View Full Version : List of Malware Prohibiting Spybot
General_Redneck
2008-08-13, 00:13
Hello all. I apologize in advance if I overlooked posts regarding this subject and any rules I may be breaking for posting. This is the first time I've posted here and managed to read some of the "Before you Post" posts.
Is there a list of malware that will prohibit Spybot from installing or running. I have recently had the problem on several machines but I haven't been able to connect the links. I have also noticed on most, after I do my clean ups using various techniques that spybot will run/install perfectly fine. If there was an ongoing list I feel it may make a difference in the difficulty of cleaning these bugs off because Spybot does such a better job than any other program I use.
I appreciate it. Alot.
drragostea
2008-08-13, 00:15
I can't be sure what malware disables anti-spyware/virus programs, I am sure there is a workaround.
Can you rename your Spybot icon (Spybot - Search & Destroy) to Spybot-SD (for example)?
General_Redneck
2008-08-13, 00:37
well here's the deal. I keep an installer on my thumbdrive (tools). I can rename the installer filename but it that doesn't do anything for me. The same happens with the SpybotSD_Includes executable. If I have the task manager open, I don't even see spybot's process blink up there. Attached is a video of one particular instance. It doesn't matter if I'm in safemode or normal mode. and I do not see a task running that would seem to make a difference. If we need to move this over to the Malware forum, we can but on this particular machine, I've already removed ~750 entries of spyware and 12 viruses using my techniques and I'm not done. I will attach the HT log in the zip in the case you want to look at it.
drragostea
2008-08-13, 01:14
In this case, you'll need to visit the Malware Forums to purge all the malware from your computer. A experienced Malware Fighter will assist you:
--
Consider posting in the Malware Removal (http://forums.spybot.info/forumdisplay.php?f=22) forum and having someone take a look at your system.
If you decide to have an experienced malware removal specialist assist you, please follow the procedure in this link to run scans and produce a HijackThis log: "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) ( http://forums.spybot.info/showthread.php?t=288).
--
Take a good look, and start a thread.
General_Redneck
2008-08-13, 01:44
Well one of the ones I removed during this session of safemode did it because I restarted and spybot installs. I can provide a list of what I have removed.... but as I said... ~700 entries is alot to go through to find exactly which one prohibits spybot from installing. This will be minus 12 viruses and 68 malware because the current AV program Panda Internet Security 2007 on the machine doesn't keep logs in safemode. Also forgive me for using adaware.... I was desperate :P but now I can use Spybot to clean up the rest of the mess.
Please note this machine has now been cleaned. I'm just trying to see if I can help yall out.
drragostea
2008-08-13, 02:22
Also forgive me for using adaware.... I was desperate :P
Forgive? What do you mean? Explain.
If you believe you machine is "clean", then I'll leave it to you. However, if you still reconsider the offer, then visit the Malware Forum. Better safe than sorry.
Still 700, entries is quite a lot. And you do not have to go through all to entries just to tell me which entry was disabling Spybot from executing.
IMHO, you should run another anti-spyware program, because you'll need all the firepower you can get your hands on if you're not requesting help in the Malware Forums.
Use a firewall, anti-virus/spyware, practice safe hex.
Safe surfing, General.
General_Redneck
2008-08-13, 02:44
Thanks. Yeah I have this one under control. I don't know which one it is either. If I had this to do all over again, now that I know exactly what infections it has, I would go through them 1 at a time. I just don't make it a point to image customer's drives so I can play with them later. If I ever do find out which one it is specifically doing it I will most defiantly be back here to post it. I use AVG Spybot Adaware trio personally and recommend it to all my customers because between the three and a little common sense, you can get rid of almost anything... sometimes you have to go in manually. Also I suggest a tool named Autoruns (http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx) if you are interested in tinkering. I much prefer it to HijackThis. Was created by SysInternals before they got bought out by Microsoft.
Hi there,
Just to clarify,the malware removal forum is manned by volunteers and they assist with personal computers, as per the sticky topic:
"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288) :)
HJT logs are not to be posted in any other forum, but a log can be sent to http://forums.spybot.info/misc.php?do=email_dev&email=ZGV0ZWN0aW9uc0BzcHlib3QuaW5mbw==
Cheers.
wyrmrider
2008-08-13, 22:06
Hi General
did you reformat and reinstall?
do you have any CD or USB drives that could be infected?
That Malware Removal forum offer is one that you decline at your own risk
thanks for the tips
good luck
General_Redneck
2008-08-13, 22:43
No I do not reformat and reinstall unless it's last resort. At the repair company I work for we go to great lengths to make sure we keep all data intacked during any repair we do. Therefore we will try to FIX the problem before we reinstall. There are many people who use that as a cure all and I don't know how many people have come into this shop talking about the other repair man that lost all their data and they had nothing backed up.
my USB drive and CD Drive are clean. I occasionally infect on intentionally but rarely have them infected unintentionally.
The Malware offer would take too long and the customer wants his machine today, thus the reason I couldn't reinfect the machine and actually find which malware it is that is causing the problem. I am about 95% sure that the machine is absolutely clean for I do this for a profession. Occasionally I miss 1 or 2.
Really the reason I posted was to see if there was a "known" list of malware that results in prohibiting spybot from running as it would be helpful so I know which ones to take off first or what program to run first so that I could use spybot as my main weapon of attack because of it's efficiency at doing it's job. I'm assuming by the posts thus far that there are not or at least not publicized.
Again if I do get the chance to hunt down exactly which bugs it is I will post it. This is the ~5th machine this month that I couldn't use Spybot on initinally. I avarage about 1 clean machine every 2 days.