Exterminate It! Antimalware

blog

Known threats:699,443 Last Update:July 17, 22:52

Testimonials

Exterminate It is just a superior product. I was having all kinds of problems with Zlob.Fam, MyWebSearch and TrojanSpy.Win32.DKS. Even Norton could not get rid of them. I tried all knids of ways to get rid of them and nothing worked. This save me so much time and as well as reformatting and recovering my PC.
Thank you so much and I will reccommend your product to all of friends.

Mark K.

I consider myself pretty good with a computer, but after 10 hours of trying to do this myself, the sysguard.exe whipped me. I couldn't find all the files and when I thought I had them all, they would replicate and play hide and go seek I have never endorsed a product in a comment, but if you want to rid yourself of this stuff, pay the $24.99 and download Exterminate-It It fixed my system in 5 minutes!

Mike T.

Just want to say that apparently your Exterminate It has worked like a charm. I was infected with a most troublesome Malware Trojan that kept replicating every time McAfee found, blocked and removed it... most annoying for several days... until Mr. Google led me to your door. What a God send!

With thanks,

Tom S.

Exterminate It! Blog

The VeriSign Trust Seal

You may notice the VeriSign Trust Seal at the top right corner of our website. It means that VeriSign has confirmed our identity and exterminate-it.com site has passed the VeriSign malware scan. The biggest companies in the world secure their Web sites with VeriSign and inspire confidence by showing the VeriSign seal.

The VeriSign Trust Seal confirms that visitors of exterminate-it.com are protected from malware. VeriSign Website Malware Scan procedure is a daily review of our website to reduce the risk of infecting our customers’ computers when they browse exterminate-it.com.

Also, the VeriSign Trust Seal confirms our identity. Authentication is an established and proven process used by VeriSign that shows the world that VeriSign has verified our identity and that CURIOLAB S.M.B.A. is the rightful owner and operator of exterminate-it.com website.

Exterminate It! Code Is Signed

Exterminate It! software is sigend by VeriSign® Code Signing Certificate now.

VeriSign® Code Signing creates a digital “shrink-wrap” for code and content to protect the users when they download the code over the Internet. Digital signature authenticate the source and verify the integrity of content.

VeriSign® Code Signing Certificate protects our users by making Exterminate It! application identifiable and harder to falsify or damage with a time-stamped digital signature certified by the most trusted security brand on the Internet. Also it shows that Exterminate It! software is safe to download.

As you can see, Exterminate It! software development team are making all possible efforts to improve protection of our customers and increase their confidence.

We are working hard to improve Exterminate It! functionality, reliability and efficiency.

Here is the list of important changes in this release:

  • Malware files detection functionality on win64 platform is corrected and improved. More accurate scanning mechanism is used now for both 32 & 64 platforms;
  • Registry scanning now performed on lower level (for activated users) and it is permissions independent.
  • Corrected stability issue during Submit State report generation (when trying to opening COM1-COM3 files)

Also several less important stability issues were fixed.

Intro

Some of our customers noticed that Exterminate It! web site appeared at McAfee’s siteadvisor.com site and Web Of Trust mywot.com site. We checked this information and were surprised when we found that our web site is marked as untrustworthy. So we decided to investigate this issue.

We reviewed the comments that people leave at siteadvisor.com and mywot.com (surely useful) security sites. Most of those who commented about our web site, stated that it contains “malicious content, viruses” (mywot.com) or “adware, spyware, or viruses” (siteadvisor.com). We are absolutely sure that these people did not download or install the Exterminate It! application to check its’ functionality. It seems that they did not even read what McAfee says about the downloadable software that is hosted by and/or directly linked to our web site.

Exterminate It! executable is safe!

Take a look at the “Download tests” section of the McAfee’s siteadvisor.com site. All downloads are green! They’ve checked 32(!) executable files from our web site. Most of them are different versions of the Exterminate It! application. Their conclusion is: “In our tests, we found downloads on this site were free of adware, spyware, and other potentially unwanted programs.” No comments…

Also, Exterminate It! is presented on many respectable distribution web sites like download.com or download.cnet.com, where software is carefully checked prior to uploading.

False positives ? No!

A few people stated that Exterminate It! is malware because it makes false-positive detections. Well, using such logic, we can say that Kaspersky or Norton Antivirus are malware as well. Because ALL anti-spyware tools make false-positive detections periodically. Even the best of them. Unfortunately, false-positive detections are inevitable in our work.

What is false-positive detection? The term false positive is used when antimalware software erroneously classifies an innocuous file as malware. The incorrect detection may be due to heuristics or to an incorrect malware signature in a database.

How false positives happen

Let’s see how that may happen. For example, if a trojan (call it TerribleTrojan) installs some Dynamic Link Library (call it aaa.dll) among other files, than during analysis aaa.dll will be treated as a part of that trojan and a new entry will be added to the detection database. After that, if aaa.dll will be detected at another computer, then the user will be notified that its’ computer is infected with TerribleTrojan. But trojans are programs and they (like any program) can use absolutely harmless libraries and files for their own purposes. If aaa.dll is harmless and legitimate, then such cases will be treated as false-positive detection.

What will happen next? People, who know that aaa.dll is harmless (for example, its’ developers), will notify us and aaa.dll will be removed from our detection database. That is how it works.

We suppose that people who “blamed” Exterminate It! in false-positive detections, cannot distinguish “false-positive detections” from “fake detections”. Fake detections are tactics, which are used by rogue anti-spyware to scare the user, and trick him into purchasing the product. Rogue anti-malware “detects” non-existent items or creates files randomly and then detects them. Such items are showed to the user as trojans and spyware.

Exterminate It! reputation

Exterminate It! has been present on the market for more than 2 years. It is used by thousands of people. Exterminate It! can cope with spyware removal in many cases where other brands of antivirus/antimalware cannot. Such successful results are not accessible with “false-positive detections” and/or “fake detections” alone. Anyone who has used Exterminate It! software knows that.

We have never used false-positive detections as a marketing tactics to boost sales. Furthermore, each customer, who is not satisfied with the Exterminate It! software, can get their money back.

Host-file.net issue

What else? Someone said that Exterminate It! web site is “rogue security, fake antivirus distribution site” because it is listed at hosts-file.net. The owner of the hosts-file.net listed our web site based on its own personal opinion after arguing on one of the anti-malware forums. He has alleged that our product is “rogue” because it does not have a trial version. First of all however, we can provide anyone with a free one week trial code, i.e. anyone have possibility to check full Exterminate It! software functionality free of charge. Just contact our support first. Additionally, a free trial version of the Exterminate It! software will be available soon to the public. So, the reason of the listing is questionable.

Phishing? No!

Also, some comments blame Exterminate It! web site in phishing. This is absolute nonsense! What is “phishing”? Phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. The Exterminate It! web site does NOT process Credit Cards. All sales are made through the RegNow Affiliate Network. All payments are processed by the RegNow as well. RegNow is a big trustworthy and legitimate service provider. Even the world’s leading multi-national companies with some of the Internet’s biggest brands use RegNow services. Exterminate It! web site does not collect any confidential or sensitive data, therefore phishing fraud is impossible. So, the people who talk about phishing in regards to the Exterminate It! web site, are absolutely in error and do not understand what “phishing” means.

What other things are people concerned about? They don’t like, for example, that exterminate-it.com’s domain name is registered with so called whois protection. Whois protection is a legitimate service provided by web hosting, which allows to hide personal details listed in the WHOIS database from the public eye and thus protects identity from any type of online/offline abuse. Everyday, domain owner’s information is harvested by spammers from publicly available WHOIS database to send spam. We think that anyone has the right to protect their own identity information such as E-mail address, phone number, mailing address, etc. This is not a crime. Many respectable sites are protected by whois protection. On the contrary side, most criminals do not use whois protection – they just use false data for domains registration.

Conclusions

Well, it seems that we reviewed all the most popular “sins” of our web site. Of course, we do not pay attention to the various innocuous statements like “Looks very suspicious!” :) If our web site looks “very suspicious”, than hundreds of millions of web sites over the World look “very suspicious” as well.

Unfortunately, the reason of these attacks on the Exterminate It! web site and about Exterminate It! software are not understandable and cannot be rationally explained. Perhaps it may be some kind of paranoia, because of so much malware and scams all around the Internet. But most likely, the negative feedback is a result of unfair competition from our competitors. If it is true then we are proud that “big players” of the anti-spyware market consider us as a worthy competitor and a threat to their business. It means that we produce competitive, high quality software products.
We are trying to compete in a natural way: by improving our product, integrating newer functionality and by providing additional protection instead of using fake users to provide negative feedback about a competitors product.

Negative feedback could also be generated by malware-creators, trying to protect their “children” at any cost.

If you installed Exterminate It! software and found it useful or if you are already our customer and satisfied with our product, then we ask you to visit siteadvisor.com and/or mywot.com sites and vote for the exterminate-it.com web site.

Thank you

Note to other antimalware product creators
let’s compete in a normal way: by improving our antimalware products, including newer functionality. The use of fake comments from fake users is always a poor substitute for product quality.

Recently we discovered that Exterminate It! being detected by several antivirus / firewall products as Trojan-GameThief.Win32.Taworm.zt.

We received many complaints from our customers regarding this issue. Kaspersky, F-Secure and Zone Alarm are detecting us as trojan and blocking Exterminate It! execution.

We have contacted Kaspersky Virus Analyst Team and here is their response:


Hello,

Sorry, it was a false detection. It will be fixed in the next update.

Thank you for your help.

Regards, Vladislav Pintiysky
Virus Analyst

We would like to thank Kaspersky Analyst Team for fast reaction. Shortly Exterminate It! will be removed from their detection – stay updated.

False Positives happen very often in antimalware industry.
We inform companies that develop antimalware/antivirus software about these Exterminate It! False Detections.

If you found such False Positive Detection please let us know what antimalware/antivirus software you are using (specify the exact version and edition of the product).

Otherwise you can contact antimalware company by yourself. It would be great if you would describe your Exterminate It! – related experience in this message.

Some companies provide no-reaction to False Positives Inquiries. By this reaction you can understand the reasonability of using such antimalware products if their malware database actuality and cleanness are not maintained.

We would like to note that in Exterminate It! history our antimalware product erroneously being detected as “malware” (False Positive) by the following products under different names:

  • Kaspersky (Trojan-GameThief.Win32.Taworm.zt)
  • Zone Alarm (powered by Kaspersky) HEUR:Trojan.Win32.Generic
  • Avira (SPR/Fake.Exter.2)
  • Jiangmin (TrojanDownloader.Delf.dwh)
  • AntiVir (SPR/Fake.Exter.2)
  • McAfee-GW-Edition (Riskware.Fake.Exter.2)
  • CAT-QuickHeal (Trojan.Agent.ATV)
  • AntiVir (SPR/Fake.Exter.2)
  • eSafe (Win32.SPRFake.Exter)

Here are few examples of such detections on VirusTotal service:

link1 link2 link3

We guarantee that our software contains no malicious code. It is an entirely antimalware solution without any illegitimate functionality.

Here is 100% clean report from SoftPedia

As a temporary solution, you can disable any other antimalware software installed on your computer and report the incorrect detection/removal to the developers of these applications.

Also, you can add the Exterminate It! installation folder to the Ignore list (if this is supported by your antimalware suite)

A rootkit is a program or a set of programs designed to provide priveleged access to the computer system and, at the same time, to hide itself or it’s associated files from detection.

Historically, root kit tools appeared on Unix-like operating systems as programs that provided intruder with most privileged (root) access to the system. Today, rootkits exist for all most popular operating systems from Windows to Linux. Windows rootkits allow the attacker to gain most privileged access to the system.

Rootkits can be divided on kernel-mode and user-mode:

  1. Kernel-mode rootkits replace or modify parts of the operating system or add code to the operating system. Usually, rootkits of that type are implemented as device drivers (Windows) or loadable kernel modules (Linux). Kernel-level rootkits obtain unrestricted access to all system resources and, as a matter of fact, became a part of an operating system. That is why kernel-mode rootkits are invisible for most anti-spyware and anti-virus applications. This is most dangerous and hard to remove type of rootkits. When you are trying to remove kernel-mode rootkits, you need to operate at the lowest system level. This should be done very carefully, because every wrong action can lead to system crash. Exterminate It! successfully works on this level.
  2. User-mode rootkits intercept and replace system calls in order to protect themselves from detection and hide information about intruder. Such rootkits are implemented as dynamic link libraries (DLLs) on Windows operating system.
    User-mode rootkit hooking can be performed in different ways:
    • DLLs (libraries with executable code) can be loaded to different processes and could act on their behalf.
    • File / process patching can be used on disk or directly in memory.

Such rootkits could change behavior of regular applications.

Rootkits differ from other malicious software in their function. The main function of the rootkit is to maintain control over the infected computer system, hide itself and associated malware files and to provide access for the intruder.

Rootkit do not infect other programs like virus and it do not spread over the local network like worm. It hides from detecting software and keeps “doors open” for a malefactor, who can use infected system for malicious actions such as sending SPAM, DDoS attacks, information stealing, etc. However, a worm spreading over local area network or trojan disguised as legitimate software, may install rootkit on infected computer. Most recent infection sometimes are using combined approach when trojan installs the rootkit and afterward rootkit protects other trojans installed from the Internet.

Technically rootkit software is very complex. It can be developed only by highly qualified specialists, because a bug in such software (especially kernel-mode rootkits) may cause total system crash and make crashed system useless for malefactor’s needs. Also rootkit should effectively resist modern anti-malware scanners.

Due to their nature, rootkits are very hard to detect and even harder to remove. Re-installation of operating system only may help in some complex cases. But all is not so bad. Fortunately, some anti-malware applications already implemented anti-rootkit functionality and Exterminate It! is one of them.

Exterminate It! provides rootkit unhooking, direct disk scanning and removal techniques which are working in most cases. Also custom solutions can be provided in case of difficult rootkit infections. So you won’t be left alone in face of rootkit infection.

Note that this functionality is in beta now, but you already can turn it on on Exterminate It! Options page. Anti-rootkit functionality is available in activated Exterminate It! copies only.