dadkins
Can you do Blu?
Premium,MVM
join:2003-09-26
Hercules, CA
 ·Comcast
1 edit | reply to gate1975mlm
Re: Ad-aware SE Personal Edition 1.05?????
Ad-Aware scan with full installation of BearShare | 
#2 Ad-Aware | 
72 WhenU entries | 
91 BearShare entries | 
Scan summary of full installation | 
Uninstallation of BearShare | 
Uninstallation of BearShare | 
Save is still in A/R Programs after uninstalling BearShare | 
Too bad it errors out! | 
Huh? I AM Admin! |
After the last little test I did, I simply reimaged back to a sterile system. 
Just made another sterile image before this round. I installed BearShare again. Did a couple of scans with MS Anti-Spyware after a scan with Ad-Aware(Ad-Aware found 7 items, 3 ignored cokies and 4 "bad" cookies... removed "bad" cookies).
First scans were with BearShare fuly installed with WhenU in all it's glory. Ad-Aware was lacking, MS AntiSpyware did a bit better.
Continued in next post(there is more to come). |
|
dadkins
Can you do Blu?
Premium,MVM
join:2003-09-26
Hercules, CA
·Comcast
| 
After trying to uninstall from A/R Programs 23 WhenU | 
29 BearShare | 
Summary of AFTER Uninstalation from A/R Programs | 
Supplied WhenU Remover From Lavasoft | | 
Ya think? | | 
Reboot to remove files inuse | |
Now to scan AFTER using WhenU Remover from Lavasoft and a reboot. See my next post(s). |
|
dadkins
Can you do Blu?
Premium,MVM
join:2003-09-26
Hercules, CA
·Comcast
1 edit | 
20 registry entries left AFTER running WhenU Remover from Lavasoft | 
29 BearShare |
BearShare uninstaller left 29 entries, Save uninstaller in Add and Remove Programs errors out.
WhenU Remover from Lavasoft fails to remove 9 loader entries from the registry.
Conclusion, Lavasoft droped the ball on this one... what else should we expect?
I still have and run Ad-Aware weekly, but it is FAR from having my trust as it once had.
YMMV.
Be back in 15 minutes, need to re-image my "C" drive.
Take care everyone!
David |
|
BillRoland
Premium
join:2001-01-21
Ocala, FL
clubs:
·Cox HSI
| Surely you're wrong dadkins  , WhenU promises to be nice, and Lavasoft said they were nice too! What a joke. Be on the lookout for the new TAC and even more weak definition files in the next build of Ad-UNaware
--
"Don't steal. The government hates competition." |
|
britishrapto
Premium
join:2002-03-12
| reply to dadkins
said by dadkins :WhenU Remover from Lavasoft fails to remove 9 loader entries from the registry. Conclusion, Lavasoft droped the ball on this one... what else should we expect? The loader entries may remain, but what about the files they're supposed to load? It's very messy to leave the registry entries lying around, but they're useless without the associated files they're supposed to run.
This has always been Ad-Aware's method of operation: kill off the primary offending files, and forget about the underlying support structure.
Is this a good or bad way to do business? On the one hand, the nasties are disabled using a very easy detection method. This method will work across multiple versions of a piece of malware; often between versions, how the file is referenced in the registry changes, but the contents of the primary file is still detectable using the older definitions. Thus, time is saved for fighting other new threats rather than slight mutations of old ones.
On the other hand, it is a very messy approach which could possibly eventually destabilize a system due to programs trying to load dll's that no longer exist.
Hence why I and many others have never relied on a single detection program. They all detect in different ways, and therefore detect different aspects of the same program.
The point: just because some registry entries remain does not mean that Lavasoft is still trying to screw us over. From the screen shots you've posted, WhenU seems to be effectively, if messily disabled. Ad-Aware (and its secondary side program for WhenU removal) seem to me to be functioning as it always has.
Perhaps the way it has always functioned would have been unacceptable to many, if they had known. |
|
Kayrac
Premium
join:2001-09-29
Rochester, NH | also looks to have left the installer in the temp files, would suck to accidently re-install it :P |
|
Bubba
GIT-R-DONE
Premium,MVM
join:2002-08-19
Around, Us
·Comcast
| reply to britishrapto
said by britishrapto :
This has always been Ad-Aware's method of operation: kill off the primary offending files, and forget about the underlying support structure.
That has been my understanding all along....even if we were speaking of Spybot....and could definetly fill up a few pages of discussion I'm sure....in regards to are these cleaning programs removing enough ?
Below is what Lavasoft's WhenUremover deleted as far registry keys\values concerning a WhenU variant(WeatherCAST) install:
• Keys deleted
HKCR\wuse.1
HKCR\wusn.1
HKLM\software\microsoft\windows\currentversion\uninstall\weathercast
HKLM\software\whenusearch
HKLM\software\whenusearch\Partners
HKLM\software\whenusearch\Partners\weathercast
• Values deleted
HKCU\software\microsoft\windows\currentversion\run\WeatherCast
HKLM\software\microsoft\windows\currentversion\run\WHenUSearch |
|
Spy
Premium
join:2001-09-22
NE
| reply to BillRoland
said by BillRoland :Be on the lookout for the new TAC and even more weak definition files in the next build of Ad-UNaware Or Un-daware.:) |
|
dadkins
Can you do Blu?
Premium,MVM
join:2003-09-26
Hercules, CA
1 edit | reply to Bubba
Looks as if the WhenU Remover removed 3-4(my count may have been off by 1) items that were left over from uninstalling BearShare on my little test. Too bad it left 20 others. |
|
Bubba
GIT-R-DONE
Premium,MVM
join:2002-08-19
Around, Us
·Comcast
3 edits | said by dadkins :
Looks as if the WhenU Remover removed 3 items that were left over from uninstalling BearShare on my little test. Too bad it left 20 others.
As I said above....to me it asks the question....what is the defintion of remove when it comes to this WhenUremover(WUR) stand alone cleaner....or in the case of Spybot....what it found and cleaned(which was less than Lavasoft's WhenUremove) ?
I feel Britishrapto touched on it above....and I'm sure there are many that have known all along that these Anti-spyware removers only kill off the primary offending files ?
Personally....I'm very satisfied with what Lavasoft's WUR did along with what Spybot accomplished. What I'm not satisfied with is how much my InCtrl5 log shows of what the WeatherCAST uninstaller left behind. Of course I went into it feeling confident it would not clean up after itself 
Edit:lol....are you thru editing Dadkins so I can quote you correctly  |
|
Corrine
Premium
join:2004-08-27
| reply to dadkins
said by dadkins :Hi Corrine! Thank you Corrine, for your time and effort through all of this! David You're welcome. I certainly can say that it has been interesting meeting all of you. I wish I had all the answers, but I don't. All I can do is try. (Besides, for every answer I come up with, this forum is so active, that you have 50 more questions or comments!)
As to the proper method of removal? Actually, I obtained the information regarding using PCHell and Symantec's procedures from a highly trusted MS MVP . Regarding the comment someone made about the installation file still being in the Temp folder, well, come on. You all have spent enough time in the security forum(s) to know what the first thing is that users are told to do -- clean the temp folders, cookies, cache, download files; use CCleaner or a similar product.
You know you are all right -- there is no one product that is 100% perfect. There are too many variants for that to be the case. Not every software will work on every computer either as there is no way of testing each software on the market with every possible configuration.
The bottom line is that there are some excellent programs available, some for free, others licensed. The important thing is to get the word out to the fools who think they can click every popup, install every program that comes along, open every email attachment and continue on their merry way. It just ain't gonna happen. They will be infected and will need help. All we can do is hope that they come here or to another ASAP member site to get trusted advice.
--
Corrine, Lavasoft Forum Administrator |
|
Grail Knight
Who Dares Wins
Premium
join:2003-05-31
 ·Verizon Online DSL
| quote:
Corrine:
-- there is no one product that is 100% perfect.
I agree about nothing being 100% perfect, but IMHO a tool that you thought was helping decides not to give a 100% and instead only gives you 95% is a tool not worth having around the tools giving it their all".
--
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.6) Gecko/20050226 Firefox/1.0.1 (Stipe)Thunderbird version 1.0.1 (20050305) Aviary |
|
owenhome
keeper of the magic blue smoke
Premium
join:2002-07-13
Bentonville, AR
3 edits | reply to gate1975mlm
1.05 is fine.
I must say, I would be far, FAR more satisfied with Adaware if they would/could do a better job with WinTools and VX2, even if I had to live with WhenU. Adaware can't do squat with either. WinTools, and some VX2 variants, are both active in Safe Mode and mop the street with Adaware. Thankfully, WinTools has a functional un-installer (A/R Programs), but VX2 has been the bane of my existence for the past few months. VX2 is IMPOSSIBLE to remove for the standard home user with 0 skills, and only one computer.
BUT, that doesn't make the news. That doesn't get a gillion posts of outrage. It's just, "oh well".
WhenU may be a pain, but when you get down to it, it's only adware. Granted, Adaware dropping adware is rather comical, but WhenU is still pretty much harmless.
I don't really care about WhenU. Adaware can't be trusted on it's own anyway. You have to use it with S&D, MSAS, and HJT to have good coverage, and both S&S and MSAS catch WhenU. So, there you go!
Adaware does a pretty decent job with the real threats. I could live with a few popups if it means the Russian Mafia doesn't get my CC number. Course, I wouldn't be getting the popups anyway because I know what works.
Come up with a proggy that has the detection capabilities of Adaware, S&D, MSAS, NAV, AVG, and an editor like HJT, and you will have my business, my business's business, my friend's business, and all of my client's business. It's not like we are asking for the world here. It's being done RIGHT NOW with a combination of programs, so there is NO REASON why there shouldn't be a program with that level of functionality and dependability.
A tool...... If I had a hammer that the head fell off of once every 10 times I used it, it would be in the garbage in short order.
If I had a car that blew up once every day, I'd get a different car.
If GE made a toaster that only electrocuted 1 out of every ten people who used it.....
If 1 out of every 10 American Airlines jets crashed......
Come on!
It SHOULD be 100%, all the time, every time!
--
Never argue with a fool, people might not know the difference. |
|
Kayrac
Premium
join:2001-09-29
Rochester, NH | you'd get sued by all those companys, well atleast msas, and nav :P |
|
owenhome
keeper of the magic blue smoke
Premium
join:2002-07-13
Bentonville, AR
| Nah.........
All they would have to do is send a cease and desist letter. Then you would kill all of the functionality of the program to satisfy the sender.
Then you would have a proggy that doesn't do squat. But, it still has a "paid" version that poor saps buy without knowing any better. And of course, you would do NOTHING about it while you tell everybody "it's being handled".
And, as soon as that happened, it would be all over the forums, everyone would be hurt and outraged. Everyone would hate you for "pulling a fast one".
It would be this big conspiracy, that would go on for days, and nobody would trust you again.
Oh......wait.......
OOOOPS
hehe
--
Never argue with a fool, people might not know the difference. |
|
