Multiple PC questions [Archive] - Safer-Networking Forums

View Full Version : Multiple PC questions

dlbhelp

2007-07-09, 04:25

Hi - these may sound like silly questions but maybe you can help us out. We have three PCs (all notebooks running XP Pro). One happens to be sick with Smitfraud-core services but that is another subject all together.

We have Spybot running on all machines and all three have been updated. one PC checks for 68,089 items and the other two check for 68,104 items. Using file sets - we figured out that the 68089 machine is checking for 3 less "Integrated Search for Spybots", and does not search for any Winsock Hijackers. (we search on all file sets except usage tracking and tracks.uti)

We have zero exceptions or items in the ignore lists so we are a bit puzzled.
Any thoughts on why one machine is different from the other? Also we noticed that the categories under file sets tends to change up or down as updateds are released. Why is that?

BTW - your product cleaned up a bunch of malware on all three machines and we are very thankful you are out there watching over us. Your product is great and we are learning a lot simply by reading through all of your help screens etc.

Thanks

md usa spybot fan

2007-07-09, 11:28

dlbhelp:

Actually my scan count is different than either of your two counts. After the 2007-07-03 updates using the integrated update facility my scan count is 68087 without usage tracks or the Beta.sbi.

If I go into Spybot > Mode > Advanced mode > Settings > File Sets, I have the following counts (you will note that the total of the checked items represented by the ■ is 68087).

■ Spybot - Search & Destroy - 29
… □ Beta.sbi - 2579
… ■ Cookies.sbi - 67
… ■ Dialer.sbi - 7031
… ■ DialerC.sbi - 131
… ■ Hijackers.sbi - 8620
… ■ HijackersC.sbi - 6
… ■ Keyloggers.sbi - 2487
… ■ KeyloggersC.sbi - 10
… ■ Malware.sbi - 17089
… ■ MalwareC.sbi - 2810
… ■ PUPS.sbi - 3340
… ■ PUPSC.sbi - 1744
… ■ Revision.sbi - 2
… ■ Security.sbi - 1099
… ■ SecuntyC.sbi - 47
… ■ Spybots.sbi - 7328
… ■ SpybotsC.sbi - 1247
… ■ Troians.sbi - 14040
… ■ TroiansC.sbi - 960
□ Usage Tracking - 3
… □ Beta.uti - 0
… □ Tracks.uti – 2596

Please post a scan log from each of the two systems with different counts. To do that:
Run another scan.
When the scan completes, right click on the results list, select "Copy results to clipboard".
Then paste (Ctrl+V) those results to a new post in this thread.

dlbhelp

2007-07-10, 02:24

Hi -
Thanks for the quick reply. Below is the count from each of the machines.

Set/File name PC 1 PC 2
2,3 Spybot Search & Destroy 32 29
2,3 Cookies.sbi 67 67
2,3 Dialer.sbi 7,031 7,031
2,3 DialerC.sbi 131 131
2,3 Hijackers.sbi 8,620 8,620
2,3 HijackersC.sbi 6 6
2,3 Keyloggers.sbi 2,487 2,487
2,3 KeyloggersC.sbi 10 10
2,3 LSP.sbi 12 0
2,3 Malware.sbi 17,089 17,089
2,3 MalwareC.sbi 2,810 2,810
2,3 PUPS.sbi 3,340 3,340
2,3 PUPSC.sbi 1,744 1,744
2,3 Revision.sbi 2 2
2,3 Security.sbi 1,099 1,099
2,3 SecurityC.sbi 47 47
2,3 Spybots.sbi 7,328 7,328
2,3 SpybotsC.sbi 1,249 1,249
2,3 Trojans.sbi 14,040 14,040
2,3 TrojansC.sbi 960 960
Usage Tracking 24 24
Tracks.uti 2,596 2,596
70,724 70,709

less the usage tracking and tracks.uti not checked
68,104 68,089

Thanks

md usa spybot fan

2007-07-10, 06:26

dlbhelp:

Please provide the information I requested.

Please post a scan log from each of the two systems with different counts. To do that:
Run another scan.
When the scan completes, right click on the results list, select "Copy results to clipboard".
Then paste (Ctrl+V) those results to a new post in this thread.

dlbhelp

2007-07-17, 18:31

Sorry for the delay - I have been traveling. Here is the information

PC 1

Congratulations!: No immediate threats were found. ()

--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2006-11-05 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2007-05-23 advcheck.dll (1.5.3.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2007-01-02 Tools.dll (2.0.1.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-07-03 Includes\Cookies.sbi (*)
2007-05-30 Includes\Dialer.sbi (*)
2007-07-03 Includes\DialerC.sbi (*)
2007-06-20 Includes\Hijackers.sbi (*)
2007-07-03 Includes\HijackersC.sbi (*)
2007-06-27 Includes\Keyloggers.sbi (*)
2007-07-03 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2007-06-20 Includes\Malware.sbi (*)
2007-07-03 Includes\MalwareC.sbi (*)
2007-03-21 Includes\PUPS.sbi (*)
2007-07-03 Includes\PUPSC.sbi (*)
2007-07-03 Includes\Revision.sbi (*)
2007-05-30 Includes\Security.sbi (*)
2007-07-03 Includes\SecurityC.sbi (*)
2007-06-20 Includes\Spybots.sbi (*)
2007-07-03 Includes\SpybotsC.sbi (*)
2005-02-17 Includes\Tracks.uti
2007-07-03 Includes\Trojans.sbi (*)
2007-07-03 Includes\TrojansC.sbi (*)
2007-06-06 Plugins\TCPIPAddress.dll

PC 2

--- Spybot - Search && Destroy version: 1.3 ---
2007-07-11 Includes\Cookies.sbi
2007-05-30 Includes\Dialer.sbi
2007-07-11 Includes\DialerC.sbi
2007-07-11 Includes\Hijackers.sbi
2007-07-11 Includes\HijackersC.sbi
2007-07-11 Includes\Keyloggers.sbi
2007-07-11 Includes\KeyloggersC.sbi
2004-05-11 Includes\LSP.sbi
2007-07-11 Includes\Malware.sbi
2007-07-11 Includes\MalwareC.sbi
2007-07-11 Includes\PUPS.sbi
2007-07-11 Includes\PUPSC.sbi
2007-07-11 Includes\Revision.sbi
2007-05-30 Includes\Security.sbi
2007-07-11 Includes\SecurityC.sbi
2007-07-11 Includes\Spybots.sbi
2007-07-11 Includes\SpybotsC.sbi
2005-02-17 Includes\Tracks.uti
2007-07-03 Includes\Trojans.sbi
2007-07-11 Includes\TrojansC.sbi
2007-06-06 Plugins\TCPIPAddress.dll

md usa spybot fan

2007-07-17, 19:13

dlbhelp:

Now the updates on the two systems appear to be totally out of sync. and the scan counts are likely to have a larger discrepancy that you originally reported (2007-07-03 vs. 2007-07-11).

One discrepancy that you originally reported is caused by the fact that you are running two different versions of Spybot and the built in checks for the versions have different counts:
Spybot - Search & Destroy 1.3 on one system.
Spybot - Search & Destroy 1.4 on the other.
The other discrepancy in the counts is because the LSP.sbi files on the two systems are different:
2004-05-11 Includes\LSP.sbi
2004-11-29 Includes\LSP.sbi
The original LSP.sbi file contained 12 signatures. After the update dated 2004-11-29 to the LSP.sbi file, it contained 0 signatures. Subsequently the LSP.sbi file stopped being delivered with updates entirely. If you had the original LSP.sbi file that contained 12 signatures and never update until it stopped being included in the updates, it will contain still contain the original 12 signatures when it should not be included in the scan at all.

You should:
Upgrade the system running Spybot - Search & Destroy 1.3 to Spybot - Search & Destroy 1.4 (unless that system is a Windows 95 system).
Delete the following file on all systems:
C:\Program Files\Spybot - Search & Destroy\Includes\LSP.sbi