Results 1 to 7 of 7

Thread: Did Spybot mess up my computer? Please HELP

  1. #1
    Junior Member
    Join Date
    May 2008
    Posts
    2

    Default Did Spybot mess up my computer? Please HELP

    Windows XP
    HP Pavilion a1310y
    2.93 GHz
    504 MB of RAM

    Yesterday I downloaded Spybot Search & Destroy because I have a trojan giving me pop-up ads and now almost all the time Myspace, Google, Blogger, and popular email websites don't load. When I selected 'Fix selected problems' it gave me the error notification box with the X: 'Failed to load D:/Program Files/Spybot S&D\Delzip179.dll' and when I pressed OK: Unexpected error in fixing problems (out of memory). The boxes kept popping up, so I Ctrl alt Delete'd and scanned again. I think after it closed I got a bunch of prompts for me to approve the change of some important registry entries, and they had to do with the path name C:/Windows/system32, but I thought it was my system infected, so I might as well accept because Spybot was repairing only problems, not making mistakes... I became skeptical so I denied the rest. The next time I reset my computer I got these windows popping up with the black screen and the grey Courier text, having to do with C:/Windows/system32... About 50 of them popped up, and some had 'Could not find ____' (complex files of sorts).

    I reset my computer to clearly write down what happens. Before shutting down, I get the warning box: Access violation at address 694c5405. Read of address 694c5405' with a blank OK button. I click it...
    When the computer resets the black/grey windows say C:/Windows/system32/cmd.exe, C:/Windows/system32/command.com, C:/Windows/system32/ntvdm.exe on top, and ones that says 'Could not find apkgakxk.dll_old' and some with different dll-related names. These windows pop up then disappear quickly, by the way, but take a while until I can start using programs. Then the Spybot windows pop up after THAT... They say:

    Spybot Search and Destroy has detected an important registry entry has been changed
    Category: System startup user entry
    Change: Value deleted
    Entry: Spybot DeletingB8414
    Old data: command/c del C:/Windows/system32...

    and some different ones.

    The buttons 'Accept change' or 'Deny change'

    Am I supposed to click 'Accept change'? And is this known to get rid of a pop-up trojan, or can someone tell me the solution to finally removing that?

  2. #2
    Senior Member drragostea's Avatar
    Join Date
    Jan 2008
    Location
    @Home
    Posts
    3,674

    Default

    You should have posted this in the Spybot section of this forums.
    http://forums.spybot.info/forumdisplay.php?f=4

    I'll see how I can help you with the best of my knowledge.
    What version of Spybot-SD are you running? The latest version is Spybot-SD 1.5.2.20.

    The access violation message, I'm assuming you're receiving from TeaTimer when you shutdown the computer correct? By any chance are you running AVG AV?

    And the message you received from TeaTimer about the "registry change"... was it before or after you restarted the computer? What I would suggest is that you click "Allow".

    This post by spybotsandra should explain how TeaTimer (Spybot's Resident Shield works):
    ------------
    Quote Originally Posted by spybotsandra View Post
    Please read this information about TeaTimer:
    http://www.safer-networking.org/en/faq/33.html
    and http://www.safer-networking.org/en/faq/34.html
    If you surf the web and without any user interaction the teatimer pops up and warns about a registry change it is better to "deny", but if you install something by yourself it is OK to "allow" the change.
    The tutorial (point 8) on our homepage should also help explaining:
    http://www.safer-networking.org/en/tutorial/index.html
    -------------

    You can still see your desktop correct?

  3. #3
    Junior Member
    Join Date
    May 2008
    Posts
    2

    Default

    I am running the newest version. The access violation message wasn't from a program, but from my general computer - the box with the X that pops up accompanied by a sound. AND I don't know what AVG AV is...

    It didn't say 'TeaTimer' on the 'registry change' messages, only Spybot S&D by itself... And it happened before I restarted, after the first successful scan and clicking 'fix problems.' Spybot caused those black windows to come up, depending on either the small amount of times I clicked 'accept' or all of the clicking 'deny'... I want to know if Spybot possibly ever effects important dll's in the Windows/system32 folder and causes drastic problems like slow startup, those black windows popping up forever, etc... because I learned to never alter things in the Windows folder and Dll's - they're vital. So I'm confused as to whether or not saying 'accept change' causes damage or Spybot is repairing a change made by the spyware/virus/trojan.

    Also, yes I can still see my desktop fine. Although for some reason after this, my quick launch icons disappeared - the buttons at the bottom right of my Start bar.

  4. #4
    Spybot Advisor Team [Retired] md usa spybot fan's Avatar
    Join Date
    Oct 2005
    Posts
    5,859

    Default

    doctorblind:

    You should be allowing the deletion of the following type of startup entry:

    Quote Originally Posted by doctorblind View Post
    Spybot Search and Destroy has detected an important registry entry has been changed
    Category: System startup user entry
    Change: Value deleted
    Entry: Spybot DeletingB8414
    Old data: command/c del C:/Windows/system32...
    That startup entry was created by the Spybot "Fix selected problems" facility to attempt to delete a problem during your system startup. By not allowing the deletion of that particular entry it will continue to execute each time you restart your system.

    Getting an answer is one thing, learning is another.


    Microsoft Windows XP Home Edition running on a 2.40GHz IntelŪ PentiumŪ 4 Processor with 512 MB of RAM and a 533 MHz System Bus.

  5. #5
    Senior Member drragostea's Avatar
    Join Date
    Jan 2008
    Location
    @Home
    Posts
    3,674

    Default

    To add to md's post about accepting the change, also to change whether "Quick Launch" shows up, right-click on the taskbar and click on "Properties". You should be able to see what displays on your taskbar (place where START is).

  6. #6
    Junior Member
    Join Date
    Jun 2008
    Posts
    22

    Default oh noes

    I've had the exactly same problems, and the exactly same code when I restart. 694C5405. This happened to me to right after I got the evil trojan. The trojans name was Virtumonde. It said I was required to restart on the Description, and thats exactly what I did, and I get those evil numbers 694C5405. Then it started up a 20 minute search O_O. When it was back up theres like 20 registry changes by Spybot, I accepted them all. Im not sure if I still have the trojan, but I'm pretty definite that it makes wronchy stuff pop up occasionaly. I will restart my computer 1 more time and when I get back and theres still a error I will tell you guys if the trojan isnt comming off my computer.


    Edit:Mwhahhahwhaw Spybot prevails again! Mah virus is gone.... just to recieve another problem...... great......
    Last edited by DarkSoldierX; 2008-06-11 at 19:35.

  7. #7
    Senior Member drragostea's Avatar
    Join Date
    Jan 2008
    Location
    @Home
    Posts
    3,674

    Default

    The Virtuemonde trojan can be a persistent one to remove. There are countless other variants of it. Not just one by itself.

    The typical scan time for Spybot-SD (for me) would be 18 minutes. 20 minutes can be accepted as the average.

    Version 1.6 is coming up in July.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •