PDA

View Full Version : spybot update -again and again



effie c
02-06-2006, 10:03 AM
Hi,
:help:
for the last three weeks in my usual Friday housekeeping session, after looking for spybot updates- says one dated May 5 2006 is available--O K I download that, again, :waughh: as I have each friday since May 5- always it is 1.5 mb in size- what gives?
I run my usual scan after the so called installtion - there are no intrusions found
Why is this computer playing silly beggars?
:badpc:
I have XP sp2 included,3MHzCPU,and 40 gb h/d
effie c

smithie 38
02-06-2006, 10:37 AM
Hi Eddie

I have just updated my spybot and I have noticed mine is the same as yours. I just assumed each time they were fresh definitions to be download albeit the same size ie 1.5mbs. Cant really see any other reason as the updated definitions are installed each time.

Smithie

brig
02-06-2006, 01:32 PM
What version no. of Spybot do you have installed?

You should have 1.4, otherwise it might be the cause of failure to update

effie c
02-06-2006, 01:32 PM
Hi Roy,
it is three weeks since May 5 so why is the only update available- go back to there - it has to be the same one.
Although I had 2 intrusions in the routine Ad Aware scan there have been no such in the last two Spybot scans, although one was found the week before those two, yet, after May 5.
It almost suggests the downloads are NOT being installed even if they say thay have been.
I would have thought even one intrusion would have appeared over the last two weeks- yet not so
Any more clues, anybody
effie c

Erayd
02-06-2006, 01:36 PM
Try uninstalling/reinstalling Spybot. Perhaps you have some kind of malware that is tampering with its ability to update and/or detect malware.

Speedy Gonzales
02-06-2006, 02:07 PM
Or go here (http://www.spybot.info/en/download/index.html)

And get the 26/5 detection update. And install them.

See if it gives u anymore updates after that. When u check for updates.

And if u have the old version of Spybot, download and install 1.4.

When u updated thru Spybot, it didnt say there was a checksum error or whatever did it. Which usually means, you should try another server to update.

SurferJoe46
02-06-2006, 02:30 PM
Try uninstalling/reinstalling Spybot. Perhaps you have some kind of malware that is tampering with its ability to update and/or detect malware.
I've posted this before too:

Spybot has in the ADVANCED area, the ability to check and see if you are scanning for all known malware or not...I don't bother checking unless I have the time and it's for giggles, I just deselect all and let 'er ride from there.

I use this sequence before I run Spybot every time:

Download all new updates...if you get a hang up, then try a different site for the updates...they are listed under the down arrow next to the (whatever) site you are currently set for; just try another.

There's a catch though.....

If you leave the download manager running for Spybot, you'll get hung up even longer and you'll get mad at Spybot. Just click on the CHECK FOR UPDATES again, and the download manager will leave, letting you get the name of the updates all over again..THEN use the new download site. Repeat if it still hangs with a new site. Be sure to put checks in the boxes of the updates you want if they're not there!

Then.....go to the IMMUNIZE area and click on the box if it shows all know products are already done...just click on the green + on the header and do it again. You should see a number over 10, 277 as of today, June 01, 2006. If the number is wrong, you've got problems.

Next...go to the SETTINGS area (either by clicking on the tree area, or using the icon in the text area)...and then click on IGNORE PRODUCTS. Here you will place your pointer in the white text area, and right click and click on DESELECT ALL.

You are now ready to scan.

If you use just the beginners mode in Spybot, you'll not know if it's been messed with or is actually working at all.

effie c
02-06-2006, 03:26 PM
Hii Surfer Joe,
I have v 1.4-= I Iran a fresh search just now, in advanced mode, and there was nothing there( bar english version updates etc- and as I am a second generation Pom I don't need those ;-))
I have immunised each time I get an update.
Smithie 38 has sent me a copy of his log and in it ARE updates up to today- -- catch is I cannot see where to get that log to show
I have, as I write this, done a manual update, as you recommend- I did not see anthing fresh
effie c

effie c
02-06-2006, 04:42 PM
Hi,
Well I did as ordered and the updates are now dated including this mornings - was that a co incidence that they are now just like Smithie 38 ? or did the activities shame the updater :D
I don't know, but thanks all -I think :groan:
work, work, work,
:D
effie c

SurferJoe46
02-06-2006, 04:47 PM
The English Definitions are not for you, they are just ways that Spybot will work with your English Language version of itself....I suggest you install them. They aren't going to try to teach you English, it's just for a better interface.

I also recommend that you might try the Beta version of Spybot...it's a little more "cutting edge" in substance even though you might get a false positive from time to time.

In ADVANCED MODE go to SETTINGS, and then SETTINGS again (I know, it's redundant but the way it is!), and then drill down to WEB UPDATE, and click on DISPLAY AVAILABLE BETA VERSIONS

It'll help a little.

effie c
02-06-2006, 06:14 PM
Hi S J,
:cool:
have done all that you said, have chatted with smithie 38 on msn and he has 1 more than you for blocked files, but near enough the same---I have 3182 only - I checked the files ( after uninstalling S B and redownloading- all, including those english files, you talk about)--- re checked on updates but still l get only the above number of files

N B ( I am running in conjunction with Spybot - spyware blaster which is acknowleged and recommended by Spy bot - and that has 6000 odd blocked files of it's own -- would that bring me up to what you guys have but by a different route?
O K I will await your reply before I go for the Beta version
:badpc:
Effie c

effie c
02-06-2006, 07:01 PM
Hi SJ 46 ,
have decided to download beta as you suggest - it will take another 1/2 hour apparently- must be big even with my 3 GHz cpu etc
will still welcome comments as you find thee time please
Effie c

Speedy Gonzales
02-06-2006, 07:13 PM
??

Having a fast CPU, and if you're not on adsl, wont get you around any faster.

Or let you download files any faster.

The speed of the CPU has nothing to do with downloading files on the net.

effie c
02-06-2006, 07:28 PM
Hi
ah!but I am on BB and there apparently was 49 minutes then to download still have 30 mins to go
even with adsl
wish me luck
effie c

Speedy Gonzales
02-06-2006, 07:41 PM
Hi, ah!

But I am on BB and there apparently was 49 minutes then to download still have 30 mins to go even with adsl wish me luck

effie c

Well, in that case, its a telecom screwup, as usual :xmouth:

effie c
02-06-2006, 08:09 PM
Hi,
is this what you want?
SG ,Logfile of HijackThis v1.99.1
Scan saved at 7:04:38 PM, on 6/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\FaxTalk NetOnHold\Ftnohmgr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T 1.EXE
D:\Bin\INSTAN~1.EXE
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\CalCheck.exe
C:\WINDOWS\twain_32\CIS600X\WATCH.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
D:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\DOCUME~1\EDCHIB~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://xtra.co.nz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - (no file)
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NetOnHold] C:\Program Files\FaxTalk NetOnHold\Ftnohmgr.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [EPSON Stylus C45 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T 1.EXE /P23 "EPSON Stylus C45 Series" /O6 "USB001" /M "Stylus C45"
O4 - HKLM\..\Run: [EPSON Stylus C45 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T 1.EXE /P32 "EPSON Stylus C45 Series (Copy 1)" /O6 "USB001" /M "Stylus C45"
O4 - HKLM\..\Run: [InstantAccess] d:\Bin\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] d:\Bin\REGIST~1.EXE
O4 - HKLM\..\Run: [PE2CKFNT SE] d:\ChkFont.exe
O4 - HKLM\..\RunServices: [RegisterDropHandler] d:\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [Yahoo! Pager] D:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Photo Express Calendar Checker SE.lnk = D:\CalCheck.exe
O4 - Global Startup: Watch.lnk = C:\WINDOWS\twain_32\CIS600X\WATCH.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///D:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///D:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///D:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///D:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Speedy Gonzales
02-06-2006, 08:17 PM
Umm no, I dont want your HJT log.

effie c
02-06-2006, 08:52 PM
Hi G S,
I know I am dumb but I get the same file you rejected or a site that tells me nothing but---- is merijin .org, but where do I select that which you want
O K now what?
Effie c

SurferJoe46
03-06-2006, 02:05 AM
You are not going to be able to get protection from a different source as you feel possible from SpywareBlaster. It is an entirely different set of instructions and protection, although there is a little overlap.

If you are on DSL and you are getting 45 minutes to change/update Spybot, then there's something grossly wrong with your system. Are you using a wireless connection....it might be "shared" with another p/c that you don't know about. That's just too long to get anything from Spybot.

I suspect that you are heavily infected with something...and I notice that you are using Nortons...a bad choice for security in my opinion, but I am not alone in that arena.

You might have to do a burn-down and format a clean install to get around all this nonsense and get a purged system.

I will be out of the area (to Long Beach, CA.,) for the daylight hours of the next three days (Fri/Sat/Sun), but will get back to you in our evening time with help.....

But, before you do anything hasty...run a copy of Belarc Adviser to get a print out of what you have, including your key numbers etc...get it here:

http://www.belarc.com/free_download.html

.........for future reference in case something gets messed up.

Merjin is the newest home for Spybot......you can use the MajorGeeks site if you feel happier. I use the second Texas site from the top, as it seems to never get hang-ups. http://www.majorgeeks.com/download2471.html

While you're on that site..DO NOT click on any of the other things there. They may or may not safe to use as they are basically advertisers who want you to buy something...

Another unsafe thing to do: Using online scanners. Most times they insert all sorts of malware that can clog your system with garbage and take a big chunk of the speed outta your connection too.

Will be back in about 14 hours..bye for now.

effie c
03-06-2006, 10:22 AM
Hi Surfer Joe,Speedy Gonzales et al
Now in New Zealand we too have good surf--the wet kind :) -so Californian beaches are not as good as ours :thumbs:
You astound me with your ready access to this forum, although I should not be
I decided that Speedy Gonzales had a point- 56 mins to download what was at that time quoted as 14 mb - goodness knows where I had gone to to even start this--so I deleted all reference to spybot, using Regseeker, did a computer search as well - found nothing more relevant , went to Major Geeks as you suggested and downloaded from Australia ( our English spelling and date recording is different to american english :lol: ---4 minutes at 32kB/s not 1 as before
It works !! and now I have a log going back to March 3 and 10659 items blocked ( as against Smithie38 and Speedy G 11000 odd-- but far better than my original 3000 odd
Thank you all
:thumbs:
effie c

Speedy Gonzales
03-06-2006, 10:32 AM
Hi G S,
I know I am dumb but I get the same file you rejected or a site that tells me nothing but---- is merijin .org, but where do I select that which you want
O K now what? Effie c

Umm there is NO NEED to get HJT.

It is a link in my signature. And has been there for like the last 3 - 6 months :D

And as it says only post a log, if u have probs. The spybot prob you're having, it doesnt look like any nasties are causing it.

SurferJoe46
03-06-2006, 04:46 PM
Well..almost 14 hours later, I am glad to see that something is working for you now.....

Yes, Speed...I agree that there's not much in the HJT scan to worry about...just her ridiculous time for downloads...that's what was the puzzlement.

Anyway, all's good now...for a while anyway..TNX for the kudos...

effie c
03-06-2006, 09:10 PM
Hi ,S J
Thanks for your help- but one smartarse ( ass to you :D ) said had I changed gender? -- oooh ! the last time I looked I was NOT a woman---just read my pseudonym slowly,in syllables and it might sound better-- ;)
thanks for the laugh too
:D
Ed aka effie c

SurferJoe46
04-06-2006, 01:56 AM
Sorry..the sex-change was my bad.

I worked for a guy years ago whos wife was called "Effie"...that was my assumption...sorry.

effie c
04-06-2006, 09:37 AM
Hi S J,
:blush:
Don't worry about that in any way - I knew what I was letting myself in for way way back ( 6 years with F1)- and even people of the female gender have been caught out- some with obviously high intellect :eek: so the saying, it takes one ( woman) to know one- is wrong it appears ;)
Anyway carry on enjoying surfing in good old New Zealand- even if you have to do it electronically from your side of the Pacific
:D
Ed
PS of course you could come here - and surf-Raglan (with a lefthand break)is only 40 km away :D