Why does Spybot View my screen

S

Sirtokalott

New member
I am running SnoopFree and when I start Spybot it advises that it is trying to view my screen. Can anyone please tell me why Spybot is viewing my screen or explain why I am getting this warning
 
It looks to me that you are running the anti-keylogger program SnoopFree.

I haven't tested the program yet, but I'll give it a run in the next half-an-hour. I'll tell you the results.

By the way, what version of Spybot-SD (HELP>ABOUT) are you running? I'm assuming you are running Windows XP OS.
 
Tested.

In my personal opinion, SnoopFree isn't even a good program at all.

I've tested... it was a small file, however it prompted me to reboot after installation and removal.

I executed Spybot-SD and as you said, SF alerted me of a moderate level risk. I see that as a false positive. Spybot-SD is NOT a keylogger and is NOT bundled with spyware or anything associated with that. SaferNetworking is dedicated to remove malware.

SF was lasted updated in 2004 (1.0.7). It acts more like SpywareGuard. Even though with definitions from 2004, SG is robust and offers spyware and hijack protection.
--
http://forums.spybot.info/showpost.php?p=203157&postcount=3
--

If you would like an alternative to SF, use SG.
 
Screen Viewing

The version I am running is 1.5.2.0.

I am more than happy with Spybot and think it is an excellent programme. I also am aware that there are ligitimate reasons that a programme may screen view. I very much doubt there is anything dodgy going on with Spybot. I'm just curious to see if anyone knows why Spybot causes this alert
 
SnoopFree Vs SpywareGuard

Based on reviews by Cnet and also the users of both programmes, I would have to conclude that SnoopFree is the better software. Yes it had quite a few bad reviews but almost all related to problems running the software. It looks like it's not compatible with Vista. As it runs fine on my PC (XP), I think it will be worthwhile.

I would however still like to hear from anyone who can explain why SpyBot causes a screen viewing alert.

Does it scan what's currently running in the memory?
Does it do some form of initial check as it loads?

Certainly when I block it from screen viewing, it still works fine
 
I believe it is a false positive. I use other monitoring programs, and none of them have alerted me of a screenview from Spybot. However, I have seem "keyboard" views from Comodo's DEFNESE + (HIP application).

What I don't like about SF's site is that it generates a sense of paranoia. Correct me if I'm wrong...

I can believe it is a false positive and you can safely ignore the warning.

The reviews from Cnet aren't really that recent/modern.

The bars you see on Spybot, indicates a boot up (Spybot is loading).
 
Drrrag, not just a boot-up, it -does- do other things as well (plays around with the hosts file, for one. not sure why but it does!) - Chris
 
Screen Viewing

I haven't ever looked at SF's website I just downloaded from Cnet. As I say I trust Spybot and have had great results using it with AVG and Glary Utilities. I'm just after an explanation as to why it provides the false positive. As I say once I block the viewing, Spybot continues as ussual. So what process has caused the alert and what have I blocked?
 
You may as well ask SF about this. As far as I know... there hasn't been a update in some time.

@Chris: Really? I think you mean "verifying" the HOSTS file?
 
SF Updates

From what I understand updates are pretty irrelevant due to the way in which the software works. It isn't simply searching for items it has on a blacklist but is scanning for activity. I dare say this is why it is flagging Spybot, as this is a monitoring tool.

I would however still like to know what Spybot is doing that causes this alert
 
Hmm... *peeks out over Windows Defender's battlements*

Descrição: Description:
Este programa apresenta comportamento potencialmente indesejado.
This program presents potentially unwanted behaviour.

Conselho: Advice:
Permitir item detectado somente se você confiar no programa ou no editor do software.
Permit the detected item only if you trust the program or the software editor (maker?).

Recursos: Resources:
file:
C:\Windows\system32\drivers\etc\hosts

This is what the log/history tells me. Now, when the actual alert comes up, it does say old data: sites sites sites & new data: sites sites sites. As far as I can tell the data are exactly the same, but i haven't experimented to see if it -does- change anything. But if it didn't change anything, surely it's a bit pointless showing the entire contents of the file, twice? - Chris
 
Sorry Sirtokalott, i sort of hi-jacked your thread, didn't i(we?) :oops:

a hosts file is where windows keeps information on where to find some sites. It's used in spybot to block known bad sites (i think), but can be used by malware to redirect legitimate sites to fakes, and also be used by admins to block user's access to sites. More here:
http://en.wikipedia.org/wiki/Hosts_file

- Chris
 
Sirtokalott said:
From what I understand updates are pretty irrelevant due to the way in which the software works...
Click to expand...

You are right... I was wrong about the update part. Thanks.

I define an update as a... more like a code or file to "upgrade" sort of a way the current program or application. This includes tweaks and performance improvements. But not all updates are like that... a update might be just a minor tweak.

Sirtokalott, a HOSTS file is more like your first defense... like a barrier. I would call it the first line of defense, because it sorta "blocks" the connection of a malicious site to reaching your computer. In other words, say like you visit that site by accident... your browser will say "the site was not found" or the page could not load. This means that the connection was "redirected" back to your computer. So it's more like you're not going anywhere.
--
http://en.wikipedia.org/wiki/Hosts_file
--

The stupid question is the one not asked ; )
 
Learning for me

Hi-jack away my friend, I'm always up for a bit of learning. Allow me to go way off subject. Should I see any running processes relating to Live Messenger when I do not have it running.

I am unsure about 2:

Explorer.EXE apparently safe but does the capital E mean it is a different process to the one that begins with a lower case e

WLLoginProxy.exe This one just popped up and as I say, I don't have Live Messenger running at the moment.

Any help appreciated.
 
Sirtokalott said:
Hi-jack away my friend, I'm always up for a bit of learning. Allow me to go way off subject. Should I see any running processes relating to Live Messenger when I do not have it running.

I am unsure about 2:

Explorer.EXE apparently safe but does the capital E mean it is a different process to the one that begins with a lower case e

WLLoginProxy.exe This one just popped up and as I say, I don't have Live Messenger running at the moment.

Any help appreciated.
Click to expand...

Oh yes this one as well:

usnsvc.exe
 
Hi, nothing -strictly- wrong with these, just not needed:

WLLogin = an installation of any windows live software will install this software, apparently used for multiple logins..
http://www.technixupdate.com/what-is-wlloginproxyexe-and-why-it-is-running/
usnsvc = Again windows live messenger, this time a journal reader service
http://www.processlibrary.com/directory/files/usnsvc/
msn_sl.exe = MSN toolbar? if you have it then it may explain the above 2
http://www.liutilities.com/products/wintaskspro/processlibrary/msn_sl/

here's praying that drrag hasn't beaten me! - Chris
 
@ChrisWarFi, oh don't worry Chris. I'll beat you anyday ;).

Sirtoka, the process "Explorer.EXE" is the Windows Explorer. In other words, it's the window in which you view your documents, music, photos, etc.

Problem is that many malicious processes can pose as "explorer.exe".
--
http://www.processlibrary.com/directory/?files=Explorer.EXE
--

"explorer.exe" would be the Windows Explorer (eg: My Documents). Don't confuse it with "iexplore.exe" which is Internet Explorer.
 
You must log in or register to reply here.
Back
Top