PDA

View Full Version : Errors message



AKILLSUX
2008-07-22, 09:01
Hi all,am still using v1.4,and after being one of the victims of the mutiple cyber problems the last couple of weeks,I am unsure about updating tp 1.6.My problem during scans is with the error message"there were problems with the file trojans sbi"etc,which refers me to the include errors log.Is this a serious concern? I have multiple problems,all dating from around the 9th JUL,and suspect a backdoor trojan

Greyfox
2008-07-22, 10:39
You haven't said why you have elected to stay with a now quite old version of the program, instead of updating, what operating system you have, or whether there are any restraints imposed by the specifications of your PC, i.e. very slow processor, very low memory etc.

There are known issues or compatibility problems with the current detection downloads and version 1.4. Unless there is some very compelling reason to stay with 1.4, and to accept not only the compatibility problems, but also less than optimim protection against current malware, I would certainly recommend updating to 1.6.

If you decide to do this, my advice would be to download the new version, and to then completely remove the old version before installing the new one. I would recommend first un-immunising, deactivating Teatimer and the browser helper then uninstalling the old version. Reboot and then use the "small fix" from http://www.spybot.info/en/howto/uninstall.html.

AKILLSUX
2008-07-23, 10:16
Hi,thanks for replying.I followed all your instructions,apart from applying the small fix.On trying to run the installer,I get the message"the installer file is corrupted,please obtain a new copy of the program"I suspect that I am infected with a backdoor trojan,which has blocked my access to Windows updates,corrupted my Avast Pro antivirus,stopped my firewall from working,changed my homepage,and removed my bookmarks.None of the vendors of my software seem able to help,apart from Microsoft.This originally started when the MS update issue arose,also can't update my Java Runtime,but that may be a separate issue.Various scans show nothing,I am stuck.

Zenobia
2008-07-23, 10:44
You could try downloading a new copy of the installer file:
http://www.spybot.info/en/download/index.html

If you are still unable to install Spybot after downloading again,or if you still have problems after running Spybot,you could ask for help in malware removal.

The instructions are here.Please read and follow them.
http://forums.spybot.info/showthread.php?t=288

Malware removal:
http://forums.spybot.info/forumdisplay.php?f=22

AKILLSUX
2008-07-23, 11:54
Thanks,will try again,have slow dial up,so not easy.Another issue,which I only just discovered Spybot shows, is that of various program components, listening on several ports,some above 1025,is there any way for a relative beginner to interpret those results,hope you don't mind this extra query

Zenobia
2008-07-23, 22:19
hope you don't mind this extra query
Not at all. :) But to clarify,could you let me know which section of Spybot you are in?I'm looking,but not seeing.

AKILLSUX
2008-07-24, 08:56
In the advanced settings,under Tools,Process list,doubleclickand after choosing a process from the list,click on the open ports option below the list,mine for instance shows ashWebsv.exe listening on port 12080,this should be my antivirus,there are several others.Hope this makes it clearer,thanks

Zenobia
2008-07-24, 10:23
Oh,okay.I've never really looked at that much,but here's what it says in the help file:

This tool displays a list of all currently running processes, including some information about them. It also allows you to kill some processes, but please do not use this function until you know what you are doing!

I don't see an open ports option in Spybot 1.6,just a Process Info and loaded Modules tab.Maybe it changed between versions,I'm not sure.

You can find some processes you see running at somewhere like this,just to see the description.Looking up taskeng.exe from my own running processes,I found this:
http://www.processlibrary.com/directory/files/taskeng
But,along with that,you should also consider the path where it's located.
Like the one I listed above should be located at C:\Windows\system32\taskeng.exe.

If you rightclick the item you clicked,you can select Show file in explorer,so you can see it(but that doesn't always work.)

If you have a Process Tab below what you click,it will show you a bunch more info.

If you look at the Loaded Modules tab,you can see the .dll files the process is using.

You shouldn't really Kill a process or Kill a module without help,unless you're experienced in that sort of thing.For an example,if you killed the process Explorer.exe,your desktop might disappear,until you reboot.Some stuff just needs to run,and it's hard to know what.

Hope that helps some,but I'm not too familiar with that section of Spybot,never really paid much attention to it,lol.

Did you get the installer file for Spybot downloaded yet?

AKILLSUX
2008-07-25, 08:39
Yayyyy!I was able to install and scan...showed no immediate threats,my only other lead is a rootkit scan that showed hidden items in the registry,as below








Scan started: Thursday, 24 July 2008 7:57:37 p.m.

Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4F8561EA-489E-25F2-CD1C-9A6D2753D252}] **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4F8561EA-489E-25F2-CD1C-9A6D2753D252}] iaepjlkaomgpjjlibk=(binary value) **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4F8561EA-489E-25F2-CD1C-9A6D2753D252}] haoopkjkaelfamgg=(binary value) **HIDDEN**

Scan finished: Thursday, 24 July 2008 8:01:48 p.m.
Hidden files found: 0
Hidden registry items found: 3
Hidden processes found: 0
Hidden services found: 0
Hidden boot sectors found: 0

Thanks for all your help

Zenobia
2008-07-25, 08:56
I cannot analyze a rootkit scan for you,since it may involve malware.Your best bet would be to follow the instructions posted above,and post in malware removal.Thanks. :)

Glad you were able to get Spybot to run and scan.