While surfing the net, a red circle icon with a white X in the middle appeared in my Systray and when I hovered my mouse on top of it, I got a tooltip saying "your computer is infected". After scanning with S&D, Smithfraud and SpySheriff were detected and removed, which also got rid of the red icon. However, I soon discovered that my PC's ability to store cookies has been disabled. As an example, even though the [web] site settings of all the sites that I frequent are set to "never log out" or to be "logged in for 60 days" and the like, all of my settings are reset after rebooting my PC, so I have to login again when I visit the sites after rebooting. And I only encountered this problem after removing the 2 malwares, never before.

I know, this problem seems to be harmless, but it's proving to be quite a nuisance. Any help would be appreciated. The more detailed, the better, as I am not that well-versed in programming lingo.:o

Hello,

Which version of Spybot-S&D are you running?
Do you have the latest updates installed?
Do you have the resident protection of Spybot activated?

Best regards
Sandra
Team Spybot

P.S. I like your avatar ;)

Hi Sandra! Thanks for the prompt reply.:bigthumb:

Here are some of the info I got from the "View Report" section of S&D:
--- Spybot - Search && Destroy version: 1.3 ---
2005-12-16 Includes\Cookies.sbi
2005-12-16 Includes\Dialer.sbi
2005-12-16 Includes\Hijackers.sbi
2005-12-16 Includes\Keyloggers.sbi
2005-12-16 Includes\Malware.sbi
2005-12-16 Includes\Revision.sbi
2005-12-16 Includes\Security.sbi
2005-12-16 Includes\Spybots.sbi
2005-12-16 Includes\Trojans.sbi
2005-02-17 Includes\Tracks.uti
2004-11-29 Includes\LSP.sbi
2005-12-16 Includes\PUPS.sbi

Let me know if you need more info [and maybe how to get it?:o ].

PS: As for the avatar, glad you like it, though I just found it online. I'm kinda into smileys.:)

BTW, about the S&D resident protection, do you mean the immunization? I disabled it coz it blocked a site that I frequent after updating it. Actually, I was also gonna ask about that. Is there a way to allow a particular site and still be immunized for other sites?

Hello Yokarin,

Ohoh....
It seems like you are running an old version of Spybot - Search & Destroy without the latest updates....(at least updates from last year).

Please upgrade your program, version 1.4 is available!
First, please uninstall the old version according to this link:
http://www.safer-networking.org/en/faq/27.html
Now, you can download the new version here:
http://www.safer-networking.org/en/mirrors/index.html
Don't forget to update afterwards!
Here is a tutorial:
http://www.safer-networking.org/en/howto/update.html

Best regards
Sandra
Team Spybot

About the resident protection:

The resident section of Spybot - Search & Destroy is devided into two parts: the SDHelper and the TeaTimer.

I would recommend to activate it. That´s the way to activate it: run Spybot-S&D, switch to the "Advanced mode" via the menu bar item "Mode" --> hit "YES" --> select "Tools" in the navigation bar on the left --> "Resident" and there you can tick the checkboxes in front of the two tools.

To avoid the problem that you have while visiting various sites:
Please run Spybot-S&D and select "Spybot-S&D" --> "Immunize" in the navigation bar on the left. There you will find a drop down menu. Please select "Ask for blocking confirmation". If you want to visit a blocked website choose "Allow". Hope this solves the problem.

Best regards
Sandra
Team Spybot

So you're saying [keeping my fingers crossed;) ] that this [cookie] problem is caused by my having the old version of S&D? Also, my PC's kinda old :o so is it still safe to assume that it'll be able to run the new version since it's capable of running the old one?

BTW, regarding uninstalling the old version, the Smithfraud and SpySheriff that I removed are still in the Recovery section. Should I recover them, delete them, or leave them before uninstalling the old version?

As for the blocking of sites, my current setting is "block all bad pages silently", so I hope your suggestion works.:)

Hello Yokarin,

I think that you have the problem cause you do not have the latest updates including the latest detections rules for Smitfraud and SpySheriff.

If you are running windows 95 you should stay with Spybot Search and Destroy 1.3. Otherwise i would recommend an upgrade to version 1.4.

About the files in the recovery - i would delete them. And if you uninstall your version of Spybot you can leave it alone - it will be deleted also.

Best regards
Sandra
Team Spybot

Hi Sandra!

I'm using Win98 so I'll be upgrading to the version 1.4 and update the latest detection rules ASAP. Hope it works. Anyway, whatever happens, thanks very much for the help. . . you've been great!;) I'll keep you posted ASAP, whether it works or not. Hopefully, it will. :D

Something to check:

Go into Internet Explorer > Tools > Internet Options… > Privacy tab.
In the "Settings" section click the "Advanced…" button.
In the "Advanced Privacy Settings" panel check the settings under First-party Cookies and make sure it is not set to Block.

You're welcome :bigthumb:

Something to check:

Go into Internet Explorer > Tools > Internet Options… > Privacy tab.
In the "Settings" section click the "Advanced…" button.
In the "Advanced Privacy Settings" panel check the settings under First-party Cookies and make sure it is not set to Block.

Hi and thanks for the interest, md usa spybot fan. Anyway, both first- and third-party cookies are currently set to "Accept". I really wish it was that simple.:o

BTW, regarding not having the latest detection updates, I get the info "!!! bad checksum !" everytime I try to download the updates. This didn't used to be the case when I first got S&D, coz I could download the updates before, but eventually, for no apparent reason/cause [at least to me:confused: ], I couldn't download them anymore.

Should uninstalling and upgrading to 1.4 solve this problem?

Hello,

Many users have reported that they are not able to download updates. The 'Search for updates' reveals updates, but they cannot be downloaded. Often a 'HTTP Error 403' or 'bad checksum' is displayed. This has a simple reason - millions of people trying to download from the same server, which can't handle such a burden. In combination with the growing size of the detection file this is becoming a serious problem. We are currently considering possibilities to improve the situation. This includes the search for additional servers and ways of more effective compression. At least one server will soon be added, others will follow hopefully.

In order to overcome the problem for now, if you try again, have a second look at the update-menu-bar after searching for new updates. Therefor choose the update site from the navigation bar on the left. Now you'll see the update-menu-bar. It has a pull-down item to select a mirror. Click the arrow beside it, and select a different location (try the ones locatest nearest to you first), where you'll most probably have better chances to download. For a better understanding we have placed a picture at this link on our website:
http://www.safer-networking.org/en/howto/update.html
In section 4 you'll see how to select a download location nearest to you.

If this sounds too difficult please try to download the updates manually:
http://www.safer-networking.org/en/download/index.html
Here is the direct download link:
http://www.spybotupdates.com/updates/files/spybotsd_includes.exe
Just download and run that file - it is self-installing.

The information about "bad checksum" is also available in our FAQ:
http://www.safer-networking.org/en/faq/20.html

For more information please do also have a look into our forum:
http://forums.spybot.info/showthread.php?t=63&highlight=checksum

Best regards
Sandra
Team Spybot

OK, thanks very much for the detailed explanation, Sandra. I'll keep you posted.

I know I said I was gonna upgrade [and I don't mind doing so:o ] but I first tried out the direct download link for the updates and tried scanning using the v1.3 and indeed, there were traces [2 files] of Smithfraud that were found. However, the cookie problem still persists. Is there an advantage to upgrading to v1.4 or will I probably get the same results?

Hello Yokarin,

It should also be fixed with your version.

Please run a scan in safe mode:
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406
That should fix it.

If this doesn´t solve the problem please send us your *complete* Spybot bug report: Therefore run Spybot-S&D, let it scan, try to fix the problems (!) and then go to "Tools" --> "View Report". Tick on all the 10 checkboxes (leave "Do not report disabled or known legitimate items" unchecked) you can find there and click on "View Report". Now choose "Export" and save the file to your desktop. Please attach this file to your email and send it again to detections@spybot.info.

Best regards
Sandra
Team Spybot

Hi Sandra! I'll do what you said ASAP. I'll keep you posted. Thanks.

Hi Sandra. I performed a search in safe mode like you advised. However, there were no spywares of any kind detected. So, also as you advised, I sent the report to detections@spybot.info.

Anyway, thanks for all the help.;)

Hello Yokarin,

Thanks. Norma (the bugtracker *g*) and i will have look at it tomorrow.
We will write back if we find something. :-)

Best regards
Sandra
Team Spybot

Hi Sandra!:greeting:

I've got good news [sort of, depending on how you take it].

What I'm trying to say, is that my PC is back to storing cookies, as it should be. However, [here comes the potentially bad news] I discovered that the cause behind this problem was a virus [at least I think it's a virus since it was my antivirus that caught it, though the name seems to suggest otherwise], TSPY_AGENT.ZH. I guess it planted itself in my PC at the same time I got the Smithfraud and SpySheriff, and simply remained dormant. After cleaning out my PC [Windows System and registry] of the virus, I discovered that the cookie problem was gone.

I'm terribly sorry if I wasted your time. If it's any consolation, you gave me an alternate way to update my spybot includes list, as I haven't been able to do so in a long time due to the "bad checksum". And in turn, the update allowed me to discover 2 files of Smithfraud that had been missed before updating. Also, I forgot to mention before, your suggestion of changing my setting to "ask for confirmation before blocking" is working like a charm.

So, all in all, for me, this hasn't been a total loss. You've been a big help.:bigthumb: I just hope I didn't waste too much of your time. BTW, what should I do about the email-report I sent to detections@spybot.info? Should I send them an email to withdraw my request?

Sheepishly:oyours,
Yokarin

Hello Yokarin,

Thank you for the information. I'm glad to hear.
I do the detection mails also, so i can archivate it ;)

All in all....i am glad to have helped you.

http://bestsmileys.com/havenice/2.gif

Best regards
Sandra
Team Spybot