StopZilla is considered by many, myself included, to be a Rogue Antispyware
application. While this position may be debatable, I would advise against believing anything it tells you and to immediately uninstall it. Under no circumstances should you pay for it; it's not worth it.
(Disclaimer: These are my personal opinions based on my own research and observations. So if you're going to sue someone, IS3 Inc., sue me not Bleeping Computer
My thoughts on StopZilla:Reviews of the download at CNET
give it only two stars (based on 201 votes). Comments there include accusations af being adware, finding "malware" on freshly installed systems and requiring users to buy a license to remove these "threats", being extremely difficult to uninstall, requiring the removal or disabling of other programs (ZoneAlarm Firewall, NOD32) to install, etc.Malwarebytes.org
had a discussion where Stopzilla is "...classified as scraping the edge of rogue for a while but not quite crossing it . Certainly it is not a recommended antimalware application."
Discussions at Betanews' Fileforum
echo the above sentiments.
IS3, the maker of Stopzilla, mentions that it is "Award winning" every chance they can. But looking into the details is revealing. For example, their oft-touted Westcoast Labs Checkmark certification, while valid, only states that the program installed correctly
not that it did anything useful afterwards. This is unlike other anti-spyware applications that have received the Checkmark certification like NO32
, BitDefender Total Security
, or Webroot's Spysweeper
. Their CNET Editors' Choice "award" is six years old and still posted on their front page.
Of their other "awards
" most came from sites I'd never even heard of, indeed McAfee Site Advisor warned against even visiting some of them (5starfiles
[also out of business now]).
Additionally, the Stopzilla changes the user's default search provider and installs a toolbar
The actual installation process is somewhat perplexing. First, you download the file they give you, a small executable (only 68KB). This then connects to download.stopzilla.com and downloads ANOTHER small binary (381KB). This binary then connects to mdjknfjjng.stopzilla.com and downloads the main MSI installer package (13MB). The only reason I can see to do it this way is to obfuscate (poorly, obviously
) the actual file being downloaded; the subdomain "mdjknfjjng" is likely randomly generated (either that or someone just hit random keys when creating it.)
Granted, none of the above proves conclusively or concretely that StopZilla is malicious or rogue. But it does make a pretty good circumstantial case that it is shady, ineffective, and best avoided.
It is advised that you obtain and use one of the many free and reputable anti-malware applications listed in Bleeping Computer's own List of Freeware Replacements for Common Commercial Apps
(they're at the top of the list.) These apps have been vetted for malicious or undisclosed behavior and are in use by many professional anti-malware researchers.