Bazooka Adware and Spyware Scanner

[redmaledeer]

(Windows XP, IE6) When I downloaded the Bazooka setup .exe, the PestPatrol on my machine claimed that it contained a keylogger. This was with a Certainty level of "Suspected."Bazooka is a fairly new free off=line adware and spyware scanner. I believe it is fairly well thought of, if perhaps not up to the level of longer=established programs such as Ad=aware and Spybot S&D.The alleged keylogger is TrojanSpy.Win32.GhostKeyLogger.cShould I believe that this keylogger exists, or just forget about it and go ahead and use Bazooka?

[nlinecomputers]

I'd ask Pest Patrol about it. It sounds like a false hit but ya never know. Plenty of snake oil venders out there that are packaging problems just to sell you the cure.

[Ozidave]

Bazooka is a fairly new free off=line adware and spyware scanner.

Everytime I see the word 'FREE' I pull out my calculator and try to determine 'How much is it actually going to cost me'? It might not be in $$$ but I bet most of the free stuff is modelled around a 'boomerang' of some discription. Unless of course it comes from the tried and trusted whose ethics are beyond reproach? Ozi.

[jmatt]

I use Bazooka all the time ( finds stuff others don't ) in conjunction with these .Remove Spyfiles by using these 6 programs .Make sure you use the SpyBot/SpywareBlaster/Ad-aware/Bazooka/Swat It > Online > Update button regularly . SpyBothttp://beam.to/spybotsdhttp://www.spybot.us/spybotsd13.exehttp://majorgeeks.com/download2471.html1st step , Choose your Mode ( at the top of screen )Mode > Advanced ( if you want to have more options )Editor's Note: The Resident shield in version 1.3 has an issue allowing certain cookies (Specifically Double Click)when set to notify. If page loading becomes a problem, right click the icon in the Systray, select “Resident IE†and either uncheck “Use Resident in IE sessions†or check "Block all bad pages silently". Once you have the program installed , open SpyBot and select the "Immunize" icon on the left & Click on Immunize , in the new page .Permanently running bad download blocker for Internet Explorer .Select > Block all bad pages silently & click Install .Then check the box "lock hosts file read-only as protection against hijackers". Select your download site .Open Spybot Search and Destroy. After clicking the button that says "Search for Updates" & the check is finished , you will see 5 items near the top of the window, "Search for Updates", "Download Updates", UniDo(Europe), "Show Log" and "Help". Next to UniDo(Europe) you will see a "down" arrow. Click the "down" arrow and you will see download site choices (3 in Europe, 1 in USA and 1 in Australia). Right click on your selection to make it default .A Beginner's Guide to Spybothttp://www.trincoll.edu/depts/cc/documenta...pybot_guide.htmSpyBot lock host files greyed outIf it doesn't have a hosts file you cant lock it, so that tweak will be grayed out.Have SpyBot install its hosts file. http://www.zerosrealm.com/immunizing.phpNote: For those running in "Basic" mode ( version 1.2 ) you will NOT see this. You must be running in Advanced mode! To get in advanced mode, a really easy way is to go to Start >> All Programs >> Spybot Search and Destroy >> Spybot Search and Destroy (advanced). Click it. You are now in advanced mode.Select your download site .Open Spybot Search and Destroy. After clicking the button that says "Search for Updates" & the check is finished , you will see 5 items near the top of the window, "Search for Updates", "Download Updates", UniDo(Europe), "Show Log" and "Help". Next to UniDo(Europe) you will see a "down" arrow. Click the "down" arrow and you will see download site choices (3 in Europe, 1 in USA and 1 in Australia). Right click on your selection to make it default .SpywareBlasterhttp://www.wilderssecurity.net/spywareblaster.htmlSpywareBlaster doesn't scan and clean for spyware - it prevents it from ever being installed.Freeware SpywareGuardhttp://www.javacoolsoftware.com/spywareguard.htmlSpywareGuard provides a real-time protection solution against spyware that is a great addition to SpywareBlaster's protection method. An anti-virus program scans files before you open them and prevents execution if a virus is detected - SpywareGuard does the same thing, but for spyware! And you can easily have an anti-virus program running alongside SpywareGuard.Ad-aware http://www.lavasoft.de/http://www.lavasoftusa.com/All software offered on this page is free* to download and use and compatible with Windows 98/ME/NT40, Windows 2000 and Windows XP Home and Professional.Download sites .http://download.com.com/3000-2144-10045910...page&tag=buttonhttp://majorgeeks.com/download.php?det=506Bazookahttp://www.webgrid.co.uk/security_2.htmlhttp://www.winsite.com/bin/Info?17000000037943http://www.kephyr.com/Here is the current list of Bazooka fixes .http://www.kephyr.com/spywarescanner/libra...source=appvisitBazooka is freeware and Windows 95/98/ME/NT/2000/XP compatibleClick on the files found & you will be taken to a site that will show you how to remove , either with a program or manually .It reports on all drives & partitions , so remember to check all these , when doing manual remove .After the Download - It is important to remember that once the installation of Bazooka is completed , that you should update the File Signatures by clicking on the Update tab and check for an update .Make sure you Update after installing & then regularly .Swat Ithttp://swatit.org/Swat It is a Completely FREE program that scans your files for Trojans, Worms, Bots and other Hacker programs. Swat It can detect and remove over 4000 different Trojan programs plus variants. Swat It was recently independently tested against popular commercial scanning software and we were absolutely delighted by the results.After the Download - It is important to remember that once the installation of Swat It is completed, that you should update the File Signatures by clicking on the Update tab and check for an update. All Product and File Signature Updates are Totally FREE, this means that you will never have to pay a single penny to get the very latest version of Swat It or to update the File Signatures. List of fake spyware removershttp://www.netrn.net/archives2/000550.htmlBeware of SpyHunter http://www.post-gazette.com/pg/03289/231446.stm

[redmaledeer]

jmatt - That's an interesting list of protective programs and resources. But I've always been a bit queasy about SwatIt. Their claims are no longer as flamboyant as they used to be. But their free updates are once a month, which is pretty slim, and quickly lead to a pitch for buying their daily updates at about $35 a year. Their independent test was done by one unnamed individual. Their 4000 varieties of trojans seems pretty slim compared with Ewido's 40,000 signatures and A=squared=2's 20,000. The latter is connected with Andreas Haak, and both are free trojan scanners. An anti=trojan is mainly what SwatIt claims to be. Perhaps these programs count signatures differently.On the other hand, I've never heard that SwatIt is harmful, i.e., contains spyware, adware, or other malicious things. So perhaps there's no harm using it, as long as one also uses a generous dose of other protective programs.

[Ozidave]

The alleged keylogger is TrojanSpy.Win32.GhostKeyLogger.c

It is a Keylogger Trojan. Just out of curiosity I had a look at Pest Patrol Website for this Trojan, they don't really have much to say about it. I suggest you try Google with GHOSTKEYLOGGER, heaps of info! I also downloaded Bazooka from one of the Mirrors on (Kephyr.com) without any problems, the other links mentioned here.........[http://www.webgrid.co.uk/security_2.html][http://www.winsite.com/bin/Info?17000000037943]take you to either Simtel and Fastclick and are blocked as restricted sites by either Spyblaster or SpybotSD. So what do you do, trust those two blockers or take the risk?I think it depends sometimes on where you D/L from as to what gets attached to what would normally be a 'clean' software program. So if Pest Patrol says it's there, I would believe it. Ozi.

[nlinecomputers]

Again. I would send the file to pest patrol and have them check it out. I suspect this is a false hit. Having a human examine the file can prove this or not.

[Ozidave]

Again.  I would send the file to pest patrol and have them check it out.  I suspect this is a false hit.  Having a human examine the file can prove this or not.

Hello nlinecomputers,It's unsettling when you run a programme like Pest-Patrol and it finds 'All" of this spyware that exists on your computer and you do an 'Info' search with Pest-Patrol and it tells you that you have 'All' of these programmes and their associated files strewn everywhere, and there are lots of them!. Access the Task Manager, Stop the 'Running Processes' pretty daunting stuff if one was a 'novice' and Far too many for anyone to contemplate manual removal so you buy the Registered Version and it fixes it for you. You have to wonder how, where, when, who the **** has been on this computer and where, what did they do! I'm too careful and haven't been anywhere? or seen anything that looks like a threat. I'm being cynical here as I downloaded it to 'Trial' and this is the sort of thing that happened to me. 87 Threats! NO cookies, I had deleted them manually just prior to the test. :thumbsup:There were about 48 legitimate programme files and Dirs' that P-P either doesn't know about or doesn't like and there were a lot of registry entries for these files etc. adding to about 78 legal and non threatening entries/files (from a Certified Software Producer) that P-P would have me delete as 'Serious' threats. I deleted 'all' the 'temp' files that the Browser uses while surfing and re-run P-P, that brought the number of remaining threats to 1. Yep! (ONE). Namely adshooter.searchforit and this is what it does. ---------------------------------------------SYMANTEC give this a very 'low' profile, P-P paints the opposite. And there are NO existing files that P-P say I should delete.......... Mmmmm.From the vendor, 'Search For It, located at [http://www.searchforit.com/] (the "Site"), is a search engine that, in response to search queries, provides images that have links to third party Websites ("Images"). Search results are produced automatically by the technology of Search For It Inc. Search For It Inc. may, at any time and without notice, add to, delete, modify or discontinue the Site, or any portion thereof, including Search For It or any feature or service offered on or through the Site. All portions of the Site, including [Name of Platform] or any feature or service offered on or through the Site, and any new feature we may add to the Site or the service, will be subject to these Terms and Conditions, as modified by Search For It Inc. from time to time.'-------------------------------------------- I wouldn't be surprised if I'm driving something on Scots Forums or elsewhere to enable me to get graphics, I don't know, I've only got an ignition key, someone else as got the engine and I can't see that arrangement doing any harm. I also recall testing Pest-Patrol some time back and gave it TWO minutes of my time when it started reporting 0 (Zero) byte files (Dummies) that other programmes and M$ were using purely as reference. In M$'s case it was picking up the file extension .??? abbreviations that M$ was/is using to pin it's 'file' icons to. I had to ask myself then! 'How can you have a file that is 'NOTHING' dot Ext? and that was about as long as P-P lasted on that test. Ad-Aware, SpybotSD an Registry Medic have been around for a 'long' time and I am at loss as to why any of them do 'NOT' concern themselves about some of the rubbish that P-P comes up with up? Maybe they DON'T read script and actually find a legitimate file with bytes in it to report? Anyway! don't forget to delete your Web Temp files and reduce the 'Threats' that P-P says you have......................before you run it And as for the ghostkeylogger, Redmaledeer, I would try the same thing there.Ozi.

[Ozidave]

Plenty of snake oil venders out there that are packaging problems just to sell you the cure.

Hi Nline,Love this saying! Can I steal it? I may even use it as a Sig'.Ozi.

[nlinecomputers]

Symantec makes for poor spyware checking. They do not, nor are they very interested in, tracking spyware products. They only are interested in viruses. TrendMicro and other AV vendors are much more interested in spyware but NONE of the AV products are very good at finding many keyloggers and such especially if the keylogger is a commercial product. Many corporations use keyloggers and they don't want conflicts with Norton AV.Pest Patrol is agresive yet it too misses stuff. I've found that I mostly depend on Ad-Aware, CWSshredder, Spybot S & D, and Hijackthis for spyware checking. TrojanHunter is also good at finding hidden processes.

[nlinecomputers]

Hi Nline,Love this saying! Can I steal it? I may even use it as a Sig'.Ozi.

Well that depends...how much is it worth to ya? Sure if you want to use it go ahead.

[Ozidave]

Hi Nline & Redmaledeer,As I mentioned earlier, I had a look at Pest-Patrol some time ago and it was for the benefit of someone else, this is part of what I wrote then.-------------------------------------------------------------------------------------------BIG DEAL! Its found a useless file ext that MS uses to Identify What Icon it Pins to it. You can't name a file "Nothing" .Something.13. XoloX Registry: HKEY_CLASSES_ROOT\etc. Gnutella14. XoloX Registry: HKEY_CLASSES_ROOT\etc. magnet15. XoloX Registry: HKEY_LOCAL_MACHINE\software\classes\Gnutella etc.These entries are Non-Existent, It has picked up the fact that I have attended 'their' Website and have Added the XoloX Information Page to my "favourite pages" in Regedit\ etc,\webcheck\store.1, apart from that Regedit cannot locate any other reference to it.My Personal Opinion on Pest-Patrol: It has far too many Options and most of them are "Gloss", Why would "Any" programme want to know if you "Want" to check (Tick) for "Known" and dangerous or Intrusive files???Furthermore: If I want a Memory Filter, I'll buy one, Which I have, and It specialises in Memory Problems.If I want a Cookie Filter, Ditto! Ditto! and It's Dedicated to Cookies/Popups.If I want a Registry Editor, Ditto! Ditto! Totally dedicated to registry entries.I'm of the "Honest Opinion" that Pest-Patrol is building its Data Base "On the Run" and have done little to present this software with an extensive database. What else would be the purpose of the "We Need Help" option? Is it when they get enough Feedback they "May" look at them and include them as a "No Risk" piece of software in their next upgrade? Maybe then! they will pass without comment. Isn't this a little "Late" after all of the needless concern they have already generated?Not a Programme I would use, even if it was "FREE".--------------------------------------------------------------------------------------------It's disturbing to note that if you Read or Save 'off-line' anything at all that refers to any type of virus or Ad-aware that P-P has in its Database (or attempts to use intelligent algorithms to manufacture what looks like something), it presents them as a Full-Blown-Threat? That was the problem this time I checked it, just because I have been 'Saving' virus/Ad-aware html's off-line for future reference, I had 'ALL' of these so-called threats. I'm of the opinion that:If you download some Ad-aware, back-up the registry to CD, format the hard drive, re-install 'Only' the OS and Pest-Patrol, then merge the 'old' Registry file and run P-P you will get 'All' of these LIVE! threat reports when it fact all you have is a 'harmless' piece of script. As I said from the previous test in which there were 15 non-existent threats: Not a Programme I would use, even if it was "FREE". And for anyone else reading this I would recommend you use Ad-aware, SpybotSD, CWSshredder, Hijackthis and a Registry Checker that has updates available (Usually not Freeware) and STOP driving yourselves NUTS with everything else that comes along. Some 'Watchdog' programmes use dummy files with the names they are 'watching out' for. Some Anti-Everything programmes see these as threats, the intelligent one's DON'T. It's your ball-game! these are only my rules. Ozi.

[jmatt]

Pretty sure folks , cwshredder is no longer being updated .http://groups.google.com/groups?hl=en&lr=&...n.de%26rnum%3D1http://www.theregister.co.uk/2004/06/29/cws_shredder/http://www.lurkhere.com/~nicefiles/=======================================Here is another tool , to help .About Buster13. About Buster - Use this tool to negate the latest CWS variant "res://". Complete details of how to use and updates maintained -> http://forums.subratam.org/index.php?showtopic=1072http://www.subratam.org/http://www.subratam.org/?page=removalhttp://www.atribune.org/downloads/AboutBuster.ziporhttp://tools.zerosrealm.com/AboutBuster.zip

[nlinecomputers]

Yep it's no longer being updated but it's still a good tool to have as long as there are lots of old CWS infected boxes still about.