After updating the the most recent detection files today I'm getting an error saying there's problems with Trojans.sbi during scanning. I've got the same error on two different PCs too, just wondering if it's purely a one-off problem with detection files (i think i updated both PCs from the same source, safer networking usa something or other, though i did download updates from official site and manually install too) or a bigger problem.

I'm kinda concerned cos I've just had one PC infected with a lad of trojans and I've been scanning / cleaning it with everything I've got / hadn't got. As always, spybot found the most problems :) but i'm just worried it might be missing a few...

re: The following message:


Warning

There were problems in the include file C:\Program Files\Spybot – Search Destroy\Indudes\Trojans.sbi See 'Include errors.log' for details.
You need the TCP/IP plugin with the new rule set included in beta updates on 2007-06-06 and regular updates starting on 2007-06-13 or else you will get the above error.

The TCP/IP settings plugin enables Spybot to use new rules which can detect IP addresses entered by malware and exchange them with non harmful entries.

To download and install the TCP/IP plugin you either have to:
Download the following update using the integrated update facility:
TCP/IP Settings plugin - !TCP/IP Settings plugin (65 KB) - 2007-06-06

--- or (if you do not use the integrated update facility) ---


Download and execute the following item from the Downloads (http://www.spybot.info/en/download/index.html) Web page:
TCP/IP Plugin 1.0 - product description - product description
md5: 7FD95B7E814EA2F56AEACE3613B4A0E9

This adds capabilities to find and replace malicious network settings. Only needed if you do not want to use the update function integrated into Spybot-S&D.

thanks. fixed the problem and great answer too :D: :bigthumb:

You're wecome. I'm glad all is well and thank you.

Thanks cured my prob to;)

Have same problem, but cannot solve,
do not understand your 'a'
and it will not let me install the download on 'b'

ignore, it might have done it, am doing another scan

widgetwilk:

You are attempting to follow instructions written over a year ago in response to pepsi_max2k (http://forums.spybot.info/member.php?u=25294)'s query at that time. Those instruction most likely are not applicable to your problem.

If you have a problem, I suggest that you post a scan log so that we can see what you are getting. To do that:
Run another scan.
When the scan completes, right click on the results list, select "Copy results to clipboard".
Then paste (Ctrl+V) those results to a new post in this thread.

No this still came up half way through the scan

http://img.photobucket.com/albums/v235/widgetwilk/Clipboard01.gif

widgetwilk:

Please post the log I requested!

It contains information about the software you are running including the plugins loaded during the running.

Right Media: Tracking cookie (Internet Explorer: Owner) (Cookie, nothing done)



--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2006-01-26 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2007-05-23 advcheck.dll (1.5.3.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2007-07-31 Tools.dll (2.1.2.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2008-07-22 Includes\Adware.sbi (*)
2008-07-15 Includes\AdwareC.sbi (*)
2008-06-03 Includes\Cookies.sbi (*)
2008-06-03 Includes\Dialer.sbi (*)
2008-07-29 Includes\DialerC.sbi (*)
2008-07-23 Includes\HeavyDuty.sbi (*)
2008-07-10 Includes\Hijackers.sbi (*)
2008-07-08 Includes\HijackersC.sbi (*)
2008-07-29 Includes\Keyloggers.sbi (*)
2008-07-29 Includes\KeyloggersC.sbi (*)
2008-07-23 Includes\Malware.sbi (*)
2008-07-29 Includes\MalwareC.sbi (*)
2008-07-23 Includes\PUPS.sbi (*)
2008-07-29 Includes\PUPSC.sbi (*)
2007-11-07 Includes\Revision.sbi (*)
2008-06-18 Includes\Security.sbi (*)
2008-07-29 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2008-07-23 Includes\Spyware.sbi (*)
2008-07-29 Includes\SpywareC.sbi (*)
2008-06-03 Includes\Tracks.uti
2008-07-30 Includes\Trojans.sbi (*)
2008-07-29 Includes\TrojansC.sbi (*)
2007-06-06 Plugins\TCPIPAddress.dll


the window with the warning still comes up when scaning.

You are using a vastly out-of-date version of Spybot (1.4) the latest is 1.6.0.30 follow THESE (http://www.spybot.info/en/howto/uninstall.html) instructions on how to uninstall Spybot, then install Spybot 1.6.0.30.

widgetwilk:

The current errors with the Trojans.sbi and TrojansC.sbi files that started with the 2008-04-09 updates are caused by new detection rules that are incompatible with versions of Spybot prior to 1.5.2. These new detection rules use the new Anti-Rootkit plugins #1, #2 and #3 that only have been offered as updates to Spybot 1.5.2 and are included in Spybot 1.6. If you upgrade to Spybot 1.6 you will not only eliminate the error messages but in also will be performing rootkit searches while doing a Spybot "Check for problems".

If there is a reason that you cannot upgrade to Spybot 1.6, you can try the Anti-Rootkit plugins #1, #2 and #3 with Spybot 1.4, but they are not officially supported. From post #11 (http://forums.spybot.info/showpost.php?p=186129&postcount=11) in the following thread:
Problems in Spybot S&D Includes-trojanC
http://forums.spybot.info/showthread.php?t=27194

Well, you can download the manual installer for the newest anti-rootkit plugins and install them on 1.4 as well. They do have a compatibility mode when loaded by 1.4, but not with official support ;)
Note: "... but not with official support ;)".

The downloads for the Anti-Rootkit plugins are on the following Web page:
Downloads - The home of Spybot-S&D!
http://www.spybot.info/en/download/index.html
This item:
Anti rootkit plugins 1.0 - product description
md5: EE7278BC89D4557CFD7127EACC37EE70

Supported only for version 1.5.2 or above!
This adds improved capabilities to find rootkits. Only needed if you do not want to use the update function integrated into Spybot-S&D.
Please note: Supported only for version 1.5.2 or above!

The direct download link is: http://www.spybotupdates.com/files/spybotsd_plugins.exe
__________

Note: If you continue to run Spybot 1.4, the following error and possibly other most likely will not be corrected with the plugins:


C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | Delf.Spool.cn | <$SYSDIR>\ntdoss04.sys
The rule set for the Delf.Spool.cn detection does not appear to use the Anti-rootkit plugins. You can try to eliminate the error by running the scan without scanning for "Delf.Spool.cn":
Go into Spybot > Mode > Advanced mode > Settings > Ignore products.
Locate the item that you what to exclude from the scan ("Delf.Spool.cn") and check it.
__________

To see the Include errors.log:
Go into Spybot > Mode > Advanced mode > Tools > View Reports.
Then click the View previous reports button on the top of the right hand pane.
Look for the "Include errors" file
Highlight it and click open (or double click on it).
For another method, see this this post (http://forums.spybot.info/showpost.php?p=180819&postcount=2).

Sorry all what you said looked far to complicated, so I removed Spybot and downloaded new version, did a scan and this is what appeared.

Hint of the Day: Click the bar at the right of this to see more information! ()


Right Media: Tracking cookie (Internet Explorer: Owner) (Cookie, nothing done)



--- Spybot - Search & Destroy version: 1.6.0 (build: 20080707) ---

2008-07-07 blindman.exe (1.0.0.8)
2008-07-07 SDFiles.exe (1.6.0.4)
2008-07-07 SDMain.exe (1.0.0.6)
2008-07-07 SDShred.exe (1.0.2.3)
2008-07-07 SDUpdate.exe (1.6.0.8)
2008-07-07 SDWinSec.exe (1.0.0.12)
2008-07-07 SpybotSD.exe (1.6.0.30)
2008-07-07 TeaTimer.exe (1.6.0.20)
2006-01-26 unins000.exe (51.41.0.0)
2008-08-03 unins001.exe (51.49.0.0)
2008-07-07 Update.exe (1.6.0.7)
2008-07-07 advcheck.dll (1.6.1.12)
2007-04-02 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2008-06-14 DelZip179.dll (1.79.11.1)
2008-07-07 SDHelper.dll (1.6.0.12)
2008-06-19 sqlite3.dll
2008-07-07 Tools.dll (2.1.5.7)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2008-07-22 Includes\Adware.sbi (*)
2008-07-15 Includes\AdwareC.sbi (*)
2008-06-03 Includes\Cookies.sbi (*)
2008-06-03 Includes\Dialer.sbi (*)
2008-07-29 Includes\DialerC.sbi (*)
2008-07-23 Includes\HeavyDuty.sbi (*)
2008-07-10 Includes\Hijackers.sbi (*)
2008-07-08 Includes\HijackersC.sbi (*)
2008-07-29 Includes\Keyloggers.sbi (*)
2008-07-29 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2008-07-23 Includes\Malware.sbi (*)
2008-07-29 Includes\MalwareC.sbi (*)
2008-07-23 Includes\PUPS.sbi (*)
2008-07-29 Includes\PUPSC.sbi (*)
2007-11-07 Includes\Revision.sbi (*)
2008-06-18 Includes\Security.sbi (*)
2008-07-29 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2008-07-23 Includes\Spyware.sbi (*)
2008-07-29 Includes\SpywareC.sbi (*)
2008-06-03 Includes\Tracks.uti
2008-07-30 Includes\Trojans.sbi (*)
2008-07-29 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll


to me it looks the same as before.

Widgetwilk:


Sorry all what you said looked far to complicated, so I removed Spybot and downloaded new version, …
Wise decision. Unless there is a compelling reason not to use the most resent software that affects system security, it is usually prudent to keep it up to date.


… to me it looks the same as before.
Differences that caused the errors:



--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 SpybotSD.exe (1.4.0.3)
2007-06-06 Plugins\TCPIPAddress.dll




--- Spybot - Search & Destroy version: 1.6.0 (build: 20080707) ---

2008-07-07 SpybotSD.exe (1.6.0.30)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

So are you saying I am now alright?
if so thank you very much

widgetwilk:

Yes, you sould be "OK" now with the latest version and updates.