Anyone fancy checking this one out?

exterminate-it.com
curiolab.net

http://hosts-file.net/?s=exterminate-it.com
http://hosts-file.net/?s=curiolab.net

Don't have time myself or I'd do it myself

Detects false positives.

Printer is not in my Start menu and SystemExplorer has Mumuboy trojan

Hello Steven

Exterminate It:
Downloaded/install and updated, there were no panic/ scare tactic "Your Infected" pop-ups install, no system tray icon only a desktop icon is install. Ran scan and it produce two false postives (first one doesnt exist, 2nd one monln.dll is part of comodo antivirus).
Scan and Pay to remove infection, Click on orange exterminate tab to register product for removal.



http://www.bleepingcomputer.com/startups/m....dll-20086.html

Nice one, cheers

Hi, guys!

I'm represent Exterminate It team and I registered here just to make you sure that we are not producing rogue antispyware product. We are really working hard to make HQ software.

2sho-dan: Please note that false positives is USUAL problem even for such big boys like Kaspersky, Norton etc. BTW, by your request I could provide you with 1 month trial code so your Exterminate It! software will be fully functional. After that you could use Submit State and we will look closer what's going wrong with your PC or with our software.

And at last I want to remind you that refund is always available for unsatisfied users.

Hi Exterminate It guy and welcome to Malwarebytes. I'll take that offer of a license. I'm sure some others will too. Particularly our lead rogue researcher SwampDiner.

2JeanInMontana: was sent to PM.

If somebody else interested - please let me know.

I've just checked this and it's still producing laughable F/P's that it wants paid to "fix" ....

Hi there,

Just checked this program on my windows vista home,
No false positives found.

2 sho-dan - I got also comodo antivirus installed - no detections either.
2 MysteryFCM - What is ServSax.a that were detected on your pc ?
Can you provide details ?
May be this ain't FP ?

It claimed they were a bunch of reg keys etc that don't actually exist ........ so yep, definately F/P's (I've been doing this a long time ). If the app actually produced a log of what it found, or provided an option to save the list, I could have posted that - but it doesn't (the log it does create, makes absolutely no mention of the detections).

This was on XP SP2 .....

2MysteryFCM: Would you please to provide more detailed information regarding this false positive to help us improve detection quality? Please provide same screenshot with detailed information visible - i.e. with file and registry paths. I would really appreciate your help.

If this is considered as false positive IT WILL BE IMMEDIATELY REMOVED FROM DATABASE.
Every security professional should know - different methods can be used for malware detection and very often malware hide themselves under
legitimate software file names and registry keys, in this case more strict detection rules/conditions needs to be used.

If we take money for malware removal and submit state feature processing there is no reason to mark our software as a ROGUE.
We show all the paths to files and to registry keys, and many our users remove the malware without paying money by themselves. That's fair.

Submit State reports are processed per client basis - so it requires more processign than usual approach.

Why Exterminate It! is not ROGUE:

1. we never use false positives as a road to purchase. (they will be removed immediately after discovering)
2. we provide fully functional 1 week trial per support request.
3. if people are dissatisfied with our software - we provide immediate money-back !!! As you might be know - rogue never provides moneyback.
4. we show full path to files and to registry keys - so there is no hidden games with non-present infection.

Just a couple of FPs, notably:


The "CWS.GonnaSearch" entries are in fact from Internet Explorer 5 Toolbar Wallpaper

(No longer works with IE7, but a legitimate application nonetheless...)


... and the "BrowserAid" detection actually concerns a Snagit reg key:


[HKEY_CLASSES_ROOT\AppID\BHO.DLL]
"AppID"="{59AEAD8A-6822-4794-AF2E-8CC27312E26E}"

[HKEY_CLASSES_ROOT\CLSID\{00C6482D-C502-44C8-8409-FCE54AD9C208}]
@="SnagIt Toolbar Loader"
"AppID"="{59AEAD8A-6822-4794-AF2E-8CC27312E26E}"

[HKEY_CLASSES_ROOT\CLSID\{00C6482D-C502-44C8-8409-FCE54AD9C208}\InprocServer32]
@="C:\\Program Files\\TechSmith\\SnagIt 9\\SnagItBHO.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{00C6482D-C502-44C8-8409-FCE54AD9C208}\ProgID]
@="BHO.HelperObject.1"

[HKEY_CLASSES_ROOT\CLSID\{00C6482D-C502-44C8-8409-FCE54AD9C208}\Programmable]

[HKEY_CLASSES_ROOT\CLSID\{00C6482D-C502-44C8-8409-FCE54AD9C208}\TypeLib]
@="{39CAFD20-BAFF-454D-A94C-7115710AE6E3}"

[HKEY_CLASSES_ROOT\CLSID\{00C6482D-C502-44C8-8409-FCE54AD9C208}\VersionIndependentProgID]
@="BHO.HelperObject"



Nothing deliberate though, by the looks of it.

TonyKlein, thank you for taking time to review us!

All those FPs mentioned by you have been removed from our database.

That's good to hear. However, you will of course understand that you can't by any means consider this a full-fledged review. It's just a quick run to check for FPs.

Dear MysteryFCM,

False positives sometimes happens - but this means that good files / regkeys are detected as bad ones. But detection of non-existing reg keys ... or files - SOUNDS STRANGE and IMPOSSIBLE.

It would be great if you can provide Submit State from your pc - for that please click on Submit State button, enter information that you have false positive and you are MysteryFCM, and press Send button.

You can also provide the snapshot from your screen - but please maximize Exterminate It! window to full screen, and make the "Location" column fully visible, (you can minimize the Category column for that). Please put this snapshot to forum.

The machine I ran it on is no longer a "clean install", so can't do that I'm afraid.

I'll re-run the application once I get access to a test system again (probably either over the weekend or early next week).

Just want to remind you that we are still looking forward to receive from you either submit state or detailed screenshot

I'd actually forgotten about this as I've been a little (well okay alot) side tracked with other things.

I'm back tomorrow until Wednesday (so far), so will try and find time between then, to re-run the tests.

I've been running Exterminate It on my PC and it found the followin registry entries:

O17 - HKLM\System\CCS\Services\Tcpip\..\{93411B4B-2EEC-4612-96C1-25ABC107B13C}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222

I've tried all of the following anti-spyware and anti-virus progs, but only Exterminate It came up with these entries...

ComboFix
Exterminate It
FixWareOut
HijackThis
Malwarebytes' Anti-Malware
XsoftSpySE
SmitFraudFix
AdAware
SpyBot S&D
AVG

The registry entries seems to be related to DSN changers (e.g. Zlob), but aren't these entries the (safe) servers of OpenDNS?

Additionally, Exterminate It finds the following registry entry 3 times:

Zlob.Fake Security Alerts

It appears that this can only be fixed by buying Exterminate It, since all other progs do not recognize the entry as a trojan.

What to do!?

Those are the OpenDNS server addresses and are false positives ......... I'd strongly recommend removing Exterminate-It and using something thats not a rogue .....

See the section in the following articled entitled Infection prevention and cures

http://mysteryfcm.co.uk/?mode=Articles&date=12-08-2008

Any chance I could get a copy to review it?

Thanks!

Is this what you want:
exterminate-it.com/download

Please try to use Submit State feature of Exterminate It! and we'll do our best to solve your problem. In case your Exterminate It copy still not registered - PM me to receive 1 week trial code.

Hey smarty, we still doesn't receive any confirmation of your previous accusation:



So I think junkie26 don't need any recommendations from such "respectable" proffessional. We'll try help him absolutely for free.

Sure.

Trial code was sent to PM and here is direct link to download: http://exterminate-it.com/downloads/ExterminateItSetup.exe

And don't hesitate to contact me in case of any questions.

Thanks Exterminate It guy

I've got far more important things to be concerned about atm ....

Gave me a few FPs

C:\windows\system32\smrgdf.exe
PCast

The program doesn't let you decide what areas to scan ? Thought that was a bit weird. Whats the anti-rootkit scan like ? Got any more details about them ?

I've used Exterminate It! and can say a few good things about it.

My PC got infected with an extremely nasty variant of the Zlob.DNS Changer. I couldn't access the Kaspersky online test and a few other tools, as their websites were blocked by the virus. Norton AV didn't see the visrus at all, nor did a couple of other tools I've managed to get hold of (including SmitFraudFix). The only software which could detect the virus was Exterminate It! and, after I bought a registered copy, it cleaned it up.

My only suggestion is that, in the Undo section, it would be convenient to to be able to balk-mark the entries (at the moment, you can place only one tick at a time).

I'm in the middle of retesting this one and it's still producing laughable F/P's ......... including detecting MBAM as the Zlob trojan!

All except the cookies are F/P's .......... IMHO, there's no way they can't be aware of these, especially given the MBAM detection.

The SimpleDNSControl "infection" it is detecting (This is an ATL COM written by Emmanuel (emmanuelATkartmann.org) for his SimpleDNSResolverX project, and whilst it's possible for it to be used for malicious purposes, it's completely benign by itself), actually isn't an infection at all. Strangely, I had exactly the same conversation with the developers of SpywareCease. Their excuse for this, was that CA has it listed, and indeed they do (and indeed, they've also been told many times that it's an F/P)

http://www.ca.com/us/securityadvisor/pest/pest.aspx?id=3266

... but as far as this particular one goes, you can't just snag a list of keys or whatever, from the CA site, shove it in a program, and call that a "detection". Especially given this is a legit control (and of course, both SpywareCease and Exterminate-IT, completely missing the copy of the original source code I have for this)

Dear MysteryFCM,

First of all I would like to thank you for your immediate feedback.
We have removed the Zlob.Fam false positive detection from our database - this is the detection which rules should be improved.

Zlob.Fam also uses scheduled jobs to re-infect the PC in timely manner. But definitely this is FP. We have removed it from database.

Right now about ServSax.A - this is questionable False Positive. But we have removed it from database. We never use the False Positive as road to purchase - that's for sure and all false positives were immediately removed from database in case of detection.

about ServSax.A and CA
This component has been used by several malware not only by ServSax,
And it was mentioned not only on CA website.

Let's make detailed analysis there:
Don't call it stupid - "non-infection". If malware installs legitimate component A without user's agreement on his PC and we define the "system cure" as restoring the system to the before-infection-state - then it is definitely an infection. But in this case we should detect such component as a part of the malware installation package and not as a standalone component.

What do you think about that?

All Disabled ... Entries needs to be shown - this is definitely the Hijack entries, and VERY OFTEN they are used by malware to make it's manual removal complicated and they also affect the user-OS interaction.

Just to show that every antimalware software has false positives – here is the False Positives list from the latest version of Malware Bytes from 05 Jan 2009:

Snowmint Creative Solutions – Windows Software Support
Website: http://www.snowmintcs.com
This is what they've detected: http://www.siteadvisor.com/sites/snowmintc...loads/15252048/

About CA detection - they also detecting this component:
http://www.ca.com/us/securityadvisor/pest/...px?id=453119996 (was removed today)
cached page in google: http://209.85.129.132/search?q=cache:vVv6Z...;cd=1&gl=uk

And here is detection log... Same situation ? CA -> MBytes ?

Malwarebytes' Anti-Malware 1.32
Database version: 1617
Windows 6.0.6001 Service Pack 1

1/5/2009 1:59:51 PM
mbam-log-2009-01-05 (13-59-49).txt

Scan type: Quick Scan
Objects scanned: 65360
Time elapsed: 6 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 13
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 17
Files Infected: 225

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\TypeLib\{169fbbf8-0478-42a4-b386-4f5b2cf9a98b} (Adware.AdMedia) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{40a9417f-f41e-40a2-baa5-fe0acb1cf8f8} (Adware.AdMedia) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c915f573-4c11-4968-9080-29e611fdbe9f} (Adware.AdMedia) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{24158a0e-da05-4591-ba7d-d85d801e3f11} (Adware.AdMedia) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{6c9ca10d-e604-47fb-a2f9-c9a013193609} (Adware.AdMedia) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{44eead9b-4eb1-4236-83bc-1273bb4b01ef} (Adware.AdMedia) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{fd96bc95-a0b9-4533-b0d3-8d47e9924d34} (Adware.AdMedia) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{4cc7b178-100e-4533-ba30-bdb668229bf9} (Adware.AdMedia) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{788c5a1b-3643-4e99-87df-e9e0c5b73691} (Adware.AdMedia) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{9512c7b2-2065-4774-a522-2effb4188331} (Adware.AdMedia) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{892f787f-b650-4a3e-aa5b-2b8021ce4d0a} (Adware.AdMedia) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a0b0e5ab-617c-4a7d-8a94-9937d24b6670} (Adware.AdMedia) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{b34ccd89-d1cd-4f9a-ba6c-936ba7f7a239} (Adware.AdMedia) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\WinBudget (Adware.AdMedia) -> No action taken.
C:\Program Files\WinBudget\bin (Adware.AdMedia) -> No action taken.
C:\Program Files\WinBudget\bin\de (Adware.AdMedia) -> No action taken.
C:\Program Files\WinBudget\bin\en-GB (Adware.AdMedia) -> No action taken.
C:\Program Files\WinBudget\bin\es (Adware.AdMedia) -> No action taken.
C:\Program Files\WinBudget\bin\fr (Adware.AdMedia) -> No action taken.
C:\Program Files\WinBudget\bin\it (Adware.AdMedia) -> No action taken.
C:\Program Files\WinBudget\bin\pl (Adware.AdMedia) -> No action taken.
C:\Program Files\WinBudget\Help (Adware.AdMedia) -> No action taken.
C:\Program Files\WinBudget\Help\images (Adware.AdMedia) -> No action taken.
C:\Program Files\WinBudget\plugins (Adware.AdMedia) -> No action taken.
C:\Program Files\WinBudget\plugins\Built In Icons (B&W).budgeticons (Adware.AdMedia) -> No action taken.
C:\Program Files\WinBudget\plugins\Built In Icons (B&W).budgeticons\Contents (Adware.AdMedia) -> No action taken.
C:\Program Files\WinBudget\plugins\Built In Icons (B&W).budgeticons\Contents\Resources (Adware.AdMedia) -> No action taken.
C:\Program Files\WinBudget\plugins\Built in Icons (Color).budgeticons (Adware.AdMedia) -> No action taken.
C:\Program Files\WinBudget\plugins\Built in Icons (Color).budgeticons\Contents (Adware.AdMedia) -> No action taken.
C:\Program Files\WinBudget\plugins\Built in Icons (Color).budgeticons\Contents\Resources (Adware.AdMedia) -> No action taken.

Files Infected:
C:\Program Files\WinBudget\Budget License - Windows.rtf (Adware.AdMedia) -> No action taken.
C:\Program Files\WinBudget\bin\BudgetAppIcon.ico (Adware.AdMedia) -> No action taken.
C:\Program Files\WinBudget\bin\BudgetControls.dll (Adware.AdMedia) -> No action taken.
C:\Program Files\WinBudget\bin\BudgetDocIcon.ico (Adware.AdMedia) -> No action taken.
C:\Program Files\WinBudget\bin\BudgetMainWindow.exe (Adware.AdMedia) -> No action taken.
C:\Program Files\WinBudget\bin\DevExpress.Charts.v8.1.Core.dll (Adware.AdMedia) -> No action taken.
C:\Program Files\WinBudget\bin\DevExpress.Data.v8.1.dll (Adware.AdMedia) -> No action taken.
C:\Program Files\WinBudget\bin\DevExpress.Utils.v8.1.dll (Adware.AdMedia) -> No action taken.
C:\Program Files\WinBudget\bin\DevExpress.Web.v8.1.dll (Adware.AdMedia) -> No action taken.
C:\Program Files\WinBudget\bin\DevExpress.XtraCharts.v8.1.Design.dll (Adware.AdMedia) -> No action taken.
C:\Program Files\WinBudget\bin\DevExpress.XtraCharts.v8.1.dll (Adware.AdMedia) -> No action taken.
C:\Program Files\WinBudget\bin\DevExpress.XtraCharts.v8.1.UI.dll (Adware.AdMedia) -> No action taken.
C:\Program Files\WinBudget\bin\DevExpress.XtraCharts.v8.1.Web.dll (Adware.AdMedia) -> No action taken.
C:\Program Files\WinBudget\bin\DevExpress.XtraEditors.v8.1.dll (Adware.AdMedia) -> No action taken.
C:\Program Files\WinBudget\bin\DevExpress.XtraGrid.v8.1.dll (Adware.AdMedia) -> No action taken.
C:\Program Files\WinBudget\bin\DevExpress.XtraLayout.v8.1.dll (Adware.AdMedia) -> No action taken.
C:\Program Files\WinBudget\bin\DevExpress.XtraNavBar.v8.1.dll (Adware.AdMedia) -> No action taken.
C:\Program Files\WinBudget\bin\dte80a.olb (Adware.AdMedia) -> No action taken.
C:\Program Files\WinBudget\bin\EnvDTE.dll (Adware.AdMedia) -> No action taken.
C:\Program Files\WinBudget\bin\EnvelopeMatrix.dll (Adware.AdMedia) -> No action taken.
C:\Program Files\WinBudget\bin\eSellerateControl365.dll (Adware.AdMedia) -> No action taken.
C:\Program Files\WinBudget\bin\eWebClient.dll (Adware.AdMedia) -> No action taken.
C:\Program Files\WinBudget\bin\eWebControl365.dll (Adware.AdMedia) -> No action taken.
C:\Program Files\WinBudget\bin\InstallBanner.jpg (Adware.AdMedia) -> No action taken.
C:\Program Files\WinBudget\bin\Interop.eWebControl.dll (Adware.AdMedia) -> No action taken.
C:\Program Files\WinBudget\bin\Interop.Import.dll (Adware.AdMedia) -> No action taken.
C:\Program Files\WinBudget\bin\MenuExtender.dll (Adware.AdMedia) -> No action taken.
C:\Program Files\WinBudget\bin\MessageBoxExLib.dll (Adware.AdMedia) -> No action taken.
C:\Program Files\WinBudget\bin\de\BudgetMainWindow.resources.dll (Adware.AdMedia) -> No action taken.
C:\Program Files\WinBudget\bin\en-GB\BudgetMainWindow.resources.dll (Adware.AdMedia) -> No action taken.
C:\Program Files\WinBudget\bin\es\BudgetMainWindow.resources.dll (Adware.AdMedia) -> No action taken.
C:\Program Files\WinBudget\bin\fr\BudgetMainWindow.resources.dll (Adware.AdMedia) -> No action taken.
C:\Program Files\WinBudget\bin\it\BudgetMainWindow.resources.dll (Adware.AdMedia) -> No action taken.
C:\Program Files\WinBudget\bin\pl\BudgetMainWindow.resources.dll (Adware.AdMedia) -> No action taken.

Exterminate It! ain't Rogue for sure.

Actually, there's more legit programs using scheduled jobs, than malicious one's. You should not have just detected the job file, but actually analyzed the file to determine whether indeed it was legit or malicious.

To successfully detect Zlob (and indeed, everything else), you MUST actually analyze it YOURSELF (or someone from your company). You can't just say "x uses y, so we'll detect y "cause it uses it".



Again, if you'd actually detected the source code (aswell as the compiled code) for it, in addition to the detection of it's registry keys, it would've been a little more understandable (though still an F/P), but you didn't. You snagged some keys off of the CA website, shoved it in your program, and called that a detection.

I do agree, if a legit file is installed as part of a malicious infection, it should still be removed. However, thats why you need to actually analyze the malware to begin with. More to the point, if it's a legit file, your program should reflect this (show it by all means, just don't call it an infection or malicious, when it isn't. Inform the user that it's legit but *could* be used by malicious programs)



We're not here to talk about other AM's, we're here to talk about yours.



Actually no. MBAM actually has guys (and gals) that actually analyze the malware themselves. But again, we're not here to talk about them, we're here to talk about yours.

Yep, but again, you've missed the point;

1. The particular ones your program detected have never in my experience, been related to malware

In actual fact, the ones your program detected, were done by Windows when I told it I didn't want those items displayed on the START MENU (they are NOT used to prevent display or access elsewhere)

2. You CANNOT just detect these because they *could* be used by malware. If they've been disabled by malware, chances are there will be other remnants of the actual infection present.
3. Sys admins use these as part of a group policy, to lock down network computers
4. Parents use these as a method of preventing their kids making changes to their computers

Point being, you can't just detect a legit reg key/file/whatever, because it *could* be used or have been used, by malware. If thats the reasoning of your detections for these - then by your own reasoning, you must also detect Windows itself!.

Dear Rorschach112,

Exterminate It! was designed for fast and effective Active infections removal.
It automatically choses which areas on active drive to scan. Only for Zlob Dns Changer trojan it will scan other non/active drives (this is only one known trojan that installs itself on all attached drives).

Choosing drives / folders functionality will be added in next versions.

About rootkit scannings:

Activated Exterminate It! version installs driver - which removes all hooks before scanning process. This includes the inline and SSDT hooks removal. The driver is used also for locked files removal. We are continuously improving the rootkit hooks removal process.

Update that covers the latest TDSServ along with latest Goldun rootkits is on the way.
First one cannot be removed with Malware Bytes, second one cannot be detected by them.

So it's up on you what tool to choose,

Dear MysteryFCM,

You name Exterminate It! rogue because of false positives. That's why I've mentioned Malware Bytes with their False Positives.
Thank you for mentioning that we need to analyze the job file - how do you think malwarebytes executable was detected along with its related jobs ?

Right now with your responses it can be easily seen on which side you are playing.
Trojan activities analysis is usually performed with simple sandboxes or even uninstall tools (i.e. Total Uninstall) and cannot be compared by complexity with rootkits analyzing (this usually requires disassembling) - and we have enough expertise to do both.

We provide Disable ... items only to show users that their activities are disabled. And this is definitely Hijack. Why changing the home page is also called hijacking? And sometimes it is detected by antimalware tools as well?

Have you tried to contact the Rogue companies before adding them to your list?
Are they reacting same way we do? Please share your experience.

Dear MysteryFCM,

Please remove us from your hosts file. This is a mistake - Exterminate It! is legitimate antimalware application and not a Rogue.

Thank you

Actually no. False positives as a goad to purchase is why your sites were listed. Every program has F/P's, irrespective of whether it's malicious or not as everyone is prone to mistake. It's what those F/P's are and what they indicate that are important.

If you'd read my response properly you'd have seen my concerns.



I didn't write your program, so have no idea how it detected the MBAM executable aswell. Though it does beg the question of why, if it detected MBAM, did it miss everything else related to MBAM?

Lets look at the job file though shall we? How exactly was that job file detected by your program?

1. If this job file was detected because of it's file type - your program has a problem
2. If this job file was detected because of a signature - your analysts have a problem
3. If the MBAM executable was flagged as a trojan, SOLELY because it appeared in the .job file - your analysts and your company's developers, have a problem



I'm playing for the good guys, always have been.



If this was the case, you wouldn't have pointed me to the CA site as the reason for flagging the DNS COM.

Nope, I've neither the time nor resources to do this.



Actually, legit or malicious - they all respond the same way.

Only for testing purpose my scan results:

I already work 18 hours a day and don't have the time to deal with never ending threads so lets cut to the chase .

I did a scan and your software wants $ to remove what it has found , this is unconscionable . If the user has malware that will capture their payment information then you have just traded a couple of bucks for potentially destroying their credit .

If you want even one more second of time on this forum you will do one of the following :

Allow removal for free (there is nothing wrong with even a 5 day trial for this , hell a 1 day trial is better than typing your credit card # into an infected machine) .
Prevent an infected scan result from allowing a user to make a purchase online (I do not care how you go about preventing this) .

I don't want hear one word about hurting your sales or other BS because as you can tell with 5 seconds of research on google that in one year MBAM has made a place for itself all the while handing out a fully functional removal tool for free .

Agreed, if I had Zlob of all things present on my PC the LAST thing I would ever do is type in any passwords, credit card numbers or any other sensitive info, as that's the type of stuff those trojans are designed to STEAL. Companies making software like this need to consider whether or not they're actually helping people, or just concerned with profits no matter who gets hurt (including their own potential customers).

Couldn't agree more guys

I have one question that nobody seemed to have asked...

Why no logfile created by this program? Why do I have to resort to a screen shot?

Been wondering that myself ....

Look here to retrieve log files C:\Program Files\Exterminate It! if downloaded and $activated$

hxxp://www.exterminate-it.com/help

Also once the program is installed and/or removed, your redirected to their thankyou and/or survey page automatically, which I Do Not like one bit. This program tends to want to control your computer.

I have to activate it to get a logfile? Hmm.. Other than here, where is there mention that they'll fork over a key to try it out for a week?

Does this help you! notice the date

However contemptuous i may be of the criminals behind the 'Rogues' at least the fight is a little more honest. With few exceptions they tend not to claim to wear white hats and don't bleat when they get nailed. I can't recall receiving a request from the RBN to help 'beta-test' their latest scam so they can make even more profit. For what it's worth i don't necessarilly agree with many of the conclusions expressed in this thread but i'm bound to ask the question..if i can take bus into town for free, why would i pay to walk? (it's snowing btw)