I tried this on my system. I was interested, since Sunbelt's system is also
an offshoot of Giant antispyware's technology.
On my system, besides some cookies, it found a couple of threats. One was a
file associated with one of those utilities which shows you the passwords on
your own systems which are hidden by asterisks--i.e. if you have the
password to your system, it will allow you to see other passwords in your
password storage file. What is interesting was that the online scan
described this in these terms:
-----------------------------
Password Recovery Pro
Type: Password Hijacker
Threat Level: Elevated
Author: Sureshot
Description: Password Recovery Pro is a password hijacker.
Advice: This is a high risk threat and should be removed or quarantined as
to prevent harm to your computer or your privacy.
---------------------------------------------
However, it didn't directly identify the particular file involved, so I
wanted more information. Here's what Sunbelt's online information base says
about this same item:
http://research.sunbelt-software.com/threat_display.cfm?name=Password Recovery Pro
Note that the advice here is to keep this in place (presuming that you
knowingly installed it in the first place, perhaps!)
(I wasn't able, using the information in the web link, to find anything
related to this app on my system, but it isn't entirely unlikely--I've
looked at such apps in the past.)
The second item of interest the scan found was:
--------------------------------------------
brutus-v1-b2.exe
Type: Password Hijacker
Threat Level: Elevated
Author:
Description: Brutus is a multi-protocol authentication negotiation agent or
password cracker.
Advice: This is a high risk threat and should be removed or quarantined as
to prevent harm to your computer or your privacy.
------------------------------------------------------------------
Needless to say, this got me to sit up and take notice, so I looked up the 5
registry keys which were the evidence cited for the presence of this critter
on my machine:
HKEY_LOCAL_MACHINESOFTWARE\Classes\TypeLib\{33101C00-75C3-11CF-A8A0-444553540000}
HKEY_LOCAL_MACHINESOFTWARE\Classes\TypeLib\{33101C00-75C3-11CF-A8A0-444553540000}\1.0\0\win32
HKEY_LOCAL_MACHINESOFTWARE\Classes\TypeLib\{33101C00-75C3-11CF-A8A0-444553540000}\1.0\FLAGS
HKEY_LOCAL_MACHINESOFTWARE\Classes\TypeLib\{33101C00-75C3-11CF-A8A0-444553540000}\1.0\HELPDIR
HKEY_LOCAL_MACHINESOFTWARE\Classes\TypeLib\{33101C00-75C3-11CF-A8A0-444553540000}\1.0
And, I looked up their web information:
http://research.sunbelt-software.com/threat_display.cfm?name=brutus-v1-b2.exe
I was unable to discern any of the executables named in the web link on my
machine, but of course they could be renamed. I didn't scan for the MD5
hashes, but since the online scan only identified the registry items, I'm
not too worried.
So--what about those registry items? The registry items appear to be
associated with a particular control--Catalyst Socketwrench. This seems
entirely aboveboard, although, in fact, the OCX named is not present on my
system.
Bottom line: This online scan appeared to identify a couple of serious
threats that hadn't been caught by Microsoft Antispyware.
On closer examination, however, neither was what appeared at first glance:
The first password hijacker was a trace of an app which their own
recommendation says :leave alone.
The second password hijacker consisted entirely of registry entries related
to a commonly available control which is common to many pieces of software.
I don't think either of these findings rises to the level of a false
positive--but they are described in terms which are scary, and a closer
examination of both of them left me feeling that the findings were somewhat
"hyped."
I doubt this is intentional on Sunbelt's part--the problem of false
positives and misidentifications is one which all products in this area
face.
)