Hello,

I'm a complete newcomer to these forums, so I'm not sure what I need to do in terms of getting a registry to print out or anything. Please be gentle! I'm not a troll!

I upgraded to Spybot 1.6 last night and ever since the program has been running extremely slow. I saw threads where people were complaining about Spybot taking 3 hours to run, but I started a scan at 2:00 this afternoon and it wasn't even half finished by 12:00 AM. Before upgrading to 1.6 it usually took about a half hour for a scan to complete.

Considering the above, I think it's likely I've got something malicious hiding on my computer somewhere. Any help would be greatly appreciated.

Also, this may be a silly question, but does this put me at risk as far as banking online? I usually do all of my banking online, and this problem with Spybot has me scared.

Thanks for your time,
Steve

hello Steve,

until it is clear if your computer is infected or not please refrain from using online banking. Online banking should only be used on computers that are certain to be uninfected by malware.

First to determine if you computer is infected we will require a log file.
To create a log navigate tot he scan screen (click Search & Destroy button within Spybot S&D) , you need not "check for problems" at this time. Right click the empty results screen and choose to save a full report to file.
Send this report file to detections@spybot.info with a reference to this thread.

Could you determine where Spybot S&D freezed during scan?
If you right-click the shortcut to Spybot S&D and browse to the shortcut tap, you can enter ' /verbose' (without the ' but with the whitespace) after the path to the SpybotSD.exe in the Target field. With this Spybot S&D will output a hex number in the status bar while scanning to show which part of the signature files it is currently using.

Hi Yodama,

Thanks for the reply and the help!

I just now sent the log file to the address you mentioned. However, as far as determining where S&D freezes, I haven't had a chance yet. When I run S&D right now it brings my computer to its knees and I'm not able to do anything else on it for the entire 10+ hours its running. Also, when it froze last time it wasn't just that the program itself froze, but my entire computer went black and wouldn't return to Windows. Should I still try to scan with the hex number output setup?

Thanks.

Was there a problem with the report file I sent? Did it fail to arrive? Thanks.

-Steve

youngsteve,

Can you provide some information about your computer. CPU type & Speed, memory installed, operating system, hard drive size and amount of spare space on it. What Antivirus software do you have, and do you have any other spyware detection software installed. What browser do you use?

Have you done a scan with your antivirus product and did it detect any problems?

Have you cleaned out your temporary files recently and also your browser cache.

Do you have teatimer and or the resident IE browser turned on in Spybot?

Did you have any other software running whilst you were scanning, for example was your browser open.

The more information you provide, the better it is for those trying to help you.

Duplicate post removed

hello Steve,

we received you mail, your log file does not show anything suspicious.
We are currently running some test to see if any of the other applications may conflict with Spybot S&D.
Usually AVG does increase the scan time for Spybot S&D because it also scans the locations Spybot S&D scans.

please also do the following:

switch Spybot S&D into advanced mode
navigate to settings - directories
if download directories are entered please remove these


if you have multiple installations of Spybot S&D (installation in different folders)
please also check the registry for the path of Spybot S&D:

open the registry editor with clicking on start - run , then entering regedit
naviagte to the following registry location

[HKEY_CURRENT_USER\Software\Safer Networking Limited\SpybotSnD]
"Path"="C:\\Program Files\\Spybot - Search & Destroy\\"
make sure that the path entered here is the same as you Spybot S&D 1.6 application path (above is the default path)


If you try another scan with Spybot S&D please temporarily disable Teatimer and AVG.

Yodama,

I tried everything you suggested, but Spybot 1.6 is still crawling at a snail's pace for me. When I checked there were no download directories and the registry location was the same as the one you provided for me. I've tried to run S&D a few times with teatimer, AVG, and Zone Alarm turned off, but it's still just as slow. I did a search with AVG which came back clean.

At this point I'm not sure what I should do. Can I just keep using 1.5, which worked fine for me, and updating that instead of using 1.6? Perhaps I can do a system restore to an earlier point and get 1.5 back?

Also, would it be safe for me to resume online banking now that my AVG scan has come back clear? It's hard for me to function financially without it!

Thanks again for your time.

Steve

Hello Steve,

Spybot S&D 1.5 will still be supported for a while, so you can use this version instead of Spybot S&D 1.6 for the time being.

Before resuming online banking you should use a rootkit scanner like gmer (http://www.gmer.net/index.php) to check if there is anything malicious is hidden on you system.
If you need help with analysis of the gmer result you can save and attach its report to your next post or if it is to long send it to detections@spybot.info like last time.

Yodama,

I downloaded gmer, performed a scan, and sent the results to the email address you provided. It was a pretty long list! Some of the results at the end where in a red font instead of black, so I assume there is something amiss. True? If so, what should I do about it?

Thanks again for all the help,

Steve

I want to tell that also spyware terminator slowers scanning time nearly 2times.

dj.turkmaster thank you for the additional info.


Steve,
I received your mail and analyzed the gmer log. Unfortunately it looks pretty bad: 164 system files and 163 system services are marked as rootkits. This either means that these files are infected or that they are manipulated (for instance hidden) by the actual rootkit files.
Since no malicious processes have been detected by gmer, it looks like the rootkit was successful in hiding these. That means that finding all traces of the rootkit and removing these will take a lot more effort than doing a backup and reinstall.

If you have previous restore points you can return to you should try these first and then do another scan with gmer. Red entries in gmer usually refer to malicious rootkit activity. If you do not have clean restore points it would be the most save to backup you user data like documents, emails, bookmarks and then do a clean install of Windows.