Security -> AntiVirus, Firewall and Privacy Products and Protection Methods -> PestPatrol
PestPatrol, Does this online scan put in bogus stuff
Are these real? Do I need to worry about any of these?
IMO, these are darn good questions, kpalys
and very appropriate ones to consider when dealing with what we do predominately here.
It just so happens that I am studying the winXPpro registry. A thread
I'm working on regarding the SP2 installation factors has led to the end to do do. As often is the case, one question leads to another. Due to the focus of my training in HJT log analysis & the need for understanding of windows in general, I have also side-tracked other things I usually use my computer to help me in doing. Because of this, several dozen applications remain presently in a download folder or on CDs off to the side of my PC. One of them is PestPatrol, which I won in a drawing here at bleepingcomputer.com. BTW, you have a chance at the next one, so I encourage you to sign-up. When I had PestPatrol up & running, I found it to be effective. I like the eTrust database access. I do have other programs in place that I recommend, and they are free. Combining them on any PC will provide excellent coverage against problems encountered online. I did experience some unusual difficulties installing it the first time, which email response from PestPatrol confirmed I had a typical misunderstanding about how the information given on the install disk might be interpreted. OK. Then I founf at about the second week of operation a CWS MS Google infection had been found. As I study these matters, and that particular CWS infection was not one identified by the creator of CWS Shredder, I wondered and sure enough, a day and a lotta searchin' later I found that it most likely was a false positive. PestPatrol was just recently bought-out by another company, CA
so I figured some changes might be temporarily effecting things as they can at times like this. PestPatrol is one of very few rated highly at a trusted site dealing with this issue of rogue anti-spyware software programs
I do like recommending online sites in general due to a few reasons. They tend to update the definitions faster than anyone else. Many people are unaware of these services and should know of them. PestPatrol
does not cleanup, it recommends. That is all. Trendmicro
are a couple others, and my favorite is BitDefender
as it states the following: BitDefender Scan Online is a fully functional antivirus product, with a web-based interface and featuring all required elements for remotely antivirus scanning and cleaning: it scans system's memory, all files, folders and drives' boot sector, providing the user with the option to automatically clean the infected files
. It is nice enough to include this simple statement: The BitDefender ScanOnLine Service currently supports only the ActiveX enabled browsers. This makes it unavailable for the Netscape family browsers.
I do not like to recommend online sites in general due to a few reasons. Curiously enough, none of then work in browsers that are not Internet Explorer. IE has several known vulnerabilities that have prompted me to discontinue using it on a daily basis, partly because of this, partly because I don't prefer to have a whole bunch of activeX downloads that IE enables, and partly because it's a slow, pondersome thing that wastes my time waiting for it to tell me about the progress it's making towards resolving websites when Firefox would already have been finished long before I get the "done" from it. I do not like to recommend that a user who is having difficulties online or with malware go wade through the steps & time they require to be able to have a company tell them what might be wrong. It takes patience and time to do them the first time. I do not like having to deal with the "encouragement" to buy the products these companies want to sell me, either, and ya get that being at their sites. I don't like the links to gawd-only-knows how many previous manifestations of crapware there have been incidences of, nor do I like being made afraid of the internet because of those jerks. I do not feel i should be expected to pay
for their mistakes, even though I do in the time it takes to understand what it is they do. To pay
even more for products designed to save me the time of fully understanding the problem makes me even madder.
Well, with that in mind, I felt compelled to do some more research into the question
First, I made the mistake of going to the site in Firefox
. Whoops, I forgot. Some of the sites wil
allow a download of a Java Runtime Environment-compatible applet so the scans will work, but it's easier (faster) to just close the browser & somewhat reluctantly open the "other" browser.
The process began at 5:11pm P.S.T. November 20th, 2004. It is now 7:30pm. Don't panic, I type slow and I made some screenshots along the way. Had to upload them to the web photo-host, Photobucket
so we could see just what this online scan is all about.1. Gotta get past some roadblocks, temporary I hope2. I clicked the auto-popup block bar to read: needs active X3. I guess my default internet settings for IE require this, also4. I get it again, when going to the next page. hmmm5. Resident protection alerts me to a system change. I like that6. and another one
Looks like the activeX involves several registry changes. Who knows how many .exe files. Other files. Location unknown, and without filenames, search impossible. Beginning yet another topic for discussion about online scans. We see them in evidence in areas known for scandalous behavior as identified by HJT, so it's a reminder to research your downloads b4 ya' do 'em. In this case spywareBlaster identifies them as OK, for the time being at least. New updated definitions have been known to change the status of any particular registry entries, however. Another topic... some companies change sides, according to some experts. 7. OK, having allowed the changes, Here is the main screen
It has changed since I last visited it a month ago. I didn't much like the former one, so I recall somewhat how it was. This is different. It's been 20 minutes getting here.8. Scan begins with immediate results.
Not as many as your's, kpalys
, but I too have a "clean machine". The scan continues for five minutes.9. done
I have a key logger & a cracking tool. Well, I guess. I click the files, to see as you stated the location of these damned items. Odd. I can't see the entire location. That's by design.10. What Now? Learn More. Buy Now.
these are my options. Click these buttons or two other links to find out the valuable services offered. This is known in marketing as subtle persuasion, and it is a few notches down the rating charts from "goads" or "blatent disinformation" it should be duly noted. It also has another effect, that being one I briefly mentioned regarding the location of the (?) files now part of my system. The search, or more precisely, the "RUN" regedit. Then search, manually for another thing that caught my eye. Those "partially revealed" locations. The ones where the BAdGUys at at, according to this. It's a start.11. where does all the time go?12. Here lies a couple hundred thousand entries.
Now, what was the beginning of those bad
reg key entryypaths
HKEY_LOCAL MACHINE\Software\Microsoft\Internet Explorer\Main (I could see) and it has to be in one of three folders:
- URL Template
Looks normal to me. But, what do I know?14. FeatureControl15161718192021222324252627282930313233. URL Template
The last possible location.Summary
. No conclusions for me as of yet, I'm sorry to say. I may yet come to some.
- As is the case in other software programs written for the purpose of disclosing the whereabouts of crummy files , this one may be finding things that are/are not yet crummy. SP2 changed my registry in ways I am not certain of at this time. For obvious reasons... I'm not that savvy to details of this kind, yet.
- The search for more information is a valid approach to problem-solving, and so I can't exactly fault PestPatrol in that regard.
- Microsoft itself has mysterious methods and often will add things that are to be fully implemented in future updates or in their ongoing improvements of their OS versions in general. We may be lookin' at something the Longhorn OS version will make a reality, as near as I can tell
- Nothing that says: "I'm a cracker or bad tastin' saltine" stands out to me at this hour (9:55pm)
- We pay to play.
Edited by phawgg, 21 November 2004 - 12:34 AM.