Results 1 to 9 of 9

Thread: No idea how to submit OpenSBI file, submitting here then and suggesting one feature.

  1. #1
    Senior Member
    Join Date
    Jul 2006
    Location
    Croatia
    Posts
    735

    Default No idea how to submit OpenSBI file, submitting here then and suggesting one feature.

    I've made an experimental OpenSBI detection for RegCleanPro from SysTweak as PUPS due to aggressive advertising. I've used InCtrl5 to track changes, then optimized a bit, but for now it's not really special.

    However, I don't have any idea how to post it in OpenSBI Files forum as it's locked for posting by default. I've tried to use Login option in OpenSBI Editor, but it fails like shown in picture, even if login is valid.

    QFKzqHu.png

    How I'm supposed to submit it?

    Anyway, here's the code if you want to check it out:

    Code:
    // info: RegCleanPro
    // author: Tom.K
    // date: 2014-02-20 (2.0)
    // copyright: (c) 2014 Safer-Networking Ltd. All rights reserved.
    // count: 124
    // reverse engineering prohibited!
    
    :: RegCleanPro
    // {Cat:PUPS}{Cnt:1}
    // {Det:Tom.K,2014-02-20}
    
    
    // {Cat:Test}{Cnt:1}
    // {Det:Tom.K,2014-02-20}
    RegyKey:"<$REG_SETTINGS>",HKEY_CURRENT_USER,"\Software\","systweak"
    RegyValue:"<$REG_SETTINGS>",HKEY_CURRENT_USER,"\Software\systweak","MachineID"
    RegyKey:"<$REG_SETTINGS>",HKEY_CURRENT_USER,"\Software\systweak\","RegClean Pro"
    RegyValue:"<$REG_SETTINGS>",HKEY_CURRENT_USER,"\Software\systweak\RegClean Pro","ErrorCount"
    RegyKey:"<$REG_SETTINGS>",HKEY_CURRENT_USER,"\Software\systweak\RegClean Pro\","Version *"
    RegyValue:"<$REG_SETTINGS>",HKEY_CURRENT_USER,"\Software\systweak\RegClean Pro\Version *","TrialType"
    RegyValue:"<$REG_SETTINGS>",HKEY_CURRENT_USER,"\Software\systweak\RegClean Pro\Version *","StrLatestRestorePoint"
    RegyValue:"<$REG_SETTINGS>",HKEY_CURRENT_USER,"\Software\systweak\RegClean Pro\Version *","StrLatestRegDefrag"
    RegyValue:"<$REG_SETTINGS>",HKEY_CURRENT_USER,"\Software\systweak\RegClean Pro\Version *","StrLastStartupOpt"
    RegyValue:"<$REG_SETTINGS>",HKEY_CURRENT_USER,"\Software\systweak\RegClean Pro\Version *","StrLastScanResults"
    RegyValue:"<$REG_SETTINGS>",HKEY_CURRENT_USER,"\Software\systweak\RegClean Pro\Version *","StrLastScan"
    RegyValue:"<$REG_SETTINGS>",HKEY_CURRENT_USER,"\Software\systweak\RegClean Pro\Version *","StrLastOptimizeTime"
    RegyValue:"<$REG_SETTINGS>",HKEY_CURRENT_USER,"\Software\systweak\RegClean Pro\Version *","StartWhenWinBoots"
    RegyValue:"<$REG_SETTINGS>",HKEY_CURRENT_USER,"\Software\systweak\RegClean Pro\Version *","StartScan"
    RegyValue:"<$REG_SETTINGS>",HKEY_CURRENT_USER,"\Software\systweak\RegClean Pro\Version *","StartMinimized"
    RegyValue:"<$REG_SETTINGS>",HKEY_CURRENT_USER,"\Software\systweak\RegClean Pro\Version *","StartAutoTutorial"
    RegyValue:"<$REG_SETTINGS>",HKEY_CURRENT_USER,"\Software\systweak\RegClean Pro\Version *","StartAutoScanPMUI"
    RegyValue:"<$REG_SETTINGS>",HKEY_CURRENT_USER,"\Software\systweak\RegClean Pro\Version *","StartAutoScanOnLaunch"
    RegyValue:"<$REG_SETTINGS>",HKEY_CURRENT_USER,"\Software\systweak\RegClean Pro\Version *","SetEnableSound"
    RegyValue:"<$REG_SETTINGS>",HKEY_CURRENT_USER,"\Software\systweak\RegClean Pro\Version *","SetChkSkipEmptyKeys"
    RegyValue:"<$REG_SETTINGS>",HKEY_CURRENT_USER,"\Software\systweak\RegClean Pro\Version *","SetChkREmovableMedia"
    RegyValue:"<$REG_SETTINGS>",HKEY_CURRENT_USER,"\Software\systweak\RegClean Pro\Version *","SetChkDontShowRedTrayPopup"
    RegyValue:"<$REG_SETTINGS>",HKEY_CURRENT_USER,"\Software\systweak\RegClean Pro\Version *","ScheduledTime"
    RegyValue:"<$REG_SETTINGS>",HKEY_CURRENT_USER,"\Software\systweak\RegClean Pro\Version *","RegErrsFixedTillDate"
    RegyValue:"<$REG_SETTINGS>",HKEY_CURRENT_USER,"\Software\systweak\RegClean Pro\Version *","RegErrsFixedLast"
    RegyValue:"<$REG_SETTINGS>",HKEY_CURRENT_USER,"\Software\systweak\RegClean Pro\Version *","RegErrFoundTillDate"
    RegyValue:"<$REG_SETTINGS>",HKEY_CURRENT_USER,"\Software\systweak\RegClean Pro\Version *","NumTimesRCPRunned"
    RegyValue:"<$REG_SETTINGS>",HKEY_CURRENT_USER,"\Software\systweak\RegClean Pro\Version *","ImprovementProgram"
    RegyValue:"<$REG_SETTINGS>",HKEY_CURRENT_USER,"\Software\systweak\RegClean Pro\Version *","GoToSystemTrayOnClose"
    RegyValue:"<$REG_SETTINGS>",HKEY_CURRENT_USER,"\Software\systweak\RegClean Pro\Version *","FirstRun"
    RegyValue:"<$REG_SETTINGS>",HKEY_CURRENT_USER,"\Software\systweak\RegClean Pro\Version *","CurrentScanTime"
    RegyValue:"<$REG_SETTINGS>",HKEY_CURRENT_USER,"\Software\systweak\RegClean Pro\Version *","AutoRepair"
    RegyKey:"<$REG_SETTINGS>",HKEY_CURRENT_USER,"\Software\systweak\RegClean Pro\Version *\","LANG"
    RegyValue:"<$REG_SETTINGS>",HKEY_CURRENT_USER,"\Software\systweak\RegClean Pro\Version *\LANG","LangID"
    RegyValue:"<$REG_SETTINGS>",HKEY_CURRENT_USER,"\Software\systweak\RegClean Pro\Version *\LANG","LangCode"
    RegyKey:"<$REG_SETTINGS>",HKEY_CURRENT_USER,"\Software\systweak\","ssd"
    RegyValue:"<$REG_SETTINGS>",HKEY_CURRENT_USER,"\Software\systweak\ssd","ASOBUILDFOR"
    RegyValue:"<$REG_SETTINGS>",HKEY_CURRENT_USER,"\Software\systweak\ssd","ASO3CAM"
    RegyValue:"<$REG_SETTINGS>",HKEY_CURRENT_USER,"\Software\systweak\ssd","ASO3AFFILIATE"
    RegyKey:"<$REG_UNINSTALL>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\","RegClean Pro_is[0-9]"
    RegyValue:"<$REG_UNINSTALL>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is[0-9]","URLInfoAbout"
    RegyValue:"<$REG_UNINSTALL>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is[0-9]","UninstallString"
    RegyValue:"<$REG_UNINSTALL>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is[0-9]","QuietUninstallString"
    RegyValue:"<$REG_UNINSTALL>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is[0-9]","Publisher"
    RegyValue:"<$REG_UNINSTALL>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is[0-9]","NoRepair"
    RegyValue:"<$REG_UNINSTALL>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is[0-9]","NoModify"
    RegyValue:"<$REG_UNINSTALL>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is[0-9]","MinorVersion"
    RegyValue:"<$REG_UNINSTALL>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is[0-9]","MajorVersion"
    RegyValue:"<$REG_UNINSTALL>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is[0-9]","InstallLocation"
    RegyValue:"<$REG_UNINSTALL>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is[0-9]","InstallDate"
    RegyValue:"<$REG_UNINSTALL>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is[0-9]","Inno Setup: User"
    RegyValue:"<$REG_UNINSTALL>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is[0-9]","Inno Setup: Setup Version"
    RegyValue:"<$REG_UNINSTALL>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is[0-9]","Inno Setup: Language"
    RegyValue:"<$REG_UNINSTALL>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is[0-9]","Inno Setup: Icon Group"
    RegyValue:"<$REG_UNINSTALL>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is[0-9]","Inno Setup: App Path"
    RegyValue:"<$REG_UNINSTALL>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is[0-9]","HelpLink"
    RegyValue:"<$REG_UNINSTALL>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is[0-9]","DisplayVersion"
    RegyValue:"<$REG_UNINSTALL>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is[0-9]","DisplayName"
    RegyValue:"<$REG_UNINSTALL>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is[0-9]","DisplayIcon"
    RegyKey:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\","Systweak"
    RegyValue:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Systweak","MachineID"
    RegyKey:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Systweak\","Params"
    RegyValue:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Systweak\Params","utm_source"
    RegyValue:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Systweak\Params","utm_medium"
    RegyValue:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Systweak\Params","utm_campaign"
    RegyValue:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Systweak\Params","affiliateid"
    RegyKey:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Systweak\","RegClean Pro"
    RegyKey:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Systweak\RegClean Pro\","Version *"
    RegyValue:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Systweak\RegClean Pro\Version *","utm_source"
    RegyValue:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Systweak\RegClean Pro\Version *","utm_medium"
    RegyValue:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Systweak\RegClean Pro\Version *","utm_campaign"
    RegyValue:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Systweak\RegClean Pro\Version *","TELNOSPAIN"
    RegyValue:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Systweak\RegClean Pro\Version *","TELNO"
    RegyValue:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Systweak\RegClean Pro\Version *","RENEWALURL"
    RegyValue:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Systweak\RegClean Pro\Version *","RCPURL"
    RegyValue:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Systweak\RegClean Pro\Version *","MaxFixLimit"
    RegyValue:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Systweak\RegClean Pro\Version *","LaunchASP"
    RegyValue:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Systweak\RegClean Pro\Version *","InstallASP"
    RegyValue:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Systweak\RegClean Pro\Version *","InstallAmazon"
    RegyValue:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Systweak\RegClean Pro\Version *","FirstTimeASPFired"
    RegyValue:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Systweak\RegClean Pro\Version *","FireAmazonOffered"
    RegyValue:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Systweak\RegClean Pro\Version *","Expired"
    RegyKey:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Systweak\RegClean Pro\Version *\","LANG"
    RegyValue:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Systweak\RegClean Pro\Version *\LANG","LangID"
    RegyKey:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Systweak\","ssd"
    RegyValue:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Systweak\ssd","ASOBUILDFOR"
    RegyValue:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Systweak\ssd","ASO3CAM"
    RegyValue:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Systweak\ssd","ASO3AFFILIATE"
    Directory:"<$DIR_PROGGROUP>","<$COMMONPROGRAMS>\RegClean Pro"
    File:"<$FILE_GROUPENTRY>","<$COMMONPROGRAMS>\RegClean Pro\Uninstall RegClean Pro.lnk","filesize=722"
    File:"<$FILE_GROUPENTRY>","<$COMMONPROGRAMS>\RegClean Pro\Register RegClean Pro.lnk","filesize=763"
    File:"<$FILE_GROUPENTRY>","<$COMMONPROGRAMS>\RegClean Pro\RegClean Pro.lnk","filesize=737"
    File:"<$FILE_GROUPENTRY>","<$COMMONDESKTOP>\RegClean Pro.lnk","filesize=725"
    Directory:"<$DIR_APPDATA>","<$COMMONAPPDATA>\systweak"
    Directory:"<$DIR_APPDATA>","<$COMMONAPPDATA>\systweak\RegClean Pro"
    Directory:"<$DIR_APPDATA>","<$COMMONAPPDATA>\systweak\RegClean Pro\Version *"
    File:"<$FILE_DATA>","<$COMMONAPPDATA>\systweak\RegClean Pro\Version *\TempHLList.rcp"
    File:"<$FILE_DATA>","<$COMMONAPPDATA>\systweak\RegClean Pro\Version *\results.rcp"
    File:"<$FILE_DATA>","<$COMMONAPPDATA>\systweak\RegClean Pro\Version *\log_*.log"
    File:"<$FILE_DATA>","<$COMMONAPPDATA>\systweak\RegClean Pro\Version *\ExcludeList.rcp"
    File:"<$FILE_DATA>","<$COMMONAPPDATA>\systweak\RegClean Pro\Version *\eng_rcp.dat"
    Directory:"<$DIR_APPDATA>","<$COMMONAPPDATA>\systweak\ssd"
    File:"<$FILE_EXE>","<$COMMONAPPDATA>\systweak\ssd\SSDPTstub.exe","filesize=580816"
    Directory:"<$DIR_PROG>","<$PROGRAMFILES>\RegClean Pro"
    File:"<$FILE_LIBRARY>","<$PROGRAMFILES>\RegClean Pro\xmllite.dll","filesize=126976"
    File:"<$FILE_UNINSTALLER>","<$PROGRAMFILES>\RegClean Pro\unins000.msg","filesize=22701"
    File:"<$FILE_UNINSTALLER>","<$PROGRAMFILES>\RegClean Pro\unins000.exe","filesize=1199960"
    File:"<$FILE_UNINSTALLER>","<$PROGRAMFILES>\RegClean Pro\unins000.dat","filesize=81711"
    File:"<$FILE_DATA>","<$PROGRAMFILES>\RegClean Pro\*_uninst*.ini"
    File:"<$FILE_DATA>","<$PROGRAMFILES>\RegClean Pro\*_rcp*.ini"
    File:"<$FILE_EXE>","<$PROGRAMFILES>\RegClean Pro\systweakasp.exe","filesize=591896"
    File:"<$FILE_EXE>","<$PROGRAMFILES>\RegClean Pro\SSDPTstub.exe","filesize=580816"
    File:"<$FILE_EXE>","<$PROGRAMFILES>\RegClean Pro\RegCleanPro.exe","filesize=7911256"
    File:"<$FILE_LIBRARY>","<$PROGRAMFILES>\RegClean Pro\RegCleanPro.dll","filesize=1650688"
    File:"<$FILE_UNINSTALLER>","<$PROGRAMFILES>\RegClean Pro\RCPUninstall.exe","filesize=537432"
    File:"<$FILE_LIBRARY>","<$PROGRAMFILES>\RegClean Pro\isxdl.dll","filesize=157016"
    File:"<$FILE_PICTURE>","<$PROGRAMFILES>\RegClean Pro\install_left_image.bmp","filesize=156296"
    File:"<$FILE_INSTALLER>","<$PROGRAMFILES>\RegClean Pro\Cloud_Backup_Setup_Intl.exe","filesize=73840"
    File:"<$FILE_INSTALLER>","<$PROGRAMFILES>\RegClean Pro\Cloud_Backup_Setup.exe","filesize=73824"
    File:"<$FILE_EXE>","<$PROGRAMFILES>\RegClean Pro\CleanSchedule.exe","filesize=101208"
    File:"<$FILE_EXE>","<$WINDIR>\system32\roboot.exe","filesize=18776"
    File:"<$FILE_DATA>","<$WINDIR>\Tasks\RegClean Pro_UPDATES.job","filesize=272"
    File:"<$FILE_DATA>","<$WINDIR>\Tasks\RegClean Pro_DEFAULT.job","filesize=264"
    I want to improve detection to make more dynamic scan, but filesize as condition is weak as if it gets updated, it won't be flagged as detection. One way would be to set condition to higher or equal to. Another way would be to search string in executables so that they could be easily detected, but I have to find specific string which won't be changed. Even though RegCleanPro isn't updated a lot, I want to do it just for prevention purposes.

    In addition I want to configure how Spybot should detect Program Files folder. If RegCleanPro is installed on some other folder, detection will fail. To solve this issue, I could fetch install path from registry values from uninstaller to make it possible to detect path properly. If possible, there could be other ways of detecting paths, like fetching install path from some files in Application Data folder or similar.

    For example, Registry String Value in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegCleanPro","UninstallString"
    Contains following data:
    "C:\InstalledLocation\unins000.exe"

    I can use that data to detect files and folder by defining it as some user-defined variable.

    And instead of this:

    Directory:"<$DIR_PROG>","<$PROGRAMFILES>\RegClean Pro"
    File:"<$FILE_EXE>","<$PROGRAMFILES>\RegClean Pro\systweakasp.exe","filesize=591896"

    I could add this:

    UserRegPath:"HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is[0-9]","UninstallString","<$INSTALLDIR>","\uninst[0-9].exe"

    First value would be key location, second string value, third user-defined name of path to be used, and last for defining the end of folder location, so that executable path and anything else after it gets ignored.

    And then I could use this:

    Directory:"<$DIR_PROG>","<$INSTALLDIR>"
    File:"<$FILE_EXE>","<$INSTALLDIR>\systweakasp.exe","filesize=591896"

    This is just a suggestion, though, it might be still complicated.

    Waiting for reply.

  2. #2
    Senior Member
    Join Date
    Sep 2006
    Posts
    456

    Default

    Quote Originally Posted by Tom.K View Post
    However, I don't have any idea how to post it in OpenSBI Files forum as it's locked for posting by default. I've tried to use Login option in OpenSBI Editor, but it fails like shown in picture, even if login is valid.

    QFKzqHu.png

    How I'm supposed to submit it?
    Hello Tom,

    Submitting via the OpenSBI Editor is the correct way to post your SBI files. I get this error message when I enter a wrong password. The login works when I enter the correct password. Maybe you just made a typo when entering your password?

    Thank you for the SBI file. I am no malware analyst though. So I leave replying to the remainder of your message to someone else.

    daemon

  3. #3
    Member of Team Spybot (m/f)'s Avatar
    Join Date
    Feb 2006
    Posts
    294

    Default

    Hi Tom,

    I think the rules are quite good for a first approach. There are ways to make rules more generally, like using a filerange (filesize>=x,filesize<=y). The idea of a variable pathID for detecting installation paths is a very good idea. There is a website where (nearly) everything is documented: http://wiki.spybot.info. There is also the possibility to work with environments and save some regular expression in variables, for example. This should help here.
    (m/f)

  4. #4
    Senior Member
    Join Date
    Jul 2006
    Location
    Croatia
    Posts
    735

    Default

    Quote Originally Posted by daemon View Post
    Hello Tom,

    Submitting via the OpenSBI Editor is the correct way to post your SBI files. I get this error message when I enter a wrong password. The login works when I enter the correct password. Maybe you just made a typo when entering your password?

    Thank you for the SBI file. I am no malware analyst though. So I leave replying to the remainder of your message to someone else.

    daemon
    After resetting password, re-logging, changing password again, re-logging, still nothing.

    Quote Originally Posted by (m/f) View Post
    Hi Tom,

    I think the rules are quite good for a first approach. There are ways to make rules more generally, like using a filerange (filesize>=x,filesize<=y). The idea of a variable pathID for detecting installation paths is a very good idea. There is a website where (nearly) everything is documented: http://wiki.spybot.info. There is also the possibility to work with environments and save some regular expression in variables, for example. This should help here.
    I'm using it to check how to use some commands. Though, algorithm prefixes might be still confusing for me as I don't have enough examples in commands in case I want to try more prefixes for one command.

  5. #5
    Senior Member
    Join Date
    Sep 2006
    Posts
    456

    Default

    Quote Originally Posted by Tom.K View Post
    After resetting password, re-logging, changing password again, re-logging, still nothing.
    I cannot reproduce this problem. :( Which Windows version and which Spybot version do you use?

    daemon

  6. #6
    Senior Member
    Join Date
    Jul 2006
    Location
    Croatia
    Posts
    735

    Default

    Quote Originally Posted by daemon View Post
    I cannot reproduce this problem. :( Which Windows version and which Spybot version do you use?

    daemon
    Windows 7 x64 SP1, Spybot 2.2.21.0

    I've tried to capture packet with WireShark and it's sending my username as this: "Tom%252EK".

    Is it possible that's the reason why I can't login properly?

  7. #7
    Senior Member
    Join Date
    Sep 2006
    Posts
    456

    Default

    Quote Originally Posted by Tom.K View Post
    Windows 7 x64 SP1, Spybot 2.2.21.0

    I've tried to capture packet with WireShark and it's sending my username as this: "Tom%252EK".

    Is it possible that's the reason why I can't login properly?
    Hello Tom.K,

    I was on vacation for three weeks, so I could not continue on this thread. Sorry for the delay!

    "Tom%252EK" looks like Tom.K was URL-encoded twice, which would be a bug in Spybot's OpenSBI editor. I will try to reproduce this bug with our latest internal build and then write a bug report about it.

    This would also explain why this works for other users like me who do not have characters in their user name that change when URL-encoded.

    daemon

  8. #8
    Senior Member
    Join Date
    Sep 2006
    Posts
    456

    Smile Fixed!

    PepiMK just fixed this bug, so the login with "special" characters should work again with Spybot 2.3 final.

    daemon

  9. #9
    Senior Member
    Join Date
    Jul 2006
    Location
    Croatia
    Posts
    735

    Default

    Thanks for notifying. I'll wait for 2.3 release then.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •