PDA

View Full Version : Something hijacked my Spybot S&D



gszwag
2005-10-31, 22:53
I love spybot S&D, but I did have something hijack Spybot for several months. I did scan after scan with Spybot, Microsofts spyware detector, Pest Patrol, and Adaware and nothing found it. I even ran 2 sets of virus software.

I knew something was hijacking my system because every time I tried to update all of my spyware it would never remain updated. When I tried to update from S&D it would usually come up with a bad checksum. I could and did, for a while, update and scan every day to no avail, even with all of my spy software and my virus software.

Finally I downloaded the new version of Spybot 1.4 and its update from the website, and when I ran the spy check it found 17 spybots, and now my system runs perfectly fine now.

tashi
2005-10-31, 23:57
Good to hear gszwag. :)


Simple and easy ways to keep your computer safe and secure on the Internet (http://www.bleepingcomputer.com/tutorials/tutorial82.html)

wyrmrider
2005-11-01, 02:11
you might want to try a few other scanners and on line anti virus scans
like bit-defender and kaspersky, panda, trend micro, etc
be sure and update and turn on full scanning ( options very scanner dependent)
also EWIDO or trojan hunter
these things tend to bunch together
what protection do you run?
how did you get infected?
can't be more specific without knowing your os
you are fully patched- right?

all the best
wyrmrider

gszwag
2005-11-01, 05:49
I think we got it when my wife tried to buy some flowers on line. My pest Patrol went crazy beeping warning of cookies. She went back to that site 2 or 3 more times while I was not in the room. It seem to be trying to hijack her browser too. She uses IE and I use Mozilla. I think that is where we got it. I also could have picked it up from one of my pictures. I love photos and I can’t resist downloading wallpaper.

I think my Webshots collection is infected, because I have had to reinstall XP a bunch of times, because I just seem can’t live without them since I spent money and 2 years collecting them.

Also, but I am not sure, but I think it also infected my Spybot S&D includes. I am just very happy that I was able to get rid of the Blankity Blank thing.

gszwag
2005-11-01, 08:49
Now that I have had some time to think about this. I do remember several years ago I was asked to approve the addition of 207mm.net or 307mm.net or something very similar. When I installed the new Spybot 1.4 at first it would not allow the software to delete Advcheck.dll. It said I did not have permission. I however am running as an administrator on my computer. Since I run Tea Time and the Microsoft spyware simultaneously the Microsoft asked permission to allow the 207mm.net or the 307mm.net browser tweak, to which I said no.

bitman
2005-11-01, 13:58
gszwag: Most of your problems are more likely coming from interactions between the different antispyware products, more specifically the active protection portions of these products or issues within the products themselves. A hijack is possible, but doesn't really explain the issues you were seeing.

Since I run Tea Time and the Microsoft spyware simultaneously the Microsoft asked permission to allow the 207mm.net or the 307mm.net browser tweak, to which I said no.It's 139mm.com and a known issue with Microsoft AntiSpyware. You should have allowed it since it's one of Spybot S&D's Immunize; Restricted Sites entries. MSAS makes it sound like a bad thing, but it's wrong as the links below discuss.
http://spybot.safer-networking.de/en/news/2005-06-21.html
http://spybot.safer-networking.de/en/news/2005-07-01.html
http://support.microsoft.com/?kbid=902956

I knew something was hijacking my system because every time I tried to update all of my spyware it would never remain updated. When I tried to update from S&D it would usually come up with a bad checksum. I could and did, for a while, update and scan every day to no avail, even with all of my spy software and my virus software.This is most likely a problem that's been building over the last few months as Spybot S&D's Detections Updates grew in size and the Updates Download servers started to become overloaded. This situation was improved greatly over the last few weeks as new update server(s) were added and issues with several others were fixed.
http://forums.spybot.info/showthread.php?p=174#post174

Finally I downloaded the new version of Spybot 1.4 and its update from the website, and when I ran the spy check it found 17 spybots, and now my system runs perfectly fine now.Glad to hear it, but this is probably less an issue of a specific peice of malware then the differences between Spybot S&D 1.3 and 1.4 versions, even when they're using the same Detections Updates. Version 1.3 has known issues with some of the more current detections, so even though it may be updated it really isn't detecting everything that 1.4 can.

This is why the first thing recommended is to upgrade to SS&D 1.4 before attempting other fixes. For example:
http://forums.spybot.info/showthread.php?p=505#post505

Moral of the story; keep your anti-malware applications up to date and be aware that changes you make in one of these applications can be affected by or cause issues with others. The more such applications you have, the more possibility for interaction. I'd keep the number of such applications down to no more then two anitspyware with only one operating in active mode and one active mode antivirus. Use online scans from different antivirus vendors occasionally as a crosscheck. Any more then this is overkill and will take more time to keep updated then it's worth.

It's far more important that the products you use are up to date, including current detections/signatures then having larger numbers of outdated products. If you're having problems updating in the future, get to a forum or other support site immediately since it's always possible that malware is causing the issue as you originally thought.

gszwag
2005-11-01, 18:55
Thanks for the great info bitman and everyone!