CounterSpy... Detect 2 more spyware than others?!?

Toggle sidebar Toggle sidebar
W

WaiWai

Senior member
Jul 13, 2004
283
0
0
CounterSpy... Detect 2 more spyware than others?!?

Hi.
I have downloaded CounterSpy as a trial test since it is said it can detect the newest and dangerous keylogger (Srv.SSA-KeyLogger).

Having a full scan, I didn't find this dangerous keylogger ( :p ). Instead it managed to find 2 insidious spyware.

1) AB System Spy
File Name & Location:
C:\EA GAMES\The Sims 2\TSBin\ijl15.dll
C:\EA GAMES\The Sims 2 University\TSBin\ijl15.dll
Size: 344 KB

2) Ace Password Sniffer 1.1
File Name & Location:
C:\Program Files\WinPcap\NetMonInstaller.exe
C:\Program Files\WinPcap\rpcapd.exe
C:\WINDOWS\system32\drivers\npf.sys
Size (in ascending order):
- 06.50 KB
- 84.00 KB
- 32.10 KB

At first sight, CounterSpy looked great. It detected 2 more spyware which others like MS Anti-spyware and ZoneAlarm couldn't.

However think twice, it seemed to be false positives/claims.
I need confirmation.
Can anyone confirm if they are spyware?
Or does anyone know how to confirm
 
S

sciencewhiz

Diamond Member
Jun 30, 2000
5,885
8
81
WinPcap is a legitimate network capture library. It is used by programs such as ethereal. It also has apparently been used by several different types of malware. The presence of WinPcap isn't necessarily bad, you need to find out what is using it.
 
W

WaiWai

Senior member
Jul 13, 2004
283
0
0
I don't know why it was installed. Probably it was bundled by another software and the software installed it.
Also there are more than 1 person who will use this computer. So it may be done by others.

How can I set when it is first installed?
What's the use of WinPcap?
How can I determine if I need this or not?


The following is what "WinPcap" folder contains:
File/Folder Name..............Modify Date.............Create Date
WinPcap..........................N/A.........................22 May, 2005
daemon_mgm.exe...........14 May, 2004...........14 May, 2004
INSTALL.LOG...................22 May 2005.............22 May 2005
npf_mgm.exe..................14 May 2004.............14 May 2004
Uninstall.exe...................30 Aug 2003.............22 May 2005

Note: The "infected" files are quarantined, so they are not included.

The strangest thing is why "Uninstall.exe" can be created at 22 May 2005, but modified at 30 Aug 2003. I haven't change the date/time of the system clock. Really strange?!?
 
W

WaiWai

Senior member
Jul 13, 2004
283
0
0
Originally posted by: igowerf
The first one seems to just be jpg libraries for the game. The second one is documented on Symantec's website.

http://securityresponse.symantec.com/avcenter/venc/data/spyware.spy4pc.html

It sounds like some pretty bad spyware too, but it has to be manually installed. How did you manage to get that installed on your computer?
Click to expand...


I'm confused.
Yes, NetMonInstaller.exe is included, but not others.
I have tried to search for its tracks. However it seems they aren't there.


# %UserProfile%\Start Menu\Programs\SPY4PC\Spy4PC Info.lnk <--not here
# %UserProfile%\Start Menu\Programs\SPY4PC\Spy4PC.lnk <--not here
# %UserProfile%\Start Menu\Programs\SPY4PC\Uninstall Spy4PC.lnk <--not here
# %UserProfile%\Application Data\sfpc.dat <--not here
# %UserProfile%\Desktop\Spy4pc Info.lnk <--not here
# %ProgramFiles%\WinPcap\NetMonInstaller.exe <--Yes, here!
# %System%\gi44.tmp <--not here
# %System%\gi45.tmp <--not here
# %System%\gi46.tmp <--not here
# %System%\msipv6.dll
# %System%\msudp.dll
# %System%\pppoe32.dll
# %System%\sfpc.chm <--not here
# %System%\sfpc.dat <--not here
# %System%\sfpc.exe <--not here
# %System%\sfpcinfo.exe <--not here
# %System%\unins000.dat
# %System%\unins000.exe
# %System%\wanpacket.dll
# %System%\WinPcap_3_1_beta_3.exe


I haven't checked all of the entries which this spyware will add. But it seems there are no entry except the NetMonInstaller.exe
So what does it mean?
Is it not really Spyware.Spy4PC?

 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom