Jump to content


Recommended Posts

  • Replies 62
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Posted Images

HI Steven,

Thanks for your reply. I'd appreciate more details as to what research indicates that this respectable site and the freeware it promotes, Messenger Plus! Live distributes

When you download the software from this (official) site, you will have no annoyance factors or viruses. You are welcome to send me any logs or documentation offline as well via the email address I supplied in my original support ticket #84716. Thanks!


Community Liaison, Yuna Software

official representative for Messenger Plus! Live

Link to post
Share on other sites

Due to my normal machine going down, I've had to waste time migrating to a new one, so the report has been delayed. It should be ready within 24 hours.

My apologies for the delay.


It is indeed due to the "sponsor software" (myself and several others (aka Sandi at SpywareSucks) have documented this many times over the years).

Link to post
Share on other sites

Interesting findings.

The sponsor program in the software was removed months ago. Therefore, the current freeware is virus free and ad-free, and the last few versions shouldn't be identified as badware. The install instructions are transparent to the user. They have the choice of whether or not to install a toolbar when downloading the software. You can download the latest version (4.85) and see for yourself.

Will you be sending me a more detailed report to my email so that we can see why this is still being diagnosed seemingly incorrectly?


Link to post
Share on other sites

I'll be sending you the detailed report once finished, yes. As far as the latest version - I downloaded the file from your website so unless you're linking to the old version, it was the latest version that was tested (and I notice, whilst you say "months ago", 4.85 was only released released on: July 19th 2010 ..... , interesting, given I downloaded 4.84 on July 22nd, from the same page, using the same download link).

Link to post
Share on other sites

Do you want to change your story? Attached is a quick TUN log for 4.85, as downloaded from the following at 22:50 GMT London


And guess what's still coming with it ......... (seems we're not as daft as you'd like us to be).


Link to post
Share on other sites

Thanks for your reply.

The sponsorship program was removed as early as January 15, 2010. All versions since then (including the latest version, 4.85) have not contained anything that could be considered adware or something similar. Part of the log you sent contains a reference to Messenger Plus 3, a very old version. Before generating a new report, please make sure all previous said versions are removed from the computer. You'll find that the latest versions are transparent and malware free.

Please feel free to share your findings once again.

Link to post
Share on other sites


I'm a Malwarebytes' Anti-Malware and Messenger Plus! Live user.

Was a bit surprised when I found MAM to be blocking msgpluslive.net. So being in the middle, I'll try and help out...

Plus!'s previous optional sponsor was adware known as LOP, as detected by MysteryFCM's report.

However the sponsor has now been changed to Conduit toolbar, which a Google search tells me is certified as a 'Safe Download' by TRUSTe.




CNET also wrote an article about it.

A virustotal report shows me that only 1 out of 42 anti-virus software's detects anything, of which I believe is a false positive.

The sponsor can easily be unchecked on the installer, as seen here:


So I hope you'll consider unblocking their website. :rolleyes:


Link to post
Share on other sites

I've already read the claim of it's being the previous sponsor, and am not buying it.

Why is this you ask? Simple - the file I downloaded, downloaded the MsgPlus installer itself, then progressed to install the crapware. I can do a video of this in action if you guys don't believe me? This was NOT an old installer that was being used.


Doing a video of this in action now, so you can see for yourself ... will post when done

Link to post
Share on other sites

1. Go to msgpluslive.net

2. Click the Download button

3. Run installer

4. Select the sponsor option

You can use either CaptureBAT, Wireshark or Total Uninstall, to monitor the installation and confirm the installation of Swizzor


Installer is still running btw (over an hour since it was started), which is why the video hasn't been posted yet (slowness is likely due to a mixture of the machines specs, and the monitoring software (CamStudio + CaptureBAT) running, though the MsgPlus installer has always been horribly slow whenever I've tested it)

Link to post
Share on other sites

I don't understand why you're going by what 3 relatively unknown programs are telling you?

The forum members are trying to figure out why the 1 anti-virus program (NOD32) is confusingly still detecting it as a Swizzor, which you can read about here.

The 3 programs you mention could also be questioned. I just sent a message to Total Uninstall about it.

If it were me I'd go by what 43/44 anti-virus companies say - agreeing the installer is safe (as well as Malwarebytes itself).

Link to post
Share on other sites

You seem to be under the assumption that I'm basing my analysis on what AV's are telling me - I'm not, I've got eyes of my own.

CaptureBAT is a monitoring program, nothing more nothing less

Total Uninstall is a monitoring program, nothing more nothing less

Wireshark is a monitoring program, nothing more nothing less

None of the 3 programs are "relatively unknown" btw - they're very well known.

Follow the steps I outlined above on a clean install of Windows, or a machine without MsgPlus installed, and you'll see these results aswell.

NOD (amongst the other vendors I sent the details to) is detecting it as Swizzor because that's what it is. I've already read the thread over there, and they're under the assumption that either Esets monitoring gear is buggered, or they're using an old installer - neither of these are true. The montoring/analysis gear is just fine, and it's a brand new installer that they're using, downloaded from the URL I posted in a previous reply (by clicking the download button on msgpluslive.net).

FYI: Malwarebytes may not flag the installer, but it does flag the crapware that's installed.

Link to post
Share on other sites

Follow the steps I outlined above on a clean install of Windows, or a machine without MsgPlus installed, and you'll see these results aswell.
NOD (amongst the other vendors I sent the details to) is detecting it as Swizzor because that's what it is.

I understand they're detecting it - what I don't understand is why they're detecting it.

The Conduit sponsor is just a toolbar, right? - So why would they classify it as a Swizzor trojan?

According to F-Secure, a Swizzor trojan is:

a LOP.COM-related plugin that acts as spyware/adware and provides customized search capabilities. The download and installation occurs without a notification to the user and without the user's approval.

I'm pretty sure in the t&c of the sponsor it will say what exactly it does (i.e. add a toolbar and customized search capabilities). So forgive me if I'm wrong, but how is anything done "without the user's approval" to class it as a Swizzor trojan?

Link to post
Share on other sites


I love it. You tell 'em Steven. BTW; Remind me to never get on the wrong side of a discussion with you. :rolleyes:

Sock it to them!


Sidenote: I'm taking bets on MysteryFCM's version being correct and offering 10-1 odds. Any takers?


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.