Another day and another rogue! Actually this next one has been out and about for some time now. However it’s starting to be making the rounds recently.

It’s also been a time since we have blogged and brought a rogue to the attention to the general internet community. So I thought I may as well bring this one into the spot light and get more coverage for it so that users like you can be warned or receive assistance for it.

AntiSpyCheck

Going by the name AntiSpyCheck, this rogue is a familiar member of the Zlob Trojan. And it associated, like other rogues, with Estdomains Inc as you can currently see on a whois.

It’s web site location is:

www(dot)antispycheck(dot)com

As with all rogues, the infections that come along with them are hugely annoying and, at the worst of times, can cause serious upset. Not to mention the fact it tries to get your money for purchasing it.

What we suggest is to seek help in our forum or by following our own removal guide for this rogue. All help is free and widely respected from many members of the community.

If that isn’t enough, then why not discuss this rogue in more detail here! Your feedback is appriciated.

Links:

How To Remove AntiSpyCheck (removal instructions)

How does a security vendor lose trust? It likely begins when the company CEO becomes overly defensive and posts rants such the one at the end of this post:

“You know what pisses me off the most: Its ill-informing, mis-informing doing a disservice to users, because of our own agendas!!!! I have no problem with people liking or disliking what we have, we respect opinions, however people in the position to make a difference, abusing the trust that users have bestowed upon them by ill-informing is just plain wrong!!!”

Please pay particular attention to the words in bold in the above quotation while you consider the explanation on the Comodo website for providing a free firewall:

“You must be wondering - how can we stay in business by giving away high quality solutions that all other software vendors sell. Simply, Comodo’s main revenue comes from authenticating web business with SSL certificates (e.g. we put the padlock on websites).”

Apparently that source of revenue must not be as lucrative as one might expect since Comodo has found it necessary to add to their revenue base by including the IAC/Ask Toolbar to the most recent version of the firewall.

Circling back to the subject of a vendor losing trust and considering the above text in bold, it seems that Comodo is indeed abusing trust when, in defense of including a toolbar provided by a known adware vendor, they are suggesting that users turn off their antivirus software!

NOTE: This “Toolbar” is being detected by various Anti-virus software as Adware/Malware *THIS IS A FALSE POSTIVE!!!*, There is NO Adware, Spyware etc in this Toolbar WHAT SO EVER. If you are having problems installing the Toolbar, turn off your AV if this is the case.

Indeed, Comodo is ill-forming, mis-informing and providing a major disservice to users. As illustrated at Calendar of Updates, when the Comodo toolbar was installed and the toolbar .dll scanned at virustotal and virusscan.jotti, the following were the results:

ASKSBAR.DLL
MD5…: ccc67b6b51bf3b004c6186c2da2faa2e

A-Squared Found Adware.Win32.MySearch.i
ArcaVir Found Adware.Mysearch.I
CAT-QuickHeal 9.50 2008.05.29 AdWare.MySearch.i (Not a Virus)
ClamAV 0.92.1 2008.05.29 Adware.Mysearch-1
Fortinet 3.14.0.0 2008.05.29 Adware/MySearch
Panda 9.0.0.4 2008.05.29 Suspicious file
Sunbelt 3.0.1139.1 2008.05.29 AdWare.Win32.MySearch.i
VBA32 3.12.6.6 2008.05.29 AdWare.Win32.MySearch.i

Everyone must decide for themselves. Personally, any vendor that not only condones but recommends turning off users antivirus software and intentionally includes known adware in their software is not one that I trust.

The full text of Comodo’s ill-informing advice which is not only doing a disservice to users, but is also an abuse of trust has been preserved at Info: COMODO SafeSurf Toolbar.

Remember - “A day without laughter is a day wasted.”
May the wind sing to you and the sun rise in your heart…

Well known Calendar of Updates has added yet another vendor to the list of discontinued updates. Comodo has joined the company of Zone Labs and Webroot of including the Ask Toolbar pre-checked for installation with Comodo Firewall 3.0.23.364. Comodo’s installation of the Ask Toolbar is under the guise of the Comodo SafeSurf toolbar.

If you are updating Comodo, you will not see the option to install the toolbar. However with a full install or reinstall, it is necessary to UNcheck BOTH the Toolbar and Home page.

Seeing as how I updated the Vista Compatible Firewalls listing today, I will add a warning about the toolbar to the entry.

CoU:

• Comodo Firewall 3.0.23.364
• Products with Ask Toolbar

Background:

• Ask.com’s Privacy Tool Tracks Users, Groups Tell Feds
• Ask.com Will Keep Your Secrets (Although Its Advertisers Won’t)
• Ask.com Complaint (PDF from Epic.org)
• http://www.benedelman.org/spyware/ask-toolbars/
• http://www.benedelman.org/spyware/installations/askjeeves-banner/
• Dealing with Unwanted Spyware and Parasites

Remember - “A day without laughter is a day wasted.”
May the wind sing to you and the sun rise in your heart…

WinPatrolFlash has been released. WinPatrolFlash is a portable version of my favorite security application. For people who are frequently called upon to help family and friends, this will come in very handy.

WinPatrol Flash can run from a USB/Flash drive without having to install any WinPatrol files or settings on the system to be fixed or optimized. For complete information and to download WinPatrolFlash, click the USB flash drive:

References:

• Help Friends/Family with WinPatrol FLASH

• WinPatrolFlash

Should you have questions about its use, visit let us know here.

Remember - “A day without laughter is a day wasted.”
May the wind sing to you and the sun rise in your heart…

I was bound to write about these guys again and in a sense I am glad I am! It appears that Enigma Software Group want to change name from Enigma Software Group Inc to City Loan Inc.

Pretty damn odd for a company like that to change into something different (or at least their name). What’s even more funny is this article by our friends at CertifiedBug.Org:

“Scan your entire computer to detect negative credit”.

PaperGhost also blogs about this here.

I have so many thoughts on this that I would just explode and keep on doing so. However due to commitments elsewhere and that fact each sentence I write is analyzed by Enigma’s lawyer’s, I’ll save this opinion of mine for a rainy day. However if you have one, tell us here!

Previous Articles About Enigma:

• Here goes … Another rant about Enigma
• SpyHunter the return leg … coming soon!
• One issue fixed, on to the next..
• Enigma’s (ESG) status a week on..
• Enigma & 411-spyware.com Update
• 411-spyware.com - The new forum spammers?

A brief blog here about the release of Service Pack 3 for Windows XP.

You can find several articles online about this, however our resident blogger Corrine has an article crammed with info at her blog Security Garden:

• Windows XP SP3 Released - article by Security Garden

You can also find several posts about this from around the world which we feed into our NewsBot Centre:

• Windows XP Service Pack 3 and IE
• Microsoft Releases Windows XP Service Pack 3

Incidently we have had several reports from our forum members of some troubles. They’ll be researched and passed on to the relevant bodies. In the meantime if you have had trouble with SP 3 for XP or IE sniggers, then go and discuss it in our forum here.

It has been almost a month since we turned two years old. And during that time various games and challenges were set-up in order to celebrate and enjoy the fact we turned two. What we also added was a chance to win full licences of programs.

As it’s towards the end of the period, which has gone over it’s planned slot, we still have some licences to give away! They are copies of Sunbelts’ Counterspy and Malwarebytes’ Anti-Malware.

To enter on your choice of raffle, click on the links below:

• Enter the raffle that is giving away full licences of Malwarebytes’ Anti-Malware
• Enter the raffle that is giving away full copies of Sunbelts’ CounterSpy

And all you have to do is register and post you want to win! Then a number is allocated to your post and in a weeks time (depending on the amount of entries) we will put all numbers in a hat and draw the numbers!

Simple ‘eh? Go and get your copy!

Bill Pytlovany released a new version of WinPatrol which includes a great new security feature. On increasingly frequent occasions we hear of “zero-day” or unpatched vulnerabilities affecting programs with ActiveX components. In fact, the majority of all browser plug-in vulnerabilities can be attributed to Active X. With WinPatrol 2008, you can monitor and control Active X components. Aside from the Microsoft plug-ins, popular programs including ActiveX are Adobe Flash, Apple Quicktime, RealPlayer and SunMicrosystems Java.

There are several options available for viewing the ActiveX controls on your computer with WinPatrol 2008 and they can easily be changed by toggling the check box combinations. The example below illustrates a selection of non-Microsoft ActiveX Controls used with IE.

(Click to Enlarge)

The combination of options for viewing ActiveX controls includes:

• List all ActiveX controls including those not used by Internet Explorer
• Only view ActiveX controls used by Internet Explorer
• Toggle non-Microsoft ActiveX controls on/off.

If there is an unpatched vulnerability, without any fancy tricks, merely select the appropriate ActiveX control with WinPatrol, click disable and “Yes” to the prompt:

(Click to Enlarge)

After the vulnerability has been patched, reverse the process to enable the ActiveX control.

WinPatrol will also monitor your system and let you know when new ActiveX components try to make their home on your system. If it’s not something you wanted WinPatrol will kill the new component before it can do any damage.

Get Scotty! Free - Install WinPatrol 2008

Get Scotty Plus! Upgrade to WinPatrol PLUS today

See WinPatrol 2008 introduced in its 10th year

Need help with WinPatrol? Visit the Security Cadets WinPatrol Support Forum.

Remember - “A day without laughter is a day wasted.”
May the wind sing to you and the sun rise in your heart…