PDA

View Full Version : Querries & Suggestions for SPYBOT



Alzheimer?
2005-10-29, 00:35
Query & Suggestions

--------------------------------------------------------------------------------

Greetings,

Am new here - and not v. familiar w/forums. Just took me an hour to figure out how to get here and post a NEW THREAD (as suggested by "Judesman").

In the process I failed to find a single reference or help on posting a new thread, in all the tons of help and web pages I just browsed thru - on my super slow Notebook, corrupted OS, incessant drop-outs and hangups, piss-poor line, overloaded server at monopolistic Service Provider and so on. Frustrating.

Wrote up a querry or two and a long list of suggestions but nowhere to send. The target email link came back with some kind of error.

How do I go about this without a proper email address to PEPI MK?

Also would like to include/attach small graphic (download-speed graph).

On the offchance that someone here might be able to get my humble
message forwarded somehow to whom it may concern, I'll just try to paste the whole mess in here, if that's OK with you guys (and gals)?

Well, here goes... (it's a bit long)

-------------------

27-Oct-05

Bug Report:

THIS IS NOT A 'BUG REPORT', AS SUCH. MOSTLY JUST SOME BASIC "SUGGESTIONS TO MAYBE IMPROVE OPS & PERFORMANCE" - but there is no such category (SUGGESTIONS) in the feedback Repertoire. (Brief summary at end - for those w/no patience (like self) or time).


1. SPYWARE??? "Trek Blue Error Nuker" is detected by Spybot as spyware
in "C:\Program Files\Error Nuker" and two places in Registry..

Why is this.? 'Error Nuker' is a Registry scanner from 'Trek Blue' that I just
installed for trial. Is this maybe some dangerous (red) spyware? Please advise.

HAVE READ THE FAQ REGARDING MY NEXT ITEM BELOW AND HAVE A
SUGGESTION ON IT...

2. BAD CHECK SUM UPDATING. Frequent bad line and bad service provider
Server gives "bad checksum" for Spybot updates. Those who reported
similar, may have same problem as I. Appears to be easily correctable.

I get around it (EVERY TIME) w/a simple 'download manager' (in my
case, "GetRight"). I will try attach screenshot of 'Getright' download
speed graph, if can, to demonstrate the problem.

The graph shows how terrible the line and local server conditions are most
of the time (around here, anyway). This has nothing to do with your
end. The graph is same for other sites. I double-checked all this. When
things are good, the graph stays high, smooth and clean at 3.5 - 4 KBps - and I don't get any download errors.

The above-noted expedient works perfectly every time but since in
Spybot's case, for some reason, it 'can't grab' the file to download, I have
to enter the long URL's to each file manually, each time in 'GetRight', once
for each download of a particular-name update file.

3. The other problem is that to determine the above-noted update-file URLs, one has to each
time bring down the cursor slowly from the TOP of the menu and 'hover' over the file name
to see the URL popup.

But the popup disappears in only about 2 seconds. This should not happen. It should best
display for as long as the cursor is on it, or, for at least 15 seconds (I am a v. slow reader, OK). (I just noted same problem here, in forum).

These latter two drawbacks are a bit cumbersome and tough on older, non-technical people.

4. NO MANUAL UPDATE CONFIRM. I manually unzip all downloaded update files after put in
Spybot "Includes" sub-folder. However, when I run a scan right after, there's nothing to
*confirm* that new updates were installed. So I scanned for updates again and noted that
at least one file (the main 965KB definitions file, I think it was) was still ticked as ready to
be downloaded again - when in fact it had already been manually installed.

5. OPTION TO REDUCE SCOPE OF THE SCAN. It would be good to know exactly what Spybot
scans. Virus scanners have options to allow scanning of as little as one specific file or folder
only. There's no need, for example, to scan huge quantities fixed Windows "cab" files (and
similar, elsewhere) over and over again.

This can save a heck of a lot of scan time & wear and tear on the drive (sometimes, hours).
It is *pure hell* if you have a slow comp, many infections, or, a slow drive. The exclusion
option is good for quick double-checking of only the suspicious files or folders.

Conversely, an "inclusion" option might be even better. Thus, I might just want to confirm that the 'Registry', or whatever, at least, is clean.

Time is getting more important by the day, as we all know. There's never enough of it.
Therefore, and although I agree that Spybot has a v. fast scan engine indeed, a simple
painless improvement like suggested here can only enhance that judgement.

Things are no doubt a bit different in the case of SpyBot. Still, for a follow-up check, one
should be able to speed things up by choosing what areas one might wish to exclude from
(or 'include' in) the scan. (This suggestion has nothing to do with excluding, for example,
"cookies" from the scan, as noted in the FAQ).

In conclusion I respectfully submit that Spybot Update might benefit from:

a. detail on major-name ("assumed") spyware to be removed (ex: "Error Nuke" - if it is such),
b. a 'Resume download' feature for main product AND updates,
c. a longer 'hover' persistancy for under-the-cursor pop-ups,
d. clear instructions for "manual update" (in HELP),
e. an "update-confirmed" mechanism for manual updates,
f. an 'inclusion' or 'exclusion' menu option, and
f. possibly an "upate-manually-from-downloaded-zip-file" option (maybe on Update menu). This could be an 'off-line' feature.

If I may say so, the 'bug reporting' appears to be overly complicated (as explained in HELP) - possibly to deter such reports. The HELP on this may be out of date and is very confusing and, in fact, misleading. Why not just provide a simple email address that users can send their own suggestions and reports to in their own way - that is, for "simple" suggestions & reports only.

These suggestions are for your consideration only. Folks do realize that you must have your hands full just keeping up with the core functions of the program, plus the updates. You can believe it's appreciated (we'll get to that part in good time; right now I got me no job or account - just this old hand-me-down Win98 comp for company).

T.

---------------------------

Well I don't think I can paste the graphic in here. If I try, may blow this message. So maybe I'll try it in a 2nd message (shows you how much I know about these things).

Hang on. Thought I saw smething about attachments. Will check... No good.
It was a screen shot pasted in a blank doc file and comes to 290KB. Got to
figure out some way to convert that now to a small .jpg pic maybe. But how?

29 Oct., 05 / 05:30 Malaysia time. Wonders never cease. Saved Word as a web (html) page and found the png image (about 10K) in the support folder.
Unfortunately its still in the old W98 comp. Forgot to xfer it here before I decided to go on net with my friend's Lifebook. Later...

T.

md usa spybot fan
2005-10-29, 07:34
2. BAD CHECK SUM UPDATING. Frequent bad line and bad service provider
Server gives "bad checksum" for Spybot updates. Those who reported
similar, may have same problem as I. Appears to be easily correctable.

I get around it (EVERY TIME) w/a simple 'download manager' (in my
case, "GetRight"). I will try attach screenshot of 'Getright' download
speed graph, if can, to demonstrate the problem.

The graph shows how terrible the line and local server conditions are most
of the time (around here, anyway). This has nothing to do with your
end. The graph is same for other sites. I double-checked all this. When
things are good, the graph stays high, smooth and clean at 3.5 - 4 KBps - and I don't get any download errors.

The above-noted expedient works perfectly every time but since in
Spybot's case, for some reason, it 'can't grab' the file to download, I have
to enter the long URL's to each file manually, each time in 'GetRight', once
for each download of a particular-name update file.

3. The other problem is that to determine the above-noted update-file URLs, one has to each
time bring down the cursor slowly from the TOP of the menu and 'hover' over the file name
to see the URL popup.

But the popup disappears in only about 2 seconds. This should not happen. It should best
display for as long as the cursor is on it, or, for at least 15 seconds (I am a v. slow reader, OK). (I just noted same problem here, in forum).

These latter two drawbacks are a bit cumbersome and tough on older, non-technical people.

4. NO MANUAL UPDATE CONFIRM. I manually unzip all downloaded update files after put in
Spybot "Includes" sub-folder. However, when I run a scan right after, there's nothing to
*confirm* that new updates were installed. So I scanned for updates again and noted that
at least one file (the main 965KB definitions file, I think it was) was still ticked as ready to
be downloaded again - when in fact it had already been manually installed.

You manually download the files that are normally only downloaded via Spybot’s integrated update facility, extract them yourself bypassing all of Spybots internal controls like checksum (md5 hash) verification and the update version controls and then wonder why if you check for updates that Spybot still thinks you have to update?

If you want to manually update there is a file available to do that. The file is spybotsd_includes.exe that you download and execute. It is available from safer-networking.org:
Downloads – Home of Spybot-S&D!
http://www.safer-networking.org/en/download/index.html

Detection updates 2005-10-28 - product description
md5: 1F8FC3FE21E0FC7D1292E28E19CDC118

This updates the detection rules. Only needed if you do not want to use the update function integrated into Spybot-S&D.

The direct link is:
http://www.spybotupdates.com/updates/files/spybotsd_includes.exe

Alzheimer?
2005-10-29, 17:22
29 Oct., 2005
Reply to : md usa spybot fan

Roger. Appreciate the fast reply. Will check out all promptly. Thanx mucho.
You seem to be an expert on the subject.

As implied in msg, am neither an expert nor v. technical, which is one reason for my posting; the other is to pass on to Spybot users my own experiences with the simple workaround noted in par, 2. (however, this will probably only work OK if the Spybot executable correctly detects the manual updates).

Yet another one of my reasons is to try and suggest a few tweaks. I note your reply targets mainly only par. 4.

Guess I wasn't v. clear. Normally use the integrated download facility but
due to line/computer/local service provider server (?) problems this rarely works for me, no matter how many times I re-try. This can be v. frustrating.

Or perhaps the problem was in fact primarily due to reason given in latest Spybot FAQ regarding "checksum error" - which I invariably get for Spybot Updates via the integred facility.

Fortunably I stumbled onto the workaround noted in par.2 of my 1st posting -which is why I suggested the integrated download might better incorporate some sort of "Resume" or "re-start download" feature when a "checksum" error is detected. Not being a programmer, can't say whether this is either possible or feasible - but thought it might be.

Similarly, each update itself might include a small applet (or whatever) to
inform the Spybot executable that an update has just been received and should be noted. Here again, am only speculating.

In any case, I much appreciate the info and will try and see whether this
will help in my case.

In meantime will attempt to attach a couple of small graphs (.png images)
to illustrate the poor dial-up coms conditions here, which I believe are
mainly responsible for the "checksum errors".

Greatly appreciate your time and advice,

T.

md usa spybot fan
2005-10-29, 17:43
I think that you will find that the "Bad Checksum" problem has been improved in the last week. One of the servers that was causing many of the problems has been removed and two additional servers were added. Although "Bad Checksum" errors are still possible, they should occur with less frequency then in the past.

Alzheimer?
2005-10-30, 22:08
31 Oct., 2005
Reply to : md usa spybot fan (MSG 2)

You are correct again! Download from direct link was smooth & v. fast - as
verified by attached grph3.png.

TQ v much (& dankeschön, just in case), :)(:

T.

md usa spybot fan
2005-10-31, 00:15
There is only one problem with the manual updates that I know of. If you go into Spybot > Help > About, it does not show that you have the latest updates. However, if you look at the results of the scans (Checks.yymmdd-hhmm or Fixes.yymmdd-hhmm logs) it will show that you are using updated detection files.

The Checks.yymmdd-hhmm or Fixes.yymmdd-hhmm logs are located here:
Windows 95 or 98:
C:\Windows\Application Data\Spybot - Search & Destroy\Logs
Windows ME:
C:\Windows\All Users\Application Data\Spybot - Search & Destroy\Logs
Windows NT, 2000 or XP:
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs

Note: By default there are two Checks.yymmdd-hhmm logs produced during a scan. The second Checks.yymmdd-hhmm has the details of what the scan found. A Fixes.yymmdd-hhmm log is produced if you fix or attempt to fix something.
For example:
--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-09-15 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-07-27 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2005-05-31 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2005-05-31 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2005-10-28 Includes\Cookies.sbi (*)
2005-10-28 Includes\Dialer.sbi (*)
2005-10-28 Includes\Hijackers.sbi (*)
2005-10-28 Includes\Keyloggers.sbi (*)
2005-10-28 Includes\Malware.sbi (*)
2005-10-28 Includes\PUPS.sbi (*)
2005-10-28 Includes\Revision.sbi (*)
2005-10-28 Includes\Security.sbi (*)
2005-10-28 Includes\Spybots.sbi (*)
2005-02-17 Includes\Tracks.uti
2005-10-28 Includes\Trojans.sbi (*)