SpyStopper: an anti-spyware's dirty little secret.

[Vento1]

Recieved this from infoworks
It is false. What product are you talking about? How do you know that our software loads spyware on your PC? thanks.

Support Team
InfoWorks Technology Company
http://www.itcompany.com

What i expected
The interesting bit for me was the How do you know

 

[IZON]

Recieved this from infoworks
It is false. What product are you talking about? How do you know that our software loads spyware on your PC? thanks.

Support Team
InfoWorks Technology Company
http://www.itcompany.com

What i expected
The interesting bit for me was the How do you know

Thanks Vento1. As predicted, that gives us a good impression of what to expect from InfoWorks Technology Company in the future. Now I am more convinced that those CWS trojans are deliberately bundled with SpyStopper. After all, as far as they're concerned they regard you as one 'unimportant' punter. They're obviously playing dumb but they aren't stupid, once they start getting barraged with complaints about this they'll have to respond, especially once the PC Mags and a greater number of techinical sites/forums start discussing this matter.

Please do the tests, post your findings and spread the word.

 

[Disputant]

Heading into work now, going to take a closer look at those three problem computers that had that software on them. May reload it on one of them to see and see if those files were dummy files or if they are banging away at the firewall. Ill post back when I get a chance to test.

 

[Aslan]

Also, for others planning to E-Mail different websites concerning this, please be very careful in your wording and accusation. We don't want to get ourselves and especially this forum in trouble with the law, as it will cause a lot more problems than this situation warrants.

 

[Enablingwolf]

Recieved this from infoworks
It is false. What product are you talking about? How do you know that our software loads spyware on your PC? thanks.

Support Team
InfoWorks Technology Company
http://www.itcompany.com

What i expected
The interesting bit for me was the How do you know

... What was contained in the Email that was sent to the support division? It sorta looks like they only had half the information.
I agree with Aslan
Now my two cents.....If a program is working incorrectly ask the producer of the software for support. If they refuse to honor support, then take steps to remove the unwanted (program) code and find another one to replace it. Relax, it takes a few days to research on a complicated subject. Lots of angles have to be looked at for a sound conclusion.
If asked correctly and supplied with good background on the issue, most companies will bend over backwards to help a customer, but not all.

 

[Vento1]

I told them that CWShreader found the trojans this forum has not been mentioned.recieved this a few minutes ago.

These are false alerts. Just ignor them. Actually SpyStopper tries to stop these adware items and have the info in SpyStopper database. CWShreader misidentify SpyStopper as the adware. Regarding how SpyStopper works, check #19-21 in the FAQ at http://www.itcompany.com/stopfaq.htm. Feel free to contact us if you have any question. Thanks.

Support Team
InfoWorks Technology Company
http://www.itcompany.com

this is what the FAQ had to say.

19. My AntiVirus program reports that the SpyStopper log file, spylog.txt, is infected with CodeRed.C worm. Why?

This is a false positive. SpyStopper blocks the CodeRed worm and simply logs the actual worm data into the optional text log file. This file is not infected. The alert is false. Just ignore it. You may contact Norton or other companies and ask them to correct the false alert problem.

Also, you can delete the log file and uncheck Keep a Log File in SpyStopper. This will also eliminate the problem. However, you will not have the log file to give you the information on the blocks in the future.

The new build of SpyStopper 2.45 has corrected this problem. Uninstall your current SpyStopper. Download it and reinstall it. Check #35 for information on how to upgrade it. Make sure you delete the folder C:\Program Files\SpyStopper before reinstalling SpyStopper.

20. I got warning message from my firewall that a remote system is attempting to access SspyStopper.exe. Can you explain this behavior?

When spy servers try to contact their agents or devices on your system, SpyStopper will intercept the requests, take over the attempts, block them, and lead the contact attempts to death. This is how SpyStopper protects you. That is why your firewall thinks SpyStopper is being contacted. To remove this false alert, allow SpyStopper to access Internet in your firewall software.

21. My firewall says that sdbl.exe is attempting to access Internet. Why is it?

Many tracking devices are delivered through graphics and ads. If SpyStopper simply blocks those intrusive graphics, some Web sites (such as news sites) don’t look good. Therefore, SpyStopper loads those pictures through free public proxy servers. This way, your identity is protected and at the same time, the original appearance of the web pages is preserved. SpyStopper proxy agent, sdbl.exe, handles loading the images through free public proxy server. If you don’t like using a public proxy server and using the agent, uncheck Use Safe Loading in SpyStopper. Restart SpyStopper. Visit some sites and you will see the difference.

I am not convinced there is no mention of the trojans & why they appear each time i start spystopper, the keep log file is off my firewall lets it through,i removed temp internet files,cookies & history ran adaware 6 disconnected cable modem & they still appear BUT ONLY IF SPYSTOPPER IS ACTIVE.???

 

[radium]

I told them that CWShreader found the trojans this forum has not been mentioned.recieved this a few minutes ago.

These are false alerts. Just ignor them. Actually SpyStopper tries to stop these adware items and have the info in SpyStopper database. CWShreader misidentify SpyStopper as the adware. Regarding how SpyStopper works, check #19-21 in the FAQ at http://www.itcompany.com/stopfaq.htm. Feel free to contact us if you have any question. Thanks.

Support Team
InfoWorks Technology Company
http://www.itcompany.com

this is what the FAQ had to say.

19. My AntiVirus program reports that the SpyStopper log file, spylog.txt, is infected with CodeRed.C worm. Why?

This is a false positive. SpyStopper blocks the CodeRed worm and simply logs the actual worm data into the optional text log file. This file is not infected. The alert is false. Just ignore it. You may contact Norton or other companies and ask them to correct the false alert problem.

Also, you can delete the log file and uncheck Keep a Log File in SpyStopper. This will also eliminate the problem. However, you will not have the log file to give you the information on the blocks in the future.

The new build of SpyStopper 2.45 has corrected this problem. Uninstall your current SpyStopper. Download it and reinstall it. Check #35 for information on how to upgrade it. Make sure you delete the folder C:\Program Files\SpyStopper before reinstalling SpyStopper.

20. I got warning message from my firewall that a remote system is attempting to access SspyStopper.exe. Can you explain this behavior?

When spy servers try to contact their agents or devices on your system, SpyStopper will intercept the requests, take over the attempts, block them, and lead the contact attempts to death. This is how SpyStopper protects you. That is why your firewall thinks SpyStopper is being contacted. To remove this false alert, allow SpyStopper to access Internet in your firewall software.

21. My firewall says that sdbl.exe is attempting to access Internet. Why is it?

Many tracking devices are delivered through graphics and ads. If SpyStopper simply blocks those intrusive graphics, some Web sites (such as news sites) don’t look good. Therefore, SpyStopper loads those pictures through free public proxy servers. This way, your identity is protected and at the same time, the original appearance of the web pages is preserved. SpyStopper proxy agent, sdbl.exe, handles loading the images through free public proxy server. If you don’t like using a public proxy server and using the agent, uncheck Use Safe Loading in SpyStopper. Restart SpyStopper. Visit some sites and you will see the difference.

I am not convinced there is no mention of the trojans & why they appear each time i start spystopper, the keep log file is off my firewall lets it through,i removed temp internet files,cookies & history ran adaware 6 disconnected cable modem & they still appear BUT ONLY IF SPYSTOPPER IS ACTIVE.???

If they are lying about this matter, you have to admit that they are doing it rather ruthlessly, it encourages the user to pretty much bend over and paint a big bulls eye on their ***.

Open firewalls to them, disable scanners...

 

[Aslan]

After testing the program quite throughly on a completely clean WinXP system, my belief (although not completely conclusive) is that SpyStopper does not install CWS. Although CWShredder does detect CWS, my belief is that SpyStopper merely installs dummy files, and none of the other signs concerning CWS, (Browser hijacks, registry edits, fake files such as notepad32.exe, etc) are present.

Further investigation is still needed, but this is what I've found concerning this.

 

[Vento1]

Now that the initail shock & anger over the post from IZON has passed i have checked my firewall logs my registery & everywhere else i could think of i can't find anything going on that should not be there.
When i look at the original post i don't get the same results i only show two trojans not three, CWShreader works fine & will remove these trojans also it will check for updates. I will of coarse keep an eye on it. One final point i joined some other forums & asked them to check this out i also emailed 6 different uk computer mags so far this forum has been the only place where its members have responded by posting & by risking infecting there own machines to try to help, a very big thankyou to you all.
If your wondering i won't be bothering with the other forums THIS IS THE PLACE FOR ME.

 

[Aslan]

Yep, my results are very similar as well. One thing that I forgot to mention was that CWShredder only detects any elements of CWS when SpyStopper is running. When SpyStopper is turned off, CWS disappears.
I do agree that SpyStopper should be much more open about this. The way that they answered questions concerning this only compounded my fears moreso and raised more doubts, rather than being completely honest. Language barriers may have played a part in this.

 

[Enablingwolf]

They are in a battle to confront a hidden trojan, if they gave out all thier secrets, then the secret would be easy to get around.

 

[IZON]

I've disabled SpyStopper; I don't wont the worry or bother about keeping an eye on it. Thankfully, FireFox and SpyBot SnD utilise local host blocking. The CWS dummy aspect is plausible, and considering the number of rouge anti-spyware apps on the market, it would be in ITWorks interest to be more open about it. I still get three CWS trojans flagged up by CWShredder when SpyStopper runs. However, since I stopped using it I've noticed the total number of running processes on my rig drop from 20-21 to 15-16.

Just found this sad bit of news about CWShredder's future

 

[Enablingwolf]

So far I have seen that the DATs are what are bieng located, just like DAT's in virus scanners, but they ignore them, cause they are programmed a lil better. IT's all in how good a code is produced. I, so far seem to think this is just an alright solution, not the best, but it is a start on stopping the threat. Good effort on protecting a persons in IE, BTW try Firefox, it is firstline defense in stopping a SWC. Gecko rules. IF yer so concerned try linux! It will thwart all attempts in browser hijacks, since it is not M$. Nothing is foolproof. If you are satisfied with the program then stick with it.