PDA

View Full Version : Same Error Keeps Coming Up



skeezix
2008-08-20, 19:44
Ever since updating to version 1.6.0.31 Spybot reports the same errors during its automatically scheduled scan. Please see the attached images.

It doesn't matter if I allow or deny the registry changes or if I reboot or not. Still get the same errors. There are always about 6-8 of these errors per run and they each have different hex values.

Where should I check?

drragostea
2008-08-20, 22:04
The error you are receiving about some entries could not be fixed is because the file is either locked or is use. Thus Spybot-SD will attempt to remove the checked entry during reboot.

As for the TeaTimer prompt, it indicates that Spybot is attempting to add a entry (to remove the file that Spybot was unsuccessful in removing during Normal boot) thus it will say Spybotdeletingxxxxx.

Do you remember which entries were being detected? You can a scan again and see which entries are being detected.

skeezix
2008-08-20, 23:52
I hate to do this, but here is a dump of today's spybot log. Is the information you seek the stuff I have bolded?


8/19/2008 9:19:31 AM Allowed (based on user decision) value "SpybotDeletingB4555" (new data: "command /c del "C:\WINDOWS\SchedLgU.Txt"") added in System Startup user entry!
8/19/2008 9:19:33 AM Allowed (based on user decision) value "SpybotDeletingD2941" (new data: "cmd /c del "C:\WINDOWS\SchedLgU.Txt"") added in System Startup user entry!
8/19/2008 9:19:35 AM Allowed (based on user decision) value "SpybotDeletingA1451" (new data: "command /c del "C:\WINDOWS\SchedLgU.Txt"") added in System Startup global entry!
8/19/2008 9:19:37 AM Allowed (based on user decision) value "SpybotDeletingC2447" (new data: "cmd /c del "C:\WINDOWS\SchedLgU.Txt"") added in System Startup global entry!
8/19/2008 9:38:23 AM Allowed (based on user decision) value "SpybotDeletingB3305" (new data: "") deleted in System Startup user entry!
8/19/2008 9:38:28 AM Allowed (based on user decision) value "SpybotDeletingD2115" (new data: "") deleted in System Startup user entry!
8/19/2008 9:38:31 AM Allowed (based on user decision) value "SpybotDeletingB6992" (new data: "") deleted in System Startup user entry!
8/19/2008 9:38:36 AM Allowed (based on user decision) value "SpybotDeletingD1208" (new data: "") deleted in System Startup user entry!
8/19/2008 9:38:41 AM Allowed (based on user decision) value "SpybotDeletingB4555" (new data: "") deleted in System Startup user entry!
8/19/2008 9:38:44 AM Allowed (based on user decision) value "SpybotDeletingD2941" (new data: "") deleted in System Startup user entry!
8/19/2008 9:38:47 AM Allowed (based on user decision) value "SpybotDeletingA3787" (new data: "") deleted in System Startup global entry!
8/19/2008 9:38:49 AM Allowed (based on user decision) value "SpybotDeletingC6015" (new data: "") deleted in System Startup global entry!
8/19/2008 9:38:52 AM Allowed (based on user decision) value "SpybotDeletingA5289" (new data: "") deleted in System Startup global entry!
8/19/2008 9:38:55 AM Allowed (based on user decision) value "SpybotDeletingC1537" (new data: "") deleted in System Startup global entry!
8/19/2008 9:39:00 AM Allowed (based on user decision) value "SpybotDeletingA1451" (new data: "") deleted in System Startup global entry!
8/19/2008 9:39:02 AM Allowed (based on user decision) value "SpybotDeletingC2447" (new data: "") deleted in System Startup global entry!
8/20/2008 10:23:20 AM Allowed (based on user decision) value "SpybotDeletingB9530" (new data: "command /c del "C:\WINDOWS\SchedLgU.Txt"") added in System Startup user entry!
8/20/2008 10:23:31 AM Allowed (based on user decision) value "SpybotDeletingD324" (new data: "cmd /c del "C:\WINDOWS\SchedLgU.Txt"") added in System Startup user entry!
8/20/2008 10:23:35 AM Allowed (based on user decision) value "SpybotDeletingA2757" (new data: "command /c del "C:\WINDOWS\SchedLgU.Txt"") added in System Startup global entry!
8/20/2008 10:23:37 AM Allowed (based on user decision) value "SpybotDeletingC6600" (new data: "cmd /c del "C:\WINDOWS\SchedLgU.Txt"") added in System Startup global entry!
8/20/2008 10:24:12 AM Allowed (based on authenticode whitelist) value "SpybotSnD" (new data: ""C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck") added in System Startup global entry!

drragostea
2008-08-20, 23:58
Do you remember which entries were being detected? You can a scan again and see which entries are being detected.

If I didn't make it clear then I'll just say it again (above).

From your log, it looks okay. You were allowing Spybot to add the entries to scan again. Yes, I know it's frustrating.

But the goal is to find what is this "entry" that Spybot-SD cannot remove.

Was it Virtumonde? SmitFraud (just to name a few)?

spybotsandra
2008-08-21, 18:02
Hello,

It was SchedLgU.Txt like the log said.
The Sti_Trace.log file is opened on many machines; mainly on Windows 2k/XP/ME. The reason is that the Still Image Monitor is running all the time, using this file. You can use msconfig to disable the Still Image Monitor, but as it is of no harm I would suggest to add this log file to the single ignore list.

The same is valid for the SchedLgU.txt; it is the log file of the scheduler. If the scheduler is running, this file is kept open. If you are not using the scheduler, I suggest disabling it, this will not only allow you to back up this file, but also save some RAM (to add a problem to the single ignore list, simply right-click on it in the results list, and choose the appropriate menu item).

Best regards
Sandra
Team Spybot

skeezix
2008-08-21, 19:11
Hello,

It was SchedLgU.Txt like the log said.
it is the log file of the scheduler. If the scheduler is running, this file is kept open. If you are not using the scheduler, I suggest disabling it,


Sorta confusing. I am using the scheduler to run Spybot every morning. As a result, SchedLgU.txt gets opened, and then Spybot appears to have a problem with it because it is open??

If I shut the scheduler down, then I have to run Spybot manually. Is that the fix?