Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SpyHunter owes me $2316.87


  • Please log in to reply
3 replies to this topic

#1 LH47

LH47

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:09:26 AM

Posted 09 February 2016 - 04:30 PM

I was infuriated when I read about the SpyHunter slapp, so I mistakenly made a post about the fact that Spyhunter was now offering a free trial. But I got my apps mixed up, so to find out the truth, I foolishly DL'd Spyhunter to try it again. My own AV protested vehemently when I installed SpyHunter, but I blew through the warnings and let her go.

 

At the end of the scan it found one PUP and one Trojan --something about Tracur. Now, I'm very careful with this computer (XPS 8300 W7 Pro 8GB, clean installed Sept 23, 2015 ) so I was shocked to find the virus. (Though not shocked enough to pay $ to Spyhunter :tophat: !)

 

So I Googled around for info about the Trojan. But 90% of my hits were from sites that were also pushing Spyhunter.

 

M.S. (no posts about it after 2014) did claim that any one of their apps would remove it, but none could even find it.  Some sites had instructions for registry edit fixes, but ONLY the sites that were pushing Spyhunter. (Yeah, right... :bunny2: )

 

So. So far I have run every malware app and virus scan in my arsenal.  (maybe 14-16 apps) None can find this Trojan. My own AV (Panda Pro) which screamed bloody murder when I installed SpyHunter, still found no Trojan on my system.

 

This is day 2. I just finished a 4 hour Kasperksy boot time scan. It found an old “trojan” in a Dell folder from 9/23/2016. When I clicked on it, Panda deleted it. But no “Tracur” trojan, and no entries in the registry indicating that it was ever installed:

 

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{989A5447-1A50-4D02-BA55-724A516C1370}

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{989A5447-1A50-4D02-BA55-724A516C1370}

    HKEY_CLASSES_ROOT\CLSID\{989A5447-1A50-4D02-BA55-724A516C1370}

    HKEY_CLASSES_ROOT\.fsharproj

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.fsharproj

 

 Yet.... SpyHunter still insists that I have this "Highly Dangerous" virus on my system; and apparently the only app in the world that can remove it is... Spyhunter.

 

I'm a rational person, and I tell myself that SpyHunter would never, ever knowingly create a false positive in order to sell apps, especially not at a time when this lawsuit has put them under a microscope and in the spotlight, and so, naturally, on the defensive.

 

But I also assume that people like this would have no problem shrugging it all off with: "Oh well....false positives do happen....". So I must remember to write to them via certified mail and document their error.

 

Now my 2 questions are:  

 

1. "Do I by any remote possibility really have this virus? Or is this just Spyhunter being... Spyhunter?"

 

2. “I spent over 9 hours dealing with this problem – all brought to me bySpyHunter. Can I charge them my usual rate of $257.43/hour?”

 

Thanks!  :cherry:


Edited by LH47, 09 February 2016 - 05:41 PM.


BC AdBot (Login to Remove)

 


#2 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:02:26 PM

Posted 09 February 2016 - 04:36 PM

Given SpyHunter's history (it detected my adblocker as a PUP... figures) I would say that it is just SpyHunter being SpyHunter.

Can you post the file path of the detection here? It can help identifying the detection.

2. “I spent over 9 hours dealing with this problem – all brought to me by. Can I charge them my usual rate of $257.43/hour?”

I doubt it :wink:

#3 LH47

LH47
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:09:26 AM

Posted 09 February 2016 - 05:41 PM

I'\ll do that tomorrow. I used Revo to uninstall, and had it take its log files with it. I'll have to reinstall (and uninstall again). I'm pretty sure it was my user account\app data\ something...


Edited by LH47, 09 February 2016 - 05:43 PM.


#4 LH47

LH47
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:09:26 AM

Posted 09 February 2016 - 08:42 PM

 OK....got the path. Are you ready for this?   

 

    "C:\users\xps 8300\documents\flash drive\RKill.com"  ("Trojan.downloader.tracur.x")

 

Several copies of Rkill are on several spots on my computer - the original being from 2012. SpyHunter flagged every one of them.

 

 Nobody else has ever flagged Rkill. Should I get a tinfoil hat, or have I been watching too much Boston Legal? :unsure:

 

EDIT:  Apparently, Rkill has been flagged before by other entities, albeit quite a long time ago. So this false positive could conceivably be a legitimate mistake.


Edited by LH47, 10 February 2016 - 11:04 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users