View Full Version : My settings wrong for scan?

2005-11-20, 17:45
I must have erroneously changed my settings for Spybot, cuz it hasn't found the tracking cookies it usually does for about 6 weeks now. I see them in the firewall log and adaware nails most of them, but my spybot no longer finds them.

I've reviewed the settings several times but can't find what i wrongly changed...anybody know an operror that i might have done?

The cookies are the 'normal' statcounter, doubleclick, kliptracker etc

ps: i'm updated v1.4 and immunized for 8226 products

md usa spybot fan
2005-11-20, 18:04
If you are using Internet Explorer and have activated Spybot's Resident SD helper Browser Helper Object (BHO), it will block the same tracking cookies that Spybot's scan detects. Therefore you would not detect those tracking cookies.

2005-11-20, 18:26
Yes, Spybot's Resident SD helper Browser for this IE6 browser is checked. But the cookies are still getting thru and show up active in adaware, and are sending outgoing packets as detected in my firewall logs.

So i've made a wrong setting, because Spybot no longer detects anything. Or I am missing your point...

Cheers, RexB
too short a username to use

md usa spybot fan
2005-11-20, 18:39
In the status bar, during a scan, you should see the display "Running bot-check(xxxxx/yyyyy:zzzzzz)". After the 2005-11-18 updates (without the ▀Detection rules) the scan counts (yyyyy value) should be:
Without Usage tracks - 31603
With Usage tracks – 34202
If the counts are correct you are checking for everything. If the counts are not correct, look in Spybot > Mode > Advanced mode (say “Yes” to the warning if necessary) > Settings > File Sets. Make sure that everything is checked except the possibly the last two items. The last two items are "Usage Tracks" and should only be checked if you want to check for them (I personally don't). The first of these two items (Usage Tracking) lists IE Cache (temporary internet files), Common Dialogs, Cookies and some Logs. The second is other "Usage Tracks".

The other thing is that Spybot does not check of all known tracking cookies. The reason and an alternative are explained here:
Why do other anti-spyware applications detect so many more tracking cookies?

2005-11-20, 19:21
Yes, the "Without Usage tracks" scanned for 31603 objects, then i checked those usage options in file sets and scanned for "With Usage tracks", 34202 objects, so that's as it should be...

I read the http://www.safer-networking.org/en/faq/37.html link, and IE settings are correct at an unmodified Medium under the Security tab.

A cookie mentioned which spybot always used to find (doubleclick) is still in the "products" page and is not checked, so it should be deleted, yet "doubleclick" remains resident until adaware deletes it.

So i've mis-set a setting and am blind to what it is. I'll do the old un-reinstall punt to assure that everything is at default again, and go from there.

Thanks for the details on the settings, i'll post back with results :)

md usa spybot fan
2005-11-20, 20:15
re: IE settings.

In addition to Security > Medium, under the Privacy tab > Advanced do you have "Third-party Cookies" set to "Block".


As far as the "DoubleClick" cookie that Ad-Aware is finding, I am at a loss to explain it. From your signature, I notice that you also use SpywareBlaster. SpywareBlaster adds the following Registry entries.

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\doubleclick.co.uk]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\doubleclick.com]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\doubleclick.ne.jp]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\doubleclick.net]
Those entries place the following sites in the restricted zone which should also block the cookies from them:
There is a difference in scanning Internet cache and cookies between Spybot and Ad-Aware. Spybot only scans the current user's Internet cache and cookies due to restrictions in Microsoft's Application Program Interfaces (APIs). From posts I have read it appears that Ad-Aware scans for all user's cookies. However that does not explain the situation that you are describing.

2005-11-23, 15:39
Sori for the delay -- a retired guy shouldn't get so busy sometimes :D

K, i blocked 3rd party cookies in IE>Privacy. And right, the SpywareBlaster should be blocking the spyware too.

I un-reinstalled Spybot, and with Spybot and SpywareBlaster always active and updated for the past several years, here are Sygate traffic logs of:
Before IE6 3rd-party cookie blocking (http://premium1.uploadit.org/owlscreech//TrafficLogOfTransmittingSpyware__20NOV05.JPG)

After IE6 3rd-party cookie blocking enabled (http://premium1.uploadit.org/owlscreech//TrafficLogOfTransmittingSpyware__23NOV05.JPG)

I'm flummoxed, cuz the !#?* adware still keeps calling home. I've reviewed my written log for s/w downloads or security changes that would cause this and don't find any. The only possibility i see that may have affected security settings is to buy/install JV16 Power Tools about that time, which has a cookie manager similar to the utility 'Empty Temp Folders'. But a RTM and review of all settings in it doesn't show any suspects. Will have to keep digging in that direction cuz it "must" be there ...


I'll enable Adaware Pro's Adwatch, though it's a little bothersome, and see if that has an effect.

EDit: No, Adwatch didn't stop the adware's outgoing traffic either. Now i'm really in the circular-confusion swirl.