Anti Spyware - General

R

Richard Urban

A few days ago I installed Spy Sweeper (Webroot) on my main computer. I have
been noticing some questionable activities, and since it concerns both MS
Anti Spyware and Spybot Search and Destroy, I feel it is appropriate to post
this here.

We know that new definitions came out today for Ad-Aware, Spybot and MS Anti
Spyware. I installed the update in the following order:
MS
Ad-Aware
Spybot

This is what occurs. When I click on search for updates in Spybot, I
immediately get a warning from MS Anti Spyware that a change has been
detected and an entry is trying to be made in Internet Explorer "Trusted
Zone". In this last instance it was for: core-psyche-evolution.com. I of
course disallowed the change.

On 1/27/06, when I searched for updates in Spybot, MS Anti Spyware caught
the following: adservs.com trying to be added to Internet Explorer "Trusted
Zone".

On 1/20/06 it was hypermart.net and on 1/14/06 it was 1grb.ru

These all occur when I search for updates from within Spybot.

Today, Spy Sweeper caught the same violation as MS Anti Spyware did after I
disallowed the change in MS Anti Spyware. Spy Sweeper was, of course, asking
if I wanted to Allow MS Anti Spyware to make the change and disallow the
inclusion of core-psyche-evolution.com into the Internet Explorer. Note that
this is an interaction between the 2 programs, and could be confusing if one
were not to thoroughly read the alert. No problem, and I can live with this.

There have been a few times when Only Spy Sweeper has caught Spybot trying
to add a site to the Internet Explorer "Trusted Zone".

I am wondering what is going on with Spybot! If I allow the changes to be
made I find new download sites available in Spybot with extremely
questionable names - ones that I would not trust for download of definition
files. In addition, the sites ARE now in the Internet Explorer "Trusted
Zone".

Has anyone else noticed this with Spybot. It's almost as if their download
server has been contaminated.

Every test scan I put my system through has turned it up to be clean.

I have also noticed this behavior on many other computers I maintain for my
customers (many entries in the Trusted Zone for highly questionable sites)
and they all have Spybot Search and Destroy installed.

Any comments or thoughts?





--


Regards,

Richard Urban
Microsoft MVP Windows Shell/User

Quote from George Ankner:
If you knew as much as you think you know,
You would realize that you don't know what you thought you knew!
 
R

Richard Urban

I don't think it is a bug. If I allow the action, instead of block, within
MS Anti Spyware, the site in question IS placed in my "Trusted Zone". And,
it was put there when searching for updates within Spybot.

MS is making a very valid catch.

BTW, Spy Sweeper makes the same catches when searching for and installing
updates within Spybot.

The question is, Why Is Spybot Doing This? It is trying to place web sites
in Internet Explorer "Trusted Zone" without my knowledge. If I didn't have
the two other programs, it would be successful. It has been successful on
many computers I have checked where only Spybot is installed. The trusted
zone on these computers is packed with dubious sites, courtesy of Spybot.


--


Regards,

Richard Urban
Microsoft MVP Windows Shell/User

Quote from George Ankner:
If you knew as much as you think you know,
You would realize that you don't know what you thought you knew!
 
R

Richard Urban

I just ran a test on one of my other computers that is running Windows 2000
and Spybot ver 1.4.

I first updates MS Antispyware.
I then searched for updates with Spybot.

I immediately got a popup from MSAS as follows:

An Internet change has been blocked.

Microsoft Antispyware has blocked the trusted site _malwarewipe.com from
being added to the list of trusted web sites in Internet Explorer.

I cancelled out of the update install and closed Spybot. I then went into
I.E. properties/security and looked at the list of trusted sites.
Malwarewipe.com was not there.

I again ran an update check from Spybot, this time with MSAS real time
agents disabled. I downloaded the update and shut down Spybot.

This time, when I checked my trusted sites in Internet Explorer
malwarewipe.com was there as being trusted.

This is highly suspicious, to say the least - that an anti spyware
application is doing things behind your back.

--


Regards,

Richard Urban
Microsoft MVP Windows Shell/User

Quote from George Ankner:
If you knew as much as you think you know,
You would realize that you don't know what you thought you knew!
 
B

Bill Sanderson

Are you absolutely sure they are going into the Trusted Zone, and not the
Restricted?

--
 
B

Bill Sanderson

I'll read these later--I don't doubt that the site/domain is worth blocking.

My impression is that Spybot Search & Destroy is, in fact, attempting to do
so, and that the message from Microsoft Antispyware reads incorrectly--see
the KB article I cited.

However, you are stating clearly that the site is ending up in the Trusted
sites zone--I've never seen this from Spybot Search & destroy, and know of
no reason why it should do that.



--
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

AVG Anti-Spyware 7.5... 16
Spybot Anti-Beacon 3
Giant Anti-Spyware vs Microsot Anti-Spyware 3
WD Find Anything? 8
Windows 10 Spybot Anti-Beacon ... immunises Win 10 13
An the winner is... Microsoft Antispyware 0
Spy Sweeper 5.0 Final released 18
0x8050800c Error 4

Top