PDA

View Full Version : immunized against an unharmful site



Joskapista
2008-09-09, 01:40
Until now I thought being pornographic doesn't makes a website harmful. And now the Spybot blocked redtube.com, one of the biggest porn video sites! I was a regular visitor of that site, and I never noticed it does something harmful. And if it does, couldn't it be only partially blocked? Like no cookies, pop ups and install, but everything else ok? Becouse it took my quite a few time until I searched and deleted it's adress from everywhere it was listed for blocking!
And btw, that is my other problem: while the false postitve findings can be added to an ignore list easily, I have to search in my browser options to fix the false positive immunizations, and since there is no ignore list, after an update I'll have to do this tiresome procedure again! So could you please make a program update with an ignore list for the immunizations?

drragostea
2008-09-09, 01:46
I was a regular visitor of that site, and I never noticed it does something harmful. And if it does, couldn't it be only partially blocked?

Can you confirm that? Spyware and trojan horses are much slier these days. They do not intervene with a computing session, but silently leeching information in the background.

What do you mean by partially blocked? It's either blocked or not. Although, I'm not sure if manually editing the HOSTS file can unblock it for good.

Be a little more concise and specific about this "false positive immunization". I'm having trouble understand your situation.

Joskapista
2008-09-10, 00:30
Ok, first about redtube.com: I know that some spywares can be quite silent, but I watch my processes, my BHO-s and startup, and I have antivirus and firewall, wich lets me know if something tries to connect the internet or do some modifications, and top of these I sometimes check the hijackthis too (and of course there is the Spybot itself). And I didn't find threats on my comuter after visiting the site.
That "partially blocking" was probably a bad term, I meant restriction. I meant that for example if a site sends tracking cookies, (but no trojans and such nasties) than instead of blocking it in the hosts file, it would be enough to block its cookies only. Instead, when immunizing, Spybot makes Firefox block even the pictures of the suspicious site (so if I remove it from the hosts file, I still can't use it). But what harm can a picture do?
And since you don't really understand what I meant with the "false positive immunization" term let's forget it! Put the case that I decide to take the risk to be a regular visitor of a site Spybot marked as harmful. (It would be much easier to make such a decision if the blocked sites would be marked why are they blocked!) In that case I can't command Spybot to ignore that site from immunization! The only thing I can do is remove the site from the hosts file, than open my browser, and search it's own blocking features and remove the site from them too. (Or completly disable the immunization, but I don't wanna do that.) But if an immunization database update comes, I will need to redo the immunization, and in that case the site I unblocked previously will be blocked again! That's why an immunization ignore list is needed.

129260
2008-09-10, 01:06
....But what harm can a picture do?.....

They are some spyware and/or viruses that can be downloaded silently (drive by download) from a picture that is on the website. Sometimes all it takes is just even loading the picture in your browser.

drragostea
2008-09-11, 01:46
Hrm. Here's my two cents (thoughts).
No anti-spyware/virus applications are invincible. Your PC (Personal Computer) is not Immune to all (should be a vague term, because it partially refers to the future)/any trojan/malware.

Ok, first about redtube.com: I know that some spywares can be quite silent, but I watch my processes, my BHO-s and startup, and I have antivirus and firewall, wich lets me know if something tries to connect the internet or do some modifications, and top of these I sometimes check the hijackthis too (and of course there is the Spybot itself).
Have you heard of rootkits?
--
Do you know how to analyze HJT logs? My (should be yours) concern is fixing entries which you vaguely think is malicious or suspect.

What brand of anti-virus and firewall do you use?

I won't doubt that RedTube does not have trojans or such, but it is a potential. Recently (some weeks ago), the Sunkist (beverage drink) was hacked.
____
I apologize if I gave a little to much of my opinions. I'll try to answer your question (your thread) the best I can.

When Spybot Immunizes it blocks access to the site. It also adds it to the image filter (might be a good ad filterer), cookies, and pop-ups too.

I'll need some time to gather some information about removing the site from the blacklists.

I'll respond back.

sean05
2008-09-11, 06:57
i have the same problem - i just updated spybot, ran the immunization, and now i cant get on to redtube.. ive tried everything to undo it! i even uninstalled spybot, rebooted, and still nothing.

surely an uninstall should fix the issue but no..

how do i get back access to the site?

md usa spybot fan
2008-09-11, 07:11
sean05:

Both redtube.com and www.redtube.com are added to the HOSTS file and to the restrictive entries in the various browsers by Spybot's immunization process.

Uninstalling Spybot does not remove immunization. To remove immunization:
Go into Spybot » Immunize.
Click the "Undo" button at the top of the right pane.

sean05
2008-09-11, 07:47
i clicked undo and it was still blocked


so then i uninstalled


..now what?

edit: i even deleted it out of the registry (today)

md usa spybot fan
2008-09-11, 10:20
sean05:

Have you re-booted your system?

sean05
2008-09-11, 15:51
that worked a treat

thanks mate

hylerj
2008-09-12, 04:06
let me get this straight.

Undo the immunizations.
uninstall spybot
reboot

that's it??

129260
2008-09-12, 15:47
let me get this straight.

Undo the immunizations.
uninstall spybot
reboot

that's it??

see here: http://forums.spybot.info/showpost.php?p=233493&postcount=7

Then restart, uninstall of spybot in not needed. :)

Joskapista
2008-09-17, 17:10
Hrm. Here's my two cents (thoughts).
No anti-spyware/virus applications are invincible. Your PC (Personal Computer) is not Immune to all (should be a vague term, because it partially refers to the future)/any trojan/malware.

Have you heard of rootkits?
--
Do you know how to analyze HJT logs? My (should be yours) concern is fixing entries which you vaguely think is malicious or suspect.

What brand of anti-virus and firewall do you use?



Sorry for writing this late, I had many things to do.
Of course I know that no PC is totally immune, and no antivirus/-spyware is invincible. For example about a month ago I got a so bad Virtuamonde infection, that I needed to format my winchester. (I know where it came from, and it wasn't the redtube!) But with my programs I could at least recognize the infection even if I couldn't cure it! And that's it: maybe they can turn my computer into a zombie, and do some other harms if I'm not careful enough, but I'm sure I'll notice that and do something about it.

I have heard of the rootkits, that they can hide themselvs, but fortunately there are antirootkit programs too. And btw. as long as redtube doesnt have rootkits (and while I can't be sure, I don't think it has), it doesn't concern me.

My concern about HJT logs is the same as yours. Plus the log file can be sent for analyzis too, if I'm not sure.

I use Comodo firewall, and Avast antivirus.

drragostea
2008-09-18, 01:39
It's a good, decent configuration. avast! and Comodo Pro make a great team.

HJT logs should be sent to analysis if your computer shows a sign of infection.
-
As for "partially" allowing redtube . com, it would be best if your query was in the hands of a Spybot Team Member.

This will sound vague, but I recalled that redtube will be removed from the HOSTS file in today's updates. I have to check. I'll report back.
-
Edit: I've updated to 17.09.2008 for Spybot. And redtube was removed. You should access the site with no problems.