Hello

I don't know if this is really a problem but only lately has by Spybot run exceedingly slow. It takes well over an hour to finish it's scan. Now mind you that may very well be "typical" I don't know but only a month ago or so this was definately NOT the case and never has been in the many months I've used the program. 10 - 15 min at most.

I upgraded to the 1.4 and the first time two days ago I ran it and it was must quicker. Then, the next day it was back to the same old sloth. Is there anyother problem with my system or is this one hour run time typical?

Thanks for any help

jom

Hello,

This may be caused by the new detection rules for CWS.
They need more cpu calculations which slows it down a little bit.

If you are not using a very old system without enough storage it might also depend on how much programms you have on the run when the scan is on and how much they need for storage. It should help to close other programms while you are scanning.

It should help if you run the scan in safe mode. For more informations please have a look at this link:
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406

Generally the type of problem you're having only occurs with Spybot S&D 1.4 if there is some sort of problem in the operating system, either registry or files. Unfortunately, there are a number of different possible causes, including the possibility that malware (virus, spyware, etc.) either currently exists on the system or did some damage in the past.

The best way to fix it might be a log. Please post this in our malware removal forum: http://forums.spybot.info/forumdisplay.php?f=22

If you can't complete a Spybot scan you just need to run an online AV and post a hjt log.

Best regards
Sandra
Team Spybot

Thanks

I could use some help with the acronyms you used:

CWS: If this means CW Shredder then: I thought they quit supporting that program? If that isn't true where can I get a copy?

AV: ?

HJT: I assume you mean "Hijack This".

Thanks again!

jom

I don't believe it, we've turned SpybotSandra into an acronymiac (Geek)! :eek:

CWS: CoolWWWSearch malware - What CW Shredder was created to fix, it was taken over by Trend Micro.

AV: AntiVirus

HJT: HiJackThis, you got it right!

I'd recommend trying the Safe Mode scan first. Then post the logs including the results of any speed difference between Normal and Safe Modes.

See the instructions here for where to find an online AV and how to get and post your log.
http://forums.spybot.info/showthread.php?t=288

I should have known the "AV". Duh. lol

I ran "Kasperski" yesterday and it found stuff that Spybot didn't so I figured I'd run Spybot again today to see if it would speed up. I ran the scan in Safe Mode for over one and half hours and it still was only 75% through. I got frustrated and stopped the damn thing. As it ran it did not show any potential threats on the screen but I've noticed in the past if you stop a scan it will reset (is this true) and not show anything it HAD found up to that point....

Also, at the very bottom it showed it had to run something like 32000 (approx) checks so it was in the 26000 (approx) when I stopped it (26000/32000...hence the approx 75%). Oddly, when I ran it the other day (after I downloaded the 1.4 version) it only had roughly 800 checks to do and it DID run much faster. Why did this change after my first check?

The main problem here is that I'm rather a newbie at all this spyware/malware stuff. I'm not real certain about XP runs and does its thing either so I'm not sure what exact questions to ask. :confused:

Plus, there are SO many different programs you can run it's hard to keep track: CWS, Spydoctor, Registry Mechanic, HJT, CCleaner, Ad-ware..bla bla bla...I don't know which is best. It's somewhat frustrating....:confused:

Thanks again!

jom

Also, at the very bottom it showed it had to run something like 32000 (approx) checks so it was in the 26000 (approx) when I stopped it (26000/32000...hence the approx 75%). Oddly, when I ran it the other day (after I downloaded the 1.4 version) it only had roughly 800 checks to do and it DID run much faster. Why did this change after my first check?
gbtjom (jom):

During the running of a Spybot scan ("Check for problems") the status bar shows the following: "Running bot-check(xxxxx/yyyyy:zzzzzz)" where:
xxxxx = Current check count
yyyyy = Total check count
zzzzz = Malware being checked for
After the 2005-12-30 updates (without the ßDetection rules) the scan counts (yyyyy value) should be:
Without Usage tracks - 33422
With Usage tracks – 36021
If the counts are correct you are checking for everything. If the counts are not correct there can be several causes:
Did you update during the installation or after? Go into Spybot > Help > About. You should see the following:
Latest detection update: 2005-12-30
If the update date is correct, have you exited Spybot and restarted it since those updates were applied?
If the above are true, go into Spybot > Mode > Advanced mode (say "Yes" to the warning if necessary) > Settings > File Sets. Make sure that everything is checked except the possibly the last two items. The last two items are "Usage Tracks" and should only be checked if you want to check for them (I personally don't). The first of these two items (Usage Tracking) lists IE Cache (temporary internet files), Common Dialogs, Cookies and some Logs. The second is other "Usage Tracks".

I should have known the "AV". Duh. lol
You're doing pretty well to have known the other two. It's the sad state of the Internet that's lead to you knowing about these more obscure tools before being familiar with what an AV is.


I ran "Kasperski" yesterday and it found stuff that Spybot didn't so I figured I'd run Spybot again today to see if it would speed up. I ran the scan in Safe Mode for over one and half hours and it still was only 75% through. I got frustrated and stopped the damn thing. As it ran it did not show any potential threats on the screen but I've noticed in the past if you stop a scan it will reset (is this true) and not show anything it HAD found up to that point....

Also, at the very bottom it showed it had to run something like 32000 (approx) checks so it was in the 26000 (approx) when I stopped it (26000/32000...hence the approx 75%). Oddly, when I ran it the other day (after I downloaded the 1.4 version) it only had roughly 800 checks to do and it DID run much faster. Why did this change after my first check?
Kaspersky is primarily an antivirus, or file scanner, so it will always find things that Spybot S&D doesn't since Spybot concentrates on Spyware and the Registry. As I recall, aborting a scan generally leaves anything already discovered during the scan on screen, but I'd have to test to be sure.

It's OK that you chose to abort the scan since that's still way too long in Safe mode. Unfortunately, you were probably close to completion since the scan typically appears to 'skip' from about 29000 to 32000, due to the way the actual scan process functions. However, don't try it again, since as I said this is still far too long.

The 800 detections situation occured because you installed the updates after starting Spybot. Since the detections are only read at startup of the program, you only had the small number that are included within the Spybot S&D installation program itself.


The main problem here is that I'm rather a newbie at all this spyware/malware stuff. I'm not real certain about XP runs and does its thing either so I'm not sure what exact questions to ask. :confused:

Plus, there are SO many different programs you can run it's hard to keep track: CWS, Spydoctor, Registry Mechanic, HJT, CCleaner, Ad-ware..bla bla bla...I don't know which is best. It's somewhat frustrating....:confused:
Everyone's a newbie at some point, but you're doing fine as I mentioned before.

For quick reference, CWS and HJT are tools that should only be used with the instruction of someone skilled in malware removal, they aren't general scanning tools like Spydoctor, Ad-Aware (not Ad-ware, that's the bad stuff) or even Spybot S&D itself. It's hard to tell the difference, but if it doesn't have a pretty interface and at least some sort of commercial version, it's probably not for the average user. This means it could be dangerous to your PC if you mis-interpret what it's telling you and just try to 'fix' everything. In fact, these two tools will simply wipe out everything they're displaying if you tell them to fix everything.

Registry Mechanic and CCleaner are more user oriented I believe, though the former could still be dangerous since it's allowing you to mess with the registry and the latter really just cleans cookies as I recall. I'm not really familiar with either, just recognize their names.

Personally, I'd let others guide you until you've had time to really understand what the tools do and what might happen if you mess up. That is, unless you like rebuilding your PC after crippling it so you can understand it better. That's called a Techno-Geek. :D

Please follow the posting instructions we gave you. We'll look at it from both a malware and system point of view and try to determine what's causing the long scans.

Bitman

Update: I ran the Trend Micro antivirus program and it found a number of problems. Either it didn't allow me or I couldn't find a place where it could save the "log" file (if there was one) so I can't post it. :(

I also ran the HijackThis program and got someone to help me with it elsewhere. There was an "017" thingy that screwed with IE and some other crap but I was able to get rid of it all.

This morning I ran SB again in Safe mode and it again took upwards of 2 hours. Could this be a function of the size of my disk drives and the data on them? I did notice that Trend took a long time to do my "D" drive (where I have most of my applications). Specifically, it took a long to time check some DVD video (.ISO) files I have stored. Could this be it?

Thanks again for the replies.

jom

No, Spybot isn't a file scanner, it scans the registry, unless you tried to turn it into a file scanner.

Have you entered anything in the 'Download directory' list in the Advanced Mode, Settings, Directories screen? If so, how many files of what total size are in that folder or folders?

Otherwise, we can't help you if you don't provide what is asked. We aren't asking for a log only as a means of removing malware, it also provides much more information that those on other sites don't care about and won't notice, since all they care about is malware.

Please check the above first and if there isn't anything in the Download directory list, post a log here to make it simple, we'll move it if needed.

No, Spybot isn't a file scanner, it scans the registry, unless you tried to turn it into a file scanner.....
....
Have you entered anything in the 'Download directory' list in the Advanced Mode, Settings, Directories screen? If so, how many files of what total size are in that folder or folders?.....
....
Please check the above first and if there isn't anything in the Download directory list, post a log here to make it simple, we'll move it if needed.

OK...I just read Yodama's new post (the sticky at the top) and noticed he/she mentioned the same thing. I did not catch this when reading the responses above (sorry about that). I had changed the mode to advanced but did not enter any directory as a download directory. I'm not sure what to use or how to set up a special directory so it is blank right now. The long scan I did the other day was in this mode.

Thanks for your patience....

jom

OK, don't put anything in that Download Directory screen except a true small folder where you initially place downloads, if you have one. The reason I asked is sometimes people place parts of, or even entire disks such as your "D" drive in this list. This is not what was intended, since Spybot S&D will only really scan these files for items like Dialer installation packs anyway. But in the process, it will become very slow because it isn't designed as an efficient file scanner, but rather a registry scanner, which is more CPU intensive as mentioned by Yodama.

A common misconception is that by changing to the Advanced mode this somehow changes the scan in some way. That's not true, there is absolutely no difference in the scan, this just gives access to the Advanced Tools menu that appear when it's selected. Try switching back and forth between Default and Advanced modes, you'll notice the Settings and Tools menus appear and disappear. Also notice the warning when entering Advanced mode, these Tools can be dangerous to your system, so don't change anything you don't understand.

OK then...I'll just go back to "default" and run the scan again in Safe Mode. I'll record my OS system set up, memory, CPU etc etc in this thread or the sticky. I can also post what SB finds but I'll have to do this a bit later as I don't want to tie up my computer right now. Is there any other log-type file I could post that might help solve this problem?

thanks

jom

Keep using this thread as your main location to post, otherwise we'll have to look all over to find pieces. The Sticky thread was started after your's, but if you wish to make a brief post there and include a short description with a link to this thread, that's totally appropriate. Others may pop in here including members of Team Spybot themselves, I know they're watching already.

If you could include a Spybot S&D full report that might be helpful. It includes more information then an HJT log and more directly related to Spybot. A complete report is too big to post in one attachment here and way too big to post. You could split it in parts at the Services section using notepad, but save them as text (TXT) documents if you do and make them less then 39kb in size each.

To get this report you'll need to use Advanced mode and follow the instructions in section 3: "If asked to provide a Spybot-S&D log." at the link below. For a complete report, don't uncheck the 'list of services' and 'uninstall list' items, or simply check and run them separately and export as different filenames.

Don't be afraid to use Advanced mode, just don't change anything unless you understand what will happen or are guided by a helper here.

http://forums.spybot.info/showthread.php?t=288

I have recently started having problems with my Scanspeed. I have got all the latest updates and now scans are taking 8 hours plus. The total files searched is around 36,000. The scan gets to (646/36024: Central 24) then seems to stop for ages, then it will resume and stop at another higher number. This goes on till the scan finishes 8 hours or so later! I was getting much quicker scans before so I don't know whats happened.

I am running a P4 2Ghz with 512Mb RAM.

I am a complete newbie to this so would appreciate some guidance as to how to go about descibing this problem properly and if I need to provide other necessary info.

I'm going to run this thing tonight (I'll do it in safe mode) so I gather I should run this in "default" mode and then after it's complete I fix the problems. I then go into "advanced" mode and get the reports. That is how I read the linked instructions anyway.

Also, I wanted to point out that my problem is almost exactly the same as Revelboy's. I think I only have roughly 32000 but that could have changed recently....I dunno.

I'll run this and post later.

jom

OK, I ran it again in Safe Mode and it took just short of 2 hours to run (7:22pm to about 9:10pm). I had NO errors to correct. Attached is the report in four segments. 11,12,21,22 in that order.

Hope this helps.

jom

Did anyone see the attachments?

jom

Hello

Any word on this yet? I posted some text above from my test run...

Just wondering...

thanks!

jom

gbtjom

I see evidence of idmlog/wareout/unspypc infection
Service (registry key): ZPMODEMSYSNTDRVNT
Display name: ZPMODEMSYSNTDRVNT
Image path: \??\C:\WINDOWS\system32\drivers\zpmodemnt.sys

Start a thread in our malware area and post a hijackthis log
Mention that when you do please


Please go here and follow instructions.
http://forums.spybot.info/showthread.php?t=288
Someone will then take a look at the system and advise you.