WARNING!!! SPYWARE TERMINATOR!!!

[gdiloren]

Spyware terminator messed up a lot of computers this week. They inserted a big big false positive () in the winlogon.exe file as Trojan Phoney.WXP  in the registry. Don't take any action, you won't be able to logon on start-up. I had to format and reinstall everything from a fresh copy of Windows. I'm mad about them! For more info, go on the spyware terminator web forumhttp://http://forum.spywareterminator.com/Default.aspx?g=posts&t=2446
 :'(

[gdiloren]

Got this result by doing a complete all files scan. Again, at the detection, do nothing and read their forum. I  quit ST, for my part, they lost a guy!

[DavidR]

Whilst this FP could well be serious as it was for you, but to leave over one FP would mean you have no other program to choose, I don't know of any security application that hasn't had an FP. I have had at least one FP on every piece of security software I have installed.

All detections should be investigated (google, etc.), nothing deleted only quarantined, but check when files that have been on your system for some time (explorer, created, modified dates, etc.) are suddenly detected.

Yes, it is hard to remain calm and investigate when the brown stuff hits the fan.

[gdiloren]

If you go to the ST forum link, you'll see that either deleting (as I did) or quarantinying it (as I should have done) will seriously mess-up your PC. This is an important flaw. It's unacceptable!

[drhayden1]

glad i took off spyware terminator after it installed in my add/remove products a whopping 425MB instead of the 25MB their tech support told was right and there was a bug in my os and it wasn't their fault....
glad i didn't put it back on my laptop computer after i did a complete os and drivers restore couple of weeks ago
crappy software-crappy tech support=crap off my computer
i mentioned it here also...starts at reply 13  http://forum.avast.com/index.php?topic=29516.0 on both pages

[gdiloren]

I think the same!! CRAP!

[gdiloren]

I'm astonished!

[DavidR]

If you go to the ST forum link, you'll see that either deleting (as I did) or quarantinying it (as I should have done) will seriously mess-up your PC. This is an important flaw. It's unacceptable!

Had you quarantined it, if running windows should have stopped deletion or quarantine, generally you will be OK until you next boot.

I'm trying to highlight the importance of investigation before action and certainly before you next boot, not just for you but for those reading this in the future. The same investigation should be carried out for every detection.

FPs are a fact of life and not something to jump ship for, others issues as mentioned poor support, etc. yes.

[gdiloren]

BELIEVE ME...there was nothing to investigate. This appeared like a critical infection with 3 stars and it seems that even to quarantine winlogon.exe and its  infected registry key would have been the same as deleting it. As a lesson, I'm going to stick to well-known softwares like Avast, Ad-Aware 2007, Spybot Search and Destroy, Windows Defender and Cyberhawk frow well known companies. This way, I'm sure not to ever format again my drive!!

[gdiloren]

http://http://forum.antivir.de/thread.php?threadid=24654&sid=c6eed8ae62a42cc26075eb776e20a5b5
All over the world, all over the forums, they messed-up things!

[gdiloren]

By the way, I don't think the user should pay " " for " that ".

[DavidR]

Sorry there is always something to investigate, never take 'anything' at face value, do so and you risk a repeat performance of what has just happened, but with a different application since you are/have removed ST.

It doesn't matter how many starts it has got always investigate.

All of the programs you have mentioned have suffered FP detections that have causes issues, just ask Dan about AdAware 2007.

I would suggest you investigate dick imaging software that can take an exact image of your hard disk. I use Drive Image 7.1 (the last one before symantec bought the company) there is also Acronis True Image and others. I run mine once a week and if I have a crash or serious problem that will take more than 30 minutes to resolve I will restore the last image, this usually takes me about 15 minutes. You also need to ensure you regularly back up data you don't want to loose, documents, emails, email address book, bookmarks, etc. do this daily.

With a good back-up and recovery strategy you can recover from virtually anything in a short time without too much stress.

[gdiloren]

Thanks but at the moment of scanning, Google lead to nothing on the Phoney Trojan except for the ST web page definition which is poor info. You're right about imaging my drive. I want to put this in case some Avast user needs help:The problem turned out to be that the
Winlogon userinit entry was set to "wsupdater.exe," and not
"userinit.exe,". I fixed the problem by 1) booting to a Repair Console
(IBM provides this on their laptops), 2) changing directory to
C:\WINDOWS\System32, and 3) copying userinit.exe to wsaupdater.exe
(there was no wsaupdater.exe present). I then 4) rebooted into Safe mode
and successfully logged-on as Adminstrator (for the first time in
several days!) Next step was to 5) edit the registry and change
userinit in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon from "wsaupdater.exe," to "userinit.exe,"; 6)
final reboot and back to normal! --Rick Lewis--

[drhayden1]

just ask Dan about AdAware 2007

and a-squared free also on false positives....
i have had my share of false positive problems and it getting to be old news but something we have to deal with some of the crappy software we have out there for us to have horror's with
http://forum.antivir.de/thread.php?threadid=24654&sid=c6eed8ae62a42cc26075eb776e20a5b5p
and i sent that link above to the st tech support just to see what type of response i will get or not

[MikeBCda]

Slightly off-topic, but closely related...

Could someone please post an addy for one or more good multi-engine online scanners, which is another defense against FPs? I know Jotti's one of them, and there are a few others I've seen recommended, but I'm too lazy to phrase a search properly.

One game which I've had for at least a couple of years suddenly last weekend had a-squared "find" a supposed backdoor in its uninstaller.  I suspect that's just one more of a-squared's notorious FPs, but it wouldn't hurt to double-check.

(Edit) I just checked that file via Jotti, and interestingly, a-squared didn't report anything there.  Maybe they cleaned up that particular FP since last weekend.