Pretty damn odd for a company like that to change into something different (or at least their name). What’s even more funny is this article by our friends at CertifiedBug.Org:

“Scan your entire computer to detect negative credit”.

PaperGhost also blogs about this here.

I have so many thoughts on this that I would just explode and keep on doing so. However due to commitments elsewhere and that fact each sentence I write is analyzed by Enigma’s lawyer’s, I’ll save this opinion of mine for a rainy day. However if you have one, tell us here!

Previous Articles About Enigma:

• Here goes … Another rant about Enigma
• SpyHunter the return leg … coming soon!
• One issue fixed, on to the next..
• Enigma’s (ESG) status a week on..
• Enigma & 411-spyware.com Update
• 411-spyware.com – The new forum spammers?

When I first started reporting about spammers on security forums, which involved Enigma Software Group at the time, I never imagined they would react as they did. We all know about the discussions at SpywareWarrior and what I managed to set straight when it came to their affiliates. And from that point we got something done about their ethics and affiliate practices. Basically some good managed to come from it.

… however what I find strange is accusing this site and others who they classed as direct “competitors” and then months later use these sites as a reference on malware.

(Click to Enlarge)

This was taken a week or so ago. In fact it’s still the same today. So you’re probably thinking what my point is. Well it’s simple …

I don’t want to act as a reference point by a company who months before accused us of being some big competitor. You can’t have ones cake and eat it.

Fine, argue your point about spamming on forums and your ethics, but don’t try and benefit from it by linking back to this site, the site you accused.

I did do something about it, I mailed the CEO of Enigma twice in as many months. So far no response. So this article is basically my next step as this cannot happen.

The above example in the image is also for Pest Capture and others. Ironically what has happened since I mailed the CEO is that the front page of this affiliate has changed somewhat. It has small description paragraphs of malware and a direct link to ESG’s software. However the pages are still in the search engines, although not directly linked in the home page.

…Final words, Enigma still need to look at how their affiliates work, how they work as a company and realise you cannot one week accuse certain communities and then happily use those communities as a positive way in order to benefit.

We also request all links to this site from any Enigma sites and affiliate sites to be removed.

Update – Our links have now been removed from the raised afiliate site in this article.

We all know about their status and what they did after I started to kick up a fuss. Yes, they followed my advice and changed all their affiliate pages to a somewhat suitable standard …

… , but …

… what I discovered is still unacceptable. Stay tuned …

Well a few days later it looks like the issues I brought to light have been changed to the way we suggested in discussions awhile ago.

This is one issue fixed, and on to the next, for Enigma. I hope they continue to monitor their affiliates and take the correct steps if things go wrong.

We will always be watching and making sure the consumer gets a fair deal!

……Now that is over with, let’s begin.

It’s been one week since discussions between the security community and the CEO of Enigma Software Group ended. With that in mind and the suggestions put forward by the community (and partly accepted by ESG) I thought I would visit those sites. The sites that at first got used to spam on forums, and second never clearly stated on their sites that the tool they recommeded was SpyHunter which you had to pay for in order to remove anything it found.

Many sites got flown about into the mix. Some owned by ESG and others by their affiliates. And some being accused for negative speech like this site. So what feedback did ESG walk away with? What suggestions did they promise to follow?

“I agree with you….. it should be. Scanner-only-tool. And a disclosure that the tool only scan.”

As you will see in the post as we go along, this hasen’t happened a week on.

“…..Enigma will comply wih the complaints and recomendations of the Internet Security Community and SpywareWarrior forum…”

These are just a few. I could go on and on if I quoted each and every promise & suggestion, but you get the idea. Besides you can always read everything at SpywareWarrior and make your own mind up.

So, what are the sites in question?:

• 411-spyware-remove.com
• 411-spyware.com
• spywareremove.com
• against-spyware.com
• anti-spyware-101.com
• spyware-escape.com
• spywarelocked.org
• xp-vista.com
• softvote.com
• 2-freespywareremoval.com
• uninstall-spyware.com
• uninstall-i-lookup.com

If I have left some out then I apologize. Some have cleaned up, but others haven’t as a week has passed.

411-spyware-remove.com:

(Click to Enlarge)

As you can see from the parts highlighted. This site clearly needs some work. Not about the naming of the tool on the site, but by stating it is an Automatic Spyware Removal Tool when infact it only becomes a removal too when you pay for it.

spywareremove.com:

(Click to Enlarge)

The name of the .exe file does state it is SpyHunter however what is highlighted clearly doesn’t state it is a free scanner.

against-spyware.com:

(Click to Enlarge)

Although the name of the .exe doesn’t indicate it’s SpyHunter, the highlighted part does. However it doesn’t state it is a free scanner, but clearly states it is a tool to remove Zlob and other spyware.

spywarelocked.org:

(Click to Enlarge)

Now this one is something that probably defines my arguement. Look at the highlighted and underscore parts:

1. Download SpywareLocked Removel Tool
2. Run a scan to detect and remove any SpywareLocked threats
3. Delete any values found by SpywareLocked scanner

… And the name of the .exe is wrong as-well. So, make your own mind up.

2-freespywareremoval.com:

(Click to Enlarge)

This site even states the tool is an Automatic Removal. Plus the .exe is totally different to the name spyhunter.exe for example. And can you see the date? March the 20th. Seven days before discussions began and now ten days after they ended, not changed.

uninstall-spyware.com:

(Click to Enlarge)

As you can see from the image it is a bit like spywarelocked.org. But worded slightly different on some areas. The other part to take note is the Tip part;

“Tip: If you are not an expert in this field, we highly recommend you use the SpywareStrike automatic removal process. You’ll run the risk of destroying your computer if you make a mistake during the manual removal process.”

The bold area is a direct link to the renamed tool that now states it is an automatic removal process. The tool you have to pay for remember, when you want to remove anything found.

uninstall-i-lookup.com:

(Click to Enlarge)

This one is the same as the previous site I mentioned only a different URL and different malware. I didn’t want you to think I was picking on SpyLocked all the time. And as you can see from the image things still need correcting.

Which sites managed to act?;

• 411-spyware.com
• anti-spyware-101.com
• spyware-escape.com
• xp-vista.com

… As far as I know. BUT that is not good enough. I’m sorry, it just clearly isn’t! Two or three days after the discussions that took place maybe. But not a full week.

I would like to point out is that this article is not about the spamming on forums we saw awhile back but about sites that are either affiliates or owned by ESG.

What if Joe Average goes to these sites and needs a quick fix to remove malware. Then after reading one of the sites above gets excited as one stated it’s an automatic removal tool/process. Ends up being disappointed because 1) he still has the malware after a scan 2) needs to fork out x amount to remove it when he may already have spent x amount by the rogue he was infected with in the first place. Wrong, wrong and WRONG! Regardless of any future plans for a trial.

My conclusion; clean those sites up! It is that simple. Then tackle the next issue.

• Changing a link; two minutes, if that.
• Changing the name of an .exe; not even a minute.

End result; better (not great) practices and ethics.

On a different note ESG did release a new press release informing their status about Symantec but also about our discussions:

“Recently, Enigma has engaged the Internet Security Community in an open discussion that included group of several smaller competitors. The discussions were positive, and many people, especially Eric Howes, offered constructive suggestions. As a result, Enigma will make some changes to their marketing, such as: offering a fully functioning free trial of SpyHunter 3.0, and stricter enforcement of rules of Affiliate Program.”

As much as I appriciate ESG cleaning up some sites, I still believe they have a lot of work to do and hope they clean up the sites I mentioned in this post. This is not to bad mouth ESG or to accuse them but to help the computer users who need quality help at the end of the day.

I’d like to point out that anyone reading this with malware trouble is welcome to get free help in removing the malware/adware/spyware by getting advice from our malware hunters in our dedicated forum. You can also chat about this here if you wish in our public forum.

*The content of this post is the opinion of the author and no one else’s. The author welcomes constructive feedback but reserves the right to remove any comments posted*

Enigma’s Press Release

Update – 28th of April 2007; – Discussions have taken place at SpywareWarrior which included many helpers of this community. You can go read and make your own opinion and mind as to what you think – HERE.

It hasn’t just affected us but other known forums on the net. The spammers tend to push a program that is claiming to remove the latest rogues like SpyLocked/SpywareLocked/SpyLocker but infact it’s a program called SpyHunter.

…….hears the penny/cent drop.

Yes the company that pushes SpyHunter is Enigma Software Group. The one that use to be on the bad Rogue/Suspect Anti-Spyware Products & Web Sites list for this reason:

“…Enigma’s SpyHunter anti-spyware application was listed on this page primarily because of the company’s history of employing aggressive, deceptive advertising…”

They hide their installer as a tool that claims to remove rogues then when you download the recommended tool from the said site you get the SpyHunter installer. If you ask me in light of this. They should be re-listed on the list above.

They go on your forum (or public service boards) and have a few different tactics to try and make it look like they are legit users. Or just spam links to whatever rogue is on at the time.

(Click to Enlarge)

If you are part of the spamming gang, do yourself a favour and stop your posts on each and every forum and public service like yahoo. It doesn’t do you any favours and more importantly the computer users. Especially now people like me blog about it. But feel free to contact me!

If you are a forum owner and wish to discuss this then you can do so in a few ways. Reply with a comment to this article or discuss it on our forum. Computer users with any infection should avoid 411-spyware.com and seek advice from helpers here or at ASAP sites. Oh and Digg it here!

More coverage: Malware Advisor

Update 26th of April 2007, more coverage inlight of Enigma’s press release here visit VitalSecurity. More coverage: Ur I.T. Mate Group