Everytime i run spybot a box comes up to check error logs and something about a trojan. I cannot find an error log. HELP

bitehard69:

What version of Spybot - Search & Destroy are you running (Spybot » Help » About)?

Is the message that you are getting similar to the following?


Warning

There were problems in the include file C:\Program Files\Spybot - Search _Destroy\Includes\?????
See 'Include errors.log' for details.

[OK]
If that is the message, please post the "Include errors.log". You can access the "Include errors.log" as follows:
Go into Spybot > Mode > Advanced mode > Tools > View Reports.
Then click the View previous reports button on the top of the right hand pane.
Look for the "Include errors" file
Highlight it and click open (or double click on it).
For another method to access the "Include errors.log", see this this post (http://forums.spybot.info/showpost.php?p=180819&postcount=2).

If have Spybot 1.4 there is a compatability problem with the newer definitions so please upgrade to 1.5.2.20

PS: Spybot 1.6 is released on July 4th

:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Delf.Spool.cn | <$SYSDIR>\ntdoss04.sys
C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Win32.Agent.frl | <$FILE_SYSTEM>
C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Win32.Agent.frl | <$FILE_EXE>
C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | FlashExploit | <$WINDIR>\Tasks\SysFile.brk
C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | Zlob.DNSChanger | <$FILE_EXE>
C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | Zlob.DNSChanger | <$FILE_EXE>
C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | Zlob.DNSChanger.rtk | <$FILE_EXE>

okay now am i supposed to do something with this does it mean i have a trojan?

You didn't answer md usa spybot fan's question: What version of spybot are you using? Because if your using Spybot 1.4 (which it looks like you are) it is incompatible with the newer definition updates and you must upgrade to 1.5.2.20

Hoping this is the correct place to post rather than starting a fresh thread
(new to this, sorry) but there's a similarity with bitehard69's query.

I'm using version 1.4 on Win98SE (Tried the various suggestions posted on this site to attempt installation of 1.52 since it first appeared in the updates list but without success.)

Last week I downloaded and ran the "anti rootkits plug-in" exe (many thanks, btw, to md usa spybot fan, for being one of the very few still to care about us dinosaurs. Lavash*t , for example, after creating problems with their new build made it very clear they didn't give a flying :oops: about 98 users and the only solution was to put our grannies out on the street to finance an upgraded OS. OK, I exaggerate but only a little!)

However when I just ran a scan I'm now getting the following includes error log report...

C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\Includes\Trojans.sbi | Delf.Spool.cn | <$SYSDIR>\ntdoss04.sys
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\Includes\TrojansC.sbi | FlashExploit | <$WINDIR>\Tasks\SysFile.brk

I took the action suggested at http://forums.spybot.info/showpost.php?p=201745&postcount=3 on the first item.
Any advice on how to fix the "flashexploit" one? I see that item also on bitehard69's log. More importantly, should I be worried if it means I'm NOT scanning for flash exploits?

Thanks in advance.

jo_lxix:

The announcement for the detection updates on 2008-06-18 (Updates: 2008-06-18 (http://forums.spybot.info/showthread.php?t=29633)) contained an entry for FlashExploit under Trojans indicating that FlashExploit was added as a detection. I can only assume that a similar situation exists for the FlashExploit detection as with the Delf.Spool.cn detection because the error does not occur in Spybot 1.5.2 nor Spybot 1.6 (beta and release candidate).

The cause of the include file error in Spybot 1.4 for the Delf.Spool.cn detection was discussed in this thread:
Detection rules for Delf.Spool.cn and/or the file ntdoss04.sys
http://forums.spybot.info/showthread.php?t=28867

The problem appears in 1.4 because the only rule related to ntdoss04.sys uses one of the anti-rootkit things; in this case one that exists in the main application, not a plugin.

…

…

A) Spybot S&D 1.4

Spybot S&D 1.4 will always show/log the error since it does not recognize the command.
Other detections are not compromised by this, users should update do Spybot S&D 1.5.2 if possible.

…

Thanks md usa spybot fan.
I'd already seen it included at updates 2008 06 18 (http://forums.spybot.info/showthread.php?t=29633) as that was the only reference to "flashexploit" I could find on doing a forum search.
Guess from what you're saying here I'll just have to check it in "ignore products", then at least hopefully my scan will run cleanly to the end.

Thanks once again for all your help and for caring.

jo_lxix:

You should really upgrade to Spybot 1.5.2 or Spybot 1.6 when it is released.

Running older versions of Spybot with current definitions is becoming a problem. A detection for HellzLittleSpy that was included in the 2008-06-25 updates caused problems with both Spybot 1.3 and Spybot 1.4.

From:
Userinit Issue
http://forums.spybot.info/blog.php?b=14

Userinit Issue

This is about a serious issue that disables users from logging on to their computers.

The cause for this issue may be one of the following:
Spybot S&D 1.3 with current detection rules without HellzSpy infection.
Spybot S&D 1.4 with current detection rules and HellzLittleSpy infection
These are errors caused by dated versions of Spybot S&D in combination with detection rules designed for the current Spybot S&D 1.5.2.

Symptom:
Logoff will occur directly after login.

...