Jump to content


Photo

Systweak Antispyware 2008


  • Please log in to reply
20 replies to this topic

#1 fredvries

fredvries

    Elite Member

  • Experts
  • PipPipPipPipPip
  • 724 posts
  • Gender:Male
  • Location:Harlingen - The Netherlands
  • Interests:

Posted 28 December 2007 - 07:54 AM

Systweak Antispyware 2008

> systweakantispyware.com
> systweakantispyware2008.com
> systweakantispyware2009.com
[]www.pdd-nos.nl
[]www.pdd-nos.be
[]www.pdd-nos.com

#2 sho-dan

sho-dan

    कैंसर योद्धा

  • Malware Hunters
  • PipPipPipPipPipPip
  • 3,227 posts
  • Gender:Not Telling
  • Location:Jah Jersey Shore

Posted 30 December 2007 - 02:57 PM

I was going through this Thread and said member has beta tested this Systweak Antispyware 2008(results not publish), which I ran a test with it and MBAM picked it up right away as a rouge.
Malwarebytes' Anti-Malware Version 0.84
Database version: 236

Scan type: Quick Scan
Objects scanned: 15648
Time elapsed: 1 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Systweak AntiSpyware 2008 (Rogue.Antispyware) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Owner\Desktop\antispyware.exe (Rogue.Antispyware) -> Quarantined and deleted successfully.

#3 SystweakAntiSpywareTeam

SystweakAntiSpywareTeam

    New Member

  • Members
  • Pip
  • 5 posts
  • Gender:Male

Posted 31 December 2007 - 02:05 AM

hi,
Being a member of the Systweak AntiSpyware Team, I hereby confirm that we have developed Systweak AntiSpyware 2008 after a research of 3 years. Our company Systweak Inc, is one of the biggest product developing companies in South-East Asia. We at Systweak AntiSpyware take great care and have one of the biggest labs to detect spyware. I assure that Systweak AntiSpyware being detected as Rougue by Malware Bytes Anti-Malware is a False-Positive in their detection. We are already having talks with Malware Bytes to remove Systweak AntiSpyware 2008 from their detection list. Hope, this would clarify all your doubts.

Regards,
Systweak AntiSpyware Team


I was going through this Thread and said member has beta tested this Systweak Antispyware 2008(results not publish), which I ran a test with it and MBAM picked it up right away as a rouge.
Malwarebytes' Anti-Malware Version 0.84
Database version: 236

Scan type: Quick Scan
Objects scanned: 15648
Time elapsed: 1 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Systweak AntiSpyware 2008 (Rogue.Antispyware) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Owner\Desktop\antispyware.exe (Rogue.Antispyware) -> Quarantined and deleted successfully.



#4 RubbeR DuckY

RubbeR DuckY

    Marcin

  • Root Admin
  • PipPipPipPipPipPip
  • 4,148 posts
  • Gender:Male

Posted 31 December 2007 - 01:05 PM

I will look into this. These guys are Microsoft certified.
Marcin Kleczynski
Chief Executive Officer



Follow us: Twitter, Become a fan: Facebook

#5 SystweakAntiSpywareTeam

SystweakAntiSpywareTeam

    New Member

  • Members
  • Pip
  • 5 posts
  • Gender:Male

Posted 01 January 2008 - 01:31 AM

Hi

Thanks. How do you consider a program as a rouge. Are there any set of rules or test cases for classifying the program as rogue. It was a dissapointment for us, as we do not try to afraid user or do such tactics. We have a dedicated Spyware Information Library at www.spywarelib.com, which is linked directly into the program. We have 1.2 million malware files in our repository. Besides a full set of lab to do automatic and manual analysis. Each analysis is passed through three phases out of which two are human verification to minimize any chance of False Positives. Our Genuine software library is almost 10 TeraBytes covering all softwares released since 2005.

Thanks again. Wishing you all a very happy new year.

#6 Guest_remixed_*

Guest_remixed_*
  • Guests

Posted 01 January 2008 - 08:30 AM

Whatever my reservations concerning 'Systweak AntiSpyware' are, i certainly do not consider the product as 'suspect' or 'rogue'. The company itself is respected and well established. Any of the commonly applied criteria for judging security software e.g http://spywarewarrio...re.htm#criteria do not apply. The principle issue, in my view, is one of false or mis-detection which is hardly unique (WinPatrol seems to be a common victim). To this day Kaspersky A.V flags 'Site Advisor' as a generic Trojan! Let's concentrate on the real bad boys, there's no shortage. Happy new one to all.

#7 fredvries

fredvries

    Elite Member

  • Experts
  • PipPipPipPipPip
  • 724 posts
  • Gender:Male
  • Location:Harlingen - The Netherlands
  • Interests:

Posted 02 January 2008 - 08:57 AM

I would agree with the above posters in concluding that Systweak AntiSpyware should probably not considered rogue.

One remaining problem, however, is that SiteAdvisor tells us that the site hasn't been tested yet. My question therefore is: how can a company be well established when the site itself is new?
[]www.pdd-nos.nl
[]www.pdd-nos.be
[]www.pdd-nos.com

#8 SystweakAntiSpywareTeam

SystweakAntiSpywareTeam

    New Member

  • Members
  • Pip
  • 5 posts
  • Gender:Male

Posted 02 January 2008 - 01:14 PM

Mcafee SiteAdvisor is slow to respond and takes time to update. We had a link to a website which was Red as per SiteAdvisor and it will take 45 *BUSINESS* days to update. No options just to wait.

#9 RubbeR DuckY

RubbeR DuckY

    Marcin

  • Root Admin
  • PipPipPipPipPipPip
  • 4,148 posts
  • Gender:Male

Posted 02 January 2008 - 01:19 PM

I have already long concluded that this is not rogue. The fact is, this forum is for ROGUEREMOVER only. This means that this software is NOT included in the database. As for MBAM, we are doing a full database overhaul. As I told you in e-mail, it is still a beta program and your software will be removed from the database once I get ahold of Bruce.

I will give you a few hours to reply to this thread, then I will delete it to preserve your reputation as many people visit this site and see things like this and get scared away. Let me know when it is ok to delete.
Marcin Kleczynski
Chief Executive Officer



Follow us: Twitter, Become a fan: Facebook

#10 MysteryFCM

MysteryFCM

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 5,390 posts
  • Gender:Male
  • Location:Tyneside, UK

Posted 02 January 2008 - 01:23 PM

I will look into this. These guys are Microsoft certified.


Bear in mind that becoming Microsoft Certified doesn't take much ...... you've just got to pay Microsoft for that to happen B)

Gonna try this one myself though as I've got reservations based on a couple things I've seen thus far .....

Steven Burn

Malware Intelligence Analyst


staff.png

Follow us: Twitter, Become a fan: Facebook


#11 MysteryFCM

MysteryFCM

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 5,390 posts
  • Gender:Male
  • Location:Tyneside, UK

Posted 02 January 2008 - 02:47 PM

Would I classify it as a rogue? definately ....

Not only did it completely miss the folder I've got on the HDD thats dedicated to malware samples, but it also identified 70+ "threats" on my machine that don't exist ...

Video + TUN log (20MB)
http://hosts-file.ne...yware020108.zip

Steven Burn

Malware Intelligence Analyst


staff.png

Follow us: Twitter, Become a fan: Facebook


#12 RubbeR DuckY

RubbeR DuckY

    Marcin

  • Root Admin
  • PipPipPipPipPipPip
  • 4,148 posts
  • Gender:Male

Posted 02 January 2008 - 03:21 PM

I retract all of my previous statements. I just tested the product, FALSE POSITIVES, FORCEFUL ADVERTISING were both present in the software.

1. Immediately after I installed the software, a popup arrived telling me I have spyware and need to remove it.
2. Ran a quick scan, I was immediately presented with false positives and wrongful detections. These weren't even small detections such as registry keys. These were critical system files.

Malware.Agent.u (Generic Malware )
Status : No Action taken
Infected files detected
FileName: f:\ntldr.sys

Cookie.USPS (Tracking Cookies)
Status : No Action taken
Infected Cookies
F:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Cookies\marcin@usps[2].txt

Cookie.Tracking-Cookie (Tracking Cookies)
Status : No Action taken
Infected Cookies
F:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Cookies\marcin@www.regnow[2].txt
Marcin Kleczynski
Chief Executive Officer



Follow us: Twitter, Become a fan: Facebook

#13 RubbeR DuckY

RubbeR DuckY

    Marcin

  • Root Admin
  • PipPipPipPipPipPip
  • 4,148 posts
  • Gender:Male

Posted 02 January 2008 - 03:32 PM

Although these are just false positives and there is no actual 'hijacking' present, we cannot call this software 'rogue'. All antispyware utilities have false positives, albeit not this severe. Once SysTweak fixes those false positives we will take another look at the software.
Marcin Kleczynski
Chief Executive Officer



Follow us: Twitter, Become a fan: Facebook

#14 MysteryFCM

MysteryFCM

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 5,390 posts
  • Gender:Male
  • Location:Tyneside, UK

Posted 02 January 2008 - 04:08 PM

Little misleading ...... no?

http://www.systweakantispyware.com/spyware-cleaner-downloads.asp

Their FAQ is a little misleading too;

http://www.systweakantispyware.com/faq.asp

Specifically;

Why Antivirus and Firewall are not so effective on Spyware?
How do these spyware enter into the system?

Additionally, though the FAQ mentions the scheduling can be done, it makes no mention that it's done automatically (WinPatrol notified me it had tried to set such after I stopped recording - it didn't ask me)

I'd also recommend reading over their privacy policy .....

..... but perhaps I'm too picky B)

Steven Burn

Malware Intelligence Analyst


staff.png

Follow us: Twitter, Become a fan: Facebook


#15 SystweakAntiSpywareTeam

SystweakAntiSpywareTeam

    New Member

  • Members
  • Pip
  • 5 posts
  • Gender:Male

Posted 03 January 2008 - 02:03 AM

Dear Rubber Ducky and MysteryFCM,

I'll respond to each of your posts here Separately.

1) Answers to posts by MysteryFCM

- You cannot be a Microsoft Gold Partner just buy paying them. There is a long procedure, your employees need to be Microsoft Certified and you need to clear a lot of exams for that. You must provide with customer feedbacks. If it had been that easy everyone would have done that. Please go ahead and check the procedures it took us 2 years to become Microsoft gold partner.

- I just checked the movie you uploaded.
Regarding the pop- up alerts, its a responsibility of a AntiSpyware to show an alert if it finds any entry to the browser's trusted sites. If you consider it to be a genuine website you can allow it and that alert won't come again. It needs to be shown because many home users who are actual Spyware victims do not know all this and they need to be shown an alert. You know by adding a website to trusted site what privileges it actually gains and most spywares try to add themselves to trusted zones.

-Regarding the Scan results: Tight VNC, Ultra VNC what you think are these ? if I install a VNC on any PC and the user does not actually knows ..you better know what I can do to that machine.
If you know what you are doing these are not Spywares but if you don't know any one can take advantage. It is a AntiSpyware's responsibility to detect them and we show them as a low threat and recommend to ignore them. These are Spywares hence we detect them.

- You have a folder full of Spywares and it didnt detected them : By default Systweak AntiSpyware only scans System drive, you can go to settings and specify the drives you wanna scan.
Spyware Setups lying on a PC are harmless untill they are installed ..and if installed they'll obviously make entries to registry and System drive. Try Scanning the drive which contains your malware folder and Systweak AntiSpyware will definitely detect it.

- The faqs are totally based on our Analysis. Though we make a entry to windows scheduler but no scan is automatically scheduled.


2) Answers to posts by RubberDucky

- FileName: f:\ntldr.sys (I dont know what is this file doing on f drive even if it is a system drive). Just try to search a bit about this file on google and you'll get to know why was it detected.
I'll request you to Export the Systweak AntiSpyware log and upload it here, it also contains MD5 of the files, after reading the log I'll be able to explain what it detected and why.
Regarding cookies we track most tracking cookies and recommend to ignore them. This is just to notify users in case they do not know.

Spywares are based on user discretion, everyone has a different perspective. For Us anything which can lead to any information steal from a user's PC is a Spyware.
I agree to the fact that despite of many checks there might be some FP(s), and we fix them with in 24 hours of recognition.

I hope my post answers your post.
Good Day!

Systweak AntiSpyware Team

#16 MysteryFCM

MysteryFCM

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 5,390 posts
  • Gender:Male
  • Location:Tyneside, UK

Posted 03 January 2008 - 03:00 AM

- You cannot be a Microsoft Gold Partner just buy paying them. There is a long procedure, your employees need to be Microsoft Certified and you need to clear a lot of exams for that. You must provide with customer feedbacks. If it had been that easy everyone would have done that. Please go ahead and check the procedures it took us 2 years to become Microsoft gold partner.


That was my mistake (I'd misread their site when I registered as a partner (didn't have to do any exams or such)).

- I just checked the movie you uploaded.
Regarding the pop- up alerts, its a responsibility of a AntiSpyware to show an alert if it finds any entry to the browser's trusted sites. If you consider it to be a genuine website you can allow it and that alert won't come again. It needs to be shown because many home users who are actual Spyware victims do not know all this and they need to be shown an alert. You know by adding a website to trusted site what privileges it actually gains and most spywares try to add themselves to trusted zones.


I'd not tried to load the site's it mentioned however, nor had I any running programs that would do such (the internal IP it showed was the actual machine's IP, and that is already listed under the Local Intranet zone) ..... further to this, your program also immediately followed up the "warnings" and asked for payment to block the "probable" spyware.

-Regarding the Scan results: Tight VNC, Ultra VNC what you think are these ? if I install a VNC on any PC and the user does not actually knows ..you better know what I can do to that machine.
If you know what you are doing these are not Spywares but if you don't know any one can take advantage. It is a AntiSpyware's responsibility to detect them and we show them as a low threat and recommend to ignore them. These are Spywares hence we detect them.


Again, your program detected 70+ "infections". None of which are installed on the machine that was scanned (UltraVNC's setup is on there but it's not installed, I've never downloaded TightVNC to that machine, nor installed it on it - and I've never even heard of "TeamViewer" let alone ever installed it)

- You have a folder full of Spywares and it didnt detected them : By default Systweak AntiSpyware only scans System drive, you can go to settings and specify the drives you wanna scan.


If thats the case, your program should mention that before the scan starts ..... malware is more than capable of spreading over drives/partitions B)

Spyware Setups lying on a PC are harmless untill they are installed ..and if installed they'll obviously make entries to registry and System drive. Try Scanning the drive which contains your malware folder and Systweak AntiSpyware will definitely detect it.


I'll have it scan the folder once I've posted this, but as far as the spyware setups, it's not just installers I've got on there :) (there's also script samples and the likes)

- The faqs are totally based on our Analysis. Though we make a entry to windows scheduler but no scan is automatically scheduled.


#1. Your program should mention it is going to add such, it should not try doing it automatically

#2. The problem I've got with the FAQ is as bolded below.

Why Antivirus and Firewall are not so effective on Spyware? Top


Spyware can easily enter into your computer in the form of Plug-ins. Since the widely used application like Internet Explorer supports Plug-in, Spyware can easily add them as a service to this application. Firewall installed on your computer allows all traffic to Internet Explorer, so it cannot prevent Spyware getting into your computer.


I don't know of any firewall that automatically allows all traffic to IE without also requiring explicit permission for addons and such that get installed (via whatever means). Any firewall that did do that would be jumped on in a heart beat by the security community. ....... and why do you only mention IE? (it's not the only shell to have malware created for it)

Whereas, Antivirus looks for such programs that can duplicate themselves in multiple copies, once it is installed or downloaded as executable code or document. Therefore, the basic purpose of antivirus is totally different and cannot track infectious Spyware on your computer.


Firstly, antivirus programs do detect spyware (NOD32, Symantec, Kaspersky et al - they all detect and remove it). Secondly,

Secondly, antivirus programs do not only detect malware that duplicates itself - what about trojans, file infectors and the like?

How do these spyware enter into the system? Top

These programs usually get installed during surfing Internet or downloading of freeware programs from the internet. The user does not even get a hint about spyware infecting his computer. Advertising companies promote coders to put these types of programs into their applications with the intention to exploit the users information gathered by them.


Again, firstly, that statement is an insult to those of us that develop freeware (freeware does not come with any such rubbish, those that do are anything but freeware). Secondly, I don't think the advertising companies will take too kindly to the second part of your statement (most advertising companies hate malware as much as we do).

Finally, your program claims to be a trial version - something it most definately is not (trial versions are fully functional - removal included)

Steven Burn

Malware Intelligence Analyst


staff.png

Follow us: Twitter, Become a fan: Facebook


#17 MysteryFCM

MysteryFCM

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 5,390 posts
  • Gender:Male
  • Location:Tyneside, UK

Posted 03 January 2008 - 03:01 AM

Apologies if I've missed anything - it's 0800 and I've had no sleep ........

Steven Burn

Malware Intelligence Analyst


staff.png

Follow us: Twitter, Become a fan: Facebook


#18 MysteryFCM

MysteryFCM

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 5,390 posts
  • Gender:Male
  • Location:Tyneside, UK

Posted 03 January 2008 - 12:45 PM

Just woke up to see the following PM;

Hi

Can you send us log to srana@ systweak.com.

Pls goto Main Window->Spyware Scan -> Logs -> Export Log.

Log will be saved as HTML file.

Thanks

Shrishail Rana


Got an hpHosts release to do first as I'm away again tomorrow for the weekend, so will get round to it later ....

Steven Burn

Malware Intelligence Analyst


staff.png

Follow us: Twitter, Become a fan: Facebook


#19 SystweakAntiSpywareTeam

SystweakAntiSpywareTeam

    New Member

  • Members
  • Pip
  • 5 posts
  • Gender:Male

Posted 04 January 2008 - 01:13 AM

Dear MysteryFCM

You should have basic courtsy not post private email address in public forums

#20 MysteryFCM

MysteryFCM

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 5,390 posts
  • Gender:Male
  • Location:Tyneside, UK

Posted 04 January 2008 - 01:28 AM

Not sending the PM would have been courteous aswell B) (the discussion was in public, and it should've stayed that way)

/edit

Which reminds me .... I uninstalled the app after the test I video'd, and there doesn't appear to have been a log?? (you might want to have it create one without it requiring exporting)

Steven Burn

Malware Intelligence Analyst


staff.png

Follow us: Twitter, Become a fan: Facebook





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users