I need to report a bug in SB S&D

There is a worm in the updater!

I saw evidence of it when I first changed my firewall to Online Armor. The list of Allowed Hosts to 127.0.0.1 took minutes to scroll through and were to sites that I would never approve. It took a long time for me to block every one.

http://i284.photobucket.com/albums/ll18/moew27/SB-SD-Hosts.jpg

This list has gotten so long that it takes several minutes for me to just scroll down it.

I did not know it was the problem, but I began to suspect SB S&D when my firewall would ask me if I wanted to allow the "New Host Entry that has been detected" when I was running the SB update.

It was not until very recently that my antivirus made me aware of it.
This is what it said about it:

Antivirus Program – Avast 4.8
C:\Program Files\SpywareBlaster\sbautoupdate.exe
Win32:Trojan-gen {Other}
Virus/Worm
080626-0, 06/26/2008

By the way, this is a new computer, I am running Win XP Pro and I downloaded SB S&D from one of the links on the site.

The same thing has been happening on my daughter's computer for a few months before I got this new computer. I blamed her for going to unsafe sites. I reformated her computer and promply reinstalled SB S&D. The same things happened. Again I blamed her. I have since apologized.

Her computer is Win XP.

Hello moew27,



It was not until very recently that my antivirus made me aware of it.
This is what it said about it:

Antivirus Program – Avast 4.8
C:\Program Files\SpywareBlaster\sbautoupdate.exe
Win32:Trojan-gen {Other}
Virus/Worm
080626-0, 06/26/2008


That may be a false positive by Avast 4.8 regarding SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html).

Regards.

moew27:

Why are you blocking those entries? Those entries in the HOSTS file equate those domain names to your system to prevent access to those sites. It is part of the protection Spybot offers and you are negating it.

If you do not want to prevent access to these sites, rather than have Online Armor block adding the entries just don't add them to begin with:
Go into Spybot > Immunize.
Right click on the right hand pane and select "Deselect all".
Scroll down to the bottom of the right hand pane and under Windows check "Global (Hosts)".
Click the "Undo" button at the top of the right pane.
Right click on the right hand pane and select "Select all".
Scroll down to the bottom of the right hand pane and under Windows uncheck "Global (Hosts)".
Leave "Global (Hosts)" uncheck so Spybot does not add entries to the HOSTS file.
__________

Suggested reading:
Blocking Unwanted Parasites with a Hosts File
http://www.mvps.org/winhelp2002/hosts.htm

Why are you blocking those entries? Those entries in the HOSTS file equate those domain names to your system to prevent access to those sites. It is part of the protection Spybot offers and you are negating it.


Thank you for explaining that to me.
I have allowed all of the entries in the hosts files .





That may be a false positive by Avast 4.8 regarding SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html).

SpywareBlaster!!!!!! I thought it was Spybot S&D!!! :oops:

Well, gee, umm, well then, it looks as though I am in the wrong forum. :red:

Thanks to all.

Moew27 turns and looks for the door and the map for the spywareblaster forum.

Hello,

Wilders (http://www.wilderssecurity.com/forumdisplay.php?f=23) has a good forum for SpywareBlaster discussion.

As you can see by this topic, AVG False-Positive Detection on sbautoupdate.exe (http://www.wilderssecurity.com/showthread.php?t=212191), it's not the first time an AV has flagged "sbautoupdate.exe".


The legitimate sbautoupdate.exe file is digitally signed by "Javacool Software LLC", and has the following checksums:

MD5: 5D0E5821EB35CDA9C320C1BDF1A4B695
SHA1: 62B09B3503C05A3CC853BB8BDFCC8292FD200E53Regards. ;)