General discussion

RogueAntiSpyware.AntiClear

Windows XP Pro SP3 2002

What I was trying to do: send a Zip file containing photos, which is stored on a USB drive and Yahoo! intercepted, claiming Norton found a virus in it??

I just used CyberDefender's try-before-you-buy AntiSpyware/AntiVirus software. It claims there are 13 items of (Core1)RogueAntiSpyware.AntiClear. Every entry is preceded by HKEY_LOCAL_MACHINE. (No viruses found - should I be concerned that Norton claimed to have found a virus & CyperDefender did not?)
Does anyone know what this preface means?
May I post the 13 entry tags so that I may find out if I should be concerned (they are all considered low risk) and have to put out the money in order to delete them?
Thanks for any help.

Discussion is locked

Follow
Reply to: RogueAntiSpyware.AntiClear
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
Reporting: RogueAntiSpyware.AntiClear
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Comments
- Collapse -
Sure, you can post the detection log
- Collapse -
Scan results

I have MBAM, Avast 5, and Microsoft Security Essentials (all freeware).Before using CyperDefender, I scanned each one of them three (3) times. Right now, I have a CyberDefender Alert in right-hand corner, informing me of 29 Spyware threats found. I cannot close that window.
I tried the HitmanPro: I downloaded the x32 & x64 (I don't know what I have or how to determine it. Either way, both came up with: Not valid Windows application.

I would provide the log for the Rogue infections that CyberDefender claims to have found, but it will not open, and the Alert window will not allow me to click on Details to see what it may have found in the way of Spyware threats. I will hand post them - they are all identical but for the suffixes. I see this company as attempting to extort money from me in order to delete what it claims exists.
(Core1) Rogue AntiSpyware.AntiClear
HKEY_LOCAL_MACHINE\software\classes\clsid\E7E6F031-17CE-4C07-BC86EABFE594F69C}\(Default)
\AppID
\InprocServer32
\InprocServer32\(Default)
\InprocServer32\ThreadingModel
\ProgID
\ProgID\(Default)
\Programmable
\TypeLib
\TypeLib\(Default)
\VersionIndependentProgID
\VersionIndependentProgID\(Default)
"May plant files in your registry to track your online behavior."
Severity: Low Risk
I will follow up in reading referenced articles.
Thanks to all. I will have to log off to get rid of this stupid window, even if it's only until I log back on!

- Collapse -
Looks like a false detection...

by CyberDefender.

(Core1) Rogue AntiSpyware.AntiClear
HKEY_LOCAL_MACHINE\software\classes\clsid\{E7E6F031-17CE-4C07-BC86EABFE594F69C}\(Default)


The above is a legitimate registry key of Java plugin.
The file for that registry key is jqs_plugin.dll and it is located in C:\Program Files\Java\jre6\lib\deploy\jqs\ie

Remove CyberDefender. There are free tools that you can use as on-demand scanner, if you suspect your computer is infected.

Also, you need to remove one antivirus program: Avast or Microsoft Security Essentials. You should not use two antivirus program. It's not recommended. It will only cause instability and/or if one of them finds something to "fix", the other antivirus that have detection can interfere.

The link I gave you to download Hitman Pro is for x32 of Windows:
http://download.cnet.com/Hitman-Pro-3-32-bit/3000-2239_4-10895604.html
To check if you have x32 or x64, please see Microsoft KB827218 article.

If Hitman Pro won't run, please do this:
Press the ctrl key on the keyboard when you execute Hitman Pro. See if that will help to install/run the program.

By the way, I forgot to answer your question regarding Norton's detection on the compressed (zipped) files that you are trying to send. As far as I know, Yahoo is using Norton antivirus to scan e-mail attachments (incoming or outgoing). If Norton found something, you need to verify that one as well by manually running a scan of the USB drive. Plug-in the USB drive again, scan using antivirus, MBAM or Hitman Pro.

- Collapse -
Great stuff provided

Thank you for all the great information!!
So,(Core1) RogueAntiSpyware.AntiClear is a registry key for Java plug-in. How about that! Sure wish I knew how you do that.

When I logged back on (and got rid of that pesky window), CyberDefender claims to have found another infection: (Core2) W32-Damaged-File.B.gen!Eldorado, located in C:\documentsandsettings\customer\localsettings\temp\1hinxwy.exe.part
CyberDefender claims it's a High Risk Trojan. "May steal your private information without your permission." I did scans, with all 3 softwares I have, of Cookies, favorites, start menu, ntuser, Desktop, MyDocuments, and UserData. Nothing was found, but...
Hitman Pro 3.5.7 found this: Trojan - cdrun.exe in C:\DocumentsandSettings\customer\LocalSettings\ApplicationData\CyberDefender
The Hitman Pro is getting ready to delete to aforementioned Trojan - CyberDefender, so I have to get off-line.
I will scan the USB drive, as you suggested.
And, I will delete Avast 5, as you suggested.
I will keep this Hitman Pro. It's really, really great stuff!
To be continued...

- Collapse -
Let us know if sanner finds anything in USB drive

And I'm glad to hear that you able to run Hitman Pro. Did you have to use the crtl key? or the x32 setup file runs without issue?

BTW, may I ask the following, if you don't mind:
1. Did you install Microsoft Security Essentials while the system have Avast as antivirus program already?
2. If so, did you download and install Microsoft Security Essentials from Microsoft website or from Windows Update website which is an optional update (not required update)?
3. Or did you install Avast while the system have Microsoft Security Essentials?

Just wondering because either should prevent or warn you to installing antivirus program if there's one already.

I suggest to remove CyberDefender then run another scan using Hitman Pro.
The cdrun.exe should be removed by CyberDefender uninstall process but if it remains, delete it from the said location you posted:
C:\DocumentsandSettings\customer\LocalSettings\ApplicationData\CyberDefender

CyberDefender keeps finding new stuff on your PC Grin
I suggest to run CCleaner program (if you don't have it yet... it's free) AFTER removing CyberDefender.
Download CCleaner from here (Scroll down the page and then download the "Installer, no toolbar").

Note only about Hitman Pro. It is a free scanner ONLY if it did not find any infection to remove. If you let Hitman Pro removes what it detected, the program will turn to "trial version". So I suggest to first remove CyberDefender (instead of using Hitman Pro to remove the files added by CyberDefender), clean the computer's temporary files using CCleaner. Reboot the computer and then scan again using Hitman Pro.

Good luck and please keep us informed (especially the scan result on USB drive).

- Collapse -
Some results...

OK:
1) I installed Hitman Pro using Control key (I have 32 bit system)
2) When I ran Hitman Pro, it did delete all my cookies using Scan Cloud (I did not see any way to keep it from doing that - thank goodness for Firefox remembering all my log-on information!) It also deleted the Trojan.
3) I deleted Avast 5 and CyberDefender last night.
4) I scanned USB drive with Microsoft Security Essentials and MBAM. I could not figure out how to get the Hitman Pro to read the USB drive - there is no right-click option for Hitman Pro - probably because it's temporary??
5) I don't remember the order of installing Avast 5 and Microsoft Security Essentials (Due to a previous, and still existing problem with 7,654 pieces of a hit-and-run Rogue, compliments of SASPro!, I had lost Avast but got it back after 2-3 attempts. I'm still working with Microsoft on the old problem!)
6) I got Microsoft Security Essentials from Microsoft's Web site.
7) I read all articles suggested by Carol. Nasty stuff, to say the least.
Cool I would have used Norton (which allegedly found the virus in the USB drive) but I could not understand what I saw and read - too confusing.

Today:
1) I ran Hitman Pro: Results: "No traces found."
2) I tried to find DocumentsandSettings\customer\LocalSettings\ApplicationData\CyberDefender in MyComputer. I got a message: Microsoft Internet Explorer could not find file
I tried searching for "cdrun.exe" in MyComputer. It searched the Internet and came up with multiple choices. I found the following:

Cdrun.exe is Trojan/Backdoor.
Kill the process cdrun.exe and remove cdrun.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com
Removal: cdrun.exe is removed by RegRun.

Download RegRun Suite. Click here.

Unzip downloaded file to any folder on your hard drive.
Open an executable file to start program installation.
Follow the installer instructions.
At the end of installing software on your computer you will be prompted to run "Scan for Viruses".
Wait for a couple seconds to finish scanning.
Click on the "Fix Problems" button.
Is it serious?
The programs is known as malware.

Item name:
cdrun.exe

Click on the "Get it out!" button.

We suggest you to reboot your computer to be sure that your computer is clean now.
Do not hesitate to contact us:
Support center

I guess I should continue following your instructions to use the CCleaner. But, if I should use the above software, What does it mean by "open an executable file"? I may need to know this when I try the CCleaner.

I have to get on with this, as I have on-line banking to do and don't need any cybercrook learning all my log-in info!

Thanks so much for tolerating my ignorance and questions.
To be continued...

- Collapse -
Thanks!

Thanks Pat for giving answers to my questions on how you got Microsoft Security Essentials.

No need to find cdrun.exe. It's gone when Hitman Pro deleted it. I'm glad to hear that ctrl key has helped running Hitman Pro.

You can scan the USB drive using Hitman Pro but you need to change the settings.
Open Hitman Pro, click on the Settings button.
In Settings tab, put a check mark for the box beforr "Show 'Scan with Hitman Pro' on files and folders in Windows Explorer"

MBAM and MSE did not find anything in the USB drive already but it is worth checking also using Hitman Pro scanner.

Opne an executable file? Are you referring to the instruction for Regrun that you found when doing a web-search on cdrun.exe? If so, ignore it. Don't use regrun because you don't need it.

If Hitman Pro finds no infection on the USB drive, try again to use Yahoo to send the files you want to send. It should be OK now but we can only confirm if it's no longer blocked by Norton AV at Yahoo mail website.

You're doing good work on this, Pat!

- Collapse -
Update

"Note only about Hitman Pro. It is a free scanner ONLY if it did not find any infection to remove. If you let Hitman Pro removes what it detected, the program will turn to "trial version". So I suggest to first remove CyberDefender (instead of using Hitman Pro to remove the files added by CyberDefender), clean the computer's temporary files using CCleaner. Reboot the computer and then scan again using Hitman Pro."

I had already let HitmanPro remove what it detected, so I guess that point is mute.

I have done the following:
1) Cleaned temp files with CCleaner - that's a scary thing to do (making choices about things I know almost nothing about)
2) Reboot
3) Scan with HitmanPro - again - no traces found

Should I use this RegRun Reanimator?? "Cdrun.exe is Trojan/Backdoor.
Kill the process cdrun.exe and remove cdrun.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com
Removal: cdrun.exe is removed by RegRun."

Please let me know if I should do that last step. Thanks so much.

- Collapse -
No need to use Regrun, Pat.

Cdrun.exe is gone. It was handled by Hitman Pro when you let it remove the trojan.

The default settings in CCleaner is safe to use. The only thing is that it will clear all cookies. Next time that you will run CCleaner, click on "Options" in CCleaner, and then click the "Cookies" option. Move to the cookies you want to keep from the left to the right section, "Cookies to keep".

You did a good job, Pat!

- Collapse -
I think everything is finished!

OK. I got Hitman Pro to scan the USB drive. I was able to attach the Zip file of photos to an email with no trouble.

Just one question: How often - if at all - should I use CCleaner? My computer seems to boot up much faster, now that it's not dragging along all that "stuff"!

Donna, I thank you, thank you, thank you. Wish everything in my life were so easy to straighten out! You are great.

Carol, I really appreciate your bringing all those terrible blogs to my attention. It's good stuff to know.

Until next time...

- Collapse -
That's great to hear!

You did a good job, Pat. I know I said it few times already but you really did!

I suspect that the cdrun.exe by CyberDefender is the one causing Norton AV at Yahoo Mail website. Since cdrun.exe is gone, you are able to send your zipped file via email.

You can run CCleaner... every day or anytime you want to clean temporary files. It's recommended to regularly clean temporary files (history, cache, unwanted/third-party cookies, etc) so spyware or any other sites that can retrieve stuff from those stuff for whatever purpose will not find any.

If you often use online banking, clean the computer using CCleaner before logging in and after the online banking session. Close the browser before running CCleaner.

- Collapse -
In Regard to CyberDefender..

Hi Pat..

Below is copy of a post, in response to a member who was "curious to know" about CyberDefender. I feel it's worth reading:

'I haven't had any first hand experience with it, but if you're looking for some input about CyberDefender, I would invite you to read the below:

In November 2008, the following was written at the StopBadware Blog: Alert: CyberDefender Early Detection Center. In April of 2009, CyberDefender was removed from their active alerts list, as per this blog post.

Rogue company, CyberDefender, uses MBAM to clean infections
CyberDefender: Want your money back? Forget it!

You also might want to read the comments, in regard to CyberDefender at WOT (Web of Trust). Scroll down to the bottom of the page. You'll find 6 pages worth of comments.
<-- Presently 10 pages

The above should give you the "good and bad" of it. With that said, I'm of the opinion, there is more reliable software to be had, which doesn't have a questionable past. Again.. it's just my opinion.
'

They may have "cleaned up their act" since then. But as I stated above, there are more reliable programs to be had, which don't have a questionable past.

Best of luck..
Carol

- Collapse -
It all depends and then its up to you

Cyberdefender is an OK AV pgm.. If it is based on the MBAM engine that's not an uncommon thing in the s/w world, provided they inform you in some way. usually, that's buried or found on their support website. Otherwise, in the thinking of being super safe, then you have to question MBAM, unless of course Cyberdefeder uses it in non-complaince of its usage or not with their knowledge. Again, that's not uncommon too, but that on its own merits is not good. I've had users with Cyberdefender and none complain about "it" being a portal for malware, though IMHO, it's capable and if the user doesn't goto questionable websites or disregards its advice will do fine. However, since MBAM is alone available and free, it maybe better to use it directly instead. About the only advantage of Cyberdefender over MBAM maybe the auto-feature of updates w/o user input.

As for finding virus or malware, where one AV does and another doesn't, is again common. Afterall, the features and/or virtues of one AV against another is it update status and direct support plus what is free and paid for versions. The results vary and what maybe liked as free is of course available in paid for versions and that alone is what makes an AV liked is paid vs. free. However, paid usually seems to be better in the long run and that includes the option of paying for free versions upgraded to full status as paid.

tada -----Willy Happy

- Collapse -
My "Basic" Point..

Willy..

Without a doubt, you will find glowing CyberDefender reviews. To include some at CNET. I'm only making Pat aware of the flip side of the coin. There are more reliable programs to be had, which come without question. Given the choice, I'd rather go with the "tried and true". (JMHO)

Nothing more. Nothing less.
Carol

- Collapse -
Keeping an eye open

Just a heads-up sorta thing, I have a neighbor and other users that have used it w/o any headaches. In fact one user will call their support and get fairly prompt support and overall everyone is happy. However, I wouldn't recommend it when free is so available and appears just as capable as it. But, the version they have was supplied on disk and readily installed w/o issue. Thus, no d/l'ed version or an area to be concerned about(the source). Considering I know the users in question, it seems because they're happy as clams, I supplied this info. It seems to me on the surface to be boiler-plated s/w but had no reason to question it at this time. -----Willy Wink

- Collapse -
Complaints on CyberDefender is growing

Hi Willy,

I'm not sure if you've seen the discussion in Complaints Board. From home users to software designers... they are all have problem or have seen problems by their "users" or "clients" after using CyberDefender.

The PR people of CyberDefender is on it though and I am not surprised because that is their job as PR or customer relations rep.

Anyway, the discussion in:
http://www.complaintsboard.com/complaints/cyberdefender-c95821.html?sort=dated#comments

So it's not just about refunds and what their support tech uses when helping their customers to fix what CyberDefender cannot fix but it's about the program itself.

People who uses hpHOSTS hosts file will never see cyberdefender page because it is blocked with high risk:
http://hosts-file.net/default.asp?s=cyberdefender.com
And while Norton Safe Web don't say Cyberdefender is bad domain, a user report also is something to think about:
https://safeweb.norton.com/report/show?url=cyberdefender.com
That's 700 findings by CyberDefender on a user machine which should answer why many complaints on the program over at complaintsboard.com website.

Not to mention that someone have tested CyberDefender on a clean XP install using VM:
http://techie-buzz.com/scams/is-cyberdefender-a-scam.html
Result of the test - 300 errors to fix which is unbelievable detection on registry.

And here's the rating by Stopbadware on CyberDefender's Early Detection (antivirus and anti-spyware):
http://stopbadware.org/reports/reportdisplay?reportname=cyberdefender
Some issues were addressed by CyberDefender but not everything that is a concern. StopBadware delisted CyberDefender but the concerns were not addressed fully.

I hope the above information will help or at least clarify why CyberDefender is not what we can recommend to users as protection.

BTW, the reason I ask the member (Pat) to scan using MBAM and Hitman Pro is to verify whether the detection of CyberDefender exists or non-existing. And then Pat will know whether the try before you buy is worth to pay.

- Collapse -
OK, but...

POV- I find it ironic that CNET's own download website has CD available. Also, the user reviews find it useful. It seems the "free version" causes grief. But, in the same light, I find many a user tries this and that because they already have issues and/or want to resolve some problem. I wouldn't be surprised to find complaints at a complaint website, go figure. This is not to defend or rattle on that CD is the best AV out there and on my 1st post suggested on the merits I already known to be, was OK and not problematic, IMHO. This is not to say others users won't have issues just as any other s/w will from time to time have problems. I point to Norton to be PITA at times and it too would destroy a system in times past. It has cleaned its own act up from yrs. past, but I guarantee you users still have issues with it, removal being one of them. Also, it has been my experience that many so-called registry cleaners or any type of system protection(prior inspection) will find even on a recent build, some problem. What that number maybe is up to the what is installed and how long ago. I refer to CCleaner finding something to remove even after a recent OS install plus updates, it just does.

I wouldn't hotly recommend CD, but as I stated find it OK, overall. I use Avast and did try CD, but deleted it as I thought it was a resource hog('08 version) and its updates were long, not so with Avast.

http://download.cnet.com/CyberDefender-Early-Detection-Center/3000-2239_4-75221639.html?tag=mncol;1#userreview

tada -----Willy Happy I promise to say no more....on CD Wink

- Collapse -
It's not the first and won't be the last

Hi Willy,

I'm not sure you've seen reports by some members of CNET forums that there are times some software in download.com is not good, detected with spyware or trojans or detected as adware/potentially unwanted software by some antivirus or anti-malware scanner.

Such is not ironic from sites that is offering downloads. Even other download sites offering downloads of legitimate programs but have bad reputation, unwanted, questionable, adware and/or potentially unwanted software.

And it's also known that some antivirus will not flag something on legitimate application to avoid "legal" issues. It's why their rating system is different when detecting programs that is potentially unwanted by users (especially corporate users).

User comments on downloads sites is not what I'm going to use as only basis to trust or not to trust a program, if I'm not familiar who sent the comments. Such is known to cause issue only to people and/or gives the software vendor high rating by users. See "Beware Of User Reviews On Software Sites. Also it was reported before that some users changes IP address to make another account and post another positive review or post as another user. I've seen such reports in other forums. And I won't be surprised if a questionable program have high or positive reviews. It's easy to smell "fishy reviews or comments" on it and stop reading.
I rather see user experiences, not just comments on download sites, history of the company behind the program and then decide from there or test the product myself which I usually do, if I have time. JMHO.

Norton is indeed a PITA to many users for years but the company did not have that type of record. CyberDefender was flagged as rogue program by SpywareWarrior before. Flagged as bad by Stopbadware due to what they mentioned in the above link I provided. Flagged at WOT, hpHOSTS.
Symantec.com or products was not flagged as what CD has received so I won't compare performance alone but reputation as well.

I look at Cyberdefender website and found affiliates earn $36 per sale. No wonder, it is pushed by many websites Wink
That's their business not mine and nothing wrong to earn money but if the product is causing issue or have a bad reputation for years, I won't recommend it.

CCleaner - I also tested it in a clean install of integrated XP SP3 (without any updates) and must say what it finds is a-OK. I analyzed what it want to remove and those are valid detections but it is not up to 100 or more entries to remove like CD has done to some users.

Thanks! And since we both know that there is better product, it's how we will continue in helping the members. Use trustworthy software only Happy

- Collapse -
Thank You, Donna!! Yours Is

a MOST reasoned & logical clarification of the better selection process (and humbly, one I've learned to imitate)! Little wonder your advice is soooo trusted!
Love Wink

- Collapse -
Not perfect but there's no perfect process but the...

Good thing is we are "all" and "always" learning from each other....every day Wink

- Collapse -
CyberDefender

I downloaded CyberDefender several months ago and was hit by the most horrible rogue virus. It blocked me out but i was finally able to get on the web and chat with a PC Tools Spyware Doctor sales representative. They gave me their number and i called a month later and bought their anti virus program. They loaded it in my computer and it got rid of the rogue virus. I have since gotten rid of Spyware Doctor because it slowed my laptop down terribly. I use Avira AntiVir Personal which is excellent. I also use PC Tools Registry Mechanic. I use Google Chrome which i love a lot. Internet Explorer was freezing. I have read you and Donnas interaction concerning your computer. I have learned a lot from you two. I love happy endings. Take Care.

- Collapse -
AntiVir is really light to use and...

providing good detection (free or paid edition).

Sorry that you have experienced rogue infection with CyberDefender as defense. Many rogue software is missed by some good AV as well, especially if it's new or a variant that no or only few AV can detect.

We need add extra layer of protection e.g. block ads that can display malicious ads or run a malicious scripts. We also need to avoid installing plugins that we don't need or not aware of the source. Last but not the least, check the system status using on-demand scanner from reputable vendors.

Love happy endings too!

CNET Forums

Forum Info