Blog for hpHosts, and whatever else I feel like writing about ....

Tuesday, 16 March 2010

Dear Avira: Errr, say it ain't so .....

Going on a little hunt for new stuffage whilst the test machines image was restored, I stumbled upon a thread on the Avira forums, referencing hpHosts, nothing wrong there.

http://forum.avira.com/wbb/index.php?page=Thread&postID=920112

The post was alerting the Avira folk, to a SpyEraser variant at spyeraser-security.com (post references a different IP (91.201.28.20,AS44107 91.201.28.0/22 Prombuddetal LLC), but a lookup a few seconds ago, showed it residing at 79.135.152.150 - 150.152.135.79.microlines.lv, AS2588 79.135.128.0/19 LATNETSERVISS-AS LATNET ISP).

Given we already know SpyEraser is a rogue, I was surprised to find the following response from a member of staff on the forums;


Hang on a second .... you've admitted it's a rogue, and the program itself will be detected, but because the installer displays an EULA, the installer isn't going to be detected? Am I the only one surprised by this?

No comments: