BleepingComputer.com: I Scanned An Infected Harddrive With Four Different Anti-spyware Products.

This past weekend I took a harddrive that I knew was infected with several serious pieces of spyware and scanned it with Adaware, PestPatrol, Spybot Search and Destroy, and SUPERAntiSpyware. I did not (and for that matter have not) allowed any of the scanners to clean any of their findings because I wanted to see which one was the most effected. The results were somewhat surprising.
The HDD involved has 20GBs. It had been partitioned into three FAT32 drives. On my computer, these drives were labeled F; G; and H. Where possible, I instructed the scanners to run complete scans on those three drives only. Spybot was the only that did not allow me that option.

Below is an abridged version of their logs:

Ad-Aware
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
180Solutions(TAC index:4):2 total references
BargainBuddy(TAC index:8):10 total references
Coulomb Dialer(TAC index:5):1 total references
ExactSearchBar(TAC index:5):1 total references
EzuLa(TAC index:6):1 total references
IPInsight(TAC index:7):2 total references
MRU List(TAC index:0):32 total references
NetPal(TAC index:9):1 total references
SecondThought(TAC index:4):1 total references
Tracking Cookie(TAC index:3):254 total references
VX2(TAC index:10):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file






Pest Patrol

6/23/2007-9:35:32 PM Detected BargainBuddy Adware File "F:\Program Files\Bargain Buddy\bin2\bargains.exe" 771389979
6/23/2007-9:35:32 PM Detected BargainBuddy Adware File "F:\Program Files\Bargain Buddy\bin2\apuc.dll" 1056439035
6/23/2007-9:35:32 PM Detected BargainBuddy Adware File "F:\Program Files\Bargain Buddy\bin2\cb.exe" 1769989599
6/23/2007-9:35:32 PM Detected BargainBuddy Adware File "F:\Program Files\Bargain Buddy\uninst.exe" -967435724
6/23/2007-9:28:20 PM Detected CBrowser DLL Trojan File "F:\WINDOWS\SYSTEM\Cbrowser.dll" -1333446962
6/23/2007-9:28:08 PM Detected Cydoor Adware File "F:\WINDOWS\SYSTEM\netpal.dll" -1611908437
6/23/2007-9:28:25 PM Detected Cydoor Adware File "F:\WINDOWS\SYSTEM\kernellos.dll" -433817717
6/23/2007-9:27:35 PM Detected LowerMyBills.com Tracking Cookie Cookie "owner@www.lowermybills[2].txt" File "C:\Documents and Settings\Owner\Cookies\owner@www.lowermybills[2].txt" 1437546603
6/23/2007-9:29:24 PM Detected Morpheus 2.0 P2P File "F:\WINDOWS\TEMP\Sentry.exe" 847640671
6/23/2007-9:33:44 PM Detected Morpheus 2.0 P2P File "F:\WINDOWS\SENTRY.EXE" 847640671
6/23/2007-9:35:12 PM Detected MySearch Toolbar File "F:\Program Files\MySearch\bar\1.bin\MYSEARCHPLUGINPROXY.CLASS" 628762657
6/23/2007-9:29:24 PM Detected NCase Hijacker File "F:\WINDOWS\TEMP\Del9070.TMP" 1307101416
6/23/2007-9:29:24 PM Detected PeopleOnPage.AproposMedia Hijacker File "F:\WINDOWS\TEMP\acsdir.dll" -90770945
6/23/2007-9:29:24 PM Detected PeopleOnPage.AproposMedia Hijacker File "F:\WINDOWS\TEMP\write_ph.dll" -1967467259
6/23/2007-9:33:41 PM Detected Respondmiter Adware File "F:\WINDOWS\VX2.dll" -754079132
6/23/2007-9:27:33 PM Detected Tools.Nirsoft Misc Tool Key "hkey_current_user \software\nirsoft\produkey" -1
***End Report***
eTrust PestPatrol Log Report
This report was generated on: 6/24/2007-7:20:26 PM


SUPERAntiSpyware
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/24/2007 at 06:56 PM

Application Version : 3.8.1002

Core Rules Database Version : 3260
Trace Rules Database Version: 1271

Scan type : Quick Scan
Total Scan Time : 00:18:34

Memory items scanned : 433
Memory threats detected : 0
Registry items scanned : 656
Registry threats detected : 0
File items scanned : 13208
File threats detected : 284

Adware.Tracking Cookie
[270 cookies]

Adware.Netpal
F:\WINDOWS\SYSTEM\NETPAL.DLL

Adware.MyWay
F:\WINDOWS\SYSTEM\XCITE.DLL

Adware.180solutions/Search Assistant
F:\WINDOWS\TEMP\DEL9070.TMP

Adware.BargainBuddy
F:\PROGRAM FILES\BARGAIN BUDDY\BIN\BARGAINS.EXE
F:\PROGRAM FILES\BARGAIN BUDDY\BIN2\BARGAINS.EXE

Adware.eXact Advertising
F:\PROGRAM FILES\BARGAIN BUDDY\BIN2\CB.EXE

SpyBot Search and Destroy


--- Search result list ---
Common Dialogs: History (143 files) (Registry key, nothing done)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU

Log: Activity: SchedLgU.Txt (Backup file, nothing done)
C:\WINDOWS\SchedLgU.Txt

Log: Activity: imsins.log (Backup file, nothing done)
C:\WINDOWS\imsins.log

Log: Activity: ntbtlog.txt (Backup file, nothing done)
C:\WINDOWS\ntbtlog.txt

Log: Install: comsetup.log (Backup file, nothing done)
C:\WINDOWS\comsetup.log

Log: Install: ocgen.log (Backup file, nothing done)
C:\WINDOWS\ocgen.log

Log: Install: setupact.log (Backup file, nothing done)
C:\WINDOWS\setupact.log

Log: Install: setupapi.log (Backup file, nothing done)
C:\WINDOWS\setupapi.log

Log: Shutdown: System32\wbem\logs\mofcomp.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\mofcomp.log

Log: Shutdown: System32\wbem\logs\wbemess.lo_ (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemess.lo_

Log: Shutdown: System32\wbem\logs\wbemess.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemess.log

Log: Shutdown: System32\wbem\logs\wbemprox.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemprox.log

Log: Shutdown: System32\wbem\logs\wmiadap.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wmiadap.log

Log: Shutdown: System32\wbem\logs\wmiprov.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wmiprov.log

Cookie: Cookie (249) (Cookie, nothing done)
Cache: Cache (364) (Cache, nothing done)
Cookie: Cookie (42) (Cookie, nothing done)
Congratulations!: No immediate threats were found. ()


Please note that I'm not asking for with cleaning this drive up. But I am wondering why Spybot didn't pick anything up where all the other scanners did.

PestPatrol and SuperAntiSpyware both found most if not all of your malware on drive F:
Perhaps Spybot checked only drive C: That alone would account for the different results.

Maybe Spybot isn't as good as Petrol and SuperAntispyware ...

ItWouldRuin, on Jun 25 2007, 02:36 PM, said:

That's what I figure. Thing is, Spybot is supposed to be one of the best out there. It is, afterall, one of the scans we are supposed to run before we post a log onto the HJT forum.

pip22, on Jun 25 2007, 11:13 AM, said:

Pest Patrol missed most of the cookies and a lot of the pests. Where Adaware found 10 instances of Bargain Buddy, Pest Patrol only found four. Pest Patrol also missed the dialer and VX10.

All of the scanners missed Bonzi Buddy.

Quote

True enough, but I'm surprised that Spybot would do that.

I thought a lot more highly of Spybot before this.

This reinforces the need for more than one antispyware program.
Each will pick up things another one did not.

I think that Spybot is a weak program against spyware, not that good but pretty good ...

Queen Evie, I'm pretty sure it exist malware that may hide from all Antimalware tools.
I mean, look at Blue Pill ...

Even Paid for AntiSpyware Programs that are really good can't catch everything.

SpySentinel, on Jun 26 2007, 09:52 PM, said:

Yeah, but Spyware Doctor does come pretty close!
I guess it's better to have three free antispyware tools than one antispyware tool you've got to pay for?