View Full Version : Nearly infected while immunizing
Today while updating Spybot and immunizing, Spybot requested to make changes to my registry and to add a BHO.
Assuming it was safe, I permitted. But then Spysweeper alerted me that Spybot was attempting to install spyaxe.exe and suggested that I deny the installation which I did.
Has this happened to anyone else?
spybotsandra
2006-05-09, 18:24
Hello,
That sounds to me like SpySweeper alerts the immunization of Spybot.
We add sites to the restricted zones to block them.
Some softwares interfer this like Microsoft AntiSpyware and probably SpySweeper.
Best regards
Sandra
Team Spybot
md usa spybot fan
2006-05-09, 18:36
Spybot's immunization does not add BHO's and SpySweaper falsely identifies some of Spybot's immunization (as well as some of SpywareBlaster's protection) as threats. See:
Full immunization
http://forums.spybot.info/showthread.php?t=1932
At some point during the Spybot update process the SDHelper.dll Browser Helper Object (BHO) is re-initialized. To another program which is monitoring for BHO changes this would appear to remove and then add a BHO.
The Spybot Immunize process performs a semi-automated (usually initiated manually by the user) mass addition of items of 'protection' to multiple sections of the registry. Since the real-time monitoring of several antimalware products, including Spybot's own Teatimer, watch these same registry areas for potential additions by malware, this type of problem can result. In this case, SpySweeper is performing its intended function of blocking the 'abnormal' addition of registry entries by a program, rather than a user performing individual entries via the 'Internet Options' dialog as was originally designed and intended.
I've seen many discussions relating to this problem filled with finger pointing and statements of who's right and who's wrong. The real problem is that the user is caught in the middle of a battle of competing antimalware applications, can't understand what's happening and simply wants it to work.
I'm not going to argue that either side is really 'correct' in this case. I'll simply point out that the frustration created by these 'conflicts' is causing all but the most technically knowledgeable users to move to complete suites of protection which are designed to work together and avoid such conflicts.
Though there are negatives to this homogeneous approach to protection, the confusion of conflicting antimalware for an average user is actually worse, since it reduces the comfort level with both applications. Unless those organizations producing individual antimalware applications find a way to standardize or modularize their protection, they're simply going to perform the function of killing each other off.