When I run the immunize function of S&D the results state that there are 814 files unprotected. :oops:

I have run the S&D search and destroy function and have "fixed and repaired" any items that come up. Unfortunately after doing this when I run "Immunize" again it still shows 814 files unprotected. :red:

Should I be concerned that 814 files are shown as being unprotected? If so, what should I do? :euro:

thank you

Devin

devin104:

What Windows OS are you running?

What version of Spybot - Search & Destroy are you running (Spybot » Help » About)?

What category (profile) are the unimmunized entries in?

I am running Windows XP

The Version of Spybot I am using is: Spybot 1.6.0

The profiles with unprotected files are:

Firefox:

Default Cookies
Default Images
Default Installations
Default popups

Internet Explorer (32 Bit)

Software Cookies
Software Domains
Software Secure Domains

Internet Explorer (32/64 bit)

Default Cookies
Default Domains
Default Secure Domains
Administrator Lewis-HOB7J3
Administrator Lewis-HOB7J3
Administrator Lewis-HOB7J3

Windows

Global Hosts

I hope this answers your questions ok

Thank you

Devin

Devin


... I hope this answers your questions ok ...
Not entirely. Are you indicating that there are some of the 814 unprotected items in each of those profiles?

If so, immunize as follows:
Go into Spybot > Immunize.
Click the "Immunize" button at the top of the right pane (the button with large green plus sign).
If not, please list the profiles that have unprotected items and the quantities of unprotected and protected in those profiles.

What I meant to indicate was that the total number of affect files is 814.

I hope what I enter below is clearer:

Profile Unprotected Files

Firefox:

Default Cookies 1
Default Images 81
Default Installations 81
Default popups 81

Internet Explorer (32 Bit)

Software Cookies 1
Software Domains 1
Software Secure Domains 81

Internet Explorer (32/64 bit)

Default Cookies 1
Default Domains 81
Default Secure Domains 81
Administrator Lewis-HOB7J3 1
Administrator Lewis-HOB7J3 81
Administrator Lewis-HOB7J3 81

Windows

Global Hosts 81

devin104:

Since that is the case, did you attempt to do as I suggested???


...

If so, immunize as follows:
Go into Spybot > Immunize.
Click the "Immunize" button at the top of the right pane (the button with large green plus sign).
I believe that you are going into Spybot > Immunize and not actually immunizing just reporting what you see!!!

Please click the "Immunize" button at the top of the right pane and report what happens!!!

Bingo. Your cure worked.

I have one other question.

When I do "updates" I get a message that says:

"Immunization !!!Bad Checksum!"

What should I do to repair this?

Thank you

Devin

devin104:

When you get "Bad Checksum!" errors select another download site and try the update again.

I have done as you suggested and the update worked correctly.

Now what I hope will be my final question.

This morning when I turned on my computer two message came up on the main screen:

1. "Load Zip Error" "No Such Directory"

Once I click the message "O.K." the following message pops up:

2. "Antivirus XP2008" "An error occurred while loading database" "Probably your database file outdated or have invalid format"

I do not know why these messages are coming up. What do I need to do to remedy this problem?

Thank you

Devin

Shortly after posting my last message my AVG Resident Alert Shield popped up the following message:

"Threat Detected"

File Name: C:\WINDOWS/System32\b1PHcn810e5bn.scr
Trojan horse downloader.generic 7.AGGJ
Detected on Open

YIKES...what should I do

have you downloaded some screensavers? they can be infected sometimes.

files with the extension .scr is screensavers i think.

here is some information to you about the .scr extension:

In November 2007 the SCR file extension started to be used to transmit a Trojan. As a script or a screen saver this file can execute other files which carry the Trojan. The SCR file may be embedded within a ZIP file which could also contain a file with a double extension.

Many Windows screen savers come with a .SCR extension by default. Usually these will be found in the Windows main directory. Use caution if you receive a screen saver file via E-mail. These files can contain executable code and can be worms or viruses. Note: This file type can become infected and should be carefully scanned if someone sends you a file with this extension.

maybe you want to ask for help in the malware removal forums http://forums.spybot.info/forumdisplay.php?f=22

I have not downloaded any new screensavers.

It is the darndest thing. I run the SpyBot search and destroy and it shows no problems but I just ran Ewido anti-spyware and it showed two trojans.

I am soooo confused.

I will check the malware link you have suggested.

thank you

Devin

Just to add on to blues suggestion:

AntiVirus XP 2008 is a rogue anti-spyware program that uses deceiving marketing techniques to force the user to purchase the program. In most cases, the registration key fails to confirm, or if it does, the rogue programs ability to remove the "infections" are still disabled.
http://en.wikipedia.org/wiki/Rogue_software
--
At the moment Spybot-SD does not detect AntiVirus XP 2008.

I'm betting that AVG and Ewido (AVG Anti-malware) was correct about the trojan.

Your best choice would be to visit the Malware Forums like blues said. Better safe than sorry.
--
Consider posting in the Malware Removal (http://forums.spybot.info/forumdisplay.php?f=22) forum and having someone take a look at your system.

If you decide to have an experienced malware removal specialist assist you, please follow the procedure in this link to run scans and produce a HijackThis log: "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) ( http://forums.spybot.info/showthread.php?t=288).

since updating to s+d 1.6.0.30.i have the same problems with unprotected files .i've never had the problem before.there are 269 unprotected in the list "global" (hosts). i updated today,about 1 hour ago ,the same problem persists.immunising from the sidebar or on the toolbar makes no difference?any help appreciated.
thanks,tao2

winxp2
s+d 1.6.0.30

drragostea:

I appreciate your input very much.

I did post my problem in the Malware Forum (Load Zip Error; Antivirus XP2008; Trojan -devin104 ).

There have been 77 views of my post but so far no solution has been offered.

I am not sure if this is because I did something wrong in my posting or if none of the viewers so far have a solution. :oops:

I would be most appreciative for help on this matter.

About a year ago I had another problem with a Zlob issue and on of the S&D experts by the name of Shaba did a great job in helping me. :euro:

Hopefully someone will come to my computers rescue soon. :snorkle:

Thank you

Devin

Hello Devin. Yes, although they are just simply views, the Malware Forum is swarmed with requests. Please be patient. Malware Fighters (volunteers) are doing the best they can in assisting all of you, however they cannot be on 24/7. We all have real lives and problems. :santa:

@tao: Have you clicked "Immunize" again (as that solution worked for devin104)? Can you Undo the Immunization and Redo it? Do you have any browsers open during the process?

Today my computer got attacked by: Trojan.selfkill.naf

I am also now getting a series of "A runtime error has ocurred" and asking me if I wish to "debug."

I do not know if these notices are legitimate or not. I suspect they are related to malware.

The include:

Line 27 error "Null" is null or not an object

Line 45 error object expected

Line 203 error object expected.

I sure wish somebody could help me on these problems as I am getting quite concerned about my poor laptop :red:

Thank you

Devin

Devin, can you confirm the trojan?

You should have read the "BEFORE YOU POST" sticky. You were advised not to bump your thread.
http://forums.spybot.info/showthread.php?t=32667
--
It it has been four (4) or more days with no response, please post in the waiting room.

What PC is that in your Malware thread? A personal computer (desktop) or a labtop?

The treat is on my laptop.

Sorry but I do not even know what "bump a thread" means

Thank you

Devin

In simpler terms, it means like posting another post before you received a response.

In the Malware Forums, it can mean:
-Bumping as in "Hello?, anybody there?, i need help... : (, &etc.)
-Or bumping as in posting another log before the user has received a response.


The treat is on my laptop.
I actually thought you meant "treat" as in literally. :laugh:

I know, you meant "threat".

How do I find the "waiting room" you referred to.

I just got another downloader.generic7.AGNL threat notice.

I really do need help on this.

Thank you

Devin

This is the Waiting Room:
http://forums.spybot.info/forumdisplay.php?f=37
--
I cannot assist you on the Malware Problems, please have patience. Was that from AVG?

Yes, it was from AVG

Thank you

Was AVG successful in removing the trojan?

This "trojan.downloader" seems serious. It may open a backdoor or install more garbage. But don't worry you're in good hands.

What is a Trojan Downloader?
[quote=Trojan Downloader (generic description)

Trojan downloader is usually a standalone program that attempts to hiddenly download and run other files from remote web and ftp sites. Usually trojan downloaders download different trojans and backdoors and activate them on an affected system without user's approval. Trojan downloader, when run, usually installs itself to system and waits until Internet connection becomes available. After that it attempts to connect to a web or ftp site, download specific file or files and run them.[/quote]

Source: F-Secure.

AVG has not been successful getting rid of it.

I have run ewido anti spyware. Ewido detects the threat and removes the threat at that time but the threat returns when the laptop is turned on again or when it is rebooted.

Thank you

Devin

Sorry, I cannot aid you with cure (that is the Malware Fighers job), but I can aid you with prevention and questions :santa:.