Hey

I have experienced some strange behaviour and wonder if it is some hidden spyware/rootkit or related to spybot.

-When I startup spybot (newest, fresh install) it instantly blue screens my box, every time.
-It works perfectly in safe mode.
-I tried disabling/closing applications (incl. nod32), no change.
-Some time ago, this also happened with Ad-aware.
-EVERYTHING else works just fine.

My setting: WinXp Sp3, ATI graphic (with Ati tray tool), nod32 (antivir)
No driver/hardware issues. Memory/discs are fine.

The scan in safe mode revealed nothing serious (reg entries for ErrorKiller, DuplicateFileKiller which I uninstalled before).
AVG antispyware doesn't detect malware either.

It's a serious pain to launch spybot every time in safe mode ..
Help much appreciated!

Hello,



-Some time ago, this also happened with Ad-aware.

Do you remember when the same problem started with Adaware, how did it resolve?

Which version of AVG antispyware do you have, and also, did any problem begin to ocur after installing WIN XP SP3.

Best regards, :)

thnx for the reply!

the problem with ad-aware didn't resolve. I just gave up after a while and wiped it .. I didn't have a problem with it until more recent versions (when they significantly changed the gui and other stuff).
with same problem I mean 'bluescreen'. it used to startup but crashed the system in the early stages of every scan.

I use AVG 7.5 without any trouble (and in fact installed it because spybot and ad-aware didn't work).

@SP3: No, the problem was there before. I just thought of giving spybot another chance (SP3 adds a few things to the OS that weren't covered by windows update, e.g. stability issues).
Else the servicepack works fine, although I had to 'tweak' a bit to get it installed. See http://tinyurl.com/6puzmj.

another thing I'd like to mention:
later on yday, I found some residual macrovision/c-dilla stuff sitting in my hidden device drivers and system32/drivers folder. That wasn't doing anything because I disabled the corresponding service month ago and don't use programs anymore that depend on it.
I guess thats now gone forever, so I tried again. yet spybot keeps giving me the bsod :-(

I also did a check with rootkitrevealer. nothing found ..

I read that daemon-tools' device driver, which I have installed, sometimes interferes with applications. could that cause spybot to fail? I mention it because it hides a regkey from windows (rootkitrevealer showed).

Hi robotnik,

Could you post a HJT log in the Malware Removal Forum (http://forums.spybot.info/forumdisplay.php?f=22) so someone can take a look at the system, perhaps something will show that explains the problem you experience.

This topic explains how to produce the HiJackThis log and from which version.
"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)

Skip the procedure for the other logs, especially as Spybot-S&D isn't working for you at this time.

Include a link back to this thread please, and let me know when you have posted so I can ask one of our volunteers to advise you if anything remiss is seen.

Cheers

thanks tashi!
this sounds like a great idea .. will do it on the weekend.

please look at http://forums.spybot.info/showthread.php?t=28508 for continuation.

just to complete the 'macrovision' issue:

Today, I could 'simulate' a bluescreen (stop error) by trying to view the driver information of a hidden device driver associated with this product. When I clicked it the system crashed :oops:

So I further cleaned up the system, to remove all traces of c-dilla/safecast
-program files/common files/macrovision/(..)
-various registry entries referring to these including 'cdac11ba' and 'cdac15ba'.

In fact C-DillaCdaC11Ba is no longer available as a service (as seen in services.msc).
no device drivers are left over in system/hardware.

however I read that this copyprotection can be installed in the mbr of each drive (I have two). how can one be sure this crap is gone?!