v1.6 in VistaPE: temp files dialog woes

[JonFleming]

Don't know if this is an appropriate place, but here goes ...

I'm attempting to run Spybot 1.6 under VistaPE (a stripped down version of Vista bootable from a CD or USB stick). It's a terrific way to remove malware.

The initial "We have located ... temporary files" dialog is giving me two problems, one cosmetic and one serious.

The cosmetic problem is that the dialog box is totally unreadable. Probably a missing font; does anybody know what font that is, or do I have to try some likely candidates?

The serious problem is that I must choose "No", or else when I try to scan I get "You need to install the detection updates first by using the integrated update or the manual updater". Needless to say, the updates are installed. And, of course, "Yes" is the default and gets chosen automatically eventually. Could there possibly be an undocumented switch that skips this check? Or do I have to run it under an AutoIT script or something that can automatically click "no"?

[129260]

have you tried a complete removal of spybot?

http://www.spybot.info/en/howto/uninstall.html

And then restart the computer and install the latest version again? See if that solves the issues. If not, i use the following settings: advanced appearance: item-desktop-color-blue. (font is not selected and grayed out with desktop setting enabled) Make sure all settings are set to normal under display settings-appearance.

[JonFleming]

Um, you fail to understand ...

VistaPE is a cut-down version of Vista, based on Preinstallation Environment 2.0 and the Windows Automated Installation Kit and, in some cases, a Vista DVD. It allows you to boot the system from read-only media ... often problematic because programs don't expect that. But it's incredibly powerful for malware removal and/or system recovery, because the data on the hard disk is just that, data that is not being protected by a running OS, and rootkits can't be running, and the boot disk is un-infectable because it's read-only.

In the vast majority of cases no installation or uninstallation is or can be performed on the boot disk. To run a program in VistaPE one must figure out beforehand what files are necessary, where to put them, what registry entries are necessary, and so on.

Spybot is pretty well-behaved (1.5 didn't require any files other than what it installed in its own directory) and is "PE-aware". When run in any of the various PE-based environments, what you really want to scan and clean is the target disk's registry, not the boot disk's registry (which is the active one). Spybot detects when it's running in a PE environment and loads the target disk's registry into the active registry so it can be scanned and cleaned. Ad-Aware and HijackThis! are not so nice; they require a third-party program that does the registry loading and then calls the real program. And Ad-Aware 2007 and 2008 are downright nasty, requiring a service to be started.

So, all that said, I need/want to figure out why that dialog looks hoopy, and I can do that by guessing what font might be the missing one [e.g. Lucida Console], doing a build with that font added, booting in a VM, and seeing what Spybot does. Tedious, and it would be nice if someone could tell me the answer.

I figured out the source of the serious problem. Since the boot media is read-only, and may not be up-to-date in the malware definitions, it's nice to be able to update Spybot at run time. (Network connectivity is a whole 'nother can o' worms that I won't get in to here, but it's often possible). So one often copies all of the Spybot directory to a RAMdisk and runs it from there so it can update. It's also common to point the TEMP and TMP environment variables to the RAMdisk so programs that insist on writing to the system's temporary directory can do so. So, when Spybot fires up in that situation, it sees that there's stuff in the temporary directory, and cleans it out ... in the process deleting almost all of its own files!

[md usa spybot fan]

JonFleming:

If a registry tweak to eliminate the temporary file dialog will help, see:

• new spybot
  http://forums.spybot.info/showthread.php?t=30618

It appears that at lease one other user has had problems with the graphics in temporary file dialog, but not to the extent that you seem to:

• Unclear dialog (v1.6.0.30)
  http://forums.spybot.info/showthread.php?t=30724

[JonFleming]

Ah, thanks, that's just what I need. I can live with bad graphics if they never appear! Thanks muchly.