Bonzai Buddy - Webroot reports it but no one else

Discussion in 'Spyware' started by *Vanguard*, Feb 21, 2004.

  1. *Vanguard*

    *Vanguard* Guest

    If I go to http://www.webroot.com/services/spyaudit_03.htm and run their
    online checker (actually it downloads and runs a local app), it reports my
    system being infected with Bonzai Buddy. However, recently updated Ad-Aware
    and Spybot don't report it. According to
    http://www.nysoclib.org/tech/tech_sheets04.html, Bonzai Buddy is probably
    spyware. Spybot's threat list doesn't list Bonzai Buddy, and it's also not
    listed at http://www.doxdesk.com/parasite/. Do Ad-Aware and Spybot use
    Bonzai Buddy? Why would Webroot think it is spyware if no one else lists
    it as such?

    When running Webroot's online spyware scanner (they have the Spy Sweeper
    product), it reports:

    a.. Spy #Alexa Toolbar -- Research In Progress
    a.. Spy #Bonzi Buddy -- Research In Progress
    a.. Spy #SmartTags -- Research In Progress
    a.. Spy #Venusseek (eros) -- Research In Progress

    Yet Alexa got removed by Ad-Aware (or maybe Spybot) and none of the others
    are reported by Ad-Aware or Spybot. It this an example of a false positive
    by Webroot? Or maybe they are lying trying to dupe users into buying their
    Spy Sweeper product. A PC Magazine article
    (http://www.pcmag.com/article2/0,4149,1524223,00.asp) that reviewed several
    anti-spyware products gave a thumbs up on Spy Sweeper, but reviews at PC
    Magazine have always been biased by their advertisers. In fact, some
    "reviews" at PC Mag aren't reviews but just a rehash of what the product's
    marketeers told PC Mag to say.
     
    *Vanguard*, Feb 21, 2004
    #1
    1. Advertisements

  2. *Vanguard*

    D11 Guest

    http://www.google.com/search?hl=en&ie=UTF-8&oe=UTF-8&q=Bonzai+Buddy&btnG=Google+Search
     
    D11, Feb 22, 2004
    #2
    1. Advertisements

  3. *Vanguard*

    *Vanguard* Guest

    "" said in
    http://www.google.com/search?hl=en&ie=UTF-8&oe=UTF-8&q=Bonzai+Buddy&btnG=Google+Search

    A Google search does NOT help. Please review what matches occur before
    spewing it as a solution. Of some of the matches:

    - PChell.com tells you to run Bonzai's uninstall program. So what? If it
    isn't installed or was spyware (which rarely provides an uninstall program),
    how you going to get rid of unknown files and registry entries. This
    article does not list what files and registry key you need to delete.
    - I could care less about prices for Bonzai Buddy.
    - Many are personal accounts of using Bonzai Buddy which could range from
    they liked it to they hated it, but none discuss the details of how it
    installs, how to uninstall it, and how to clean up any mess in settings that
    it might cause. Reading others accounts about their tribulations with
    Bonzai Buddy doesn't help me in getting rid of it.

    If Bonzai Buddy is indeed spyware, am I going to visit links that lead me to
    its web site and trust that they will uninstall their product (for which I
    can see no evidence that it is installed)? NOT!

    I had already done the Google search for Bonzai Buddy. After reading a
    couple dozens of the promising links, I came here to a community that would
    probably be more condensed in their experience and relate how to detect if
    the product was installed (other than the usual means, like looking in
    Add/Remove Programs, in the Start menues, and searching the registry) and
    how to get rid of it.

    Before touting Google as a panacea for finding a solution, at least make
    sure the search you profess to provide a list of possible solutions actually
    does lists some possible solutions. Your seach especially was worthless
    because all you searched on was "Bozai Buddy". You didn't even include
    "detect", "removal", "remove", "uninstall", or any other keyword to further
    limit the search from ALL matches that included anything with "Bonzai" and
    also had "Buddy". In fact, your search URL doesn't even look for "Bonzai
    Buddy". It only looks for any matches that have one of either "Bonzai" or
    "Buddy" or both. That includes a lot of matches just on "Buddy" and has
    nothing about "Bonzai", and includes "Bonzai" with nothing about "Buddy".
    Your URL for the search has q=Bonzai+Buddy. Even if the only search
    criteria was to find anything that mentioned Bonzai Buddy then the URL would
    have q="Bonzai+Buddy". Your URL turns up 9030 matches. Searching on
    "Bonzai Buddy" (instead of "Bonzai" or "Buddy") reduced that to 1920
    matches. Searching on '+"Bonzai Buddy" +remove' reduces that further to 772
    matches. Searching on '+"Bonzai Buddy" +uninstall" reduces down to 98
    matches. So, at least, provide a decent URL for a Google search that
    doesn't swamp the user with thousands and thousands of useless matches.
    Learn how to use Google before touting it as your solution.

    So my original questions stand. Why does Spy Sweeper say I am infected with
    Bonzai Buddy when Ad-Aware and Spybot do not? Why does Spybot not list
    anything for "Bonzai" in its threats list? From what articles I read,
    Bonzai Buddy is an old problem dating back a couple years so why are
    Ad-Aware and Spybot so out of date that they cannot detect a new infection
    of it? Did they remove it from their threats list because they thought it
    so old that no one any longer gets infected with it? Or is it Spy Sweeper
    reporting a false detection and there really is not Bonzai Buddy on my
    system? How do *I* (rather than using anti-spyware) detect if anything of
    Bonzai Buddy is on my system? What files does it install and where, and
    what registry entries does it create or modify? Is Bonzai Buddy really
    spyware, or is it simply performing the tasks it says it will do which
    Webroot misconstrues as spyware activities?
     
    *Vanguard*, Feb 22, 2004
    #3
  4. *Vanguard*

    Mike Guest

    I just looked. Bonzi Buddy is listed in Spybot S&D. Look in the "Excludes"
    listing under the All Products tab.

    --Mike
     
    Mike, Feb 22, 2004
    #4
  5. *Vanguard*

    Mike Guest

    I wonder which spelling is actually correct for this spyware. Bonzai or
    Bonzi? In Spybot, it is listed as Bonzi. How did Spy Sweeper spell it? A
    difference in spelling might be the reason that Spy Sweeper flags it but
    Spybot and Ad-Aware do not. I don't know what criteria are used by the
    programs to determine adware/spyware. Perhaps spelling makes no difference
    at all. Both spelling can be found in internet searches.

    Have you ever had the purple "buddy" pop up on your screen? If not, perhaps
    you only have a file remnant or folder on your system.

    --Mike
     
    Mike, Feb 22, 2004
    #5
  6. *Vanguard*

    *Vanguard* Guest

    "Mike" said in news:K9YZb.34563$-kc.rr.com:
    Thanks for the info. I see it there, too, inside of S&D. I was looking at
    the Threats list at S&D's web site. You no longer get to peruse a list but
    have to do a list. Searching on "bonzai", "bonzi", or just "bonz" turns up
    no matches - and yet BonziBuddy is listed in the Excludes list within the
    program. A search on "buddy" turns up "Bargain Buddy". So it looks like
    the online threats list at S&D's web site is useless.

    Spy Sweeper calls it "Bonzai Buddy". It says there is something on my
    computer for it but Ad-Aware and Spybot reporting nothing. From further
    Google searching and reading, Spy Sweeper has had some big blunders. It
    would detect spyware if you created a Finance folder under your Favorites
    (and its "fix" was to delete the folder so you would lose your URL shortcuts
    in that folder). It would detect an INF file by its filename rather than
    inspect its contents. I'll chalk this infection report from Spy Sweeper's
    online scan as more false alerts. Doesn't look like I'll be bothering to
    use that program.
     
    *Vanguard*, Feb 22, 2004
    #6
  7. *Vanguard*

    Unknown Guest

    BULLSHIIIIIIIIIIIIIITTTT!!

    I have used Adaware to get rid of that on a LOT of machines for a LONG time
    now. Spybot kicks it, too.
     
    Unknown, Feb 22, 2004
    #7
  8. *Vanguard*

    DII Guest


    Sorry. Here's a more specific search: http://tinyurl.com/2uhsf

    HTH
     
    DII, Feb 22, 2004
    #8
  9. *Vanguard*

    Mike Guest

    Just out of curiosity, I installed Spy Sweeper on my system yesterday to see
    if it might be installing the references to Bonzi Buddy, but that didn't
    happen. I then did a system scan with Spy Sweeper and it turned up both the
    Alexa Toolbar and SquireSearch. No other programs I use (14 others) have
    found these. I then found info on manual removal of these toolbars by
    editing the Windows Registry and Windows folder, and could not find any of
    the items listed in the manual removal instructions. I'll chalk these up as
    false flags, and won't use this program again until I hear of more accurate
    results. I'd hate to waste hours of my customers or my own time hunting
    down items that don't exist. Sorry, Webroot...

    --Mike
     
    Mike, Feb 23, 2004
    #9
  10. *Vanguard*

    *Vanguard* Guest

    "Mike" said in news:3ge_b.27104$-kc.rr.com:
    From what I recall reading about the Spy Sweeper blunders, the SquireSearch
    infection that it falsely reports is when you have a folder named "Finance"
    in your Favorites list. I could be wrong. My brain is blurry from all the
    reading and studying I've been doing lately. Do you have a Finance folder
    somewhere in your Favorites list? What happens if you rename it and redo a
    scan by Spy Sweeper?
     
    *Vanguard*, Feb 23, 2004
    #10
  11. *Vanguard*

    Mike Guest

    I do have a Favorites folder named Banking & Finance. As a quick test, I
    deleted the word Finance from the folder so it states "Banking &" and
    rescanned using Spy Sweeper. It still showed the Squiresearch and Alexa
    toolbars. Although I did not reboot after renaming the folder, I did close
    and restart IE.

    --Mike
     
    Mike, Feb 23, 2004
    #11
  12. *Vanguard*

    sponge Guest

    Bonzi Buddy has been targeted by SpyBot and Ad-Aware almost as long as
    those tools have been in existence. Keep in mind that you may have a
    new variant that they don't know about yet. If at all possible, submit
    whatever you have to the makers of Ad-Aware and SpyBot, including
    where you think you got it, any executables or DLL files, and as many
    registry keys as you can find. HiJackThis! should prove very useful in
    identifying these, Even a CLSID is very useful.

    Sponge
    Sponge's Secure Solutions
    www.geocities.com/yosponge
    My new email: yosponge2 att yahoo dott com
     
    sponge, Feb 23, 2004
    #12
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.