Something ODD found in SpyBot 3

[vop]

In Settings>Ignore Products>All Products, I have just found several items with a check mark beside them. "If you check a product here, it will not be found during a scan. Use this list if you know you have some threat on your computer, but need to keep it" I did not knowingly disable checking for the following items - this is not a good state of affairs:

LSP.New.net
MySearch
New.net
SideStep

I wonder what has conspired to to disable checking for those items. Perhaps you may be wise to check for (hijacked?) ignore list items.

Thankfully, this is not the only antispyware tool I run

Vince
_____________________________________________________________
[*** If everyone is thinking alike, then somebody isn't thinking. ***]

 

[cmeagan656]

vop:

Thanks for the heads up. Mine was OK this time, but I'll be checking the ignore products settings as well as checking for updates every time I run Spybot from now on.

Cheers.

 

[vop]

I had to turn off 'Teatimer', a resident component of SpyBot in order to keep a check against 'LSP.New.net' from restoring itself after re-boot:

Tools>Resident>Resident Protection Status

Teatimer provides 'protection of over-all system settings'.

I seem to recall a lot of minor protective alerts over the last while. Maybe there is some incompatibility or vulnerability issues here. I will not be running 'Teatimer' for the time being.

Vince
_____________________________________________________________
[*** If everyone is thinking alike, then somebody isn't thinking. ***]

 

[Kesser]

Hmmm,

had only just started using teatimer after finding spysweeper slightly buggy - something i will be looking at in the morning methinks....

Thanks very much people, useful info....

Kes

 

[Wxguesser]

Glad I'm not the only one who has noticed this. I ran a scan last night and then started checking the settings and discovered several products checked for ignore. I had not checked these in the past. Re ran the scan with negative results but after reading the posts here I too will be disabling Tea Timer.



Jim W.

 

[vop]

I have found the EXACT same four (4) items on three separate machines - 1 WIN98 and 2 WINXP.

Something definitely has shown the ability to compromise SpyBot. The specific compromises are not really the issue. It is disturbing that any detection compromise is at all possible.

Vince
_____________________________________________________________
[*** If everyone is thinking alike, then somebody isn't thinking. ***]

 

[mattjurado]

Maybe this is why I have noticed ad-aware picking up on so many things after getting clean spybot scans! Its to the point I don't even bother with spybot, I have used the following procedure to clean machines recently.

1. Load ad-aware, update, scan, reboot, scan again, empty quarantine.
2. Load pest patrol, update, scan, reboot, scan again.

This has worked quite well for me. Its ridiculous to have to scan 4 times, but my personal experience has shown that if you aren't using multiple tools, you aren't clean.

Matt J.

Please always take the time to backup any and all data before performing any actions suggested for ANY problem, regardless of how minor a change it might seem. Also test the backup to make sure it is intact.

 

[karlisi]

From Spybot S&D official forum:

http://forums.net-integration.net/index.php?showtopic=21644

===============================
(...) if you go into settings and click on ignore products you will see all the products spybot scans for , with the exception of the ones which have a chekmar next to them. (...) Unfortunately, in my case there's a number of them which I did not put a check. (...)
new.net
Lsp,net
Lsp.new.net
sidestep
my search
what is
I really would like to know if I should remove those checks or not.
--------------------
teo

---------------------------------------
Group: Team Spybot S&D

These 4 entries are set to be ignored by default because these products are slowly losing their spyware status. We are considering to remove them from our database completely but want to wait and see how they develop first.

===
Karlis
ECDL; MCP