ErrorSmart-setup.exe , bad file or good file?

[mm]

I ran the Malwarebytes virus checker, with definitions from about 5
days ago, and the only file it called bad was:

ErrorSmart-setup.exe

I dl'd this two years ago, but never installed it. It might have been
called just setup.exe and I renamed it.**

MBam says it was written by or is associated with "Rogue Installer"
The file itself says it was written by AntiSpyware, LLC.

I know that doesn't mean much, but on the web, the file seems to be
praised, and sold as shareware for 20 dollars. For example:
http://www.brothersoft.com/errorsmart-70046.html and
http://suhd.com/2009-fix-windows-error-smart/ and
http://www.registrysoftwarereview.com/errorsmart-review.html
which say it is a computer repairer or a registry repairer, (not
malware).

Maybe I didn't run it because a lot of people say registry repair
doesn't really accomplish anything. Maybe the program is free because
it's spyware???

Is this a bad file or a good file?


This raises other questions:

Don't all virus checkers or virus definition files have in them
character strings that look like viruses? Aren't those strings what
gets compared with files that are being checked for viruses? How come
there aren't more hits on anti-virus programs by other anti-virus
programs?

If there is a list of names of anti-virus programs embeded in the AV
program that is doing the checking, files that are to be skipped, why
don't virus writers just name their virus file with the same name?


**(If I used GetRight all the time, I'd know where I dl'd it from, but
since I got highspeed, I don't use GetRight very much.)

 

[mm]

I ran the Malwarebytes virus checker, with definitions from about 5
days ago, and the only file it called bad was:

ErrorSmart-setup.exe

I dl'd this two years ago, but never installed it. It might have been
called just setup.exe and I renamed it.**

MBam says it was written by or is associated with "Rogue Installer"
The file itself says it was written by AntiSpyware, LLC.

I know that doesn't mean much, but on the web, the file seems to be
praised, and sold as shareware for 20 dollars. For example:
http://www.brothersoft.com/errorsmart-70046.html and
http://suhd.com/2009-fix-windows-error-smart/ and
http://www.registrysoftwarereview.com/errorsmart-review.html
which say it is a computer repairer or a registry repairer, (not
malware).

Well, replying to myself, I found a sterner webpage
http://www.411-spyware.com/remove-errorsmart (This page is okay, I
hope) which says
"ErrorSmart, or Error Smart, is a fake registry cleaner. Like other
scam-ware, ErrorSmart pops up fake registry error alerts to try and
scare you into buying ErrorSmart.

If ErrorSmart is annoying you, the only system issue you have is
ErrorSmart. I’ll show you how to get rid of ErrorSmart for free."

I havent' installed it, so I don't have to do more than delete it.

It's interesting that I've had this file for 23 months and during that
time used current AVG defs. and Spybot S&D defs, and I just used
BitDefender a couple days ago, but they didn't find it.


And I still have my other questions:

Don't all virus checkers or virus definition files have in them
character strings that look like viruses? Aren't those strings what
gets compared with files that are being checked for viruses? How come
there aren't more hits on anti-virus programs by other anti-virus
programs?

If there is a list of names of anti-virus programs embedded in the AV
program that is doing the checking, files that are to be skipped, why
don't virus writers just name their virus file with one of the names
on the safe-list?

 

[Jose]

Well, replying to myself, I found a sterner webpagehttp://www.411-spyware..com/remove-errorsmart (This page is okay, I
hope) which says
"ErrorSmart, or Error Smart, is a fake registry cleaner. Like other
scam-ware, ErrorSmart pops up fake registry error alerts to try and
scare you into buying ErrorSmart.

If ErrorSmart is annoying you, the only system issue you have is
ErrorSmart.  I ll show you how to get rid of ErrorSmart for free."

I havent' installed it, so I don't have to do more than delete it.

It's interesting that I've had this file for 23 months and during that
time used current AVG defs. and Spybot S&D defs, and I just used
BitDefender a couple days ago, but they didn't find it.

And I still have my other questions:

Don't all virus checkers or virus definition files have in them
character strings that look like viruses? Aren't those strings what
gets compared with files that are being checked for viruses?  How come
there aren't more hits on anti-virus programs by other anti-virus
programs?  

If there is a list of names of anti-virus programs embedded in the AV
program that is doing the checking, files that are to be skipped, why
don't virus writers just name their virus file with one of the names
on the safe-list?

Not all are the same which is why just running one is not going to
give you the best detection rate. No single one seems to know
everything. Everybody seems to have their favorites though.

Spybot is not particularly useful IMHO unless you like finding
cookies. It also likes to install it's TeaTimer application which is
one ofthe biggest consumers of Virtual Memory I have ever seen. If
you want to see what I mean and have Spybot installed:

Right click the Taskbar, choose to open Task Manager.

Click View, Select Columns, check the box that says: Virtual Memory
Size. Expand the width of the Task Manager
box so you can see all the columns.

Click the VM Size column heading once or twice to sort by VM Size
biggest to smallest, top to bottom.

Is TeaTimer on top consuming most of your VM?

Microsoft only seems to care about their list of certain things they
feel are important in the 3498 files that are important to Windows XP,
and then doesn't even do a good job with that. It may find something
someday, but I will never use it, it installs too much other stuff
consuming memory and CPU I would rather apply to something that
works.

MS is not in the malicious software removal business, but other
companies are - and that is all they do, so why would anyone think a
MS scanner is going to do a better job than something who has that job
full time? Just because it says Microsoft on it doesn't make it
good.

AVG also doesn't have a good hit rate and is sometime difficult to
uninstall completely when you get tired of it and it's shenanigans.

Of the free scanners, I like MBAM and SAS since they seem to find the
most that others will miss, so I always start there.

Download, install, update and do a full scan with these free malware
detection programs:

Malwarebytes (MBAM): http://malwarebytes.org/
SUPERAntiSpyware: (SAS): http://www.superantispyware.com/

They can be uninstalled later if desired.

I used to include AVG in my list of things to use first, but no more.
Spybot dropped out a long time ago. BitDefender also lost it's
luster.

Malware can also disguise itslef using the name of a valid Windows
file and some scanners will not notice that deception.

This tells you that the scanners do have a list, but who has the best
list?

For example, we know userinit.exe is a frequent malware target and
your system will not boot without it. An exact copy of userinit.exe
is certainly not a problem, but it would be curious.

Such a copy may not always be exactly malicious, but more like an
annoying dirty trick (malware mostly just knows how to be annoying).

Make a copy of your userinit.exe to userinit.mmm, scan your system
with your choice and see who detects it and who lets it slide. It is
not harmful - this userinit.mmm, but it is most curious if there is
such a file and smart scanners know the tricks of malware (and so can
you). Hopefully something would detect this oddity and report it.

Lots of things will graciously tell you about all your problems for
free and offer to fix it for you for a price when there may not really
be a problem at all. These are called scams. If they can remove it,
so can you. They have no magic powers. They only have a clever sales
pitch and sometimes a naive and frightened audience.

If you are suspicious of files you see on your system, you can have
them scanned (individually) by over a dozen well respected packages
(including BitDefender) without downloading anything:

Online scanner online virus scanner virus scanning engines:

http://virusscan.jotti.org/en
http://www.virustotal.com/

If malicious software really wanted to be malicious it could be a
whole lot worse! Mostly, it is just annoying and can fool you into
doing silly things like reinstalling Windows after some trial and
error methods fail to remove it. Such action as reinstalling is
rarely required (never done it) but often recommended when the malware
has outsmarted the person trying to remove it or they just give up.
Generally it is not too hard to outsmart if you have the right tools
and can think like malware.

 

[Paul]

Well, replying to myself, I found a sterner webpage
http://www.411-spyware.com/remove-errorsmart (This page is okay, I
hope) which says
"ErrorSmart, or Error Smart, is a fake registry cleaner. Like other
scam-ware, ErrorSmart pops up fake registry error alerts to try and
scare you into buying ErrorSmart.

If ErrorSmart is annoying you, the only system issue you have is
ErrorSmart. I’ll show you how to get rid of ErrorSmart for free."

I havent' installed it, so I don't have to do more than delete it.

It's interesting that I've had this file for 23 months and during that
time used current AVG defs. and Spybot S&D defs, and I just used
BitDefender a couple days ago, but they didn't find it.


And I still have my other questions:

Don't all virus checkers or virus definition files have in them
character strings that look like viruses? Aren't those strings what
gets compared with files that are being checked for viruses? How come
there aren't more hits on anti-virus programs by other anti-virus
programs?

If there is a list of names of anti-virus programs embedded in the AV
program that is doing the checking, files that are to be skipped, why
don't virus writers just name their virus file with one of the names
on the safe-list?

If the file is small enough, upload it to virustotal.com and that
web site runs multiple scanners against a file. When I have small
files from suspicious sources, I use virustotal to test some of them.

As for your brothersoft link, this is what I found. Notice they
found some "red" downloads. Not a place I'd be downloading from.

http://www.siteadvisor.com/sites/brothersoft.com

Paul