Is this a scare AV program?

Hi forum folks,

There is a program RemoveIt Pro 2.1

The program states it will remove many viruses that other av software cannot discover. When you run it it finds a lot of normal system processes like mciole, sucatreg, netdde, etc and flags these as malware, you have a nice score of unknown viruses. I think this program is just to impress users into buying it. SpywareGuide does not list it as a rogue malware scanner, it has a vary small scanning machine.
Is there anybody here who knows the true nature of this program. I think it is a fake. How did it get on a softpedia page?
Why is it tolerated.

polonus

Well i don’t know Polonus i haven’t tried the software yet so i cannot comment on it but this is the web site of the Croatian company that makes it: http://www.incodesolutions.com/

and the forum with 5 registered users:
http://www.incodesolutions.com/forum/

You could send them an email and ask them about this program…


zdnet.com also lists it but with only one one reviewer giving it 1 of 5 stars.

http://downloads-zdnet.com.com/RemoveIT-Pro/3000-2239_2-10483595.html

Majorgeeks also lists it with a 3.21 of 5 after 37 votes.

http://www.majorgeeks.com/RemoveIT_Pro_d4878.html

Well, 2 reviewers at download.com say it delivers ads and you have to pay for the program to remove the ads to an otherwise free program. That’s enough for me to stay away from it and … no un-installer is included. It only got 1-1/2 of 5 stars.

http://www.download.com/RemoveIT-Pro/3640-2239_4-10483595.html?v=1&tag=tab_ur

Yikes … it’s listed on Windows Marketplace! What a surprise that is since there it gets only 1 of 5 stars but says there is an uninstaller included. Maybe it depends on where you download it from?

http://www.windowsmarketplace.com/specs.aspx?itemId=2082668&stext=

I searched other sites but these say about the same as the others … if they even gave info other than what was supplied by the program’s author(s). Only the 2 reviewers at one site said it contains ads.

Perhaps it is a good program but one site said it was still in beta.


Hi Charley O,

Because Essexboy mentioned it on a forum, I was tempted to try it, after I tried it restored to a pre-installation point.
Well it found some 10 malware right away on my clean machine, as sys32 malware: for instance cfgwiz32, mciole, sucatreg, netdde etc. etc.
In a normal place inside the sys folder normal Microsoft system files, uploaded the finds to Jotti and Virus Total nothing detected there. So for the moment I say not on my machine. Then it is just out.

polonus

There are a couple of programmes called removeit the one I have was from incode solutions. I have found no ads . Only found 4 entries in the registry - 2 in mui cache, 1 in uninstal and 1 in software. There is also an uninstall entry in add remove. After the initial run where it said it found 3 traces nothing since has been found. I backed up and zipped the files before removal and have found no adverse affect on my system, it is a free programme for home use and I am currently using it as a backup check. If I should find any problems be sure that I will let you know

At worst, it sounds like a number of products out there that use false detections to get you concerned and buy the product. I remember testing something similar as everyone who tried the product had the same 5 supposed infections.

At best, based on your Jotti checks, etc. it has too many false positives.

Hi DavidR,

In the run of time we will know what it is all about. But in the worst case scenario, don’t we call these programs scare ware?

polonus

ScareWare sounds good, although I haven’t heard it called that.

Spyware warriors Rogue/Suspect Anti-Spyware page list most that appear on the listing as using ‘false positives work as goad to purchase.’

False positives: In cases where it is noted "false positives work as goad to purchase," the apps in question produced inexcusable false positives on a "spyware-free" system (previously scanned with AVP 3.5, Trojan Hunter 4, Ad-aware SE, Spybot S&D 1.3, & Spy Sweeper 3) and then demanded payment to clean that non-existent "spyware"/"adware." Scan logs, reference database files, screenshots, and other related files from the tests have been archived. "Ridiculous false positives" are noted in cases where an app produced inexcusable false positives on a "spyware free" system but did not demand payment to clean that non-existent "spyware" / "adware."

Although this particular program doesn’t feature in the lists, the number of false positives are unacceptable.

Since there appears to be more than one program with the same name, Lets make sure we’re comparing apples with apples and not oranges.
It wouldn’t be fair to give a good program a bad review for another programs problems. IMHO


That’s true, Bob. We should not give it a bad name unless we know for sure. I was only doing searches for that same program/version number/company and reporting the results I found. I have not actually tried the program.

Time will tell if it is a good program or not. :slight_smile:


Here are the results of some tests I did :

First instal on running the programme it found traces of 3 trojans in 2 system dll’s and firefox.exe I copied and zipped the dll’s and let it delete them and firefox.exe (I have a backup install package for FF on my drive).

I reinstalled the 2 system dll’s from my slipstreamed SP2 and reinstalled FF.
I went online and did a windows update to ensure the dll’s were the correct version, did an update check with FF, using the update function for themes,extensions and programme. This where false positives are found as part of the phone home element

Re-ran Removeit and no problems were found, updated removeit and again rescanned with no problems found.

So for my two penorth I don’t think the files found were false positives otherwise it would have re-found them after the re-install of the offending elements.

I will keep using and testing it untill such time as I find it causing problems. There is no found spyware or adware on the programme, but there are several programmes with similar names out there so caution is justified. The marketing policy appears to be the same as Alwils, free for home and paid for commercially with scheduling abilities.

Hi Essexboy,

I installed it and found rather obscure finds - clean system files flagged as virus, so when you look up the files they are sytem files dating from the days of the Win95 Windows system file or things that could be used in spyware or adware in another place (outside the normal Sys file), I have read about AV scare scanners, trying to lure people in buying the payed version by coming up with some finds to impress the ignorant. This program is so new, just a couple of days old, that I cannot seem trust it as yet until it has a complete clean bill. If it is fine for you, and it does not do further harm then deleting some system files that no one would miss, it is your choice. We will just wait and see what will come of it. For the moment I decided to leave it.

polonus

No sweat I love being a guinee pig