PDA

View Full Version : how do i remove spybot sddelfile from system!?



dunken
2007-12-08, 07:22
Used to ran 1.4 s&d , did upgrade to 1.5 beta

System is SO slow at startup , it takes about 5-10 minutes to load windows.

Did uninstall s&d , but then at startup a cmd windows appears telling me that s&d is removing sddel.exe but than nothing happends.

www.receptarkiv.se/error2.JPG

This happends if i just let it run .

How do i get rid of this problem ?

It seems that at startup he wants to load :

C:\Program Files\Spybot - Search & Destroy/SDDelFile.exe

Did uninstall s&d but that file still remains in the directory , and did remove those files then he only complains that he needs that file . How do i remove it from the registry?

Edit: Only solution that ive found out is to remove all lines in regedit
It this a known bug ?

PepiMK
2007-12-10, 11:15
Spybot-S&D should not slowdown the startup at all.
These entries are about removing something that couldn't be fixed during normal operation, so they were sheduled to be removed on startup. Shouldn't crash of course! Hmmm...

dunken
2007-12-10, 18:05
Have tried to install s&d again , and im getting the same results here .

Any tip ?

PepiMK
2007-12-11, 09:43
Could you post the data of those registry values you mentioned, so that we can see what it is actually trying to remove? That might help to determine whether it's a general problem or related to an ugly piece of malware ;)

Cheekybird83
2007-12-17, 19:15
Hi i have a similar problem.

We downloaded spybot onto our computer but it seems to have suddenly slowed down on start up taking about 10 mins to load. Therefore I removed the programme this then lead to a error message when i restarted my computer saying cannot find the - Spybot - search and destroy/sddelfile.exe and windows wouldn't load at all. I therefore had to used the command line to access my computer as windows would not fully load and I re installed Spybot - so now i'm back to waiting 10 mins for windows to load. How can I fix this?

Cheekybird83
2007-12-17, 19:41
Also now keep getting error popping up "command line file remover for spybot-s&D

Command line file romover for spybotS&D has encounted a problem and needs to close - when i click for more info this says AppName: sddelfile.exe

Any Heelp please!

now another error message saying

SDDelfile.exe - unable to locate compent - this application has failed to start because WTSAPI32.dll was not found

PepiMK
2007-12-17, 19:41
Which version of Spybot-S&D are you speaking about?

The slow one is the public 1.5 (1.5.1.15), but SDDelFile was only part of the beta 1.5.1.18 if I'm not mistaken.

Also, SDDelFile can't break Windows to not start at all, it's a simple usermode application set up in the Run part of the registry (not as shell or something else of the critical type) :spider:

dunken
2007-12-17, 19:53
well only solution that ive found was to load windows in failsafe mode , then run regedit and search for "sddelfile.exe" and remove all strings with that attached .

Dont forget to make a copy of the settings before starting if something goes wrong ..

pschmidt99
2007-12-27, 04:28
Just for the record, this sddelfile.exe is causing problems for me too. It looks like it's getting into some sort of infinite loop where the sddelfile.exe program gets re-executed continuously. I have no idea why, but the end result renders my computer effectively CPU bound and crashed. Maybe it's trying to do something useful and necessary, but the infinite loop thing is a design flaw. There should NEVER be a situation that allows that. Now the loop is happening at boot time, so I can't boot successfully either! I can see the process ID keeps changing, so it's being re-executed continuously. <sigh>

PepiMK
2007-12-27, 17:37
There should be no infinite loop really - it attempts a lot of different methods, and indeed recurses, but only one level (after trying to rename a file). I'll create a debug version of this asap, that'll help in tracking down the source of the problem!

pschmidt99
2007-12-28, 18:25
PepiMK, this is happening to me again RIGHT NOW (11:00 am EST USA). Are you interested in working with me to debug the problem ? If so, can you contact me right away ?

Basically, I *think* I am getting a reoccurring tea timer message. If I do NOT check "Remember this decision", I think I prevent the run-away infinite loop problem. I presume if I denied the change, that might stop the symptom, but not the basic problem.

If I "allow the change", and do NOT check "Remember this decision", it appears that teatimer is failing to fix the problem and continually generating repeating messages attempting to do so.

I am presuming that I do have a spy ware/aware problem that needs to be resolved, but I believe there is a logic flaw with how it is going about it.

See attached screenshot.

Regards,
Peter

PepiMK
2007-12-28, 18:34
That screenshot looks like TeaTimer, not the SDDelFile.exe crash mentioned by Cheekybird83 above. I have to test something on Win95 still, if that works fine, I can send you a link to two of the new files I've prepared for the RC, hopefully within the next hour :)

pschmidt99
2007-12-28, 18:48
Here is my runonce registery export.
Hope this helps.

I don't (yet) understand the cause of this.

Peter

PepiMK
2007-12-28, 18:58
Hmmmmm... ok, that looks indeed like another loop than the one I would have suspected. I'll read through the source again based on that before continuing to finish the RC :)

What is kind of spooky is that while there are three entries added again and again, they don't have a fixed order really - if the loop would be inside the file removal routine, it would be "sorted", and if the loop would be in Spybot-S&D calling the removal routines again and again, it would be "sorted" as well - always the same order.

88 entries... 32, 22 and 34 times for the three files, so they're not behaving linear...

And it is not TeaTimer causing trouble, since even if TeaTimer would go into a loop, it wouldn't use those random numbers in the value name, that's specific to the removal code in tools.dll...

Well, as I said, I'm going to read some of the code to see where this could come from...

noprob
2007-12-30, 02:33
My daughter is having this very same problem and I have only myself to blame as I downloaded and installed the beta version of Spybot S&D.
As this is being typed/posted I am having her delete any referance to this file in the registry while in safe mode.
I hope this is correct as in regular desktop user mode the file SSDelfile.exe loads up continuously with multible referances to this file running in task manager.
I should have known better than to install a beta version.
My bad.

rkm151
2007-12-30, 06:25
Anyone making progress with this? I had the same SDDelfile* msgs. showing after first scan, and multiplying with every restart. Now, 3 days later, uninstalled in safe mode, only to have more than 100 instances of SDDelfile, and at least as many Dr Watson lines showing in task manager. I have not edited registry as yet, kind of hoping to avoid doing that if possible.

microsolve
2007-12-30, 18:03
Hi,

I am a newbe on this forum. I have been using Spybot for years (to my horror recently I discovered since version 1.2!).

I too tried version 1.5 when it first came out, and sadly the complete trust I had built up with it was sorelty temepted when versiobn 1.515 trashed the network of the first customer I installed it on. Cost both of us a little time, money and my reputation was a little dented. Version 1.4 was a complete remedy at the time, but since then I have been trying the various beta 1.5 versions to great effect. I came a cross the SDDelfile problem on a very few 1.518 inbstallations, but a woirkaround I found was to (when the program eventually loaded - great patience needed, not always my greatest asset!) open the advanced section, and examine the startup entries. there appeared to be many different attempts to do something with sddelfile.exe, by what are presumably different internal users each of which complained about not being able to find it. This would explain the extreme lethargy of Windows starting. Once these items were deleted from the startup entries (no need to hack the registry, Spybot has its own built in tool!), Spybot and windows, and the rest of the system behaved as normal. Although I waited until windows started in norm,al mode, if some systems hang on startup, Spybot will still run in safe mode, and can be used to delete the startup entries while there, ensuring a speedy start when next fired up in normal mode.

Hope this helps.

Mike

rkm151
2007-12-30, 18:22
If I hadn't been so hasty to uninstall, and thought just a little, I think that I could have done as you did and fixed this with the advanced settings. But, now that I've removed S&D, a new install should still show these startup entries, I hope. Thanks for posting, sometimes the obvious answers elude me!:red:

Oldguy
2008-01-04, 12:38
PepiMK and all,

As a forum newbie I wasn't sure where to make my first post which is related to this problem. See my two posts under "sqlite3.dll and the Programs folder" in "False Positives" on 01/02/08 and 01/03/08 http://forums.spybot.info/showthread.php?t=21786

I have verified that the SpybotSD.exe I am using mentioned in my 01/03/08 post and suggested by Team Spybot to fix the slow startup problem is marked v1.5.1.18, the one referred to by others in this thread.

As mentioned in my 01/03/08 post referred to above, I am a new user of Spybot and the forums so I am unsure about cross posting. Clearly my problem is related to what is described in this thread though no one else seems to have encountered so many RunOnce registry entries for SDDelFile.exe as I have. Whether this is an infinite loop I can't tell but it certainly did generate a lot of entries and completely bogged down my primary machine during normal startup as described in the referenced posts. I don't know whether the multiple RunOnce entries were generated during the original attempt to remove sqlite3.dll or by some subsequent Spybot S&D problem during the next system boot related to TeaTimer or other resident functions of S&D, if any. I just want to be sure I eliminate whatever generated the entries before attempting to run in normal mode again.

My primary system has been down (well basically unusable in safe mode only) for 3 days now over year end and new year. I really need to get it up and running again. So I am assuming from what I read here that I should 1) go ahead and delete all the RunOnce SDDelFile.exe entries from the two hives where they appear and that to avoid a repeat of this problem 2) I should uninstall in safe mode and 3) not run the v1.5.1.18 beta or any other beta again until there is an official release that fixes the slow startup problem.

Please confirm that if I take these steps it is likely that I will be rid of this problem.

I have an exported version of the RunOnce entries if that would be useful for debugging.

Thanks, Thos

PepiMK
2008-01-04, 14:08
It should be sufficient to just delete the SDDelFile.exe file - in that case, Spybot-S&D will revert back to sheduling removals through command/cmd like it always did in previous versions. It would be useful to know whether that would go into the same eternal loop as well.

Regarding crashes, I've spent a lot of time the past days updating our exception reporting system and integrating it into the forum software. Once that is finished, exception handling will be easier, and I'll make a version of SDDelFile.exe available that allows to submit a crash report when it shows an "access violation" like it sometimes did here, for example. The forum integration would also allow you to view the status of any report that included the email address you used to sign up here.

Oldguy
2008-01-04, 20:12
PepiMK,

If I am reading your response correctly, you are saying do none of three things listed in my prior post and instead just delete SDDelFile.exe. Is that correct?

If all I do is delete SDDelFile.exe then what is going to happen when I do a normal restart and during startup the system attempts to execute those 661 RunOnce entries remaining in my registry?

I also received advice on Ticket 702980843 to:
1) delete HKEY_CLASSES_ROOT*shellsddelfile
and in the same message then
2) to then browse to HKEY_CLASSES_ROOT*shellsddelfile, cut the name of the second value and paste it in as the data for the default value.

If I follow this advice, having performed 1 as instructed it seems like 2 becomes impossible. Am I missing something here? Is this advice from Ticket 702980843 still relevant? What was its purpose in the first place?

I responded to the advice on Ticket 702980843 with the following but I have received no further reply yet:
"...In the context of better problem description (referring to my post in thread "sqlite3.dll and the Programs folder" at forums.spybot.info/showthread.php?t=21786&highlight=sqlite3.dll) and knowing I was using a beta release you directed me to please advise whether I should continue with the recommended fix and/or take other steps and whether/how I should remove the large number of RunOnce entries in the registry."

Neither you or the author of the response to Ticket 702980843 have dealt with whether there might be a problem with the existing 561 RunOnce entries. However I see other posts in this thread that suggest deletion of those entries as a workable fix for the situation I find myself in.

I'm sorry but I am now really confused and worried about what are the minimal and correct steps to follow to restore my system to normal operation. At least I can still make some use of it in Safe mode. I don't want to further destabilize it or turn it into a brick.

Can you or someone give me a step by step prescription with an explanation of the intended results that will A) remove Spybot and all its components from my system to preclude any further incident like this and B) enable me to reboot my system in normal mode without extended startup problems of the kind I described in my original post and that others here have also described?

Thanks, Thos

PepiMK
2008-01-04, 22:26
Well, as you can probably see from the name in the signature of those support tickets, it wasn't me who wrote them. Actually, you're only confusing me now :D by constantly referring to them, since I have no idea what really was in there ;)

And if these entries cause your system to not boot any longer, why do you ask if there might be a problem with that? I surely would call a non-booting a problem, if you ask me ;)

As I said, I have no idea what was excactly written in those support tickets, so all I could do was tell you to get make sure these RunOnce entries will not appear again, and that would be to remove SDDelFile.exe. Removing those RunOnce entries as well is probably optional, since they should vanish when not found on next reboot, but it can't harm to remove them either, so I would suggest you do that as well.

Btw, sqlite3.dll is a simple library to support access to databases. It is not anything that would cause a system to no longer boot correctly - if an application accessing SQLite databases would be run on startup, it probably would display an error message, but nothing that deep into the system.

I would stronly suggest that (deleting SDDelFile.exe and optional deleting RunOnce entries) over
uninstalling/removing Spybot-S&D before everything's fixed - because that would actually a bad idea, making it quite difficult to reverse the changes Spybot-S&D made - and since you mentioned a false positive, that's probably what you want to do. With Spybot-S&D removed, you would have to manually extract and copy normal files and registry files from password protected zip files, which is a bit more difficult than opening the Recovery section and restoring the SQLite library entries.

Oldguy
2008-01-06, 05:22
PepiMK,

Thanks for your response. I will proceed as you suggest.

I was unaware that members of Team Spybot had no access to product support ticket responses written by other members of Team Spybot. I thought I was being helpful by providing those references so a Team Member such as yourself could get a more comprehensive picture of the the problem at hand, provide for a better analysis and avoid duplicate or conflicting responses. Lack of access to the product support problem tracking system must make your job and the management of routine support tasks such as consolidating problem identification and tracking, collaborative problem solving, preparing coordinated temporary and permanent fixes and generating release fix lists very dicey at best.

Under such circumstances, what's a poor, uninformed customer like me to do when he becomes man-in-the-middle between two or more support team members who unknowingly provide conflicting or incomplete advice because they can't access problem support records worked on by others?

As I hope you saw in my original post, I did recognize that there was a problem involving startup and before I even knew there was a forum thread such as this one had independently tracked down the immediate cause of that problem to the processing of multiple, duplicate RunOnce entries generated by S&D that were attempting to remove Sqlite3.dll.

Because so far no full explanation of the circumstances under which the failure occurs or what components or parts of S&D are the culprit(s) (only SDDelFile.exe has been fingered as involved but not necessarily as a culprit), and no information about whether the problem would reoccur have been offered. I still have most of the same concerns I had when I first posted. Those were "...without having a theory about how they [the RunOnce entries] got there, why [and when] they multiplied and whether they would return even if deleted [even though you say removing SDDelFile.exe will prevent that] I am in a quandry [regarding whether or what action to take]".

I must say that under the circumstances my level of confidence that the beta product now installed on the failed system is sufficiently free of other defects to trust it to reverse the changes it made, in particular including restoration of registry entries, is not high. It seems folly to risk using the known to be flawed beta product to recover from the false positive identification it made and the subsequent mess that it caused by then permitting it, the same flawed product, to perform various sensitive restoration activities based upon whatever it recorded without having any idea about why the problem occurred in the first place (aside from being triggered by bad identification information contained in the downloaded "signature" files). I am not reassured when I read entries from other forum members such as "...3 days later, [after] uninstalled in safe mode, only to have more than 100 instances of SDDelfile, and at least as many Dr Watson lines showing in task manager..."

Anyway as someone who has obviously gotten involved with a product and a problem that had unexpected consequences far beyond his ability or desire to cope with, I thank you for your time and forbearance. Hopefully I will not have to bother you with newbie questions again.

Regards, Oldguy

PS: At 13:00 USPT I renamed SDDelFile.exe to SDDelFile.badexe, removed 661 RunOnce entries that referred to SDDelFile, surveyed the registry for other occurrences of "sddelfile", restored the startup entries except for TeaTimer.exe and did a warm reboot. At 13:35 USPT the failed system restarted with no apparent problems. No new RunOnce entries appear in the registry. Spybot S&D is disabled but still installed. I will not run it again until there is an official updated version that addresses the original slow startup problem of v1.5.1 that the defective v1.5.1.18 was intended to fix. OG