Home » Malware Tools

Spyware Begone

Posted 31 Mar 2005 | Comments Off on Spyware Begone | 1,179 views

Spyware and adware infections are now increasing to epidemic proportions. There are several ways for spyware and adware to get installed on a target computer. The most common method is bundling it with other freely downloadable applications, but some sites are using less honorable tactics such are virus propogation and “driveby” downloads. Antispyware programs are now just necessary on the desktop as antivirus software. Because demand for such programs is increasing, many publishers are trying to get access to the market. I found Spyware Begone while searching for information about another product. Since I’ve never heard of the program, I decided to give it a try.

Installation

The test computer was a Dell Optiplex GX1. (Yes, it’s ancient.) With a Pentium III 450, this computer is outdated compared to today’s latest offerings. It is good test computer though because the negative impacts of poorly behaving software are easily noticed.

The download is a simple executable file, and the installation is quick. With only five mouse clicks, you will be scanning your system. The installation process does not display any license agreement during the installation, and the only documentation available is a simple ReadMe.txt file that is not available until after the installation is complete. The utility starts scanning when the finish button is clicked at the end of the installation process.

Exploring The Application

I quickly cancelled that scan because I wanted to see what modifications Spyware Begone made to the computer. A quick scan by other anti-spyware utilities did not reveal any malicious tag-alongs. HijackThis reported that Spyware Begone added itself to the Autorun entries in the Window registry:

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Spyware Begone = C:\freescan\freescan.exe -FastScan

Once I was confortable with the installation, I restarted the scan. When the utility fininsh scanning the computer, another window automatically opened stated that the computer was “infected with 13 Spyware / Adware Infections”. The window includes a warning from the Federal Trade Commission and emphansizes how dangerous spy is. Unlike other anti-spyware programs, this one does not give you the details right away. The only actions available on this window are:

– Yes, I would like to be protected
– No, I would like to stay infected

The natural choice at this point is to click the yes button. This does two things. It displays the list of infections found, but this window is quickly covered up by a second window that opens up full screen, hiding the infection list from view. The window is an online order form for Spyware Begone Infection Cleaner. There is a nice little note that says “it really works”. I decided not to spend my money at this point and closed the window. This window has does not have the typical window frame that allows you to minimize it so you can come back to it later.

Back in the newly uncovered window, I got chance to inspect what Spyware Begone actually detected. The Fast Scan found thirteen different spyware utilities. It reports to have found variety of browser hijackers based on registry settings. Since this was supposed to be clean system, I was a bit surprised that the utility found thirteen. I verified that each registry key that it reported did indeed exist. Luckily, they were all sites listed in Internet Explorer’s Restricted Zone. All thirteen were false alerts.

The window does have a button to clean the finding. Even though they were false alerts, I decieded to give it a try. The button just loops back to the yes-or-no screen and then to the order form. There is no immediately accessable method to clean anything without paying the $39.95 fee.

Uninstall

The uninstall was relatively smooth. The first time it did not completely remove all of the files, and it left behind one file. During the second scan, the installation directory was left behind. According to HijackThis, the registry key for the Autorun was left behind each time, and it had to be manually deleted.

Overall Assessment

The false positives definitely makes me reluctant to recommend this appliacation. Because this program does not include any immediate method to fix any spyware installations, I’d recommend skipping this application and using something like Spybot Search and Destroy or Ad-Aware. Both of those applications (even in the free version) include a mechanism to remove items.

Comments are closed.