topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Friday March 29, 2024, 4:21 am
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: CounterSpy flagged files - query  (Read 20879 times)

Carol Haynes

  • Waffles for England (patent pending)
  • Global Moderator
  • Joined in 2005
  • *****
  • Posts: 8,066
    • View Profile
    • Donate to Member
CounterSpy flagged files - query
« on: August 13, 2005, 04:29 PM »
I installed Drag & Drop to try it out and have also just installed Sunbelt's CounterSpy software and it is flagging two files which I think may be related to this app:

c:\program files\drag and drop shell robot\irunin.lng

and

c:\windows\iun6002.exe

Obviously the first one came with this utility - but I am not sure about the second.

Can you confirm if these files are supplied and if so explain what they are used for?

I am sure there is nothing sinister because they triggered a response for threats that are otherwise not present on my system (ie. none of the other files or registry entries associated with the named threats are on my system).

Cheers

Sentinel

  • Columnist
  • Joined in 2005
  • ***
  • Posts: 130
  • Generally confused
    • View Profile
    • www.donationcoder.com
    • Donate to Member
Re: CounterSpy flagged files - query
« Reply #1 on: August 13, 2005, 05:02 PM »
CounterSpy is notorious for false positives and it seems that since the acquisition of Giant by Microsoft the (CounterSpy is a rebadged Giant variant) false positives have increased further as Sunbelt (a rebadging/marketing vendor rather than a dedicated developer) have been forced to take on product deployment in-house.  I'm pretty safe to say this is a perfect example of a false positive, though it would do no harm to check with MS Anti-Spyware, SpyBot and Ad-Aware for peer confirmation.

You may also want to submit any dubious files to the excellent Jotti Malware Scanner: -

http://virusscan.jotti.org/
Designated "proofreading free" zone.
« Last Edit: August 14, 2005, 07:06 AM by Sentinel »

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 40,896
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Re: CounterSpy flagged files - query
« Reply #2 on: August 13, 2005, 05:13 PM »
these are both files related to the installer used in drag&drop robot.
quite harmless, not sure why counterspy is flagging them as risky. 

a good indication that counterspy is be wildly ridiculous is the fact that the irunin.lng is a plain text file which just contains info about captions to show in the setup program, and all you have to do is open it in a text editor to see that it is not only harmless, but devoid of anything that should even suggest a danger.  sometimes these antispyware/virus apps will react to the strangest things..

what exactly does it say?

ps - this is a good opportunity to remind me - be very careful trusting cleaning apps to properly identify spyware and stuff.
i've yet to run a registry cleaner, for example, that didnt want to remove critical entries from my registry thinking they were spyware when they weren't.  and i always wince when i see that because i wonder how many people just hit ok and let these apps mess up their computer in the name of trying to have a clean registry.

Carol Haynes

  • Waffles for England (patent pending)
  • Global Moderator
  • Joined in 2005
  • *****
  • Posts: 8,066
    • View Profile
    • Donate to Member
Re: CounterSpy flagged files - query
« Reply #3 on: August 13, 2005, 07:00 PM »
Thanks for the confirmation of the file source.

It's OK I knew they weren't going to pass my credit card details to the Taliban, just an interesting effect.

I have sent of a screaming email to Sunbelt - I'll see if they bother to reply.

I never use AntiSpy type software to do my clearing up - but they can be a useful first stop to see if there is any likely malware on your system.

Trouble is CounterSpy was recently voted the best AntiSpyware programme by a number of magazines and websites, and if people blindly believe they will have real problems with their software and systems!

The other problem I perceive (which is quite sinister) is that writers like you who produce useful little utilities and applications will start to get branded as spyware producers for no good reason (apart from companies who really can't be bothered to do their homework). I really think as a software writer that you should complain to them that their stupidity is jepardising your livelihood !!

It is interesting to note that they also flagged up infected files as supplied in:

Britannica 2005
MS Visual Studio 6 Pro
Cakewalk Sonar
Google Earth


FWIW the messages produced relevant to Drag&Drop are:

2020Search Browser Plug-in  more information...
Details: 2020Search is an Internet Explorer search toolbar with a silent update feature and also bundles additional adware such as ShopNav.
Status: Ignored
Elevated spyware - Elevated threats are usually threats that fall into the range of adware in which data about a user's habits are tracked and sent back to a server for analysis without your consent or knowledge.

Infected files detected
c:\windows\iun6002.exe

Mass IM Adware  more information...
Status: Ignored
Moderate spyware - Moderate threats may profile users online habits or broadcast data back to a server with 'opt-out' permission. In most cases this type of threat is more along the lines of commercial type adware that offer a premium service in exchange for tracking your user online performance.

Infected files detected
c:\program files\drag and drop shell robot\irunin.lng

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 40,896
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Re: CounterSpy flagged files - query
« Reply #4 on: August 13, 2005, 10:10 PM »
what's probably happened, and the way these things tend to happen is that there is some spyware or adward they discover, and they try to pick a piece of it that identifies it, and they end up flagging other similar stuff with the same brush.

you can rest assured i would NEVER put any adware, spyware, etc. in any program i wrote. EVER.

at least its not an antivirus false alarm - occasional an antivirus will flag a program unfairly and its a nightmare because suddenly the author of the program is inundated with people freaking out..

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 40,896
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Re: CounterSpy flagged files - query
« Reply #5 on: August 13, 2005, 10:12 PM »
btw - for unrelated reasons i now use the nice freeware installer tools Inno Setup, so this won't be an issue for future versions of drag&drop.

Carol Haynes

  • Waffles for England (patent pending)
  • Global Moderator
  • Joined in 2005
  • *****
  • Posts: 8,066
    • View Profile
    • Donate to Member
Re: CounterSpy flagged files - query
« Reply #6 on: August 14, 2005, 06:04 AM »
Thanks - that's fine I wasn't actually worried.

Out of curiosity only what is c:\windows\iun6002.exe for?

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 40,896
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Re: CounterSpy flagged files - query
« Reply #7 on: August 14, 2005, 09:04 AM »
the way these install programs work is when they install a program they copy the files onto your computer, along with an UNINSTALLER helper program.  iun6002.exe is the uninstaller helper utility for all programs installed using SetupFactory v6.00.2 (or something like that).

so when you tell windows to uninstall find&run robot, that uninstaller helper program iun6002.exe gets run, it figures out which files it should remove from your computer and removes them.

(different installers put their uninstaller helper utility in different places.  for example the new inno setup installer i use creates a file called:
unins000.exe, and puts it in the application directory when it installs it.  setup factory decided to use c:\windows\ presumably so that you would only have to have this utility once on your hard drive for all programs installed with setup factory.)

Carol Haynes

  • Waffles for England (patent pending)
  • Global Moderator
  • Joined in 2005
  • *****
  • Posts: 8,066
    • View Profile
    • Donate to Member
Re: CounterSpy flagged files - query
« Reply #8 on: August 14, 2005, 02:02 PM »
Thanks - that's helpful ;)