Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

SpyOnThis being pushed through hijack-this.net
Goto page 1, 2, 3, 4  Next
 
Post new topic   Reply to topic    Spyware Warrior Forum Index -> Anti-Spyware and Security Software Discussion
View previous topic :: View next topic  
Author Message
DamnSpyware34
Warrior


Joined: 28 Sep 2005
Last Visit: 15 Mar 2009
Posts: 140
Location: The planet where no Ad/Spyware exists

PostPosted: Sat Apr 22, 2006 1:53 am    Post subject: SpyOnThis being pushed through hijack-this.net Reply with quote

I decided to update myself on the status of hijack-this.net and was shocked to discover that it's pushing a new app.

To be fair, hijack-this.net also publishes a link to merijn's download page.

But really. When will this domain just die?

SpyOnThis homepage:
Code:
http://www.spyonthis.net


The link on hijack-this.net seems to point to an affiliate homepage (this is after a redirect through ClickBank):
Code:
http://www.spyonthis.net/index.html;jsessionid=4pmiiubk4vbbn


Could Eric inspect this app (SpyOnThis)?
_________________
Spyware is so uncool.
Back to top
View user's profile Send private message
DamnSpyware34
Warrior


Joined: 28 Sep 2005
Last Visit: 15 Mar 2009
Posts: 140
Location: The planet where no Ad/Spyware exists

PostPosted: Fri Apr 28, 2006 4:16 am    Post subject: Reply with quote

*bump*

Sorry if I didn't clarify myself earlier.

The new app that is being pushed through hijack-this.net is SpyOnThis.

The question is: Is SpyOnThis a new rogue program?
_________________
Spyware is so uncool.
Back to top
View user's profile Send private message
AssCobra
Junior Member


Joined: 31 Mar 2006
Last Visit: 29 Mar 2008
Posts: 17

PostPosted: Fri Apr 28, 2006 6:47 am    Post subject: Reply with quote

seems to be a rouge, i dled it used it to scan, it found 22 new treats on my computer.

before i used this new program i scanned with
ad-aware se personal: clean
ewido anti-malware: clean
spybot s&d: clean
superantispyware: clean

just a feeling that SpyOnThis is a rouge, it even came up with some spyware on my computer it called kazaa, ive never had kazaa on my computer ever.

however, im no expert...
_________________
Viddy well, little brother. Viddy well - Alex

Thanks Show
Back to top
View user's profile Send private message
suzi
Site Admin


Joined: 27 Jul 2003
Last Visit: 22 Aug 2014
Posts: 10323
Location: sunny California

PostPosted: Fri Apr 28, 2006 9:55 am    Post subject: Reply with quote

AssCobra, it could well be that what it found is false positives.

DamnSpyware34, I don't know if Eric saw this thread or not -- probably he missed it. We'll check out this app soon.
_________________
Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn. Smile
Back to top
View user's profile Send private message Visit poster's website
SUPERAntiSpy
Warrior


Joined: 05 Apr 2006
Last Visit: 04 Mar 2008
Posts: 119

PostPosted: Fri Apr 28, 2006 1:02 pm    Post subject: Reply with quote

AssCobra - The jsessionid is simply a session identifier used by whatever they are using on the site such as a Java, component, etc. It's basically like a cookie passed on the url/uri line.

For instance, PHP will use a PHPSESSID appended to the URL/URI if it can't save the cookie. If you just go to the url directly, it redirects to a url with the jsessionid there.

We are testing this app out right now on a clean system, and will see exactly what it does, finds, installs, etc. and I will report back here to the group.

Nick Skrepetos
SUPERAntiSpyware.com
http://www.superantispyware.com
Back to top
View user's profile Send private message
SUPERAntiSpy
Warrior


Joined: 05 Apr 2006
Last Visit: 04 Mar 2008
Posts: 119

PostPosted: Fri Apr 28, 2006 1:21 pm    Post subject: Reply with quote

Just did an install and run on a clean machine and nothing "weird' showed up or was installed. I am curious as to the installation of the dsdmo.dll which is a direct sound realted item.

Here is the initial report of what was installed and where:

HKCR\CLSID\{2A1E37A4-04F1-5535-0715-F2C7C83EB4EE}
InProcServer32#C:\WINDOWS\System32\dsdmo.dll
ProgID#Microsoft.DirectSoundCaptureNoiseSuppressDMO.1
VersionIndependentProgID#Microsoft.DirectSoundCaptureNoiseSuppressDMO
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B72A13A7-CCCD-407A-882B-4CFC2ADD39EF}_is1
%PROGRAMFILES%\SpyOnThis
%PROGRAMFILES%\SpyOnThis\base.sot [MD5:A4EFB803F52A18FA2756A0B3EC67171B]
%PROGRAMFILES%\SpyOnThis\config.xml [MD5:5F014EEC4D12ABB6FC7F18C0E618282F]
%PROGRAMFILES%\SpyOnThis\ignore.dat
%PROGRAMFILES%\SpyOnThis\paths.dat
%PROGRAMFILES%\SpyOnThis\Quarantine
%PROGRAMFILES%\SpyOnThis\Scan logs
%PROGRAMFILES%\SpyOnThis\Scan logs\2006-04-28.16-11-30.txt [MD5:40F5AF05A96178F7E8AF6B92A0958279]
%PROGRAMFILES%\SpyOnThis\settings.ini [MD5:6DEF3FB186F5C9C9FE605ED5B5BBE24D]
%PROGRAMFILES%\SpyOnThis\SpyOnThis.exe [MD5:78054F8958CDC827E505C9434E064EC8]
%PROGRAMFILES%\SpyOnThis\SpyOnThisMonitor.exe [MD5:24118C23AC1120A3D0E7A5DF6F9094B7]
%PROGRAMFILES%\SpyOnThis\unins000.dat [MD5:C8FFC5B98FAD264448449BAD8CD1E8B4]
%PROGRAMFILES%\SpyOnThis\unins000.exe [MD5:D6ABC3C44E97BEEEA534E33E93AE97B4]
%CSIDL_COMMON_PROGRAMS%\SpyOnThis
%CSIDL_COMMON_STARTMENU%\Programs\SpyOnThis
%CSIDL_COMMON_STARTMENU%\Programs\SpyOnThis\SpyOnThis Monitor.lnk [MD5:11D95F38ED17C34FF565292132F8E40F]
%CSIDL_COMMON_STARTMENU%\Programs\SpyOnThis\SpyOnThis Scanner.lnk [MD5:33315952346C86C4DBA9A6BD8977444B]
%CSIDL_DESKTOPDIRECTORY%\SpyOnThis Monitor.lnk [MD5:A7105FFF7B2C4C6F80D824B4F6E3B1F2]
%CSIDL_DESKTOPDIRECTORY%\SpyOnThis Scanner.lnk [MD5:740B19D5D703E76E9DE947DF667AFBA5]
%CSIDL_DESKTOPDIRECTORY%\SpyOnThisSetup.exe [MD5:6AD117A404245C35A30008E3A5B3D988]

The scan and install was done on a bare-bones XP system. We will do another scan on a fully loaded system to see if any false positives, etc. are generated.

SpyOnThis does generate logs. If you want to post that, we can see what it found to determine if they were false positives, cookies, or what they are.

Nick Skrepetos
SUPERAntiSpyware.com
http://www.superantispyware.com
Back to top
View user's profile Send private message
fcukdat
Warrior Addict


Joined: 01 Jan 2005
Last Visit: 08 Apr 2009
Posts: 757
Location: Yeovil,England.

PostPosted: Fri Apr 28, 2006 1:52 pm    Post subject: Reply with quote

Not overtly impressed with this 'un Rolling Eyes

My malware free 'puter scanned with updated "spyonthis"

Scan started : 28/04/2006 23:30:33

Total items scanned : 17834
Objects found : 7
Objects ignored : 0

SaveNow object found!!!
Object: SaveNow
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:software\classes\magnet\defaulticon
RiskLevel: 5

SaveNow object found!!!
Object: SaveNow
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:software\classes\magnet\shell\open\command
RiskLevel: 5

XoloX object found!!!
Object: XoloX
Class: REGKEY
Type: PACKER
FoundIn: HKEY_CLASSES_ROOT:magnet
RiskLevel: 5

Kazaa object found!!!
Object: Kazaa
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:software\magnet
RiskLevel: 1

Xolox object found!!!
Object: Xolox
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:SOFTWARE\Classes\magnet
RiskLevel: 3

Xolox object found!!!
Object: Xolox
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_CLASSES_ROOT:\magnet
RiskLevel: 3

Dialer object found!!!
Object: Dialer
Class: REGKEY
Type: BROWSER HELPER OBJECT
FoundIn: HKEY_CURRENT_USER:SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\WINTRUST\TRUST PROVIDERS\SOFTWARE PUBLISHING\TRUST DATABASE\0
RiskLevel: 1
_________________
Malware hunter....Got Bot ?

MIRT Handler >>>
http://www.castlecops.com/c55-MIRT.html
Back to top
View user's profile Send private message Visit poster's website
AssCobra
Junior Member


Joined: 31 Mar 2006
Last Visit: 29 Mar 2008
Posts: 17

PostPosted: Fri Apr 28, 2006 2:40 pm    Post subject: Reply with quote

gotta love it, i reinstalled it to get a log on this forum, now it came up with 70 infections Smile

Scan started : 29.04.2006 00:38:18

Total items scanned : 20376
Objects found : 70
Objects ignored : 0

DyFuCA.Internet Optimizer object found!!!
Object: DyFuCA.Internet Optimizer
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{d8e25c53-9508-4f5c-9249-d98d438891d5}
RiskLevel: 1

F__kSite object found!!!
Object: F__kSite
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{a1dc3241-b122-195f-b21a-000000000000}
RiskLevel: 1

Online-Dialer object found!!!
Object: Online-Dialer
Class: REGKEY
Type: DOS
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{02c20140-76f8-4763-83d5-b660107b7a90}
RiskLevel: 1

Online-Dialer object found!!!
Object: Online-Dialer
Class: REGKEY
Type: DOS
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{03d3ad2f-c841-443f-8a21-a7d2a62b6626}
RiskLevel: 1

Online-Dialer object found!!!
Object: Online-Dialer
Class: REGKEY
Type: DOS
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{91df007c-2f7f-4731-be1f-38c1c13ceb8b}
RiskLevel: 1

Online-Dialer object found!!!
Object: Online-Dialer
Class: REGKEY
Type: DOS
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{ab1e62eb-3de3-428f-a417-64ab3c9b6cf0}
RiskLevel: 1

Online-Dialer object found!!!
Object: Online-Dialer
Class: REGKEY
Type: DOS
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{e44151c8-0c6c-4a7d-b677-4fcc9552e957}
RiskLevel: 1

HighTraffic object found!!!
Object: HighTraffic
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{53e10c2c-43b2-4657-ba29-aae179e7d35c}
RiskLevel: 1

IEMonit object found!!!
Object: IEMonit
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CE7C3CF0-4B15-11D1-ABED-709549C10001}
RiskLevel: 1

Searchex object found!!!
Object: Searchex
Class: REGKEY
Type: HOSTILE ACTIVEX
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{a116a5c1-ad77-446c-992a-f56200b112db}
RiskLevel: 1

Searchex object found!!!
Object: Searchex
Class: REGKEY
Type: HOSTILE ACTIVEX
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{b405ee45-1aa2-410d-a6cf-1a74371dcd62}
RiskLevel: 1

Claria object found!!!
Object: Claria
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_USERS:.default\software\microsoft\systemcertificates\trustedpublisher\crls
RiskLevel: 3

Aureate object found!!!
Object: Aureate
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{EBBFE27C-BDF0-11D2-BBE5-00609419F467}
RiskLevel: 1

FreeScratchAndWin object found!!!
Object: FreeScratchAndWin
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{20a03a4c-9faf-45d5-a5c2-b6c49774e03c}
RiskLevel: 1

FreeScratchAndWin object found!!!
Object: FreeScratchAndWin
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{47cc4dcd-bbc9-47a3-a677-44db2559e0d8}
RiskLevel: 1

FreeScratchAndWin object found!!!
Object: FreeScratchAndWin
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{5dd7b3be-fdec-4563-b038-ff80f2345b89}
RiskLevel: 1

FreeScratchAndWin object found!!!
Object: FreeScratchAndWin
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{99b0b113-6f25-49c9-8ecf-2fddd3edff6a}
RiskLevel: 1

SaveNow object found!!!
Object: SaveNow
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:software\classes\magnet\defaulticon
RiskLevel: 5

SaveNow object found!!!
Object: SaveNow
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:software\classes\magnet\shell\open\command
RiskLevel: 5

VX2.NetPal object found!!!
Object: VX2.NetPal
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{000e7270-cc7a-0786-8e7a-da09b51938a6}
RiskLevel: 1

VX2.NetPal object found!!!
Object: VX2.NetPal
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{6085fb5b-c281-4b9c-8e5d-d2792ea30d2f}
RiskLevel: 1

VX2.NetPal object found!!!
Object: VX2.NetPal
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{c7ade150-743d-11d4-8141-00e029626f6a}
RiskLevel: 1

about_blank object found!!!
Object: about_blank
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_CURRENT_USER:Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\slotchbar.com
RiskLevel: 1

about_blank object found!!!
Object: about_blank
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_CURRENT_USER:Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ysbweb.com
RiskLevel: 1

Search Toolbar object found!!!
Object: Search Toolbar
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{76EC9B95-D244-41F9-A5BE-6896EFFB40CF}
RiskLevel: 6

E2Give object found!!!
Object: E2Give
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{3b99f202-145a-4e5a-ac7b-88a36910bf5e}
RiskLevel: 4

LinkGrabber 99 object found!!!
Object: LinkGrabber 99
Class: REGVALUE
Type: SPYWARE
FoundIn: HKEY_USERS:.default\software\microsoft\windows\currentversion\internet settings\zonemap\domains\mywebsearch.net[*]
RiskLevel: 3

7FaSSt object found!!!
Object: 7FaSSt
Class: REGKEY
Type: CARDING
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{06dfedaa-6196-11d5-bfc8-00508b4a487d}
RiskLevel: 1

7FaSSt object found!!!
Object: 7FaSSt
Class: REGKEY
Type: CARDING
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{669695bc-a811-4a9d-8cdf-ba8c795f261e}
RiskLevel: 1

7FaSSt object found!!!
Object: 7FaSSt
Class: REGKEY
Type: CARDING
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3}
RiskLevel: 1

ShopForGood object found!!!
Object: ShopForGood
Class: REGKEY
Type: HIJACKER
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{05bbb56a-2a69-4a5c-bfda-43295dd67434}
RiskLevel: 5

XoloX object found!!!
Object: XoloX
Class: REGKEY
Type: PACKER
FoundIn: HKEY_CLASSES_ROOT:magnet
RiskLevel: 5

180Search Assistant object found!!!
Object: 180Search Assistant
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{6eb5b540-1e74-4d91-a7f0-5b758d333702}
RiskLevel: 3

EZSearching object found!!!
Object: EZSearching
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{34d516ea-40e3-4e3b-8ba8-505112738ed5}
RiskLevel: 2

Favoriteman object found!!!
Object: Favoriteman
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{000000f1-34e3-4633-87c6-1aa7a44296da}
RiskLevel: 4

Favoriteman object found!!!
Object: Favoriteman
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{00000ef1-0786-4633-87c6-1aa7a44296da}
RiskLevel: 4

Favoriteman object found!!!
Object: Favoriteman
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{ebbd88e5-c372-469d-b4c5-1fe00352ab9b}
RiskLevel: 4

MemoryMeter object found!!!
Object: MemoryMeter
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{afdbb6d0-6b96-419c-8bc6-ff0b99368c0b}
RiskLevel: 1

Kazaa object found!!!
Object: Kazaa
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:software\magnet
RiskLevel: 1

xxx-toolbar object found!!!
Object: xxx-toolbar
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_CURRENT_USER:Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xxxtoolbar.com
RiskLevel: 1

Newtonknows object found!!!
Object: Newtonknows
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{8ae10ee3-84be-4d3c-8106-7020bf3f0142}
RiskLevel: 1

Newtonknows object found!!!
Object: Newtonknows
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{e9407738-a996-421a-a309-5c93c699e10a}
RiskLevel: 1

InetSpeak object found!!!
Object: InetSpeak
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{2e12b523-3d4c-4fac-9b04-0376a8f5e879}
RiskLevel: 1

InetSpeak object found!!!
Object: InetSpeak
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{388d7ebb-cbb9-4126-8db2-86dc6863a206}
RiskLevel: 1

InetSpeak object found!!!
Object: InetSpeak
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{39af31dd-eafc-45ea-a56c-385b52e25cc0}
RiskLevel: 1

InetSpeak object found!!!
Object: InetSpeak
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{6b12dabb-0b7c-44fa-b0b3-4baff3790256}
RiskLevel: 1

InetSpeak object found!!!
Object: InetSpeak
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{a76066c9-941b-4209-9d96-0ac80501100d}
RiskLevel: 1

InetSpeak object found!!!
Object: InetSpeak
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{c389f2cf-26ed-11d5-a212-004005f6feb6}
RiskLevel: 1

InetSpeak object found!!!
Object: InetSpeak
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{d6862a22-1dd6-11d3-bb7c-444553540000}
RiskLevel: 1

eAcceleration object found!!!
Object: eAcceleration
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{459729ac-727d-4d97-b18a-72ee224efec0}
RiskLevel: 1

SCBar object found!!!
Object: SCBar
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{00041a26-7033-432c-94c7-6371de343822}
RiskLevel: 1

Xolox object found!!!
Object: Xolox
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:SOFTWARE\Classes\magnet
RiskLevel: 3

Xolox object found!!!
Object: Xolox
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_CLASSES_ROOT:\magnet
RiskLevel: 3

Toolbar.bho2 object found!!!
Object: Toolbar.bho2
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{07b18ea1-a523-4961-b6bb-170de4475cca}
RiskLevel: 1

Starware object found!!!
Object: Starware
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2D51D869-C36B-42bd-AE68-0A81BC771FA5}
RiskLevel: 1

Starware object found!!!
Object: Starware
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{7BED0340-176B-44bc-915E-C21C1DD6F617}
RiskLevel: 1

Starware object found!!!
Object: Starware
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CA356D79-679B-4b4c-8E49-5AF97014F4C1}
RiskLevel: 1

Starware object found!!!
Object: Starware
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D49E9D35-254C-4c6a-9D17-95018D228FF5}
RiskLevel: 1

SearchMiracle.EliteBar object found!!!
Object: SearchMiracle.EliteBar
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_CURRENT_USER:Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchmiracle.com
RiskLevel: 1

Adware.Sa object found!!!
Object: Adware.Sa
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{4bcf322b-9621-4e90-9678-f1424eb7584e}
RiskLevel: 1

Adware.Sa object found!!!
Object: Adware.Sa
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{7B55BB05-0B4D-44FD-81A6-B136188F5DEB}
RiskLevel: 1

Click the Button object found!!!
Object: Click the Button
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{ab4dd0f0-38da-4f48-aafe-7de7323bb6b2}
RiskLevel: 1

ToolbarCC object found!!!
Object: ToolbarCC
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffa2}
RiskLevel: 1

ToolbarCC object found!!!
Object: ToolbarCC
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffa7}
RiskLevel: 1

ToolbarCC object found!!!
Object: ToolbarCC
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffa8}
RiskLevel: 1

ToolbarCC object found!!!
Object: ToolbarCC
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffaf}
RiskLevel: 1

EzuLa object found!!!
Object: EzuLa
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{19dfb2cb-9b27-11d4-b192-0050dab79376}
RiskLevel: 2

EzuLa object found!!!
Object: EzuLa
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{3d7247de-5db8-11d4-8a72-0050da2ee1be}
RiskLevel: 2

EzuLa object found!!!
Object: EzuLa
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{3d7247e8-5db8-11d4-8a72-0050da2ee1be}
RiskLevel: 2

EzuLa object found!!!
Object: EzuLa
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{a041b850-57ad-493f-8fdc-4f1b15c0d16f}
RiskLevel: 2
_________________
Viddy well, little brother. Viddy well - Alex

Thanks Show
Back to top
View user's profile Send private message
SUPERAntiSpy
Warrior


Joined: 05 Apr 2006
Last Visit: 04 Mar 2008
Posts: 119

PostPosted: Fri Apr 28, 2006 2:45 pm    Post subject: Reply with quote

I bet you have "immunized" using SpywareBlaster or Spybot and it thinks all those are threats, when those are "killbit" Active X entries that actually block those controls from installing and executing.

Nick Skrepetos
SUPERAntiSpyware.com
http://www.superantispyware.com
Back to top
View user's profile Send private message
AssCobra
Junior Member


Joined: 31 Mar 2006
Last Visit: 29 Mar 2008
Posts: 17

PostPosted: Fri Apr 28, 2006 3:32 pm    Post subject: Reply with quote

SUPERAntiSpy wrote:
I bet you have "immunized" using SpywareBlaster or Spybot and it thinks all those are threats, when those are "killbit" Active X entries that actually block those controls from installing and executing.

Nick Skrepetos
SUPERAntiSpyware.com
http://www.superantispyware.com


correct, i have "immunized" with spybot s&d.

however, i am not a expert, or experienced personed with it comes to this, am i supposed to know that the "infections" it found are from the "immunization"? at www.hijack-this.net it advertises this program with being for the novice user, i am one of those, yet it finds alot which arent rly infections.

so this is just another program for you experts?
_________________
Viddy well, little brother. Viddy well - Alex

Thanks Show
Back to top
View user's profile Send private message
SUPERAntiSpy
Warrior


Joined: 05 Apr 2006
Last Visit: 04 Mar 2008
Posts: 119

PostPosted: Fri Apr 28, 2006 3:36 pm    Post subject: Reply with quote

It appears SpyOnThis is incorrectly detecting those items - it should look to see if the Active X is set to block or alllow.

In my opinion, I would not classify this product as a product for experts - and it appears that it may provide too many false positives for the novice user.

Time will tell as far as how they improve the product, remove false positives, update rules, etc.

As a person who is involved in the "thick of it", it takes quite the effort to stay on top of the evolving spyware/malware/adware, not just in the definitions but in the technology required as well.

Nick Skrepetos
SUPERAntiSpyware.com
http://www.superantispyware.com
Back to top
View user's profile Send private message
Nick
Site Admin


Joined: 27 Feb 2004
Last Visit: 15 Jul 2014
Posts: 3913
Location: California

PostPosted: Fri Apr 28, 2006 4:53 pm    Post subject: Reply with quote

Most of the newer antispyware products had false positives when I ran scans on my clean system that had IE Spyad and SpywareBlaster installed. They'd always be a few bad reg keys from the restricted sites added by IE Spyad and SpywareBlaster. I'd go check the value of the flagged key and it would be set to put the site in the restricted zone. So that made it a false positive. Spyware Doctor, Giant Antispyware which turned into Microsoft Antispyware, and a few others all had that problem. I can't remember any of them ever flagging the kill bit key though. Microsoft does add CLSIDs to that key sometimes. They added a few last year when the Sony rootkit was all the news. Since the unistaller from Sony was dangerous, MS added the CLSIDs from the uninstaller in the December 2005 Windows updates.


I believe that because most people don't use IE Spyad or SpywareBlaster, the developers didn't realize that people were adding bad ones to protect themselves. So the testers didn't really have any experience with large amounts of entries in those registry areas. That was 2 years ago and things have changed. It looks like Spyonthis is just searching the registry for those CLSID's and not taking into account that they can be in the registry for a good reason.

Maybe they just haven't realized that there needs to be more than looking for the bad CLSIDs in the registry. If they can respond and fix all of the false positives, then good for them. I don't think they did it on purpose, though. At least for all those CLSIDs.
Back to top
View user's profile Send private message
SpyOnThis
Newbie


Joined: 28 Apr 2006
Last Visit: 03 May 2006
Posts: 7

PostPosted: Fri Apr 28, 2006 8:42 pm    Post subject: Reply with quote

Hello All,

First, I'd like to thank Nick (SUPERAntiSpy), and Nick for their reasonable and level-headed posts in this thread. There was certainly an opportunity for a "witch-hunt" atmosphere here, so we appreciate your rational comments.

Second, in regards to the original post, we have already contacted Eric Howes and asked him to objectively test our software, as well as offering our full cooperation. We informed him there are some false positive issues we are currently working to resolve, and he generously offered to wait one week before testing. This is no doubt why he has not responded here yet. Eric told us that forum members were also asking for a test, and thus we found this thread.

We have no intention of distributing a "rogue" application. As Nick mentioned above, no anti-spyware software is perfect. We strive to constantly improve SpyOnThis and quickly resolve such issues as false positives when they appear. I have already forwarded the "killbit Active X" issue from above to our tech team, and this will be fixed asap.

Thank you for your consideration.

Melissa
SpyOnThis Support
www.spyonthis.net
Back to top
View user's profile Send private message
fcukdat
Warrior Addict


Joined: 01 Jan 2005
Last Visit: 08 Apr 2009
Posts: 757
Location: Yeovil,England.

PostPosted: Fri Apr 28, 2006 10:19 pm    Post subject: Reply with quote

Hi SpyOnThis and welcome to the SWW Forums Smile

Ok so your starting out and your product by your admission is not quite upto scratch.Thanks for the honesty Smile

Some questions for you....

1)Why do you charge for a substandard programme ?

2)Why do you not label it beta and offer it for free until it is dev'ed into a working software ?

3)What are you going to do with reguards to your affiliate that is domain squatiing on HJThis name and the reason why thgis topic was raised in the first place ?
_________________
Malware hunter....Got Bot ?

MIRT Handler >>>
http://www.castlecops.com/c55-MIRT.html
Back to top
View user's profile Send private message Visit poster's website
SpyOnThis
Newbie


Joined: 28 Apr 2006
Last Visit: 03 May 2006
Posts: 7

PostPosted: Sat Apr 29, 2006 4:02 am    Post subject: Reply with quote

1)Why do you charge for a substandard programme ?

"Substandard" is a subjective term, we would obviously beg to differ. If you are labeling it substandard due to false positives - All anti-spyware/virus software are prone to false positives, as other posters illustrated above. We feel it's simply a matter of correcting false positives asap as they are discovered.


2)Why do you not label it beta and offer it for free until it is dev'ed into a working software ?

Our software works fine. Smile


3)What are you going to do with reguards to your affiliate that is domain squatiing on HJThis name and the reason why thgis topic was raised in the first place ?

We have examined the domain in question. It appears there are no deceptive or untrue statements made, and in fact the first link on the site points to the download page of HijackThis. We find no cause to take action.

fcukdat, I have seen other posts from you in this forum heckling legitimate enterprise spyware companies. We have no desire to use this forum for pointless debating, so you will understand if we do not reply to posts made specifically to harass or provoke. Thank you for your interest.
Back to top
View user's profile Send private message
fcukdat
Warrior Addict


Joined: 01 Jan 2005
Last Visit: 08 Apr 2009
Posts: 757
Location: Yeovil,England.

PostPosted: Sat Apr 29, 2006 4:14 am    Post subject: Reply with quote

SpyOnThis wrote:
1)Why do you charge for a substandard programme ?

"Substandard" is a subjective term, we would obviously beg to differ. If you are labeling it substandard due to false positives - All anti-spyware/virus software are prone to false positives, as other posters illustrated above. We feel it's simply a matter of correcting false positives asap as they are discovered.


2)Why do you not label it beta and offer it for free until it is dev'ed into a working software ?

Our software works fine. Smile


3)What are you going to do with reguards to your affiliate that is domain squatiing on HJThis name and the reason why thgis topic was raised in the first place ?

We have examined the domain in question. It appears there are no deceptive or untrue statements made, and in fact the first link on the site points to the download page of HijackThis. We find no cause to take action.

fcukdat, I have seen other posts from you in this forum heckling legitimate enterprise spyware companies. We have no desire to use this forum for pointless debating, so you will understand if we do not reply to posts made specifically to harass or provoke. Thank you for your interest.


If i've heckled software it is because it is a rip off but hey thats JMHO.Good luck on the devs but as said why would anyone want to pay for a mediocre software if there is superior performing freeware available !

Have a nice day Smile

Ps i'll run one more scan with your appointment in 1 week time and if these f/p'sare still there than i don't believe your holding true to the rhetoric spilled above :wink
_________________
Malware hunter....Got Bot ?

MIRT Handler >>>
http://www.castlecops.com/c55-MIRT.html
Back to top
View user's profile Send private message Visit poster's website
EASTER
Warrior


Joined: 08 Mar 2005
Last Visit: 01 Feb 2007
Posts: 220
Location: Far Moon Of Endor

PostPosted: Sat Apr 29, 2006 5:52 am    Post subject: Reply with quote

Quote:
fcukdat, I have seen other posts from you in this forum heckling legitimate enterprise spyware companies. We have no desire to use this forum for pointless debating, so you will understand if we do not reply to posts made specifically to harass or provoke. Thank you for your interest.


Heckling is an unfair term IMO directed at a quality member who is gone out of his way plenty of times over to offer & provide results in findings similar to where a vendor toots his own horn while some issues are found to be subject for suspicion at best, whether FP or otherwise possibly less than efficient for users to take confidence in. I would not be so quick to dismiss when a renowned member is only looking out for the interest of both end user and if deserved the product vendor also, i'm confident the rest of this community doesn't exactly share your sentiment in your defensive stand.

You will find many more and even more severe scrutiny when a product vendor enters posts with popularity only statements originating from the vendor supplier itself and especially early on as this.

In case you don't know SpyOnThis, the FORCE is very strong in here and balanced opinions are conscientiously formed then followed up after comparisons are made to what is being suggested directly from the vendors. Others will ring in on their findings also, why not review the rest of them instead of taking unfair offense of what is being found so far.

Stick around and engage equal exchanges of interest of the findings that are originating from your product introduction and you might learn why some statements are fashioned in response the way they appear to you.

You support with your own admittance that the soft is not to task at it's current stage, let's see how matters progress with it for some improvement but keep in mind, the market is already way OVERKILL on malware detectors enough already so you'll do well to accept with an open mind the toughest of scrutiny that comes from some of these findings.
_________________
*******************


THE FORCE IS VERY STRONG IN THIS FAMILY!

Back to top
View user's profile Send private message Send e-mail Visit poster's website
bigos
Warrior Guru


Joined: 04 Apr 2005
Last Visit: 02 Nov 2009
Posts: 365
Location: Upstairs, be afraid, be very afraid

PostPosted: Sat Apr 29, 2006 7:05 am    Post subject: Reply with quote

SpyOnThis wrote:

fcukdat, I have seen other posts from you in this forum heckling legitimate enterprise spyware companies.

It`s not heckling it`s scepticism and you become a sceptic after you finish being a newbie! Sad This situation is sad but it`s the way things are if you serf the web, gulliblity is replaced by scepticism.
_________________


Life is for living not just for prolonging!
B uzzz
Back to top
View user's profile Send private message
SUPERAntiSpy
Warrior


Joined: 05 Apr 2006
Last Visit: 04 Mar 2008
Posts: 119

PostPosted: Sat Apr 29, 2006 9:42 am    Post subject: Reply with quote

SpyOnThis Support - I think the reason for the concern is some of the "facts" that a visible from your site. I am stating these objectively as a person who has been involved in software development for over 24 years. I am not "trashing" your software - as you will find in my posts I don't trash or putdown, I try and always remain professional.

1. Do you own the hijack-this.net domain? It looks bad to have your product be the only one directed to from that domain. That is the classic domain squatting / affiliate marketing approach.

2. If this is a new release, which it appears to be since most search engine queries for "spyonthis" show up as a keylogger/monitoring software package - are you affiliated with the spyonthis monitoring package? Since yours is a new release, how could you have so many testimonials - that appears odd. I could not find spyonthis on any of the download sites either - you should post on those so users can independently review your software.

3. Nowhere on your site does it say if this is software you have to purhcase, if it is a trial, or free product. If this is legit, you should state up front if it is a free trial, the number of trial days and have a purchase link so people know they have to pay.

4. The "NEWS" section on the side makes it appear that those are quotes regarding your product from the various sources - if you display news or quotes from another source, typically you link to the articles so people can see the whole story.

5. You have the click bank affiliate page and you state Want To Earn 70% Of Every Sale With The Highest Converting Anti-Spyware Site On The Web and "Many of our top affiliates are earning thousands of dollars a day!" How could this be true with a brand new release that does not show up anywhere on the search engines?

As I stated, this is all my own personal opinion, I am not putting down your software, but if you want to be viewed as legit, you should to state EVERYTHING upfront. Did you develop the software in-house? Where did your detection database come from? The more information you provide potential users, the better chance you have of being accepted.

Good luck with your product!

Nick Skrepetos
SUPERAntiSpyware.com
http://www.superantispyware.com
Back to top
View user's profile Send private message
bigos
Warrior Guru


Joined: 04 Apr 2005
Last Visit: 02 Nov 2009
Posts: 365
Location: Upstairs, be afraid, be very afraid

PostPosted: Sat Apr 29, 2006 12:06 pm    Post subject: Reply with quote

SUPERAntispy, after reading your last post I hope that you become a regular poster here because you obviously have a very keen eye for detail which is also combined with recent software marketing experience. I think a lot of people that read that post will learn something, like what to look for on a new applications website, I know that I certainly have. Smile Nice work!
_________________


Life is for living not just for prolonging!
B uzzz
Back to top
View user's profile Send private message
SpyOnThis
Newbie


Joined: 28 Apr 2006
Last Visit: 03 May 2006
Posts: 7

PostPosted: Sat Apr 29, 2006 12:51 pm    Post subject: Reply with quote

In response to SUPERAntiSpy:

1. No, we do not own the domain. I think you will find that most affiliate "landing pages" point to only one product.

2. We are not affiliated with any other software. As for as our testimonials, the majority are from a small group of beta-testers we initially released the software to.

3, 4, 5. Thanks for your input.

Melissa
SpyOnThis Support
www.spyonthis.net
Back to top
View user's profile Send private message
SUPERAntiSpy
Warrior


Joined: 05 Apr 2006
Last Visit: 04 Mar 2008
Posts: 119

PostPosted: Sat Apr 29, 2006 1:31 pm    Post subject: Reply with quote

bigos wrote:
SUPERAntispy, after reading your last post I hope that you become a regular poster here because you obviously have a very keen eye for detail which is also combined with recent software marketing experience. I think a lot of people that read that post will learn something, like what to look for on a new applications website, I know that I certainly have. Smile Nice work!

Thank you for the nice comments. I think we all learn something from everyone - I know I have learned something from just about everyone I have "met" online and offline.

Nick Skrepetos
SUPERAntiSpyware.com
http://www.superantispyware.com
Back to top
View user's profile Send private message
SUPERAntiSpy
Warrior


Joined: 05 Apr 2006
Last Visit: 04 Mar 2008
Posts: 119

PostPosted: Sat Apr 29, 2006 2:36 pm    Post subject: Reply with quote

SpyOnThis wrote:
In response to SUPERAntiSpy:

1. No, we do not own the domain. I think you will find that most affiliate "landing pages" point to only one product.

2. We are not affiliated with any other software. As for as our testimonials, the majority are from a small group of beta-testers we initially released the software to.

3, 4, 5. Thanks for your input.

Melissa
SpyOnThis Support
www.spyonthis.net


Melissa,

I am sure the members of the group are curious about these items:

1. When was the software officially released? How long was it in beta? How large was the beta group? This is important to determine the "maturity" of the engine and software.

2. Was the software developed in house, or was it licensed from another party?

3. Where did your detection database come from? Was it developed in-house or licensed? If developed in-house, how long has the database been in existence?

4. How many detection signatures, rules, etc. are there?

5. How often are new detection signatures released? Do you have a log of those? Here is our signature release history, for an example of what I am asking:
http://www.superantispyware.com/definitionupdatehistory.html


Nick Skrepetos
SUPERAntiSpyware.com
http://www.superantispyware.com
Back to top
View user's profile Send private message
eburger68
SWW Distinguished Expert


Joined: 23 Jun 2004
Last Visit: 18 Nov 2008
Posts: 575
Location: Clearwater, FL

PostPosted: Sat Apr 29, 2006 6:41 pm    Post subject: Reply with quote

Melissa:

I am still planning to test your software product, but I did want to weigh in on a few issues:

1) Lose the affiliate who's using the hijack-this.net domain. Affiliates using domains with names that are deliberately designed to confuse users are a big no-no in our book, and we have very little tolerance for it. And we don't much care if it's the company that directly exploits such a domain or one of the company's affiliates. The company is ultimately responsible for its affiliates' behavior.

2) In looking at your page for Affiliates & Webmasters, I fail to find any set of policies from your company that govern affiliate behavior. In particular, such an affiliate contract and or policy statement would prohibit all manner of unfair, deceptive, or misleading advertising to promote the product as well as the use of or bundling with spyware, adware, or any other form of unwanted-ware to promote the product. Without an explicit statement of what constitutes prohibited affiliate conduct and a vigrous program of enforcement, you're asking for trouble.

3) I also notice that you're promising 70 percent commissions on affiliate sales. Suzi and I have been observing and tracking affiliate programs for anti-spyware products for almost two years now, and in our experience, any commission much over 50 percent tends to attract the wrong element -- get-rich-quick scam artists as well as out and out crooks who will stop at nothing in order to collect that kind of commission.

In short: there is the making for potential trouble here. No affiliate contract w/ prohibited conduct + 70 percent commission + Clickbank = trouble ahead.

With this kind of arrangement, you're going to need at least one employee working full time just to monitor your affiliates' behavior. I really can't put it any more politely than that.

Regards,

Eric L. Howes
Back to top
View user's profile Send private message Send e-mail Visit poster's website
suzi
Site Admin


Joined: 27 Jul 2003
Last Visit: 22 Aug 2014
Posts: 10323
Location: sunny California

PostPosted: Sat Apr 29, 2006 7:40 pm    Post subject: Reply with quote

Melissa,

Just to add a bit to Eric's comments -- I've been following the domain hijack-this.net for a year and a half now, since it was first brought to my attention in a comment on my blog.

http://netrn.net/spywareblog/archives/2004/11/09/is-your-computer-plugged-up-with-spyware/

Not only does the domain name exploit the name of a free program that's widely-used to diagnose spyware/malware infections, but it has been used to promote any number of applications that are on the rogue list or were at one time on the list.

I know at least one vendor who severed their relationship with the affiliate who owns the domain due to the abuse of the name HijackThis & because they did not want their reputation to be tarnished by the association. I think the intent behind using a domain name that's so similar to a popular app is very obvious to the anti-spyware community, which is why we are extremely skeptical of any vendor whose product is being promoted there.

The current domain registration info does not show who the owner is.

http://whois.domaintools.com/hijack-this.net

It was originally registered to Mr. Engh, who posted in my blog comments in the link above.
_________________
Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn. Smile
Back to top
View user's profile Send private message Visit poster's website
Nemesis6
Warrior


Joined: 03 Oct 2004
Last Visit: 30 Apr 2008
Posts: 235
Location: Copenhagen, Denmark.

PostPosted: Mon May 01, 2006 12:28 pm    Post subject: Reply with quote

eburger68 wrote:

In short: there is the making for potential trouble here. No affiliate contract w/ prohibited conduct + 70 percent commission + Clickbank = trouble ahead.


I'll bet that NoAdware's affiliate policies inspired you to write the above, Eric! Very Happy

What am I talking about?

A part of NoAdware's affiliate page wrote:

* Earn 70% of each sale!
* Get paid twice per month!
* Real time stats
* Excellent, EASY product for all audiences!

All affiliates are paid through ClickBank...

_________________
Back to top
View user's profile Send private message AIM Address Yahoo Messenger MSN Messenger
DamnSpyware34
Warrior


Joined: 28 Sep 2005
Last Visit: 15 Mar 2009
Posts: 140
Location: The planet where no Ad/Spyware exists

PostPosted: Mon May 01, 2006 10:19 pm    Post subject: Reply with quote

SpyOnThis wrote:
We have examined the domain in question. It appears there are no deceptive or untrue statements made, and in fact the first link on the site points to the download page of HijackThis. We find no cause to take action.


Again my first post wasn't read properly.

DamnSpyware34 wrote:
To be fair, hijack-this.net also publishes a link to merijn's download page.


A lesson in using forums. Read before you post. I've learned that the hard way.

Also Suzi made a very good point. This domain has a long history of promoting rogue apps. Here are a few I can think of:
    Spyware Cleaner
    AdwareAlert
    XoftSpy (I think. Don't quote me on that one.)
    NoAdware (The original owner I think)


So SpyOnThis is the latest app to be added to this hall of shame (The apps being advertised on hijack-this.net).
_________________
Spyware is so uncool.
Back to top
View user's profile Send private message
noadware.net
Junior Member


Joined: 04 Dec 2004
Last Visit: 12 Oct 2006
Posts: 33

PostPosted: Mon May 01, 2006 10:47 pm    Post subject: Reply with quote

DamnSpyware,

At no time since our inception as a company have we ever registered a domain that is even remotely close to a competitor's product name or company name.

No, we never owned hijack-this.net, and were the first ones to sever our relationship completely with the owner of this site.

With no hostile intent directed toward you at all, you should be careful with accusations you throw around without proper research. They do a discredit to the public you claim to be working to inform, as well as the companies and the employees of the companies that you are writing about.

Kind Regards,

-Michael
Back to top
View user's profile Send private message Visit poster's website
xblocksys
Malware Expert


Joined: 14 Dec 2004
Last Visit: 22 Aug 2006
Posts: 56

PostPosted: Tue May 02, 2006 11:37 am    Post subject: SpyonThis- Accept no substitutes? Reply with quote

We did a break down of this application from point of add to install- looking at the whole chain.

Complete breakdown here:

http://blog.spywareguide.com/2006/04/deception_dollars_false_positives_antispyware.html

(apologize for some of the funny characters- working on a MT plugin to get rid of those)

Note the ad says "accept no substitute" but that is actually what the ad (ran by an affiliate?- who knows) does. I have to analyze the Clickbank hop code to see if it is actually an affiliate or a "mule"

The site offers up HijackThis, then if your not "an expert" (fear mongering?) a substitute is offered.


Explain this...then we can get into the false positives- many of which seem to be valid registy keys. I will have our team dig deeper into each key and just what they are- time permitting.

And I agree on the Hijack-This- this is overt "hijacking" of a well known, and useful utilitity's goodwill.

I don't know if this is SpyonThis or an affiliate. Either way reign in your affiliates or wind up looking down the FTC's gun barrell. Matter of fact I'll give them a call now.

Not only are affiliates getting sued but the merchant as well. About time.

Wayne Porter
Sr. Dr. Greynets Research
Microsoft Security MVP
http://www.spywareguide.com
http://www.facetime.com
Back to top
View user's profile Send private message Visit poster's website
xblocksys
Malware Expert


Joined: 14 Dec 2004
Last Visit: 22 Aug 2006
Posts: 56

PostPosted: Tue May 02, 2006 12:01 pm    Post subject: Reply with quote

I'll add to spyonthis. Why the domains by proxy?

Registrant:
Domains by Proxy, Inc.
DomainsByProxy.com
15111 N. Hayden Rd., Ste 160, PMB 353
Scottsdale, Arizona 85260
United States

Registered through: GoDaddy.com
Domain Name: SPYONTHIS.NET
Created on: 25-Apr-05
Expires on: 25-Apr-07
Last Updated on: 29-Mar-06

Administrative Contact:
Private, Registration
Domains by Proxy, Inc.
DomainsByProxy.com
15111 N. Hayden Rd., Ste 160, PMB 353
Scottsdale, Arizona 85260
United States
(480) 624-2599

Technical Contact:
Private, Registration
Domains by Proxy, Inc.
DomainsByProxy.com
15111 N. Hayden Rd., Ste 160, PMB 353
Scottsdale, Arizona 85260
United States
(480) 624-2599

Domain servers in listed order:
NS1.OLNEVHOST.COM
NS2.OLNEVHOST.COM
Back to top
View user's profile Send private message Visit poster's website
Oldfrog
Site Admin


Joined: 08 Aug 2004
Last Visit: 09 Feb 2013
Posts: 1161
Location: Hewitt, TX

PostPosted: Tue May 02, 2006 12:17 pm    Post subject: Reply with quote

Thanks for stopping by and weighing in, Wayne.

For those not familiar with Wayne, he is a cofounder of Revenews, a former CEO, and an esteemed malware fighter in his own right. I consider his stuff essential reading as he helps tie the slime to the money trail. (the only way to make sense of this stuff)
Back to top
View user's profile Send private message Visit poster's website
xblocksys
Malware Expert


Joined: 14 Dec 2004
Last Visit: 22 Aug 2006
Posts: 56

PostPosted: Tue May 02, 2006 12:22 pm    Post subject: Reply with quote

To NoAdware.net

You said:

"At no time since our inception as a company have we ever registered a domain that is even remotely close to a competitor's product name or company name.

No, we never owned hijack-this.net, and were the first ones to sever our relationship completely with the owner of this site.

With no hostile intent directed toward you at all, you should be careful with accusations you throw around without proper research. They do a discredit to the public you claim to be working to inform, as well as the companies and the employees of the companies that you are writing about.

Kind Regards,

-Michael"

As for hijack-this.net your statement is true, however how long did you do business with them? Because you did- for several weeks.

http://web.archive.org/web/20040924150125/http://www.hijack-this.net/

From my tally at least from Sept 24 until November 28. Several weeks your profited from this deception. Now I know it's hard to control rogue affiliates but what steps did you take, and what steps have you taken to ensure it doesn't happen in the future?

Do you monitor your affiliates? Surely you checked out where the sales were originating from and you never noticed this after several weeks and perhaps longer?

I do see you have an agreement in place, and that is a good start.
http://www.noadware.net/affiliate/agreement.htm

Might suggest adding an I accept type button, etc something we are going to implement.


Anyway let's see if who gets involved. It always leads to a nice stream of e-mail correspondance. Just ask Direct Revenue.

Wayne Porter
Sr. Dr. Greynets Research
Microsoft Security MVP
http://www.spywareguide.com
http://www.facetime.com
Back to top
View user's profile Send private message Visit poster's website
xblocksys
Malware Expert


Joined: 14 Dec 2004
Last Visit: 22 Aug 2006
Posts: 56

PostPosted: Tue May 02, 2006 12:27 pm    Post subject: Reply with quote

Thanks OldFrog, I'm also co-founder of Spywareguide and Xblock now bought out by Facetime where I currently work. Although most of work is in the IM sector and for large Enterprises. What a shift.

and if that isn't enough to do...well...

http://www.imdb.com/name/nm2209155/

LOL. Don't tell Bill...oh well he already knows.

Wayne Porter
Sr. Dr. Greynets Research
Microsoft Security MVP
http://www.spywareguide.com
http://www.facetime.com
Back to top
View user's profile Send private message Visit poster's website
Oldfrog
Site Admin


Joined: 08 Aug 2004
Last Visit: 09 Feb 2013
Posts: 1161
Location: Hewitt, TX

PostPosted: Tue May 02, 2006 12:47 pm    Post subject: Reply with quote

LOL! The point I really wanted to make above is that it is not enough to learn the technical details of the malware and the rogue antimalware. Unless we also understand the revenue streams we are taking a whiz in the wind.

Thanks for all you (and others) have done to bring that into the light of day.
Back to top
View user's profile Send private message Visit poster's website
xblocksys
Malware Expert


Joined: 14 Dec 2004
Last Visit: 22 Aug 2006
Posts: 56

PostPosted: Tue May 02, 2006 1:23 pm    Post subject: Reply with quote

OldFrog,

Thanks! Got it.

Most definitely and point taken. Revenue, BIG revenue drives all of this and you need to follow the rather convulted money trail and amazing insights can be found Wink The relationships are sprawling with brokers and sub-brokers and then the deals are spun off to CPA networks and re-brokered into sub-affiliate networks....it's unreal.

But I blame the merchants too! They, and rogue affiliates fund this crap by buying the ads. I have set in many meetings and in the past managed programs where I told merchants NO you dont want to do this. This is why I blog at Revenews. You see e-commerce managers don't read security forums- so I bring it to them even though they don't like to hear it. Every advertising account I can take away is one less revenue stream for the scumbags who foist this off pollute the Internet. I am not against advertising, fine with it, I am again irresponsible advertising.

Chris Boyd (AKA PaperGhost) and I did a recent podcast with Jeff Molander (also an industy expert and ex-co-founder of Performics) on a botnet bust we did (more on that later- all I can say for now is some people are spending some time with the Feds- three cheers! )

http://blog.spywareguide.com/2006/04/spyware_warriors_and_the_digit.html

if your familiar with the bust just skip podcast 1, but in the second segment we start to drill deep into PPCSE fraud and WHY merchants are funding it and the backlash they are going to face.

I think it is important for security researchers and the security community to get this intel into the hands of merchants because until they are educated they will keep spending dollars there, often complaining it is the "prisoner's dilemma" e.g. my competitors do it.

Fighting this technologically has been an uphill battle- they key is to take out their support strut- the revenue that fuels the engine. Get rid of that and it evaporates. That is my goal and hopefully one the security community can embrace. We need to get into board rooms and interface with money decision makers and agencies.

It takes some time but I have found it to be an effective strategy.

kind regards,
Wayne

Wayne Porter
Sr. Dr. Greynets Research
Microsoft Security MVP
http://www.spywareguide.com
http://www.facetime.com
Back to top
View user's profile Send private message Visit poster's website
SUPERAntiSpy
Warrior


Joined: 05 Apr 2006
Last Visit: 04 Mar 2008
Posts: 119

PostPosted: Tue May 02, 2006 1:30 pm    Post subject: Reply with quote

It's interesting that since SpyOnThis.net was "called out" to some of their specific actions in this thread they have suddenly stopped responding/posting.

One would hope that if they are legit as they claimed, they would respond to the questions and concerns raised by the members of the forum and posters in this thread.

Nick Skrepetos
SUPERAntiSpyware.com
http://www.superantispyware.com
http://www.superadblocker.com
Back to top
View user's profile Send private message
xblocksys
Malware Expert


Joined: 14 Dec 2004
Last Visit: 22 Aug 2006
Posts: 56

PostPosted: Tue May 02, 2006 1:41 pm    Post subject: Reply with quote

So far the Yap Browser people have been more responsive...although I am awaiting their response in Russian.

http://www.revenews.com/wayneporter/archives/001767.html

Can't wait to hear this if they didn't get faint of heart. Smile
_________________
Wayne Porter
Sr. Dr. Greynets Research
Microsoft Security MVP
http://www.spywareguide.com
http://www.facetime.com
Back to top
View user's profile Send private message Visit poster's website
noadware.net
Junior Member


Joined: 04 Dec 2004
Last Visit: 12 Oct 2006
Posts: 33

PostPosted: Tue May 02, 2006 2:26 pm    Post subject: Reply with quote

Wayne,

Quote:
From my tally at least from Sept 24 until November 28. Several weeks your profited from this deception. Do you monitor your affiliates? Surely you checked out where the sales were originating from and you never noticed this after several weeks and perhaps longer?


Wayne, this is now dating back to 2004, so although your point is well taken, I think Noadware has done much in the way of improvement since then. I should also note that after we severed ties with this site altogether, and got removed from the Rogue Anti-spyware list, Xoftspy began being promoted by this site for several months (check feb19th forward), not weeks, and this was after they were removed from the Rogue list. I in no way bring this up in an attempt to discredit a competitor, or take blame away from ourselves, I merely bring this up as I'm still the only person that continues to post on Spywarewarrior, despite sometimes harsh criticisms, and sincerely do my best to address any and all posts when appropriate.

Quote:
Do you monitor your affiliates? Surely you checked out where the sales were originating from and you never noticed this after several weeks and perhaps longer?


You might remember a conversation we had dating back now about a year (maybe a year and a half?) where you brought to our attention certain affiliates utilizing X-block and related keywords on the Google search engine. After you brought these to our attention, I assured you the issue would be fixed and would not happen again. Till this day, we have yet to see another ad suffering from those same issues.

Besides the affiliate agreement you noted (thanks to Eric/Suzi for their assistance with this document), we now have a staff that monitors all search engines several times a day for any violations of our affiliate agreement. If and when they appear, we promptly contact them and have any offending ads removed. All of this research is written and documented daily, and our responses and followups are also documented.

Quote:
I do see you have an agreement in place, and that is a good start.
http://www.noadware.net/affiliate/agreement.htm

Might suggest adding an I accept type button, etc something we are going to implement.


I appreciate the suggestion, as we're actually also in the process of setting up something along those lines. I will say that since we came out with the affiliate agreement and placed it prominently on our affiliate page (Nemesis6's post did not contain mention of the agreement, but it's directly below what he posted), we've managed to basically eliminate the seedy affiliate element from even attempting to promote us, which has been a huge benefit to us and allowed us to concentrate squarely on making our product more efficient.

Regards,

-Michael
Back to top
View user's profile Send private message Visit poster's website
fcukdat
Warrior Addict


Joined: 01 Jan 2005
Last Visit: 08 Apr 2009
Posts: 757
Location: Yeovil,England.

PostPosted: Tue May 02, 2006 2:57 pm    Post subject: Reply with quote

Hi Michael Smile

Rather than start a fresh topic since this thread has split twoways but could you just clarify whether this is acceptable practice or not Confused

I found this the other day when googling "ProcessGuard" to get the URL for their homepage.


URL captured on cliicking the sponsored link.
http://www.noadware.net/?hop=teksol3
_________________
Malware hunter....Got Bot ?

MIRT Handler >>>
http://www.castlecops.com/c55-MIRT.html
Back to top
View user's profile Send private message Visit poster's website
noadware.net
Junior Member


Joined: 04 Dec 2004
Last Visit: 12 Oct 2006
Posts: 33

PostPosted: Tue May 02, 2006 3:26 pm    Post subject: Reply with quote

fcukdat,

It obviously is not in line with what we are trying to do.

I'll notify the party responsible, and add Processguard to our watchlist (as mentioned in my previous thread) to be monitored daily.

Thanks for bringing it to my attention,

Regards,

-Michael
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    Spyware Warrior Forum Index -> Anti-Spyware and Security Software Discussion All times are GMT - 8 Hours
Goto page 1, 2, 3, 4  Next
Page 1 of 4

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group