Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Problem with SpyBotSD 1

Status
Not open for further replies.
sggaunt

sggaunt

Programmer
Jul 4, 2001
8,620
GB
Just ran Spybot and it detected Backweb-lite (I recently got a new camera) and 'n-case'
Then the scan stopped with an error and message to remove the n-case stuff problems at reboot
At reboot the scan commenced then stopped again, I checked the registry for 'salm' and found a folder, this has now gone but spybot still wont complete a scan.
Does anyone know why spybot wont run correctly is the 180 search assistant still there and breaking it?

This artical seems to suggest that its not so easy to get rid of.
Uninstall 180 search assistant 16 pages of this!!




Steve:
A Delphi Programmer
A Feersum Endjinn indeed
 
Sort by date Sort by votes
maybe try MS AntiSpyware?

Works on Win2k and WinXP.

Computer/Network Technician
CCNA
 
Upvote 0 Downvote
Dosnt work on XP + 0 which is what I have

Steve:
A Delphi Programmer
A Feersum Endjinn indeed
 
Upvote 0 Downvote
Upvote 0 Downvote
Sorry to argue but it only supports XP SP1 and SP2.
It dosnt run on my sytem, I tried it.




Steve:
A Delphi Programmer
A Feersum Endjinn indeed
 
Upvote 0 Downvote
When was the last time you tried Windows Update?

Computer/Network Technician
CCNA
 
Upvote 0 Downvote
Steve

Have you run an HijackThis scan against the problem machine?
Analyze the log here and post it here for confirmation before acting on the analyzer's suggestions.

HTH

TazUk

[pc] Blue-screening PCs since 1998
 
Upvote 0 Downvote
Tazuk

My HiJack thi9s log show no new entry since the last clear scan.
I downloaded and ran the spysubtract evaluation it found some spyware but removed it, and now scans clear.
AdAware No Spyware.
I downloaded sysclean first run detected a leftover from SDBot file.
but subsiqunt runs (1 in safe mode show no problems)
AVG no detections.

This is the exact message I get from SpybotSD

Red triangle with message
Xuron55 The process cannot access the file C:\windows\win.ini
If I exclude Xuron55 (spyware) from the scan I get the same message at Carbrotor (Trogen)
If I exclude this same message at Interfun(Keylogger)
If I exclude that same message at Coolwebsearch (we all know what this is however The coolwebsearch tool show no infection.







Steve:
A Delphi Programmer
A Feersum Endjinn indeed
 
Upvote 0 Downvote
Hmm, I ran the log analyser tool and it said there was a problem with a hosts file(01 entry), hijack this wouldn't delete it (IE browser was still open at this time) when I close HiJack this and camme off the net this entry was gone,
still checking an address entry its not sure of.



Steve:
A Delphi Programmer
A Feersum Endjinn indeed
 
Upvote 0 Downvote
After a lot of tests (systematically excluding things from SpyBotSD) this is what I think is happening
If the following threats are excluded from the scan it will compelete.
Xuron55 (spybot)
Carbotor
Redlable
Mulitibinder
win32.Optix.c (Trogens)
Interfun (Dialer)
Coolwebsearch (Hijacker)(don't know which variant to many to exclude one by one I suspect any)

But I dont think any of these are present, what I think is happening is that something is stopping SpyBotSD from scanning win.ini (or sys.ini) and all these nastys modify this file (win.ini seems normal)
I discovered that I cannot open win.ini, when spybotSD is open in fact I cant open any file. Shut down SPybotSD and access is restored.




Steve:
A Delphi Programmer
A Feersum Endjinn indeed
 
Upvote 0 Downvote
Apologies for delay in replying Steve - got tied up trying to update a friend's website.

Which version of Spybot are you running? If it's v3.1 final there is a patch for various Spybot problems which may have an impact on INI scanning (at least according to some of the threads I've looked at on other forums). The TX patch can be found here.

HTH

TazUk

[pc] Blue-screening PCs since 1998
 
Upvote 0 Downvote

Thanks Tazuk. Yes It is 3.1. Downloading now, the machine in question is not here, so I cant try this until tonight.


Steve:
A Delphi Programmer
A Feersum Endjinn indeed
 
Upvote 0 Downvote
Hi there,

@tazuk - newest version of SpyBot S&D is at present 1.4RC2b ( still considered BETA but runs smooth and clean...

@sqquant - yes, do update, the probs could also be part of a hangup, when it attempted to clean the nasties upon bootup... besides that you may wish to do a clean install of SpyBot S&D...



Ben

If it works don't fix it! If it doesn't use a sledgehammer...
 
Upvote 0 Downvote
BigBadBen --

Yeh I'm aware of the newest version of Spybot thanks.

As yet I haven't had the time to install / test it on my sacrificial laptop, so didn't suggest it here as I tend not to recommend installs of anything I haven't tried and tested personally.

TazUk

[pc] Blue-screening PCs since 1998
 
Upvote 0 Downvote
tazuk
That patched version scans right through without any problems (I did remember to put the exclusions back!!)
Do you know anything about the history of this version?


Steve:
A Delphi Programmer
A Feersum Endjinn indeed
 
Upvote 0 Downvote
Steve -

A (very!) high-level description of the patch is here.
I've been running the patched version for some time, so it must have been out for a while. I believe it's a quick fix for a bugs in Spybot relating to DSO Exploit detection and scanning, with a library update included.

It's probably worth a scan with an online scanner like (my current favourite BitDefender) if you haven't done so already, just for peace of mind.


HTH.

TazUk

[pc] Blue-screening PCs since 1998
 
Upvote 0 Downvote
@tazuk - thought to point it out, just in case you or others did not know this...



Ben

If it works don't fix it! If it doesn't use a sledgehammer...
 
Upvote 0 Downvote
Sure np BadBigBen - I must get round to playing with it once I've got a chance.

TazUk

[pc] Blue-screening PCs since 1998
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

ChrisOfOz
  • Locked
  • Question
Lenovo startup problem please any ideas? 2
Replies
10
Views
774
Yoko Littner
Yoko Littner
shivajiboss
  • Locked
  • Question
I am getting a problem while opening up my windows
Replies
1
Views
267
2ffat
2ffat
2ffat
  • Locked
  • News
Lenovo isn't the only one with bad certificates 5
Replies
6
Views
428
2ffat
2ffat
DrB0b
  • Locked
  • Question
Crytowall 3.0 and How I dealt with it 2
Replies
7
Views
207
DrB0b
DrB0b
BionicJohn
  • Locked
  • Question
URUASY.A Ransomware Trojan - Help needed with removal
Replies
6
Views
197
BionicJohn
BionicJohn

Part and Inventory Search

Sponsor

Back
Top