Xoftspy, RealSpy & Avast

Today I did my weekly scan using XoftSpy (spyware remover) on my personal home computer. To my suprise I found a Key Logger from realspy (after research I found out it’s a program used by companies to spy on their employees). so I removed it. Then out of the blue Avast pops up saying it needed to restart my computer??? I hadn’t even messed with avast. but ok I restart the computer. I decide to run another scan & the same realspy key logger pops up again, you guessed it - shortly after removing it a second time, Avast wants to restart my computer AGAIN. I start putting 2 & 2 together and found some one had a similar problem before using pest patrol (pest patrol finding realspy in avast skin file) and was pretty much written off as a false positive. A possible key logger is not something I want to take a chance on. could avast be the cause of a wasted night trying to figure all this out? The realspy program has been around for a few years but avast doesn’t catch it? (did a full scan for obvious reasons)

I’ve attached a screenshot of my Xoft results if that will help.

Can you post the full path of the realspy keylogger file (or files)?

:slight_smile: Hi Sawildcat :

  XoftSpy does NOT have a very good reputation within the
  antiSPYWARE "community"; at one point it was listed as a
  "rogue/suspect product" by the highly regarded 
  antiSPYWARE Expert Eric Howes and his spywarewarrior
  site. It presently is NOT listed as a "Trustworthy" product
  on the same site.
  At times when people report a "virus" was detected by
 another AV, we advise them to use "VirusTotal" website
 to determine HOW many AV are "detecting" the suspected
 virus; in the same vein, I recommend you install one of
 spywarewarrior's "Trusted" products to "verify" how true
 your XoftSpy scan results may be and suggest the FREE
 version of "SUPERantispyware" from :
  www.superantispyware.com .

Tech - All I have is what Xoft shows, I tried searching for the files but have not had any luck. again this morning shortly after starting the computer, avast wants to restart? when I restart those files will more then likely reappear, then I will look for them more, plus try the other spyware detector software as was suggested. unfortunately I can’t do that until this afternoon (Work). I will repost if I find the files and/or come up with anything on the other spyware programs.

I still think they are tied together some how,every time I delete the realspy files, avast needs to restart & they come back???

Thanks

Please, follow:

  1. Disable System Restore on Windows XP: http://support.microsoft.com/default.aspx?scid=kb;[LN];310405
  2. Clean your temporary files.
  3. Schedule a boot time scanning with avast. Start avast! > Right click the skin > Schedule a boot-time scanning. Select for scanning archives. Boot.
  4. Use a-squared, Free AVG Antispyware, SUPERantispyware or Spyware Terminator (trojan removers).

Also, set the avast log level to ‘Debug’ (Program Settings > Logging) and post here any info related to that files or anything strange in avast behavior.
Also, check if deleting the file \setup\reboot.txt stops the avast restarting over and over again.

I use Xoft too and it did the exact same thing this morning, I’ve erased n restored so many things, but when i reinstall AVAST the key loggers come too (Skin files).

So this is just a misunderstanding or something? i already called someone to change some passwords, i like to panic!

What files? (can you post the full file name and path?)
Which is detecting the ‘infected’ files, avast or Xoft?

Man, give up on Xoft, it’s a pain… :stuck_out_tongue:
There are a lot of better, safer and cleaner antispywares round…

Oh sorry, its Xoft that finds them. It won’t tell me the full location but the files are:

activeskin4.skinlabel
activeskin.skinlabel.1
activeskin.skinlabel.1\clsid
activeskin.skinlabel\clsid
activeskin.skinlabel\curver
clsid{5945ea75-9bfa-461a-bd34-cea3a861ff16}
clsid{5945ea75-9bfa-461a-bd34-cea3a861ff16}\progid

I think you may be right though. I did scans with a few other spyware programs and they just found a cookie or two.

OK, OK I’m getting rid of Xoft, you’ve convinced me. I did scans with Avast (Boot Scan as suggested), A Squared, AVG, Super Antispyware & Spy Sweeper (After some research I saw Web Roots Spy Sweeper was recommended by some different review sites). The closest thing to being bad was a possible rootkit picked up by spy sweeper (probably came from a Sony music CD my kids play on the computer).

You guys have been great help, Thanks allot.

False positives… indeed Xoft is a pain…

There is a similar case here.
Note that the initial XoftSpy scans do not pick it up – then right after avast! is installed XoftSpy flags the entries.
I’m convinced that they are FP’s.
Pretty good bet I’ll be suggesting that the user ditch XoftSpy in the next post.:wink:

Given xoftspy’s chequered history and the fact that there are many other anti-spyware programs and some of them free I would look at them as a replacement.

Spyware Warrior - Rogue Anti-Spyware, Spyware Warrior - Trustworthy Anti-Spyware Products

Agreed.