My Freedom anti-spyware scanner found the spyware "CWS.LoadAdv.400" in 3 of my FS9 files, as well as in a couple of files in another sim I have, Silent Hunter 3. It also found it in the registry key where the Catalyst control centre for the ATI drivers reside. I un-installed the CCC, and it got rid of the spyware in the resistry. I needed to do a re-install of WinXP anyway as it was running like crap, so after re-formatting and re-installing WinXP, the same spyware showed up again after I freshly installed FS9, SH3, and the CCC. The spyware was found in the exact same files as before. FS9 and SH3 are on different drives other than C, but I re-formated them as well. I reinstalled them both from the CD's with no other files added.Freedom would say it deleted the spyware in all the files, and that it would complete the removal upon startup. Upon many restarts and rescans, the spyware is still there. If I delete the suspect files and scan, there is no spyware found. My Freedom AV is up to date with the latest definitions.The spyware is classed as a Hijacker, and was created on 18 Aug 05 by "Cool Web Search" from what little I can find on it. The strange thing is that it does not affect my firefox browser or the IE browser. They both are still at the home page and search pages I set, and nothing changes or gets re-directed. I am wondering why it is in program files instead of re-directing browsers, and if it can do any damage there.The affected FS9 files are:programfilesmicrosoft gamesflight simulator 9texturefaces.r8 gaspump1.r8 path.r8Does anyone know anything about this spyware, and how it can be removed? The freedom antivirus company have suggested I send them a copy of a "Hijack This" log, but wouldn't that only show if a browser is affected? I also tried Spybot search & destroy, and Adaware and they didn't find anything.Any help on this would be greatly appreciated!Thanks,Bill

Hi,You are getting false positives from your anti-spyware. I don't really think that the pilot's faces, the gas pump texture, or the path texture are infected. Spybot and Adware didn't find anything because there was nothing to find. I suggest working with Freedom to stop this.Hope this helps,JimActiveSky Sales and Supporthttp://www.hifisim.com/images/asv_dev_team.jpg http://www.hifisim.com/images/asv_proud_supporter.jpg

edit: jskorna beat me to it.

>The affected FS9 files are:>programfilesmicrosoft gamesflight simulator>9texturefaces.r8>gaspump1.r8>path.r8>Those have to be false-positives. Those are just texture files. That would be like getting Spyware hits on the Pictures that just came out of your digital camera.If your anti-spyware program has the ability you should add those 3 files to your ignore list.

I'd hate to say it, but that anti-spyware scanner is sub-par. The best ones you have to pay for, simple as that.Similar to antivirus software, the most expensive are the best and for good reason. I personally have NOD32, which costs a bit, but many regard it as the best AV in the World and it hasn't missed a single virus, including "in the wild" virus, for many years. It never reports a false positive, either, whereas even the much hyped Norton AV has reported false positives.James

Thanks for your replies guys. I do pay for the Freedom Antivirus/Antispyware through Bell Sympatico, my DSL provider.What about this spyware showing up when the Catalyst Control Centre is installed? That shows up as being in the registry. Would that be a false positive as well?

Hi,Yes it is.Hope this helps,JimActiveSky Sales and Supporthttp://www.hifisim.com/images/asv_dev_team.jpg http://www.hifisim.com/images/asv_proud_supporter.jpg

>I'd hate to say it, but that anti-spyware scanner is sub-par.>The best ones you have to pay for, simple as that.>>Similar to antivirus software, the most expensive are the best>and for good reason. I personally have NOD32, which costs a>bit, but many regard it as the best AV in the World and it>hasn't missed a single virus, including "in the wild" virus,>for many years. It never reports a false positive, either,>whereas even the much hyped Norton AV has reported false>positives.>>JamesThank god that I paid a few dollars and got an AntiVirus/Firewall/ Spyware protection that actually works properly(Trend Micro PC cillin) and doesn't start warning me that Windows Explorer, Outlook, or Teamspeak, or Excel, or some other harmless program or file is eating by harddrive. I can't believe that people would invest hundreds and hundreds of dollars in a PC, hardware, scenery, aircraft,.......the list goes on and on, and protect it with a "free" program............... If I had to reinstall Windows, or FS9, or anything else because of some freebie/substandard program / I would go bezerk......... Maybe I will see if I can hire a free security guard to protect my home.... :)

>>I'd hate to say it, but that anti-spyware scanner is>sub-par.>>The best ones you have to pay for, simple as that.>>>>Similar to antivirus software, the most expensive are the>best>>and for good reason. I personally have NOD32, which costs a>>bit, but many regard it as the best AV in the World and it>>hasn't missed a single virus, including "in the wild" virus,>>for many years. It never reports a false positive, either,>>whereas even the much hyped Norton AV has reported false>>positives.>>>>James>>>Thank god that I paid a few dollars and got an>AntiVirus/Firewall/ Spyware protection that actually works>properly(Trend Micro PC cillin) and doesn't start warning me>that Windows Explorer, Outlook, or Teamspeak, or Excel, or >some other harmless program or file is eating by harddrive. I>can't believe that people would invest hundreds and hundreds>of dollars in a PC, hardware, scenery, aircraft,.......the>list goes on and on, and protect it with a "free">program............... If I had to reinstall Windows, or FS9,>or anything else because of some freebie/substandard program />I would go bezerk......... >>Maybe I will see if I can hire a free security guard to>protect my home.... :)>>>As I said earlier, I do pay for "Freedom Antivirus/Antispyware" through my DSL providor. It is not a freebee program. It has been a pretty good service. The virus definitions are updated 4 times a day, and I have never had a problem with it for 2 years. I reinstalled WINXP and FS9 for other reasons, not because of the spyware program.

Checkout this WEB Site:http://www.spychecker.com/home.htmlTom

It could be the virus software is really-really good. Maybe the pilot isn't feeling well and has a virus. ;)

>Thanks for your replies guys. I do pay for the Freedom>Antivirus/Antispyware through Bell Sympatico, my DSL>provider.>>What about this spyware showing up when the Catalyst Control>Centre is installed? That shows up as being in the registry.>Would that be a false positive as well?>>I've been using Webroot Spysweeper for two years,I've used MS beta Spyware,I've used a trail version of Sunbelt Spyware checker--which is rated one of the best of the best.None of the three have ever turned up the files you show as spyware.David

The virus definitions are updated 4 times a dayThis is your basic problem.Any company which releases definitions 4 times a day is pushing them out faster than they can be thoroughly tested for false positives.My company downloads BETA definitions from Symantec four times each day - and distributes them to our approx half-million computers world wide - four times a day.We expect to receive false positives and through our Symantec master console, we give Symantec feedback of what we find.If you are getting definitions four times daily - you are doing BETA testing for the AV and/or Spyware definitions.I've seen false positives within the past year from every AV and anti-spyware company listed on this thread.I'll go back to something I've said many times before: R T F MI would be very surprised if the program told you to delete / remove suspect files without checking the company website to research the potential issue.I would also be very surprised if the program did not have a process for you to send them a questionable file for them to check with their much better tools.At some point we are all going to get a virus or spyware on your computers - unless we are totally isolated from the web.Having an infected computer is not cause for panic.Learn to quarantine the file, research the issue, submit the file for review and to replace the file if necessary.Another critical point is to get a second opinion.If a doctor says your tonsils are bad and have to come out - yet you've not had a sore throat in years - would you seek a second opinion?I have great trust in Symantec - having worked on a professional level with their products, their staff and their training, for almost 10 years.But I sure am not going to delete a previously known good file based on one scan by their software.I'm going to to a check with another freeware software package. If there are conflicting results - I'll wait a couple days, download new definitons for both and check again.99.9999999999% of the time - I'll find the first warning was a flase positive.Today's internet world is a vicious uncontrolled jungle. I'll take 100 false positives to stop 1 actual threat anyday.

Thanks for all the replies guys. Some good information to think about!

Hi Bill;One of the easy, first things you can do is to put the url of any site you don't want accessing your pc - in the hosts file, but pointing to the loopback IP address of your pc - which is 127.0.0.1. To make this simple you can get this ready-made for you - from:-http://www.bluetack.co.uk/forums/index.php?showtopic=8406 .. it's a good read, and while you're there, have a look at the rest of the site;Their firewall is "Protowall", and it works in hand with "BlockList". Blocklist Manager downloads the "bad guy" list (you can edit this) and then exports it to Protowall. The running software firewall reads these addresses as "deny" or "allow". This is pretty much the way a Cisco (or other) hardware firewall works in the commercial world.The secret to security is update, update, update. They're all good products, whether Symantec, AVG, Spybot, Adaware - or Windows XP w/SP2; every day this needs to happen - automatically if you can. Create checkpoints, make backup disks. It's all a pain, but the work/aggravation/financial consequences can all be substantial if it's not taken seriously. Ask the guys that run the Avsim servers!Good Luck,my 2 cents,pj