I don't know what to trust

I have Avast Pro 4.8 and just ran a thorough scan and came up with no infections.

The other day my Comodo gave me a warning that this was trying to run “rbSolnUpdateENU.3.0.1.exe” I downloaded Spybot and ran it and it found 9 things, I fixed them and then I had all kinds of problems with my computer so I did a Windows restore to the day before I installed and ran SpyBot so everything is back to normal ( well as far as I know )

So what do I trust ? SpyBot who says I have 9 malwares or Avast who says “No Infection”

Is there a way to know for sure?

Usually you can’t just trust one software, as no software can always find 100% of nasty files.

Some software is good for X, and other software is good for Y

For example, avast! is great for catching virus, but just good for spyware. So the best thing is to use a software that is dedicated for spyware-hunting, for example Spybot! (or SUPERAntiSpyware and Malwarebytes Anti-Malware that I’m using)

And also the site VirusTotal ( http://www.virustotal.com ) is really good for checking suspicious files.

Can you send the file to analysis? virus (at) avast (dot) com

When I do a search I can’t find it ??? ???

I don’t use it either, I just mention it because you said you used it in your first post.

As I said, I’m using SUPERAntiSpyware and Malwarebytes Anti-Malware, as they are doing a great job.

I just downloaded and used SUPERAntiSpyware and it found this

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/18/2008 at 06:36 PM

Application Version : 4.21.1004

Core Rules Database Version : 3572
Trace Rules Database Version: 1560

Scan type : Quick Scan
Total Scan Time : 00:09:45

Memory items scanned : 577
Memory threats detected : 0
Registry items scanned : 413
Registry threats detected : 0
File items scanned : 14413
File threats detected : 255

Adware.Tracking Cookie

all 255 infected files were tracking cookies which were sent to quantine… So am I to assume the 9 infected item SpyBot found were false positives? See what I mean, use 3 different programs and get 3 different results??

in my opinion, tracking cookies are overrated as a “threat” —
while superAntiSpyware will search for, locate, and remove them [per user decision], other scanners, such as MalwareBytes AntiMalware, consider them so inconsequential that it doesn’t even bother to look for them.

tracking cookies are simply text files. in and of themselves, they are not harmful… they are not a virus/malware. it’s possible, however, that more than one website might have access to read some tracking cookies, and therefore, some people consider it a violation of privacy.

So back to my original question how does someone know what to trust?

much of “trust” is often a matter of personal experience.

it’s also dependent on the nature of the particular threat:
as mentioned above, avast is good for detecting viruses
but other programs, like MalwareBytes AntiMalware and SuperAntiSpyware, have “an edge” when scanning for malware.

if the trio of avast, MBAM, and SAS all find no issues (aside from tracking cookies), odds are you should be in good shape.

as for SpyBot, if you have a list of the particular detections it found [you could get this by scanning with SpyBot again, but NOT removing anything this time — I don’t want you to repeat your headaches there], and perhaps someone here (or at the SpyBot forum) might be able to consider them. if a false positive, it might already have been reported at the spybot forums http://forums.spybot.info/forumdisplay.php?f=16

if you can locate that program (i realize you said you can’t seem to find it any more), as suggested above, you can upload it to www.virustotal.com or http://virusscan.jotti.org/ for analysis by multiple anti-virus vendors.

you mentioned comodo being the first program to alert you to the “problem”… i’m assuming you were referring to your firewall (although I realize comodo offers other products as well). was your comodo “simply” alerting you to the fact that this program was trying to access the internet (which it does for any new program)? or did it actually say it found a threat (aside from attempted internet access) with it?

Did you submit the file to www.virustotal.com ?

I can’t find the file anywhere

So, it’s difficult now to say whom you must trust…

I have tried quite a few Anti spy wares and you do get a different result every time. Although Spybot is generally good.

You need to bare in mind that there are some programs that automatically detect spyware as a false positive to get you to spend your money and buy the better program or remove the spyware it has suppose to have found. I recently tried out a program called Spy Emergency 2008 which seemed to work really well.

Just for reference I have added a link for a site that lists rogue anti spyware programs, hope this helps!

http://www.spywarewarrior.com/rogue_anti-spyware.htm