you will always need to choose if you want to have the
sponsor installed or not with this update.
* Microsoft AntiSpyware does detect Plus! as spyware, even
without the sponsor. But it does not detect the Messenger
Plus! setup file as spyware. Strange, the setup file has
much more risk of being 'spyware' (50% depending on if you
choose to install the sponsor or not) then a Plus!
installation without the sponsor (0%, totally harmless).
* I have already seen a few posts about this in the
newsgroup, also alot of Dutch sites are talking about it
(i'm Dutch). And the official Messenger Plus! Help forum
has 4 topics about this too with alot of people saying the
same:
- http://msghelp.net/showthread.php?tid=36381
- http://msghelp.net/showthread.php?tid=36528
- http://msghelp.net/showthread.php?tid=36581
- http://msghelp.net/showthread.php?tid=36661


RealVNC
* I don't think this should even be detected, in 90% of the
cases this software is used by system admins to remotley
manage their users PC. Only very few people will use this
software for spying purposes, in fact i never heard of this.

KaZaA (adware bundler)
* KaZaA Lite was detected as spyware, but in the Lite
version all ad/spyware is taken out. All other anitspyware
programs out there won't detect KaZaA Lite.

eDonkey2000 (adware bundler)
* eDonkey isn't on my system, files being detected belong
to eMule which doesn't have spyware at all.

Grokster (adware)
* Isn't Grokster, but part of KaZaA Lite.



I have listed all these info with more details in a forum
topic on another site. I also included screenshots there so
you can see which files it detected. See that topic here:
http://msghelp.net/showthread.php?tid=36661

I will be hapy to provide you more information when needed,
i'm experienced as a beta tester for other software and can
provide you technical data when needed or test some things.

I can be reached at j.brune@xs4all.nl

Thank you.

Both eDonkey2000 & Grokster are spyware. I know
eDonkey2000 belongs to eMule, but eMule also has spyware.

KaZaA Lite does have some spyware in it, but it is not as
bad as the plain KaZaA. Spyware is Spyware.


>-----Original Message-----
>I would like to make a comment on Microsoft AntiSpyware
>Beta1. I tried this beta today and did a full system scan
>on all my harddisks with all 3 scan options turned on.
>
>I got a few false positives:
>
>
>[1] - Messenger Plus! (adware bundler)
>* Detected (almost) all Messenger Plus! files and registry
>settings.
>* The sponsor (adware bundle) is not installed on my
>system, it actually never was.
>* It's listed a "adware bundler" even while (in my case)
>the sponsor doesn't exist anywhere on my system. And it
>isn't possible to get the Plus! sponsor either from the
>files it detected. The only way is by downloading the
Plus!
>installer from some site, run it and choose to have the
>sponsor installed. Even whe using the auto update feature
>you will always need to choose if you want to have the
>sponsor installed or not with this update.
>* Microsoft AntiSpyware does detect Plus! as spyware, even
>without the sponsor. But it does not detect the Messenger
>Plus! setup file as spyware. Strange, the setup file has
>much more risk of being 'spyware' (50% depending on if you
>choose to install the sponsor or not) then a Plus!
>installation without the sponsor (0%, totally harmless).
>* I have already seen a few posts about this in the
>newsgroup, also alot of Dutch sites are talking about it
>(i'm Dutch). And the official Messenger Plus! Help forum
>has 4 topics about this too with alot of people saying the
>same:
>- http://msghelp.net/showthread.php?tid=36381
>- http://msghelp.net/showthread.php?tid=36528
>- http://msghelp.net/showthread.php?tid=36581
>- http://msghelp.net/showthread.php?tid=36661
>
>
>RealVNC
>* I don't think this should even be detected, in 90% of
the
>cases this software is used by system admins to remotley
>manage their users PC. Only very few people will use this
>software for spying purposes, in fact i never heard of
this.
>
>KaZaA (adware bundler)
>* KaZaA Lite was detected as spyware, but in the Lite
>version all ad/spyware is taken out. All other anitspyware
>programs out there won't detect KaZaA Lite.
>
>eDonkey2000 (adware bundler)
>* eDonkey isn't on my system, files being detected belong
>to eMule which doesn't have spyware at all.
>
>Grokster (adware)
>* Isn't Grokster, but part of KaZaA Lite.
>
>
>
>I have listed all these info with more details in a forum
>topic on another site. I also included screenshots there
so
>you can see which files it detected. See that topic here:
>http://msghelp.net/showthread.php?tid=36661
>
>I will be hapy to provide you more information when
needed,
>i'm experienced as a beta tester for other software and
can
>provide you technical data when needed or test some
things.
>
>I can be reached at j.brune@xs4all.nl
>
>Thank you.
>.
>

EDonkey2000 and Grokster probally do contain spyware,
agreed. But eMule is not eDonkey, the only connection
between both is that they connect to the same P2P network.

eDonkey2000 is developed by MetaMachine
(http://www.edonkey2000.com/contact.html) and is a closed
source program.
eMule is developed by various volunteers
(http://www.emule-project.net/home/p...cgi?l=1&rm=team)
and is an open source project.

Even if eMule would contain any kind of spyware, which i
highly doubt, would it make sense to blame MetaMachine (by
labeling eMule as eDonkey) for an open source project in
which MetaMachine has no control. I can imagine upset
people who have eMule complaining to MetaMachine because of
this. It should be corrected.

The same thing goes for KaZaA
(http://www.kazaa.com/us/about/index.htm - Sharman
Networks) which is not Grokster
(http://www.grokster.com/aboutus.html - Grokster LTD).



I can somehow understand the detection of KaZaA lite
because basicly this is the original KaZaA which has
spyware included. Although the spyware is taken out it
still detects the files that belong to KaZaA. However,
still reporting this just for info.

>-----Original Message-----
>Both eDonkey2000 & Grokster are spyware. I know
>eDonkey2000 belongs to eMule, but eMule also has spyware.
>
>KaZaA Lite does have some spyware in it, but it is not as
>bad as the plain KaZaA. Spyware is Spyware.
>
>
>>-----Original Message-----
>>I would like to make a comment on Microsoft AntiSpyware
>>Beta1. I tried this beta today and did a full system scan
>>on all my harddisks with all 3 scan options turned on.
>>
>>I got a few false positives:
>>
>>
>>[1] - Messenger Plus! (adware bundler)
>>* Detected (almost) all Messenger Plus! files and registry
>>settings.
>>* The sponsor (adware bundle) is not installed on my
>>system, it actually never was.
>>* It's listed a "adware bundler" even while (in my case)
>>the sponsor doesn't exist anywhere on my system. And it
>>isn't possible to get the Plus! sponsor either from the
>>files it detected. The only way is by downloading the
>Plus!
>>installer from some site, run it and choose to have the
>>sponsor installed. Even whe using the auto update feature
>>you will always need to choose if you want to have the
>>sponsor installed or not with this update.
>>* Microsoft AntiSpyware does detect Plus! as spyware, even
>>without the sponsor. But it does not detect the Messenger
>>Plus! setup file as spyware. Strange, the setup file has
>>much more risk of being 'spyware' (50% depending on if you
>>choose to install the sponsor or not) then a Plus!
>>installation without the sponsor (0%, totally harmless).
>>* I have already seen a few posts about this in the
>>newsgroup, also alot of Dutch sites are talking about it
>>(i'm Dutch). And the official Messenger Plus! Help forum
>>has 4 topics about this too with alot of people saying the
>>same:
>>- http://msghelp.net/showthread.php?tid=36381
>>- http://msghelp.net/showthread.php?tid=36528
>>- http://msghelp.net/showthread.php?tid=36581
>>- http://msghelp.net/showthread.php?tid=36661
>>
>>
>>RealVNC
>>* I don't think this should even be detected, in 90% of
>the
>>cases this software is used by system admins to remotley
>>manage their users PC. Only very few people will use this
>>software for spying purposes, in fact i never heard of
>this.
>>
>>KaZaA (adware bundler)
>>* KaZaA Lite was detected as spyware, but in the Lite
>>version all ad/spyware is taken out. All other anitspyware
>>programs out there won't detect KaZaA Lite.
>>
>>eDonkey2000 (adware bundler)
>>* eDonkey isn't on my system, files being detected belong
>>to eMule which doesn't have spyware at all.
>>
>>Grokster (adware)
>>* Isn't Grokster, but part of KaZaA Lite.
>>
>>
>>
>>I have listed all these info with more details in a forum
>>topic on another site. I also included screenshots there
>so
>>you can see which files it detected. See that topic here:
>>http://msghelp.net/showthread.php?tid=36661
>>
>>I will be hapy to provide you more information when
>needed,
>>i'm experienced as a beta tester for other software and
>can
>>provide you technical data when needed or test some
>things.
>>
>>I can be reached at j.brune@xs4all.nl
>>
>>Thank you.
>>.
>>
>.
>

I don't suppose it would do any good to mention that
Kazaa lite is an illegal hacked version of Kazaa? Not
that is has anything to do with false positives,I jsut
don't know if I would be admitting that in an open
forum.. unless that is not your real email addy.

KazaaLite contains some of the same signatures that the
legal version uses, so the targeting is valid IMHO.

>-----Original Message-----
>EDonkey2000 and Grokster probally do contain spyware,
>agreed. But eMule is not eDonkey, the only connection
>between both is that they connect to the same P2P
network.
>
>eDonkey2000 is developed by MetaMachine
>(http://www.edonkey2000.com/contact.html) and is a closed
>source program.
>eMule is developed by various volunteers
>(http://www.emule-project.net/home/perl/general.cgi?
l=1&rm=team)
>and is an open source project.
>
>Even if eMule would contain any kind of spyware, which i
>highly doubt, would it make sense to blame MetaMachine
(by
>labeling eMule as eDonkey) for an open source project in
>which MetaMachine has no control. I can imagine upset
>people who have eMule complaining to MetaMachine because
of
>this. It should be corrected.
>
>The same thing goes for KaZaA
>(http://www.kazaa.com/us/about/index.htm - Sharman
>Networks) which is not Grokster
>(http://www.grokster.com/aboutus.html - Grokster LTD).
>
>
>
>I can somehow understand the detection of KaZaA lite
>because basicly this is the original KaZaA which has
>spyware included. Although the spyware is taken out it
>still detects the files that belong to KaZaA. However,
>still reporting this just for info.
>
>>-----Original Message-----
>>Both eDonkey2000 & Grokster are spyware. I know
>>eDonkey2000 belongs to eMule, but eMule also has
spyware.
>>
>>KaZaA Lite does have some spyware in it, but it is not
as
>>bad as the plain KaZaA. Spyware is Spyware.
>>
>>
>>>-----Original Message-----
>>>I would like to make a comment on Microsoft AntiSpyware
>>>Beta1. I tried this beta today and did a full system
scan
>>>on all my harddisks with all 3 scan options turned on.
>>>
>>>I got a few false positives:
>>>
>>>
>>>[1] - Messenger Plus! (adware bundler)
>>>* Detected (almost) all Messenger Plus! files and
registry
>>>settings.
>>>* The sponsor (adware bundle) is not installed on my
>>>system, it actually never was.
>>>* It's listed a "adware bundler" even while (in my
case)
>>>the sponsor doesn't exist anywhere on my system. And it
>>>isn't possible to get the Plus! sponsor either from the
>>>files it detected. The only way is by downloading the
>>Plus!
>>>installer from some site, run it and choose to have the
>>>sponsor installed. Even whe using the auto update
feature
>>>you will always need to choose if you want to have the
>>>sponsor installed or not with this update.
>>>* Microsoft AntiSpyware does detect Plus! as spyware,
even
>>>without the sponsor. But it does not detect the
Messenger
>>>Plus! setup file as spyware. Strange, the setup file
has
>>>much more risk of being 'spyware' (50% depending on if
you
>>>choose to install the sponsor or not) then a Plus!
>>>installation without the sponsor (0%, totally
harmless).
>>>* I have already seen a few posts about this in the
>>>newsgroup, also alot of Dutch sites are talking about
it
>>>(i'm Dutch). And the official Messenger Plus! Help
forum
>>>has 4 topics about this too with alot of people saying
the
>>>same:
>>>- http://msghelp.net/showthread.php?tid=36381
>>>- http://msghelp.net/showthread.php?tid=36528
>>>- http://msghelp.net/showthread.php?tid=36581
>>>- http://msghelp.net/showthread.php?tid=36661
>>>
>>>
>>>RealVNC
>>>* I don't think this should even be detected, in 90%
of
>>the
>>>cases this software is used by system admins to
remotley
>>>manage their users PC. Only very few people will use
this
>>>software for spying purposes, in fact i never heard of
>>this.
>>>
>>>KaZaA (adware bundler)
>>>* KaZaA Lite was detected as spyware, but in the Lite
>>>version all ad/spyware is taken out. All other
anitspyware
>>>programs out there won't detect KaZaA Lite.
>>>
>>>eDonkey2000 (adware bundler)
>>>* eDonkey isn't on my system, files being detected
belong
>>>to eMule which doesn't have spyware at all.
>>>
>>>Grokster (adware)
>>>* Isn't Grokster, but part of KaZaA Lite.
>>>
>>>
>>>
>>>I have listed all these info with more details in a
forum
>>>topic on another site. I also included screenshots
there
>>so
>>>you can see which files it detected. See that topic
here:
>>>http://msghelp.net/showthread.php?tid=36661
>>>
>>>I will be hapy to provide you more information when
>>needed,
>>>i'm experienced as a beta tester for other software
and
>>can
>>>provide you technical data when needed or test some
>>things.
>>>
>>>I can be reached at j.brune@xs4all.nl
>>>
>>>Thank you.
>>>.
>>>
>>.
>>
>.
>