PDA

View Full Version : Spybot total shows 15225 protected, but different?



rgsmile
2006-05-07, 03:31
Hi. Would some one PLEASE answer, as to why my total of 15225 is reported on the Spybot page, after immunization???????????????? and everyone else at PCPitstop is showing 9,867 blocked.

My total must be wrong, but why?

All are running Ver 1.4.

Thanks in advance for any response.

Zenobia
2006-05-07, 12:12
Might be what's in this post:
http://forums.spybot.info/showthread.php?t=3007

My account immunized = 9867
Logged onto other account = 11653

A difference of 1786

So, 9867 + 1786 + 1786 +1786 = 15225

rgsmile
2006-05-07, 16:21
Thanks for the response.

According to your link, this is caused by multiple accounts.

I have the Administrative account and a guest account, which is turned off.

I am the only user of the HP.

Although the post says that it is not a problem, I must have 3 accounts (If I've understood your totals of [+ 1786 + 1786 +1786 ]). Since this is an error on my PC, how do I eliminate the other totals?

I do have another Pc (Dell/win98se) connected to the modem, but not a wireless setup. And, I have an external harddrive. Would these have any effect on my totals?

Confused.:confused:

Is there any "Advisor" available to please answer my question?

I should add, that my Spybot is set for default mode. The reason I added this, is to let you know that I have been given the following advice:

"Well, let me ask you this. Assuming you are running version 1.4, have you gone to "Settings/Ignore products" and unchecked *CDilla* and *Sidestep* under the "All Products" tab? Check the "Pups.sbi" and "Revision.sbi" tabs while there as well. Are you immunizing after each update?
Now try this, go to "Immunize" and click the "Undo" icon near the top. This will remove all immunization. Now click Immunize and let Spybot replace the immunizations, then run a scan and see how many you get."

So, does someone here at the Spybot Forum think I shyould follow the advice and change from default to advanced mode?

Thanks in advance for any advice.

Zenobia
2006-05-08, 09:54
Well,if you only have the one account,I'm not too sure why the immunization count is 15225.
You could try undoing immunization,then reimmunizing,and see what count you get then.
I'm not too sure why you were told to uncheck cdilla and sidestep in ignore products,that wouldn't have any affect on immunization.
I'll ask for someone else's opinion on the immunization count,and see what they think.

rgsmile
2006-05-08, 16:20
I appreciate your response.

I'll await your advice.

Do you think I should change from the default-mode to the advanced mode?

Are there any advantages, that will highten security?

md usa spybot fan
2006-05-08, 16:34
rgsmile:

I have no explanation for a count of 15225 with one user account logged on. The only thing that I can suggest is that you take a look at your registry and see if the is anything unusual in HKEY_USERS:
Go into Start > Run… > type "regedit" (no quotes) > then click "OK".
Expand HKEY_USERS by clicking the + (plus sign) in front of it.
Does your registry look like the "User accounts A" attachment?
After the 2006-05-05 updates on an Windows XP system with one user account the normal immunization count is 9867 as indicated by Zenobia (http://forums.spybot.info/member.php?u=145) (see attachement "User accounts A"). If a second user is logged on the count would normally show 11653 (see attachement "User accounts B").

rgsmile
2006-05-08, 17:09
THANKS, md usa spybot fan, for the come-back.

Mine looks like A.
S-1-5-21-XXXXXXXXXXXXXXXXXX-1003
S-1-5-21-XXXXXXXXXXXXXXXXXX-1003_Classes

(I'd have sent screenshot, but the only way I know to do that, is to use "paint".)

What next, coach?

I have not gone into Spybot and removed the immunization and then re-installed it.

md usa spybot fan
2006-05-08, 17:45
rgsmile:

I use Paint for my screen shots and save the image as a .JPG. After the image is saved it can be attached to a post by going into the "Additional Options" below posting area and in the "Attach Files" section clicking on "Manage Attachments". In the "Upload File from your Computer" section click "Browse...", navigate to the saved image and then click "Upload".

The attached files are limited to 39.1 KB, so large images are not possible. In fact that’s why I had two separate attachments in the post above.

***************

The immunization process also immunizes in these HKEY_USERS accounts:
.DEFAULT
5-1-5-18
5-1-5-19
5-1-5-20
As well as the HKEY_LOCAL_MACHINE.

As I indicated in my prior post I don't understand why your immunization count is as high as it is, although it is higher by a multiple of the number that would be added with addition users.

rgsmile
2006-05-08, 20:16
Thanks again.

So, I presume, that there is nothing to do, and/or to worry about?

rgsmile
2006-05-09, 18:48
Since I'm still getting the 15225, I'm going to re-install Spybot, but I have 2 questiosn:
(1). What is "TeaTimer", and/or, do I really need it?

(2). I'm going to get a fresh-install, rather than an over-old-install. Is this recommended, especially since I'm trying to see if my total immunization, will come out different?

I'll await any response.

Thanks again for being here to advise.

md usa spybot fan
2006-05-09, 19:02
Re: TeaTimer

In my opinion it is worth having on.

TeaTimer in general:

There are two distinct functions within TeaTimer. One is rule based the other is not:
TeaTimer Processes Monitor (Rule based).
TeaTimer monitors processes that are called or initiated in the system. If the process being called or initiated matches a list of known malicious processes in Spypot’s detection files, the process is terminated and an alert is issued to notify you and allow you to make choices as to how to handle the same process during future detections. TeaTimer terminates the application before asking because threats like toll dialers are time critical - they have to be terminated before they can connect.


TeaTimer Registry Monitor (Not rule based).
TeaTimer monitors approximately 35 registry keys. If any change is made to one of the registry keys that TeaTimer is monitoring it appears that the change is actually made to the registry. When TeaTimer recognizes that the change has been made it checks to see if there is a stored "Remember this decision" entry that covers the change. If there is, TeaTimer uses that information and just issues a pop-up notification of the action it took. If not a TeaTimer popup dialog is issued. If you "Allow change" the change nothing is done. If you "Deny change" the change the registry change is reversed (note if you exit out of the pop-up dialog it arrears that TeaTimer denies the registry change (reverses it). Checking the "Remember this decision" option during the popup dialog stores the information for that change so that similar changes in the future will be handled automatically. After you answer the pop-up dialog TeaTimer issues a pop-up notification of the action you took.

You cannot reverse any Registry change decisions ("Allow change" or "Deny change") that you make with TeaTimer. You have to redo whatever you were doing so that the Registry change is done again (or manually edit the Registry). That is why it is important to remember that:
If you allow all changes, you would be no worse off than if I didn't have Teatimer Enabled at all.
If you deny the wrong change you can adversely affect the stability, functionality and security of your system.


There is currently a bug in TeaTimer 1.4. Portions of TeaTimer's popup dialog overlay the "Allow change" and "Deny change" buttons. On my system the very top edges of the "Allow change" and "Deny change" buttons are showing and I am still able to select the options. I also can check "Remember this decision" since it is visible. If no portion of the "Allow change" and "Deny change" buttons are showing, you can answer TeaTimer's popup dialog (English language version) by pressing "A" on your keyboard for "Allow change" or "D" for "Deny change". If you close the dialog without answering "Allow change" or "Deny change" the registry change is denied. Note that if you close the popup dialog without answering "Allow change" or "Deny change" the registry change will be denied.

If you can't deal with the problem that way until it is fixed, you can:
Apply one of the workarounds found in the following pinned (Sticky) thread that fixes the pop-up dialog so the buttons are visible:
Solution to fix the pop-ups in TeaTimer
http://forums.spybot.info/showthread.php?t=122

There are (3) fixes published in that thread. They are:


The ResHacker fix published by ElPiedra (http://forums.spybot.info/member.php?u=128) here:
http://forums.spybot.info/showpost.php?p=423&postcount=1
The murdo (http://forums.spybot.info/member.php?u=440) patch published here:
http://forums.spybot.info/showpost.php?p=775&postcount=9
Or the patch originally by SyreneD (http://forums.spybot.info/member.php?u=1735) that I published here:
http://forums.spybot.info/showpost.php?p=2670&postcount=38


Disable TeaTimer as follows:
Go into Spybot > Mode > Advanced Mode > Tools > Resident.
Uncheck the following:Resident "TeaTimer" (Protection of over-all system settings) Active.

rgsmile
2006-05-09, 19:23
Thanks for the response, but Tea-Timer, sounds too complicated for me. I could screw it up by making a wrong choice. I'm just a Pc-user, not a tech.

I keep a pretty clean system with Spybot, Ad-aware, Spywareblaster, Spywareguard, Avg, Zone Alarm, Spysweeper, MicrosoftAntispyware, Win Patrol, Cleanup, CCcleaner, The "old" unsupported Regcleaner4.3 and I visit TrendMicroHousecall, if needed. I have other apps, also.

I 'surf' clean sites.

I also have HostFile, but I have to stop it every so often to enable some of my survey and point-gathering sites.

What about my question (2). I'm going to get a fresh-install, rather than an over-old-install. Is this recommended?

md usa spybot fan
2006-05-09, 23:08
Although I am doubtful that the problem will corrected by reinstalling, I personally recommend that you uninstall Spybot as follows before re-installing.

The official version:
How to uninstall?
http://www.safer-networking.org/en/faq/27.html

My recommendation:
Download sites for Spybot-S&D 1.4:
Four (4) here:Mirror Selection – The home of Spybot–S&D!
http://www.safer-networking.org/en/mirrors/index.html

Uninstall Spybot-S&D 1.4 (some items are not applicable):
Go into Spybot > Immunize
Click "Undo" button (at the top)
Uncheck (if checked) the following:
"Enable permanent blocking of bad addresses in Internet Explorer"

Go into Spybot > Mode > Advanced Mode > Tools > Resident
Uncheck (if checked) the following:
Resident "TeaTimer" (Protection of over-all system settings) Active.

Go into Spybot > Mode > Advanced Mode > Tools > IE Tweaks.
Uncheck (if checked) any of the following "Miscellaneous locks":
Lock Hosts file read-only as protection against hijackers
Lock IE start page setting against user changes (current user)
Lock IE control panel against opening from within IE (current user)


Go into Spybot > Mode > Advanced Mode > Tools > Hosts file
Click the "Remove Spybot S&D hosts list" button (at the top)

Exit Spybot-S&D
Make sure that TeaTimer is not running by checking for the TeaTimer System Tray Icon. If the icon is there:
Right click Spybot's TeaTimer System Tray Icon > click Exit Spybot-S&D Resident. TeaTimer should close.

Go to Windows > Control panel > Add or Remove Programs > Locate "Spybot – Search & Destroy 1.3" > Remove.
Using Windows explorer, verified that the following folder has been delete. If not, delete it:C:\Program Files\Spybot - Search & Destroy

Optional - If you want to make sure that all the registry entries that Spybot-S&D added during installation are removed, there is a .reg file available on the safer-networking.org WEB site that can do that. See the following article:
FAQ - Frequently Asked Questions
How to uninstall?
http://www.safer-networking.org/en/faq/27.html
The direct download link is:
remove-spybotsd-settings.reg (http://www.safer-networking.org/files/remove-spybotsd-settings.reg)
Download the file.
Double click on it
Answer Yes then OK

Optional (not recommended if you are going to reinstall) - Delete the Configuration.ini fileThe Configuration.ini file is stored in one of the following folders:
Windows 95 or 98:
C:\Windows\Application Data\Spybot - Search & Destroy
Windows ME:
C:\Windows\All Users\Application Data\Spybot - Search & Destroy
Windows NT, 2000 or XP:
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy



Reinstall Spybot-S&D 1.4:
Execute spybotsd14.exe download above.
Do not change the default installation path of:C:\Program Files\Spybot - Search & Destroy.
After the installation go into Spybot > Update
Click "Search for Updates".
Check everything found.
Click "Download Updates".
Reapply all options removed during the uninstall process.

rgsmile
2006-05-09, 23:28
I did a re-install, but I'm going to do it over, because I omitted some steps that you sugggest.

It still showed the 15225.

Thanks again for the help.