Page 1 of 2 12 LastLast
Results 1 to 15 of 22
  1. #1
    WS Lounge VIP Coochin's Avatar
    Join Date
    Jun 2014
    Location
    Queensland, Australia
    Posts
    2,151
    Thanks
    31
    Thanked 305 Times in 265 Posts

    Caution: "SpyHunter" and "Zip Opener".

    About two weeks ago I installed Win8.1 on a new HDD I fitted to a HP all-in-one PC, as detailed in http://windowssecrets.com/forums/sho...ne-PC-Problems

    After returning the PC to the customer she was having an HTML email display problem in Outlook 2003. I told her I would call on her to install Service Pack 2 for Office 2003, to see if that would help with the email display problem. When I returned a couple of days later to install the SP the customer told me a friend had offered to help with the HTML email display problem in Outlook.

    When I investigated I found that her friend had installed "SpyHunter" (see the #3 post in this bleepingcomputer thread http://www.bleepingcomputer.com/foru...ytes-vs-iobit/ ), which seemed to have also had hidden "extras". One of those "extras" was "Zip Opener", which is not listed in Programs and Features, is not listed in jv16 PowerTools' Uninstaller, and is not found by MBAM, ADWcleaner, JRT, or HitmanPro.

    Apart from not doing what its name suggests (it doesn't open zip files) this fraud program has also associated itself with many filetypes in "Default Programs\Associate a file type or protocol with a specific program" including ".eml", ".jp2", and scores of others. When I double-clicked an .eml file in the customer's Documents folder a dialog opened asking for payment for a licence to use the program.

    Clearly the customer's friend was not careful enough when she downloaded/installed "SpyHunter" (I had already installed Malwarebytes Antimalware after installing Win8.1), and did not look closely at what was pre-selected to install and de-select unwanted "extras".
    Computer Consultant/Technician since 1998 (first PC was Atari 1040STE in 1988).
    Most common computing error is EBKAC: Error Between Keyboard And Chairback
    AMD FX8120 (8-core @ 3.1GHz) CPU, Gigabyte GA-990FXA-D3 motherboard, 8GB (2x4GB) DDR3 1866MHz RAM, ATI-AMD Radeon HD6770 PCI-E VGA, 480GB Kingston SSD, 2TB Seagate SATA3.0 HDD, ASUS DVD/RW.

  2. The Following 2 Users Say Thank You to Coochin For This Useful Post:

    Sudo15 (2015-03-05),tonyl (2015-04-03)

  3. #2
    Super Moderator
    Join Date
    Aug 2012
    Location
    Durham UK
    Posts
    6,607
    Thanks
    147
    Thanked 869 Times in 831 Posts
    While I don't use Spyhunter, this is just another example of what has already been discussed in the Lounge about the deviousness of some vendors.

    Were you able to find the Zip Opener in the Enigma Software Group folder to remove ?

    Edit

    Just read your other thread and see that you have reinstalled.
    Last edited by Sudo15; 2015-03-05 at 03:18.

  4. #3
    WS Lounge VIP Coochin's Avatar
    Join Date
    Jun 2014
    Location
    Queensland, Australia
    Posts
    2,151
    Thanks
    31
    Thanked 305 Times in 265 Posts
    Quote Originally Posted by Sudo15 View Post
    While I don't use Spyhunter, this is just another example of what has already been discussed in the Lounge about the deviousness of some vendors.

    Were you able to find the Zip Opener in the Enigma Software Group folder to remove ?

    Edit

    Just read your other thread and see that you have reinstalled.
    "Zip Opener" was listed in the file associations dialog as being from "Device Doctor Software Inc." not "Enigma Software" (that "Enigma" name is a bit of a worry).

    File_Assoc.jpg

    One look at the large number of file types "Zip Opener" had assigned to itself was enough to convince me that it was too risky to continue with what is obviously a corrupted Win8.1 installation. Especially so soon after the clean re-install.

    Re the corruption (as explained in the other thread in my #1 post) "Not Guilty Your Honour", or as Homer Simpson said "I didn't do it, it was like that when I got here".

    I have arranged with the customer to collect her PC tomorrow afternoon (Friday here), and will repeat the Win8.l clean install over the weekend. Fortunately I still have her user files I recovered from her failed HDD on one of my USB HDDs.
    Computer Consultant/Technician since 1998 (first PC was Atari 1040STE in 1988).
    Most common computing error is EBKAC: Error Between Keyboard And Chairback
    AMD FX8120 (8-core @ 3.1GHz) CPU, Gigabyte GA-990FXA-D3 motherboard, 8GB (2x4GB) DDR3 1866MHz RAM, ATI-AMD Radeon HD6770 PCI-E VGA, 480GB Kingston SSD, 2TB Seagate SATA3.0 HDD, ASUS DVD/RW.

  5. #4
    Super Moderator
    Join Date
    Aug 2012
    Location
    Durham UK
    Posts
    6,607
    Thanks
    147
    Thanked 869 Times in 831 Posts
    Spyhunter certainly loads quite a few files and didn't like that bit about a reg cleaner in http://www.shouldiremoveit.com/SpyHu...5-program.aspx but the only Device Doctor program I've come across is a driver updater program, but I suppose they may have branched out and are now in cahoots with Enigma.

  6. #5
    Silver Lounger RolandJS's Avatar
    Join Date
    Dec 2009
    Location
    Austin metro area TX USA
    Posts
    1,722
    Thanks
    95
    Thanked 126 Times in 123 Posts
    Coochin, I hope you charge customer a fair price for that reLoad, if not, it's possible that you will be called again and again - to reLoad to reLoad...
    In short, what can you do and/or teach customer so to avoid the repeated phone calls?
    "Take care of thy backups and thy restores shall take care of thee." Ben Franklin revisited.
    http://collegecafe.fr.yuku.com/forum...-Technologies/

  7. #6
    WS Lounge VIP Coochin's Avatar
    Join Date
    Jun 2014
    Location
    Queensland, Australia
    Posts
    2,151
    Thanks
    31
    Thanked 305 Times in 265 Posts
    @ Sudo15
    "Spyhunter certainly loads quite a few files..." I decided to make a fresh backup of the customer's files before doing the re-install. There was a folder and a couple of files on C:\ that looked to me to be Linux-related rather than Windows.

    At that stage I was focussed on backing up the user-files (<>25GB); by the time the files finished copying I had forgotten about the Linux files.

    @ RolandJS
    "...I hope you charge customer a fair price for that reLoad..." The customer understands that I will charge her for the extra unnecessary re-install, and when I collected the PC from her on Friday she told me her friend had offered to pay part of the cost. So it seems both the customer and her friend are "encouraged" to think carefully before meddling with technical issues in future.

    The customer is President/Secretary of a local wildlife rescue group; her computer is supplied by the group; so she also expects to have to provide an explanation to the group's management committee.
    Computer Consultant/Technician since 1998 (first PC was Atari 1040STE in 1988).
    Most common computing error is EBKAC: Error Between Keyboard And Chairback
    AMD FX8120 (8-core @ 3.1GHz) CPU, Gigabyte GA-990FXA-D3 motherboard, 8GB (2x4GB) DDR3 1866MHz RAM, ATI-AMD Radeon HD6770 PCI-E VGA, 480GB Kingston SSD, 2TB Seagate SATA3.0 HDD, ASUS DVD/RW.

  8. #7
    New Lounger
    Join Date
    Apr 2015
    Posts
    6
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Regarding SpyHunter, It’s a good idea that people do research on programs they are about to buy, so I’m happy that people are looking for reassurance. I actually did the same search myself just to see what was out there and I found a mixed bag of reactions from professional sites and private users of SpyHunter. Some people loved the program, and others had some complaints. However it seems that most of the bad reviews that seem to be floating around about Spyhunter are coming from people who believe they have been somehow “tricked” by the software into having to buy it, which is just ignorance on their part. They haven’t even used the program!
    Spyhunter 4 is not a free program. You can download the software for free and see if it finds malware on your computer, but in order to remove the malware you must buy the software. This does not mean Spyhunter is unsafe or a scam or “scareware”. People are just grumpy that they might have to buy something to fix a problem. These reviews don’t reflect the quality of Spyhunter itself, which is good in my opinion.
    SpyHunter works as advertised, in my opinion it is better than Malwarebytes Pro, which is in its self a fairly good program, although I wouldn’t bother with the free version, it used to be good 7 or 8 years ago but has slipped in recent years.

  9. #8
    2 Star Lounger 1PW's Avatar
    Join Date
    Feb 2011
    Location
    North of the 38th parallel.
    Posts
    131
    Thanks
    26
    Thanked 46 Times in 28 Posts
    @malibu188:

    SpyHunter 4 by Enigma Software Group USA is a program that was previously listed as a rogue product on the Rogue/Suspect Anti-Spyware Products List because of the company's history of employing aggressive and deceptive advertising. It has since been delisted but AV-Test has not included SpyHunter 4 in their comprehensive testing analysis that would reveal how SpyHunter 4 compares to the best anti-spyware in terms of protection, repair and usability. The reason for this is that the publisher, Enigma Software, has not been cooperative in submitting SpyHunter 4 for testing at AV-Test. In the opinion of many, it is a dubious program which is not very effective compared to others with a proven track record and it's detections, provided by its scanning engine, should not be trusted.

    Enigma Software Group's business model will currently charge $39.99USD every 6 months against a credit card for its autorenewing subscription to SpyHunter 4.

    Further, it has been documented that some newer versions of SpyHunter 4 apparently install it's own "Compact OS" and uses Grub4Dos loader to execute on boot up. The user no longer sees the normal Windows boot menu but instead sees the GRUB menu. For some folks this has resulted in SpyHunter 4 causing a continuous loop when attempting to boot and other issues.

    When searching for new malware or malware removal assistance (and removal guides) on the Internet, it is not unusual to find numerous hits from untrustworthy and scam sites which misclassify detections or provide misleading information. This is deliberately done more as a scam to entice folks into buying an advertised fix or using a free removal tool. SpyHunter 4 (SpyHunter-Installer.exe) is one of the most common "so-called" removal tools pushed by these sites.

    If you have downloaded and scanned with SpyHunter 4, any detection results should be viewed with suspicion. The recommendation of some Malware Removal Experts would be to remove the program and replace it with a trustworthy alternative.

    *How to Uninstall SpyHunter (Blocked by Web Of Trust - WOT)

    Note: Some users have reported that you may need to open Windows Explorer, navigate to C:\Documents and Settings\<user name>\Local Settings\Temp, look for and delete a SpyHunter related file named SHSetup.exe before uninstalling from Programs and Features (Add/Remove Programs) in Control Panel.

    Reproduced with the kind permission of quiteman7, MVP, Global Moderator @ BleepingComputer.com
    Last edited by 1PW; 2015-04-03 at 06:30.
    All viruses are malware but not all malware are viruses and if the malware doesn't self replicate it just isn't a virus.

  10. The Following User Says Thank You to 1PW For This Useful Post:

    satrow (2015-04-03)

  11. #9
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    4,486
    Thanks
    283
    Thanked 573 Times in 477 Posts
    Quote Originally Posted by 1PW View Post
    When searching for new malware or malware removal assistance (and removal guides) on the Internet, it is not unusual to find numerous hits from untrustworthy and scam sites which misclassify detections or provide misleading information. This is deliberately done more as a scam to entice folks into buying an advertised fix or using a free removal tool. SpyHunter 4 (SpyHunter-Installer.exe) is one of the most common "so-called" removal tools pushed by these sites.
    To give a recent example of this, here's a 'detection' by SpyHunter 4 in a simple search - how many of these sites would you trust?: https://duckduckgo.com/?q=%22pup.bitminer.dce%22

  12. #10
    New Lounger
    Join Date
    Apr 2015
    Posts
    6
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by satrow View Post
    To give a recent example of this, here's a 'detection' by SpyHunter 4 in a simple search - how many of these sites would you trust?: https://duckduckgo.com/?q=%22pup.bitminer.dce%22
    Your point satrow?
    To give a recent example of this, here's a 'detection' by "Malwarebytes" in a simple search - how many of these sites would you trust?
    https://www.google.com.au/search?q=P...r.DCE&start=10
    Malwarebytes is obviously untrustworthy and a scam providing misleading information.

  13. #11
    New Lounger
    Join Date
    Apr 2015
    Posts
    6
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by 1PW View Post
    SpyHunter 4 by Enigma Software Group USA is a program that was previously listed as a rogue product on the Rogue/Suspect Anti-Spyware Products List because of the company's history of employing aggressive and deceptive advertising. It has since been delisted but AV-Test has not included SpyHunter 4 in their comprehensive testing analysis that would reveal how SpyHunter 4 compares to the best anti-spyware in terms of protection, repair and usability. The reason for this is that the publisher, Enigma Software, has not been cooperative in submitting SpyHunter 4 for testing at AV-Test. In the opinion of many, it is a dubious program which is not very effective compared to others with a proven track record and it's detections, provided by its scanning engine, should not be trusted.

    Enigma Software Group's business model will currently charge $39.99USD every 6 months against a credit card for its autorenewing subscription to SpyHunter 4.

    Further, it has been documented that some newer versions of SpyHunter 4 apparently install it's own "Compact OS" and uses Grub4Dos loader to execute on boot up. The user no longer sees the normal Windows boot menu but instead sees the GRUB menu. For some folks this has resulted in SpyHunter 4 causing a continuous loop when attempting to boot and other issues.

    When searching for new malware or malware removal assistance (and removal guides) on the Internet, it is not unusual to find numerous hits from untrustworthy and scam sites which misclassify detections or provide misleading information. This is deliberately done more as a scam to entice folks into buying an advertised fix or using a free removal tool. SpyHunter 4 (SpyHunter-Installer.exe) is one of the most common "so-called" removal tools pushed by these sites.

    If you have downloaded and scanned with SpyHunter 4, any detection results should be viewed with suspicion. The recommendation of some Malware Removal Experts would be to remove the program and replace it with a trustworthy alternative.

    *How to Uninstall SpyHunter (Blocked by Web Of Trust - WOT)

    Note: Some users have reported that you may need to open Windows Explorer, navigate to C:\Documents and Settings\<user name>\Local Settings\Temp, look for and delete a SpyHunter related file named SHSetup.exe before uninstalling from Programs and Features (Add/Remove Programs) in Control Panel.

    Reproduced with the kind permission of quiteman7, MVP, Global Moderator @ BleepingComputer.com
    Nice cut and paste 1PW, please people, do your own research

  14. #12
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    12,519
    Thanks
    152
    Thanked 1,398 Times in 1,221 Posts
    Quote Originally Posted by malibu188 View Post
    Nice cut and paste 1PW, please people, do your own research
    So quoting a moderator associated with Bleeping Computer, a trustworthy site in security related matters, is bad, in your opinion? You do know that research, in these matters, also includes obtaining relevant information from trusted sources?

    For most users, I would say relying on trustworthy sources, such as Bleeping Computer, is much safer than trying to do whatever on their own and risk compromising their systems with rogue software. Rogue security software is all too common, to take unnecessary risks.
    Rui
    -------
    R4

  15. The Following 2 Users Say Thank You to ruirib For This Useful Post:

    1PW (2015-04-03),satrow (2015-04-03)

  16. #13
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    4,486
    Thanks
    283
    Thanked 573 Times in 477 Posts
    My point is pretty simple, a neutral search for that 'detection' comes up with a list of sites that I, and many others, would deem untrustworthy.

    Here's what SpyHunter reported for that 'detection':

    SH4detection.jpg

    The second and third sentences are completely incorrect, blown out of all proportion for the file 'detected' = Scareware, no less.

    In the same folder as that 'detection', there were several files that are correctly considered PUPs by most, if not all, trustworthy security software - they were not flagged by SpyHunter.

    1 false positive and some 3-5 PUPS missed in one folder = SpyHunter is not to be recommended.

  17. The Following User Says Thank You to satrow For This Useful Post:

    1PW (2015-04-03)

  18. #14
    New Lounger
    Join Date
    Apr 2015
    Posts
    6
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by ruirib View Post
    So quoting a moderator associated with Bleeping Computer, a trustworthy site in security related matters, is bad, in your opinion? You do know that research, in these matters, also includes obtaining relevant information from trusted sources?

    For most users, I would say relying on trustworthy sources, such as Bleeping Computer, is much safer than trying to do whatever on their own and risk compromising their systems with rogue software. Rogue security software is all too common, to take unnecessary risks.
    In this case, YES
    Bleeping Computers biggest objection to SpyHunter appears to be that its not free!!
    Not whether it works or not.
    Then a link "How to Uninstall SpyHunter" whats that all about!! Its a link to SpyHunters own website as a courtesy to its customers giving a very basic instructions.
    Its no more difficult to uninstall than any other program.
    Strange tactics by a "trusted" org like Bleeping Computers

  19. #15
    New Lounger
    Join Date
    Apr 2015
    Posts
    6
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by satrow View Post
    My point is pretty simple, a neutral search for that 'detection' comes up with a list of sites that I, and many others, would deem untrustworthy.

    Here's what SpyHunter reported for that 'detection':

    SH4detection.jpg

    The second and third sentences are completely incorrect, blown out of all proportion for the file 'detected' = Scareware, no less.

    In the same folder as that 'detection', there were several files that are correctly considered PUPs by most, if not all, trustworthy security software - they were not flagged by SpyHunter.

    1 false positive and some 3-5 PUPS missed in one folder = SpyHunter is not to be recommended.
    Well I'm sorry, but I will continue to recommend SpyHunter. so long as it continues to do the job where others like Malwarebytes (free or not) cannot, saving me and my clients time and money
    Cisco CCNA Microsoft MCSE TAFE NSW Diploma in Systems Administration and Bachelor of Applied Computing (Big Breath) with over 20 years experience In I.T. Industry

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •