I have today done a clean install of version 1.5, all went fine until I started a manual download of updates when I got a pop-up saying malware had been added to the application and that I should run an antivirus programme. After running my AV and doing various other scans nothing has been detected and as far as I can see my system is clean. What caused this warning to appear? after running Spybot S&D the only entry was for the Windows Firewall bypass which I have excluded from further checks as I use a 3rd party (Comodo) firewall.
Updating Pop-up
- Thread starter humberlad
- Start date
spybotsandra
New member
Hello,
Probably you got this message: "the application has been changed since it was created since spybot does not change itself we recommend you check your sytem for malware and viruses instantly."
This is a little bug.
That message has been caused in the past by failing memory (RAM) and I suggest that you consider running a memory diagnostic program. If your system didn't come with diagnostic routines including a memory test there is one here:
http://www.memtest.org/
This links in our forum might also help:
http://forums.spybot.info/showthread.php?t=258
http://forums.spybot.info/showthread.php?t=10606
Best regards
Sandra
Team Spybot
Probably you got this message: "the application has been changed since it was created since spybot does not change itself we recommend you check your sytem for malware and viruses instantly."
This is a little bug.
That message has been caused in the past by failing memory (RAM) and I suggest that you consider running a memory diagnostic program. If your system didn't come with diagnostic routines including a memory test there is one here:
http://www.memtest.org/
This links in our forum might also help:
http://forums.spybot.info/showthread.php?t=258
http://forums.spybot.info/showthread.php?t=10606
Best regards
Sandra
Team Spybot
Could you please let me know the exact message you received?
There are actually two different ones, one about the (SpybotSD.exe) file itself which already was a protection that 1.4 used, and the other one is a new protection mechanism to detect other applications trying to inject code into Spybot-S&D while it is running.
Message 1:
There are actually two different ones, one about the (SpybotSD.exe) file itself which already was a protection that 1.4 used, and the other one is a new protection mechanism to detect other applications trying to inject code into Spybot-S&D while it is running.
Message 1:
Message 2:
re the following message:
Quote:
An outsider did inject malicious code into this application! It is strongly recommended that you do a full check-up of your system, including anti-malware and anti-virus scans.
Would it be possible to clarify why this message appears. Many thanks.
Quote:
An outsider did inject malicious code into this application! It is strongly recommended that you do a full check-up of your system, including anti-malware and anti-virus scans.
Would it be possible to clarify why this message appears. Many thanks.
MichaelGilbert
New member
Second message problem
Im getting the second message too.
here is a screenshot
scanned with nod32 clean
scanned with spybot received a firewall warning with is my fault as i use another option.
scanned with spyware doctor gives redhost infection..
spybot doesnt see redhost trojan... any reason why?
Michael..
Im getting the second message too.
here is a screenshot
scanned with nod32 clean
scanned with spybot received a firewall warning with is my fault as i use another option.
scanned with spyware doctor gives redhost infection..
spybot doesnt see redhost trojan... any reason why?
Michael..
spybotsandra
New member
Hello,
This is a microsoft message.
We have implemented this tool as it should be needed for the vista certification.
But it shows to be buggy and does not make any sense, so we have already deleted it.
Here is the download file for the fix - the new Spybot beta:
http://www.safer-networking.org/file...15he-beta1.exe
Best regards
Sandra
Team Spybot
This is a microsoft message.
We have implemented this tool as it should be needed for the vista certification.
But it shows to be buggy and does not make any sense, so we have already deleted it.
Here is the download file for the fix - the new Spybot beta:
http://www.safer-networking.org/file...15he-beta1.exe
Best regards
Sandra
Team Spybot
That message was added as part of our attempts to get Certified for Vista, and the reason why we didn't want that certification in the end.
Microsoft requires software to crash at this point - which we did not want, displaying just a warning.
The point here is that some kind of other application has tried to execute code as part of Spybot-S&D. This kind of code injection is usually done by bad software (e.g. to crash something), but sometimes also used by good software.
Spybot-S&D itself for example does something similar when you try to unload modules or handles on the process list - which usually is a bad thing if done automatically by software.
I've seen traffic analyzers (the analysis, non-spyware variant) that do inject themselves into running applications to monitor traffic.
So in the end, while this behaviour has been morally "banned" by Microsoft (and we do it only on request), it's not beyond reality that some other good software (antivirus, firewall, etc.) might use code injection for good purposes as well.
We've removed this error handling (since we decided to use a different error reporting system than Windows Error Reporting anyway) in beta 1.5.1.16 I think
Microsoft requires software to crash at this point - which we did not want, displaying just a warning.
The point here is that some kind of other application has tried to execute code as part of Spybot-S&D. This kind of code injection is usually done by bad software (e.g. to crash something), but sometimes also used by good software.
Spybot-S&D itself for example does something similar when you try to unload modules or handles on the process list - which usually is a bad thing if done automatically by software.
I've seen traffic analyzers (the analysis, non-spyware variant) that do inject themselves into running applications to monitor traffic.
So in the end, while this behaviour has been morally "banned" by Microsoft (and we do it only on request), it's not beyond reality that some other good software (antivirus, firewall, etc.) might use code injection for good purposes as well.
We've removed this error handling (since we decided to use a different error reporting system than Windows Error Reporting anyway) in beta 1.5.1.16 I think