Hi guys

I have just run Spybot on my PC (this morning - I have the latest update) and it has 'detected' SpywareDoctor as malware. I am aware that this particular program has some 'history', although nothing recent either on the Web or on this Forum. Interestingly, I have never knowingly downloaded SpywareDetector! Why is Spybot flagging it up? Is it now, again, listed as dubious?

I run Windows XP Version2, have downloaded the latest Windows Updates, etc. I also have Ad-Aware, A-Squared Free and Anti-Dialler, AVG Anti-spyware and AVG Anti-Virus. Oh, and Spyware Blaster and SpywareGuard. Even I think I'm starting to look a bit paranoid! :eek: (I believe in 'defence in depth'...)

I look forward to hearing from you.

Ian

Is it "SpywareDetector" that you mentioned in both in the title and the body of your post or "SpywareDoctor" that you also mentioned the body of your post?

Even though I assume it is "SpywareDetector", please post the log of the actual detection(s) you are getting. To do that:
Run another scan.
When the scan completes, right click on the results list, select "Copy results to clipboard".
Then paste (Ctrl+V) those results to a new post in this thread.
Thank you.

Is it "SpywareDetector" that you mentioned in both in the title and the body of your post or "SpywareDoctor" that you also mentioned the body of your post?

Even though I assume it is "SpywareDetector", please post the log of the actual detection(s) you are getting. To do that:
Run another scan.
When the scan completes, right click on the results list, select "Copy results to clipboard".
Then paste (Ctrl+V) those results to a new post in this thread.
Thank you.

D'oh! Mea culpa. :red: You are right - it's SpywareDetector. I'll get the information to you v soon. Thanks for your response.

Ian

Here's the report, as you requested. It seems to be data only, but I was rather intrigued and did not want to just remove it without understanding a bit more. I like to think I'm reasonably knowledgeable, but am always keen to increase my understanding. Thanks in anticipation.

==========================

SpywareDetector: Data (File, nothing done)
C:\WINDOWS\system32\SDRemoveDB.db

Microsoft.WindowsSecurityCenter.FirewallDisableNotify: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify!=dword:0

Microsoft.WindowsSecurityCenter_disabled: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start!=W=2


--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2006-07-09 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2007-05-23 advcheck.dll (1.5.3.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2007-07-31 Tools.dll (2.1.2.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-09-19 Includes\Cookies.sbi (*)
2007-07-25 Includes\Dialer.sbi (*)
2007-09-19 Includes\DialerC.sbi (*)
2007-08-29 Includes\Hijackers.sbi (*)
2007-09-19 Includes\HijackersC.sbi (*)
2007-07-25 Includes\Keyloggers.sbi (*)
2007-09-19 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2007-09-12 Includes\Malware.sbi (*)
2007-09-19 Includes\MalwareC.sbi (*)
2007-09-05 Includes\PUPS.sbi (*)
2007-09-19 Includes\PUPSC.sbi (*)
2007-09-19 Includes\Revision.sbi (*)
2007-05-30 Includes\Security.sbi (*)
2007-09-19 Includes\SecurityC.sbi (*)
2007-09-12 Includes\Spybots.sbi (*)
2007-09-19 Includes\SpybotsC.sbi (*)
2007-08-21 Includes\Tracks.uti
2007-09-12 Includes\Trojans.sbi (*)
2007-09-19 Includes\TrojansC.sbi (*)
2007-06-06 Plugins\TCPIPAddress.dll

I've had this problem with the lastest update, both in ver 1.4 and 1.5. I inivertly deleted my directory for spyware dector by fixing the the dected spyware. Max selector's program is a valid and not a free be. This program should not be flaged!:mad:

Hello.

I have left a note for our detectives attention.

Best regards.

We tested SpywareDetector and came to the result that it is not a false positive. When we did a scan with SpywareDetector it founds hundreds of false positives and if we would have deleted those files our operating system would surely be destroyed. In case that it is a real false positive we contacted SpywareDetector and sent them a log of our scan. They told us that we are infected with dangerous spyware and should purchase a licence to clean our computer.

So obviously they try to cheat users by showing false positives on a total clean. For that we decided to detect SpywareDetector. If you do not want Spybot to detect SpywareDetector you can exclude it from the scan.

Chaps

I'm a bit confused and am wondering if we're talking at cross-purposes. Just to clarify: Spybot detected a file called SpywareDetector on my PC. I have, as far as I know, never downloaded SpywareDoctor and don't want it. The log, as requested by 'md usa spybot fan' shows the results, but my only question is really whether or not I should let Spybot 'fix' this 'problem'? Well, actually, there is an ancillary question which would be: how could this file have got onto my PC?

Thanks and all the best

Ian

ianprice:

Your detection was:


SpywareDetector: Data (File, nothing done)
C:\WINDOWS\system32\SDRemoveDB.db
Apparently even McAfee, Inc. thinks there is some association between the presents of "C:\WINDOWS\system32\SDRemoveDB.db" and "Spyware Detector". See the following Web page:
Spyware Detector 19.0.0.042 (spywaredetectorr.exe)
http://www.siteadvisor.com/sites/defeatspyware.org/downloads/6503844/

…

Spyware Detector 19.0.0.042 (spywaredetectorr.exe) made the following modifications to the hard drive:

…
ADD c:\WINDOWS\system32\SDRemoveDB.db
…

…
If you look at the "Properties" of the file itself, perhaps you can tell if it is associated with "Spyware Detector" or if it was installed in your "C:\WINDOWS\system32" directory by something entirely benign.

Note: The presents of the file "SDRemoveDB.db" in the "C:\WINDOWS\system32" directory does not seem normal (at least on my Windows XP Home system with the mix of software I have).

Added with edit:

To look at the "Properties" if the "SDRemoveDB.db" file:
Using windows explorer navigate to:
C:\WINDOWS\system32
Right click on "SDRemoveDB.db" and select "Properties".

md

I'll take a look - thanks.

md

The properties gave nothing away at all. I've added ".kill" to the name of the file and will see if anything is actually trying to find it at all. If not, I guess I can get Spybot to kill it. :)

I'm wondering if it's a throwback to when I had Spyware Doctor on the PC, but Spybot has only just taken a dislike to the file (since the leatest update?) However, my laptop has Spyware Doctor and that file doesn't exist....

Curiouser and curiouser....

Just to be sure – we are talking about Max Secure Spyware Detector, maxspywaredetector.com – right? Not Spyware Doctor.

I’ve been running this for about a month and it really did clear up some problems although the first time it found a suspiciously huge number of problems. There were cookies on the list that appeared nowhere on the hard drive, but then PC Pitstop did the same thing (just different cookies) in their demo. I figured I just wasn’t savvy enough to find manually what these programs found. Not accusing them of anything other than deceptive marketing, neither seems to have damaged the system.

Am I asking for trouble by continuing to use Spyware Detector if indeed it is the one this thread is about?

Hello mj409.

Spyware Detector.


We tested SpywareDetector and came to the result that it is not a false positive. When we did a scan with SpywareDetector it founds hundreds of false positives and if we would have deleted those files our operating system would surely be destroyed. In case that it is a real false positive we contacted SpywareDetector and sent them a log of our scan. They told us that we are infected with dangerous spyware and should purchase a licence to clean our computer.

So obviously they try to cheat users by showing false positives on a total clean. For that we decided to detect SpywareDetector. If you do not want Spybot to detect SpywareDetector you can exclude it from the scan.

The decision is up to you. ;)

Tashi-

Thank you.

I'd like to believe that they just have a misguided marketing staff, but unfortunately their tech people would have to participate in this deception. It did detect and fix some persistent problems on my computer and seems to work well so it is curious why they feel they have to deceive people into buying it. It'll get them in the long run.

Spybot is a great product and thanks for a good forum.

- mj

Tashi

"So obviously they try to cheat users by showing false positives on a total clean. For that we decided to detect SpywareDetector. If you do not want Spybot to detect SpywareDetector you can exclude it from the scan."

But I have never downloaded SpywareDetector - as far as I know! I still don;t understand how I can have this file and what it actually is. :sad:

ianprice:

Unfortunately:
Windows does not record an audit trail of what process added, deleted or modified files.

--- and ---


If a file not an executable file (exe, dll, scr, etc.) where the "Version" tab of the "Properties" may contain some origin information (which may/may or be reliable).
Without that type of information, about the only thing you can do to determine the origin of a file is to relate the timestamp information in "Properties" with the timestamps of other files created/updated around the same time.

Hello.

I have left a note for our detectives attention.

Best regards.In a recent post for help please, it was archived because of lack of interest.

I just downloaded and installed 1.5 last night from the safer networking main download point and I have a world of trouble, see other post.

However in the help post, you said to uninstall Java via add/remove and stated upgrade 5 is the latest. Add/Remove says I have version 10.

Is this correct or is there a date mistake on the post.

Any suggestions.

b4dawn


In a recent post for help please, it was archived because of lack of interest.
???

The only posts you have made that I can find are in the following threads, none of which appear to have been archived:
Beta auto install diconnects Spyware Doctor
http://forums.spybot.info/showthread.php?t=16713
1.5 let the whole world of spymaltrojporn in.
http://forums.spybot.info/showthread.php?t=18423
Can you elaborate on what thread "was archived because of lack of interest"?

_____________


I just downloaded and installed 1.5 last night from the safer networking main download point and I have a world of trouble, see other post.
If this is the thread you started, I responded:
1.5 let the whole world of spymaltrojporn in.
http://forums.spybot.info/showthread.php?t=18423
_____________



Hello.

I have left a note for our detectives attention.

Best regards.
…

However in the help post, you said to uninstall Java via add/remove and stated upgrade 5 is the latest. Add/Remove says I have version 10.

Is this correct or is there a date mistake on the post.
I can find absolutely no reference to "Java" in this thread besides yours. If you have a question concerning "Java" or anything that tashi (http://forums.spybot.info/member.php?u=7) may or may not have said concerning "Java" in some other thread, I respectfully request that you:
Privately communicate with tashi (http://forums.spybot.info/member.php?u=7) about reactivating the thread that I was unable to find.

--- or ---


Start your own thread and describe the question or problem you are having rather than hijack someone else's thread with what appears to me to be a totally unrelated post.

I'm not really sure what I've started here, so will withdraw gracefully. Thanks to everyone foe their help...

I'm not really sure what I've started here, so will withdraw gracefully. Me too. :laugh: