Author Topic: SnoopStick & Avast!  (Read 3913 times)

0 Members and 1 Guest are viewing this topic.

Philo

  • Guest
SnoopStick & Avast!
« on: December 12, 2010, 05:07:35 PM »
Hello fellow Avast! denizens.

~I have a client who recently installed SnoopStick on one of their home PC's. The immediate result was that they were no longer able to web surf (they uninstalled SnoopStick and web surfing returned to normal). They then re-installed SnoopStick and lost web connectivity.

~SnoopStick advised them to turn off the Avast Web Shield(!). They complied and regained web connectivity, however their PC started running slow. They ran a full Avast scan and found four infected files that Avast was not able to remove. :/

I won't know until tomorrow whether the infected files are SnoopStick related or not. But I was wondering:

1.) Can SnoopStick be excepted in Avast real-time scans and virus scans? If so, what is the best way to do this?

Thanx as always,
Philo

Offline CraigB

  • Avast Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 11248
  • No support PM's thanks
Re: SnoopStick & Avast!
« Reply #1 on: December 12, 2010, 05:49:00 PM »
Take a look at this artical http://www.ehow.com/how_2186860_shut-down-snoopstick.html , i found a few other bits of info by googling.
Snoopstick is not a safe program and is known to slow down your computer and if it was not snoopstick that infected there system it could be from disabling the webshield.
Follow the link and do yourself and them a favour by deleting that rubbish.

Philo

  • Guest
Re: SnoopStick & Avast!
« Reply #2 on: December 12, 2010, 05:53:40 PM »
Thanx Bud :)
It sounded nasty from what I've read. I check out the link.

Philo

Offline CraigB

  • Avast Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 11248
  • No support PM's thanks
Re: SnoopStick & Avast!
« Reply #3 on: December 12, 2010, 05:59:27 PM »
Your welcome :)

Philo

  • Guest
Re: SnoopStick & Avast!
« Reply #4 on: December 12, 2010, 06:14:59 PM »
Assuming the client does not want to send the program back, is there any way to except it so Avast's web shield will work and it won't be picked up in a scan?
 
I'd like to go back to them why more than, "Get your money back." I noticed that the web shield can exclude by url, but is there any why to exclude the whole program? The client is using Avast-Pro.
Philo

Offline CraigB

  • Avast Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 11248
  • No support PM's thanks
Re: SnoopStick & Avast!
« Reply #5 on: December 12, 2010, 06:30:02 PM »
You can add the program file to the exclusion's in file system shield and to the exclusion's in setting's but would not be advised as more than likely this program is the root of the problem, but it's there choice :-X
Shouldn't need any exclusion's for webshield.
« Last Edit: December 12, 2010, 06:32:45 PM by craigb »

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89433
  • No support PMs thanks
Re: SnoopStick & Avast!
« Reply #6 on: December 12, 2010, 07:01:05 PM »
@ Philo
I don't believe it is a matter of exclusion/detection of snoopstick elements, but one of conflict. If you have both snoopstick and the web shield enabled then you have no internet connection, remove one or the other and no conflict and internet connection is restored. You aren't actually getting alerts about the snoopstick software are you ?
If avast is alerting - What we need are the file names and locations of of any avast detections relating to this ?

This leads me to believe that snoopstick also uses a proxy to achieve whatever it is that it is supposed to do (I know nothing of this program), so if it uses a proxy then you need to a) find out what that proxy port is and b) coordinate it with the web shield proxy.

You would do this by adding it to the redirect ports and unchecking the Ignore local communication, avastUI, Settings, Troubleshooting, Redirect settings, HTTP port(s): see image example, add the port after the 80 and must be separated by a comma, where xxx is the snoopstick proxy port number.

However, there is obsoletely no way I would consider disabling the web shield as snoopstick doesn't provide the same protection, it isn't looking for the same things.

The web shield can block exploits and links to malicious scripts that could well infect your system, this is more beneficial as it is capable of blocking said malicious scripts and links without having to know exactly what malware is on the other end. In other words it could be blocking malware that may not have been detected by the avast signatures, etc. This could account for the infections you spoke of.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.6.6121 (build 24.6.9241.848) UI 1.0.809/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Philo

  • Guest
Re: SnoopStick & Avast!
« Reply #7 on: December 12, 2010, 10:12:46 PM »


"You can add the program file to the exclusion's in file system shield and to the exclusion's in setting's but would not be advised as more than likely this program is the root of the problem, but it's there choice Lips Sealed"  *Sigh* agreed.

"You aren't actually getting alerts about the snoopstick software are you ?
If avast is alerting - What we need are the file names and locations of of any avast detections relating to this ?"

I won't know for sure until I get to the PC tomorrow, unfortunately. I'm hoping it's hitting the snoopstick, which will most likely help the client make a decision on what they want to do.


"This leads me to believe that snoopstick also uses a proxy to achieve whatever it is that it is supposed to do (I know nothing of this program), so if it uses a proxy then you need to a) find out what that proxy port is and b) coordinate it with the web shield proxy."

In a nut shell, it's a piece of spyware that you have to install in the target machine. You can view and controll the target machine(s) remotely, but it has to be installed in every machine you plan on tracking, and/or any machine(s) you plan on using to view the data.


"However, there is obsoletely no way I would consider disabling the web shield as snoopstick doesn't provide the same protection, it isn't looking for the same things."

I know bud, I know. I couldn't believe that was what SnoopStick tech support told them to do, but it was :/


Thanks guys. I'll post back tomorrow after meeting w/client and let you know what we figured out.
Philo

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89433
  • No support PMs thanks
Re: SnoopStick & Avast!
« Reply #8 on: December 12, 2010, 11:21:34 PM »
You're welcome, until then.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.6.6121 (build 24.6.9241.848) UI 1.0.809/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security