View Full Version : Manual Uninstall Spybot 1.6.0
sweets53
2008-08-13, 18:27
Can you please tell me how to completely uninstall Spybot 1.6.0 manually? I'm using Windows XP SP2 Home Edition version 2002. I was unable to locate directory: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy. I read something about it being hidden but I don't know how to uncover it, in other words find it. I already uninstalled Spybot from Start - All Programs - Spybot - uninstall, and ran the very small fix in the article describing "How to uninstall?", but I want to completely remove the entire program from my computer. Thank you very much
spybotsandra
2008-08-13, 18:48
Hello,
In order to completely uninstall Spybot - Search & Destroy, please consider the following link:
http://www.safer-networking.org/en/howto/uninstall.html
Spybot - Search & Destroy will uninstall from the Windows Add/Remove Software control panel without problems.
If you want to completely get rid of Spybot-S&D and the Add/Remove doesn't help, you can delete the installation folder (usually C:\Program Files\Spybot - Search & Destroy\), then download the very small fix from the faq site and execute it (important! - this will remove all remains from the registry) (this also applies to earlier versions).
If you just want to upgrade to a newer version, please follow the same instructions like above and then install the new version.
After following these instructions please restart your system so that the changes can take place.
Also, neither the automated uninstall nor the manual uninstall like described above will remove the following directories, which you will have to remove by hand:
* Windows 95 or 98: C:\Windows\Aplication Data\Spybot - Search & Destroy\
* Windows ME: C:\Windows\All Users\Application Data\Spybot - Search & Destroy\
* Windows NT, 2000 or XP: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\
* Windows Vista: C:\ProgramData\Spybot - Search & Destroy\
Please note that the Application Data Folder is hidden. So if you can't find this folder please check your folder properties.
Best regards
Sandra
Team Spybot
sweets53
2008-08-13, 19:15
Yes Sandra I already read the above information. My question is how do I locate this hidden folder that you describe using Windows XP Home Edition ?
md usa spybot fan
2008-08-13, 21:47
sweets53:
To display Hidden Files in Windows Explorer
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the Hidden files and folders heading select Show hidden files and folders.
Click Apply.
Click OK.
sweets53
2008-08-14, 14:37
Thank you.
Then after I perform the manual steps to remove Spybot 1.6, can I remove the "very small fix" I've installed, how would I do that?
Will doing the above remove completely Spybot 1.6 from my entire system, including registry changes?
Then I would like to install an earlier version of Spybot without the teatimer, so I can run scans when I want too. Can you recommend an earlier version and a link to it?
Please if you will answer all the above and thank you in advance.
md usa spybot fan
2008-08-14, 15:45
sweets53:
... can I remove the "very small fix" I've installed, how would I do that? ...
Just delete the "remove-spybotsd-settings.reg" file that you downloaded.
... Then I would like to install an earlier version of Spybot without the teatimer, so I can run scans when I want too. Can you recommend an earlier version and a link to it? ...
I don't recommend any earlier versions of Spybot. If you don't want to use TeaTimer either:
Don't install it during the installation of Spybot by unchecking the following item on the "Select Additional Tasks" screen during the installation:
Use system settings protection (TeaTimer)
Disable TeaTimer after installation by going into Spybot > Mode > Advanced Mode > Tools > Resident and unchecking the following:Resident "TeaTimer" (Protection of over-all system settings) Active.
sweets53
2008-08-18, 23:58
[QUOTE=md usa spybot fan;223247]sweets53:
Just delete the "remove-spybotsd-settings.reg" file that you downloaded.
How do I "just delete the remove-spybotsd-setings.reg file"? I mean how do I do that step by step, thank you I'm a newbie at this
drragostea
2008-08-19, 01:17
Sweets, in other words, you drag-and-drop the .reg file into the Recycle Bin. Or you just right-click on the .reg file and clicked 'Delete'. Click 'Yes' to the prompt.
sweets53
2008-08-19, 01:27
Yes, but I wish to remove all traces of Spybot 1.6 and the small fix from my registry. Please explain how to do so fully, Thank you
drragostea
2008-08-19, 01:47
If you have uninstalled Spybot-SD using the Add/Remove Programs window and have rebooted, then you can do this:
Just right click on the .reg file (small fix) and click Merge and then click 'Ok' to the prompt. All traces of Spybot-SD (registry keys) will also be removed.
If you think of it this way, Spybot was never installed.
sweets53
2008-08-19, 02:38
Thanks, the reason I don't want the tea timer is because a scan with Spybot 1.6 with the tea timer located something called 'untd_recovery" on startup. I put it on my white list only because I'm not having any problems with my system presently. I asked several times on this forum, what it was and how I could look it up an other things that Spybot finds, so I could know whether or not to allow them but nobody responded. Maybe you would be kind enough, thank you.
drragostea
2008-08-19, 03:36
Hello sweets.
I've encountered this entry when I first reformatted my Sony VAIO. If I'm correct it has to do with the Netzero software. Are you using any Netzero software? Netzero is a Internet program that enables the user to connect to the Internet.
This seems a bit foggy to me, but I also have another suggestion. This "startup" process may also be the recovery console on your computer. If you run, say like a Recovery CD, it'll revert everything back to factory settings on the computer, thus reformatting it. However, the System Recovery option will not only install back Norton and a few other applications (perhaps media), but the Recovery function. So if something goes wrong, you can use the option to recover the system if you do not have the discs or perform a system restore.
sweets53
2008-08-19, 13:33
[QUOTE=drragostea;225038][FONT="Tahoma"]Hello sweets.
I've encountered this entry when I first reformatted my Sony VAIO. If I'm correct it has to do with the Netzero software. Are you using any Netzero software? Netzero is a Internet program that enables the user to connect to the Internet.
Yes you are correct. I am using Netzero software. I'm using a dialup connection and I recently had to reinstall my OS with a Recovery CD. However I was guessing that "untd_recovery was necessary so I put it on my whitelist. When I asked here on this forum recently, in several places, nobody would respond, except you, so I felt it was better to remove the program, rather than not know what I'm doing. You know what I mean?
If Spybot S&D 1.6 finds other unknown files on scans using the teatimer, where can I go on my own to determine what it is before adding or deleting it? Please tell me this.
Also, to fully remove the very small fix, wouldn't I have to go to, C:\Documents and Settings\"My Name"\Desktop\remove-Spybotsd-settings.reg.
Please answer all the above if you will and thank you.
drragostea
2008-08-19, 19:23
The general idea is that the TeaTimer is Spybot-Search&Destroy introduces the use of black&whitelists based on LASSHes.
As a recap (although you posted in the wrong place :santa:):
http://forums.spybot.info/project.php?issueid=271#note1049
--
I've used NetZero as a dial-up user in the past, and I've encountered this entry. It should be left as it is.
Now I've used the Google search engine I think your question has been answered ; )
http://forum.aumha.org/viewtopic.php?f=26&t=35413&start=0&st=0&sk=t&sd=a
--
As for the .reg file, wherever you have saved it, just delete it.
sweets53
2008-08-19, 19:38
[QUOTE=drragostea;225261][FONT="Tahoma"]The general idea is that the TeaTimer is Spybot-Search&Destroy introduces the use of black&whitelists based on LASSHes.
As a recap (although you posted in the wrong place :santa:):
http://forums.spybot.info/project.php?issueid=271#note1049
I put it in several places but nobody responded (except you). Where would be the right place to find out the name "untd_recovery" or some other unknown file found during a scan?
Ideally I would like to keep the teatimer (have ongoing protection), and if Spybot found something that was unfamiliar, I would like to be able to go to the forum or somewhere, plug in the name of the unfamiliar file and then go back to the scan and either eadd it to my whitelist or blacklist. Can I do that and where would I go for that?
If you could please answer all the above and thank you.
--
I saved the very small fix to my Desktop. But would't I have to delete it from my Program Files as well?
drragostea
2008-08-19, 19:43
The .reg shouldn't be in the Program Files unless you installed it there. The "small fix" will stay there as it is when you downloaded it (eg. Desktop).
Was your question more like: "Is there an option which I can manually 'Allow' or 'Deny' the change?"
What did you mean by "scan"?
sweets53
2008-08-19, 19:53
I stand corrected. The very small fix was installed to my Desktop. Is that all I need do to completely delete it from my system?
As for Spybot scans, not being familiar with the terms, I guess you are correct, allow or deny the change is the correct terminology. If Spybot finds something new, where could I go immediately to know whether to allow or deny the change? Thank you
drragostea
2008-08-19, 20:01
Yes, you will just move the .reg file to the Recycle Bin.
As a general idea there is not really a "single" or "specific" place which provides all the information. Take the extra step and search. May that be a search engine or a technical site. I remember Castle Cops has a good list of BHO's and toolbars which are rated from legitimate, bad, unknown, or open to debate.
sweets53
2008-08-19, 20:09
Yes thank you. But I want to know before I add or deny a change if I'm doing the right thing. What do I do for instance if I deny or allow a change and want to undo it? Say for instance I denied untd_ recovery, and afterward found that I'd made a mistake. How would I undo the change, please if you will describe fully how to do that and thank you.
md usa spybot fan
2008-08-19, 20:54
sweets53:
... What do I do for instance if I deny or allow a change and want to undo it? Say for instance I denied untd_ recovery, and afterward found that I'd made a mistake. How would I undo the change, please if you will describe fully how to do that and thank you.
There is no facility within TeaTimer to reverse any Registry change decisions ("Allow change" or "Deny change") that you make. You have to redo whatever you were doing so that the Registry change is done again (or manually edit the Registry).
sweets53
2008-08-19, 21:07
sweets53:
There is no facility within TeaTimer to reverse any Registry change decisions ("Allow change" or "Deny change") that you make. You have to redo whatever you were doing so that the Registry change is done again (or manually edit the Registry).
Then the teatimer is not for me. Thank you.
drragostea
2008-08-19, 21:12
In other words, you'll have to reproducing the change again.
There is no undo function if you 'Allow or Deny' once, however there is an undo function if you chose "Remember my Decision".
The least you can do is take a look at Spybot-SD's TeaTimer log and see what you Allowed or Denied.
sweets53
2008-08-19, 21:16
If I can't undo any changes made and I'm not certain of whether to allow or deny a change, then I don't think the teatimer is right for me. A more experienced person would be better adept at the use of the teatimer. I've been in the position where I really don't know what I'm doing and I'd rather not be there again, if you know what I mean. Thank you though.
drragostea
2008-08-20, 00:11
Like I said in Post#14, in order to attempt to ease the situation in where novice/beginner users were not familiar with the prompts, PepiMK (Patrick Kolla [creator of Spybot-SD]) developed the black&whitelists:
http://forums.spybot.info/project.ph...d=271#note1049
--
Did I clear your doubt about Netzero too?
sweets53
2008-08-20, 00:33
Like I said in Post#14, in order to attempt to ease the situation in where novice/beginner users were not familiar with the prompts, PepiMK (Patrick Kolla [creator of Spybot-SD]) developed the black&whitelists:
http://forums.spybot.info/project.ph...d=271#note1049
The link you provided above could "not be found"
--
Did I clear your doubt about Netzero too?
Yes you did clear my doubts about untd_recovery, thank you very much, but you may not be available the next time. Whitelists and blacklists are good but if you can't undo the changes than it could be a dangerous thing to mess with. Thank you again.
drragostea
2008-08-20, 00:50
I will be here :santa:.
Yes, however, I wouldn't consider it "dangerous", I consider it a potential, so you should take caution. Not caution as in literally, but just simply think about it and decide.
Safe surfing.
sweets53
2008-08-20, 03:16
Thank you for all your help. I think I will reinstall 1.6 without the teatimer or at least disable it and run scans as needed. Is there a link to view files that are considerd potentially dangerous?
drragostea
2008-08-20, 04:16
As a general idea there is not really a "single" or "specific" place which provides all the information. Take the extra step and search. May that be a search engine or a technical site. I remember Castle Cops has a good list of BHO's and toolbars which are rated from legitimate, bad, unknown, or open to debate.
Please consider what I have posted and re-read the information.
You do not need to uninstall Spybot unless there are problems. You can disable TeaTimer manually, via Spybot-SD Advanced Mode.
Open Spybot>Mode>Advanced Mode>Tools>Resident and untick TeaTimer. If you want SDHelper on, that is up to you.
sweets53
2008-08-20, 13:05
Thank you.
What will SDHelper provide if I leave it on?
I set a restore point on System Restore before installing Spybot. If I revert back to that point, will that undo all changes that Spybot may have instituted? Will I revert back to pre-installation? Thank you.
drragostea
2008-08-20, 22:24
SDHelper is Spybot's Resident Shield in Internet Explorer. It actively defends/protects you against malicious banners and ads.
Yes, if you set a Restore Point and use it, it will be like Spybot was never installed.
But don't worry : ), I doubt there will be any problems. If you have any, just come and ask.
It actively defends/protects you against malicious banners and ads.
i have to disagree, it blocks sites too.
drragostea
2008-08-20, 22:51
If you disagree then you are saying that it does not protect you?
Backup your statement. If you are referring to "tinyurl.com" I can visit it fine with both IE and Firefox, thanks.
If you disagree then you are saying that it does not protect you?
it does, but it blocks sites too and not only ads even if ads come from sites.
drragostea
2008-08-20, 22:55
Backup your statement. If you are referring to "tinyurl.com" I can visit it fine with both IE and Firefox, thanks.
If you will, please continue this conversation at the "other" thread. This thread was started by sweets53.
sweets53
2008-08-21, 16:40
SDHelper is Spybot's Resident Shield in Internet Explorer. It actively defends/protects you against malicious banners and ads.
Resident Shield will give me full time protection where I don't have to decide what goes on a white list or black list?
Can it be disabled if I don't like it as well?
Yes, if you set a Restore Point and use it, it will be like Spybot was never installed.
But don't worry : ), I doubt there will be any problems. If you have any, just come and ask.
Good to know and thank you.
sweets53
2008-08-22, 13:05
Can Resident Shield be disabled, just like teatimer if I don't want it? Don't know if this question was answered. Thank you.
md usa spybot fan
2008-08-22, 13:49
sweets53:
Both resident features, SDhelper and TeaTimer can be enabled or disabled by going into Spybot > Mode > Advanced Mode > Tools > Resident. Under the heading "Resident protection status" you will see: Resident "SDHelper" (Internet Explorer bad download blocker) active.
Resident "TeaTimer" (Protection of over-all system settings) active.
sweets53
2008-08-22, 13:57
Thank you.
How do I add the little note that you have below your responses, describing your system, to my responses too?
md usa spybot fan
2008-08-22, 14:16
sweets53:
How do I add the little note that you have below your responses, describing your system, to my responses too?
Go into your User Control Panel (http://forums.spybot.info/usercp.php) and edit your signature.
sweets53
2008-08-26, 01:43
thank you
sweets53
2008-09-05, 17:11
Hello again,
Could you please explain the Resident SD Helper fully? I am undecided whether or not to disable it and just use Spybot as an on demand anti spyware scanner. Thank you very much
drragostea
2008-09-06, 02:00
If the SaferNetworking FAQ's did not clear your doubts, I'll try to explain it the best I can.
There are two parts of the Spybot-SD Resident Shield. The Resident 'Shield' is just a general term.
The 'SDHelper' would be your protection during an Internet Explorer browsing session. It'll attempt to block the malicious downloads by bad sites [and it's cookies and ads].
TeaTimer would be your "watchdog". The Windows registry is critical because it's more like your brain, containing all the data of the PC (from valuable data to priceless family photos). TeaTimer's main purpose is to alert the user that something has changed (maybe with or without the user's knowledge). Sometimes, this maybe useful as it may prevent a malicious BHO or a malicious startup entry.
Whether to use it or not is up to you, SDHelper may be one of the easiest tools to use, while TeaTimer (you do not have to be a rocket scientist) will need some understanding.
I tried my best to explain it to you [keeping it simple]. I hope you understand.
sweets53
2008-09-06, 15:42
Thanks for the explanation. Then would you say if I just wanted to use Spybot as an on demand scanner to disable just the tea timer alone and leave the SDHelper functioning? Is there any down side to the SDHelper? Thank you.
drragostea
2008-09-06, 22:11
Spybot-Search&Destroy can act as a on-demand scanner. It will fit to your motives. Of course you can disable TeaTimer anytime you wish.
Spybot-SD 1.6.0.30 offers a right-click scanning (on-demand scanner) for a single file, and it's scan option in the program itself will perform a full system scan.
There should no problems with SDHelper. There are no drawbacks/downsides (if you mean like slowdowns or freezing).
sweets53
2008-09-17, 17:58
I want to eliminate all unnecessary parts to the installation, cut the program to the bare bones and only use the program as an on demand scanner. I noticed the following on install and wonder if I can eliminate them right off the bat, hopefully you can tell me what each one of them is for as I have not installed the program yet and can uncheck them:
"Icons for starting blind user mode"
"Additional languages"
"Skins to change appearance"
"Download updates immediately"
"Separate secure shredder application"
"Explorer file scan plugin (in file context menu)"
I have included below my OS and details of my computer to assist. Please let me know if you require more details and thank you very much.
drragostea
2008-09-18, 01:50
sweets, you have a decent configurations. No problems.
If you want to strip it down to bare bones, it is your choice.
Basically, you can eliminate all the choices below.
No skins. No context scanning. Nothing.
-
However, to be specific you must keep Spybot updated (with the definitions update; no need to Immunize).
sweets53
2008-09-18, 02:25
Thank you but what about the other choices on install you did not mention?
Icons for strarting blind use mode - do I need this/what does it do?
Additional languages - do I need anything other than English?
Download updates immediately - can't I go to the site and update as needed?
Separate Secure shredder operation - what's this for?
Explorer file scan plugin - what's this?
Please let me know what each of these does and thank you.
drragostea
2008-09-18, 02:56
For my configuration, I chose the "Explorer file scan plugin" option.
Icons for strarting blind use mode - do I need this/what does it do?
Additional languages - do I need anything other than English?
Download updates immediately - can't I go to the site and update as needed?
Separate Secure shredder operation - what's this for?
Explorer file scan plugin - what's this?
-
1. If you are not colorblind, then there is no need to use this option.
2. If you prefer (during installation) you can download the latest updates to Spybot ASAP. Either way you can update Spybot (whether that be earlier [now] or later [after installation]).
3. If English is your primary language, no need to installation additional ones. Ask yourself, sweets. Do you another language to run Spybot? No.
3. The Secure Shredder option is available in Advanced Mode, which enables you to remove files permanently. So if it's something really secret or important that you do not want anybody else to see/find out, you can use this option.
4. See attachment.
sweets53
2008-09-18, 03:27
Do I need the Secure shredder option, if I am the only one using this computer?
Are you agreeing with me on the download immediately thing? I can always download updates without adding this feature?
"See Attachment" I don't know what you're trying to say here? I definitely want to be able to right-click a file and scan it. Are you saying that's what "Explorer file scan plugin" allows one to do? That I should install
Explorer file scan plugin, if I want to be able to scan files?
Please answer all questions and thank you.
drragostea
2008-09-18, 03:37
I cannot answer your question about the Secure Shredder. It is up to you to decide. I've described what the Shredder option is in the response above. No one knows your PC better than you.
The "Download Updates Immediately" is a one time feature only, which occurs only during installation. After that, you can manually check for updates anytime you want.
I've attached a screenshot of what the option looks like, so you'll get a general idea. It it used for single file scanning. If you wish to install it, you can do so by ticking the option.
sweets53
2008-09-18, 03:45
If by single file scanning you mean, that the only way I can right-click on a file and scan it for spyware, than yes Explorer file plugin is something I'd want. Is that what you're saying?
As for the Shredder if I delete a file it goes to the Recycle Bin where I can then get rid of it, without this attachment, is that right?
drragostea
2008-09-18, 04:15
To put it in simpler terms, if the right-click scanning function is something you would like, then yes you can add that. The screenshot (attachment) above will show you what it looks like.
When you delete a file to the Recycle Bin, it does not get removed permanently. It stays stored in a hidden partition (or unused) of your Hard Drive. A decent Recovery tool can undo that and recover the files. Anyone can do that. Most critical thing is that if you plan to delete important documents such as credit card or financial related, then Secure Shredder will do your job.
Spybot's Secure Shredder is used to ensure the complete removal of the file, compared to the removal from the Recycle Bin.
sweets53
2008-09-18, 12:20
You say,if I don't install Explorer file plugin, then I won't be able to right-click on a file and scan it with Spybot S&D. Please correct me if I'm reading you wrong. Thank you
sweets53
2008-09-18, 20:44
You say, if I don't install Explorer file plugin, then I won't be able to right-click on a file and scan it with Spybot S&D. Is that correct? Please correct me if I'm reading you wrong.
Also, I have Trend Micro's CW Shredder. Do you still think I need Spybot's file
shredder?
drragostea
2008-09-19, 01:22
The right-click scanning option will not be available if you should not enable it.
sweets, you are confusing the term's "shredder". The Spybot Secure Shredder is used for permanent removal of a file.
Trend Micro's CW (CoolWebSearch) Shredder is used to detect and remove CoolWebSearch related malware.
sweets53
2008-09-19, 02:11
Then it looks like skins, colorblind, additional languages, and tea timer are the only things i can avoid on the install, do you agree?
drragostea
2008-09-19, 02:28
You can avoid all that. TeaTimer, SDHelper, additional languages, and skins. All that you can avoid.
Just let Spybot do the scanning.
sweets53
2008-09-19, 18:32
During installation of Spybot S&D 1.6.0, I proceeded to Spybot's updater but did not install the following items, (just to refresh your memory you here I did not install the tea timer, skins, additional languages, and icons for blind user mode), did not install these items:
English language
English descriptions
F/P fixes
tea timer updates
immunization database
I was asked to immunize after this but decided not to.
Can you tell me if I did all of the above correctly or do I need to go back and do something else. Thank you
drragostea
2008-09-20, 00:24
Basically you are fine with the configuration. However one thing you are missing is the "F/P Fix (False positive update)". You don't want Spybot detecting false positives ; ).
sweets53
2008-09-20, 15:19
Should I go back and update F/P fixes?
What does immunization mean and do? Do I need it with my present configuration? Thank you
drragostea
2008-09-20, 16:40
Basically you are fine with the configuration. However one thing you are missing is the "F/P Fix (False positive update)". You don't want Spybot detecting false positives ; ).
What Immunization does is adds entries to the Windows HOSTS file. It also means adding bad websites to your browser's blocklist. So it'll be more like passive protection.
sweets53
2008-09-20, 23:43
But if I don't install tea timer, does immunization make sense?
drragostea
2008-09-21, 02:27
TeaTimer provides "active" protection in a sense, but it constantly monitors your machine. The Immunization feature offers passive protection.
Even if you disable TeaTimer, Spybot will work fine with it. Same for the immunization, it'll work fine.
You don't have to use both or either function if you do not wish to.
sweets53
2008-09-21, 11:31
How does immunization know which bad hosts to block? What exactly will I give up if I don't use immunization? Thank you
md usa spybot fan
2008-09-21, 15:42
sweets53:
How does immunization know which bad hosts to block?
A lists of domain/host names to block is provide via updates to the Domains.sbs file. There are currently 9218 domains in that list.
What exactly will I give up if I don't use immunization?
The immunization process adds entries to the system registry and/or specific browser files to either restrict what certain sites (domains) you are accessing through your browser are allowed to do or blocks access to the certain sites (domains) entirely.
The items listed under "Internet Explorer (32 bit) " and "Internet Explorer (32/64 bit) " add entries to the system registry.
Items listed as "... (Cookies)" block the storing of cookies from certain sites.
Items listed as "... (Domains)" and "... (IPs)" add sites to the restricted sites zone. "... (Domains)" are added to the restricted sites zone by domain name.
"... (IPs)" are added to the restricted sites zone by IP Address. Adding sites to the restricted zone blocks their ability to store cookies, download ActiveX processes as well as placing other restrictions on those sites depending on your settings for restricted zone sites within Internet Explorer.
Items listed as "... (Plugins)" block the download/execution of specific ActiveX processes.
The items listed under Mozilla products such as "Firefox" add entries to Mozilla's hostperm.1 file (or in latest releases to the cookies.sqlite and permissions.sqlite files).
Items listed as "... (Cookies)" prohibit sites from storing cookies.
Items listed as "... (Images)" prohibit sites from displaying images.
Items listed as "... (Installations)" prohibit sites from initiating extensions installations.
Items listed as "... (Popups)" prohibit sites from opening popup windows.
The item listed under "System" adds entries to the system's HOSTS file.
Item listed as "Global (Hosts)" adds entries to the system HOSTS file, equating site names (domain names) to the localhost (your system), affectively blocking access to those sites.
By not immunizing you are not taking advantage of this protection.
sweets53
2008-09-21, 17:46
Then immunizing would block certain restricted sites that are not of my choosing, but determined by Spybot as needed to be restricted, is that correct?
md usa spybot fan
2008-09-21, 18:47
sweets53:
Yes, the sites and ActiveX controls blocked are determined by Team Spybot.
sweets53
2008-09-21, 23:42
Don't I need some of these ActiveX controls that are being blocked?
drragostea
2008-09-21, 23:56
It depends on what these ActiveX controls are. Team Spybot focuses more on malicious ActiveX's.
sweets53
2008-09-22, 15:02
Then without immunization, if I run an up to date Spybot scan, I am just removing the ActiveX controls and restricted sites determined by Spybot's team for immediately after that scan and these may return after the scan, if I visit those sites, whereas if I immunize they are permanently blocked from returning, is that correct?
drragostea
2008-09-23, 01:41
If you do not run the 'Immunization' feature in Spybot, then you will not have the defense/protection provided by Spybot for blocking malicious sites and ActiveX's.
If you should visit the malicious site (with Immunization), you will not be able to access the site.
sweets53
2008-09-23, 02:28
But even if you don't immunize, after an updated scan, I will have wiped out the ActiveX controls and restricted sites spyware, for at least until I visit those sites again, is that correct?
drragostea
2008-09-23, 02:54
I will have wiped out the ActiveX controls and restricted sites spyware, for at least until I visit those sites again, is that correct?
I'm having trouble understanding what you mean... Can you clarify a little more?
If you do not Apply the Immunization, the blocking of malicious/bad ActiveX's will still lurk around... I mean that you will not be protected.
I do not understand what you mean by "...at least until I visit those sites again...".
sweets53
2008-09-23, 09:19
Doesn't immunization protect your system the same way a scan does? Only it protects your system continuosly from the time you immunize onward. Whereas a scan just protects you until the next time you visit a site that needs you to be protected from and if you haven't immunized, the next scan will catch it and you can delete it all over again. In effect, doesn't each scan catch and let you know you need to delete the same sites that the immunization has detected and is protecting you from continuosly. Do you understand what I'm saying here?
Maybe you need to define the distinction between what does a scan do and what does immunization do? Thank you.
drragostea
2008-09-24, 01:54
Maybe you need to define the distinction between what does a scan do and what does immunization do?
No I do not. And I was having trouble understanding your query. Apparently, you are confusing what the Immunization feature and the scan does.
Scanning with Spybot-Search&Destroy, does not protect you from anything. The main core of protection lies within the Immunization.
Doesn't immunization protect your system the same way a scan does?
Immunization does. Scan does not.
Only it protects your system continuosly from the time you immunize onward.
Immunization protects you when you Immunize.
Whereas a scan just protects you until the next time you visit a site that needs you to be protected from and if you haven't immunized, the next scan will catch it and you can delete it all over again.
A scan does not protect anything, like I said before. Delete what again? The HOSTS file has the "bad" sites in it alright, provided with the Immunization.
sweets53
2008-09-24, 02:14
Thank you.
Maybe I needed to say, what does a scan and the fix after the scan do?
drragostea
2008-09-24, 02:17
During a fix, Spybot-SD will attempt to remove the malware through means of removing the infected file (or replace the file with a dummy) and the registry keys, it is associated with. Spybot will save a backup of the files in case something else goes wrong.
A scan is simply a scan. However, Spybot does not scan a file one at a time. It scans in common places where malware "anchor" themselves.
sweets53
2008-09-24, 08:26
And how is a Spybot fix different from Immunization? Don't they both remove the same or prevent the same infected files respectively?
drragostea
2008-09-25, 03:25
Again, read this:
How does Spybot protect against the installation of malware/spyware (http://forums.spybot.info/showthread.php?t=281)
Immunization does not protect you against "infected" or malicious files. Immunization is not a real-time protection feature.
wyrmrider
2008-09-27, 01:29
Hi Sweets
great thread
leave no turn unstoned
I'm thinking prevention is more important than scanning later
I'm on a 298SE dinosaur
have you run
Secunia software inspector and got all your apps up to date
this will protect you as much or more than some of the things you have been discussing
I see no service pack 3 BTW
Jave- old java is VERY vulnerable remove ALL old Java and install the latest version
Active x blocking with Immunize-
People say: there is no free lunch
Blocking Active x and putting a black list in your "restricted sites" zone is about as close to a free lunch as you can get.
Me- Id install the SpywareBlaster lists also also
Hosts file is also a very big win for very little resource utilization
a baddie gets on your system he can't phone home
What's not to like?
Do you have a third party Firewall?
XP does NOTHING to keep exploits from phoning home and inviting their friends to a party at your place! RAVE anyone?
I do think you should run ONE real time protector
T-timer is one choice
Windows Defender from MS
Spyware Doctor from GooglePack do not install all the other stuff
BO Clean from COMODO- consider them also for your Firewall (or PC Tools)
Spyware Terminator Free -do not install the AV and toolbar (and comes with a history- scanner is not Spybot class)
all have advantages and disadvantages
Those are about all of the Free Choices without getting into scumware
here there is no free lunch- all take some resources- some more
Spybot t-timer- good tool, lightest on resources, Free and does not come bundled with any other garbage where you have to uncheck the install boxes
If you install any of the others just do not check t-timer
but I think Spybot is essential for SD-Helper, Immunize, and a first rate scanner
And- Spybot does not sell out under pressure
What AV? (Have you ever had any other AV installed or preinstalled on your machine?
Cheers
Get Safe- stay safe
or be ready to roll back/ rinstall
are you using only IE?
rabbitchaser
2008-09-29, 02:15
Hi Sweets
great thread
leave no turn unstoned
I'm thinking prevention is more important than scanning later
I'm on a 298SE dinosaur
have you run
Secunia software inspector and got all your apps up to date
this will protect you as much or more than some of the things you have been discussing
I see no service pack 3 BTW
Jave- old java is VERY vulnerable remove ALL old Java and install the latest version
Active x blocking with Immunize-
People say: there is no free lunch
Blocking Active x and putting a black list in your "restricted sites" zone is about as close to a free lunch as you can get.
Me- Id install the SpywareBlaster lists also also
Hosts file is also a very big win for very little resource utilization a baddie gets on your system he can't phone home
What's not to like?
Do you have a third party Firewall?
XP does NOTHING to keep exploits from phoning home and inviting their friends to a party at your place! RAVE anyone?
I do think you should run ONE real time protector
T-timer is one choice
Windows Defender from MS
Spyware Doctor from GooglePack do not install all the other stuff
BO Clean from COMODO- consider them also for your Firewall (or PC Tools)
Spyware Terminator Free -do not install the AV and toolbar (and comes with a history- scanner is not Spybot class)
all have advantages and disadvantages
Those are about all of the Free Choices without getting into scumware
here there is no free lunch- all take some resources- some more
Spybot t-timer- good tool, lightest on resources, Free and does not come bundled with any other garbage where you have to uncheck the install boxes
If you install any of the others just do not check t-timer
but I think Spybot is essential for SD-Helper, Immunize, and a first rate scanner
And- Spybot does not sell out under pressure
What AV? (Have you ever had any other AV installed or preinstalled on your machine?
Cheers
Get Safe- stay safe
or be ready to roll back/ rinstall
are you using only IE?
Hi, don't want to derail this thread, but it certainly has explained how S&D works and helps.
Secunia is great if for nothing more than to let you know there are updates for the software available.
So I have a couple of questions for this poster.
I know nothing about Hosts Files, but I am intriqued by the statement that it keeps an app from calling out to the internet (presumably to itself).
Can you explain this a bit more to me, or point me to a resource for info. My input into google must not be to their liking.
Next item is Comodo BO Clean. This is for browser objects, right?
I thought S&D took care of everything in that area. Does it miss something?
You are right that there are free utilities out there that do some great things like S&D, but it is important to check them out first; and if they only duplicate what other software does with nothing added, then they are just taking extra resources (I do like SMALL apps)
Thanks
drragostea
2008-09-29, 06:24
Good questions rabbitchaser. Always more to learn.
You might want to read this thread about Spybot (and includes a bit about the workings of the Immunization feature and how it utilizes the HOSTS file):
http://forums.spybot.info/showthread.php?t=281
-
Comodo's BoClean is primarily a anti-malware program. I'm not sure if it specifically covers Browser Objects (BHOs), but it does cover the execution of malware/trojans and terminates them. I haven't seen BoClean in action, because there hasn't been a prompt in ages :laugh:.
I know nothing about Hosts Files, but I am intriqued by the statement that it keeps an app from calling out to the internet (presumably to itself).
Actually no. You see, the point in putting entries in the Windows HOSTS files is to prevent "baddies" from getting in. In other words, it's a passive protection against "unwanted" parasites (that's how they say it).
Benign and security applications are not placed in the HOSTS file.
Say like a malicious site which has the potential to infect users would be called "malware.com".
Spybot adds "malware.com" to the Windows HOSTS file via the Immunization feature, thus blocking access to the site (in case you clicked on it by accident [link]). Another example, would be that "malware.com"'s malicious application (toolbar) was installed without your knowledge. The toolbar can attempt to "call home", so it would be telling the author the specs and analysis of your system.
If this becomes to tech-y or geeky just let me know.
wyrmrider
2008-09-29, 19:51
The thread linked to by MD_USA_SPYBOT_Fan is excellent
on BO clean
I was talking aboutr prevention here not after the fact on demand scanners
I have NOT seen a recent compariosn of BOCLEAN and T-Timer 1.6
My point is that I that's IMHO think that all those without perfection need to have some form of Prevention depending on need and resources varing from T-timer to HIPS or VM
Just run Immunize for an easy way for a host file against malware
If you want to add Malware try HOSTSMAN who can download and manage several Hosts file providers and block arond 60,000 sites
( and make most internet pages load faster because all of the adserver requests are deflected to the bit bucket
I am NOT certain of the Mix that T-timer blocks
Spybot Immunize also blocks execution of malicious Active X files by setting the "kill bit" If you want more install Spywareblaster by Javacool or or there are a coupleof other programs (which are not as easy to use)
again I have NOT seen a comparison of Immunize and Spywareblaster in Years- but who cares who sets the kill bit
Immunize also places files in the IE Restricted sites zone
to see this go to Internet Options - go to the Restricted ZONE and click "view files"-- would you really want to have any of these sites to have access to your computer?
and if you do you could easily edit- or add
Thre are additional Restricted sites lists such as IE-Spyad-however it has not been updated recently- ther are also specialiazed lists for "family values" etc
IF you have been following several discussions you will know there is a line between protection and intrusion and speed
there is no free lunch but Hosts and REstricted Sites and Activ-x kill bit blocks come close
drragostea
2008-09-30, 02:05
wyrmrider:
BO Clean from COMODO- consider them also for your Firewall (or PC Tools)
PC Tools? :snorkle:
rabbitchaser
2008-09-30, 03:06
Thanks for the replies, helps my understanding very much.