PDA

View Full Version : Immunization not working...



Sephiroth
2010-01-18, 06:21
This needs to be in the Spybot normal user forum, but I am unable to post there. This is for my home computer, not a work machine.

Spybot will immunize all but 945 entries on my XP Pro x64 laptop. The entries are ALL IE entries. FF and hosts immunize perfectly. I only run Symantec Endpoint Protection on my machine (64bit version), but disabling it does no good. It refuses to immunize multiple IE entries, one containing 547 unimunized entries. The funny thing is, I just tried immunizing again, and the first two that wouldn't immunize actually did immunize, but then the very next one became unimmunized and put my unimmunized count right back to 945. It's as though Spybot wants me to have exactly 945 unimmunized IE entries, but it doesn't care which ones.

a4nic8er
2010-01-19, 11:53
Same problem here, been wrestling with it for weeks. I have NONE of the software listed in the "usual reasons" sticky thread.

Windows XP Pro x64
IE8
Avast Home
SpywareBlaster
Spybot S&D

I have tried uninstalling both Avast And SpywareBlaster - no joy. I have even restored to a drive image from before the issue started. No success there either.

From memory, the 945 items are in administrator settings and domains. The debug list .txt file is too large to upload and I don't have a zipper installed (because this is a stripped down install).

a4nic8er
2010-01-23, 23:31
Now at 969 items failing to immunize after latest Windows Update x64 IE8 security patch followed by Spybot S&D update. No such issues with XP Pro 32 bit.

djpailo
2010-01-24, 05:12
Could you post the exact update that you installed before spybot stopped working?

a4nic8er
2010-01-24, 22:41
Sorry, I can't.

I could try rolling back to a drive image recorded before this issue arose and then apply the Windows Updates one-at-a-time, recording another image after each update then applying the SS&D updates until I find which one it is, but to be honest I don't have time for that.

*edit* Spybot hasn't "stopped working" please read this thread again.

rivermandave
2010-01-25, 01:38
Stupid question here for you folks having problems....what type of browser are you using?

Ahother thought....when was the last time you deleted all your Temporary Internet Files....and Cookies...and Add-Ons?

I DO know that IE8 still has problems (from friends of mine)...but you CAN roll back to IE7. I'm still on IE7 as I've heard / read about too many issues.

That said....to Delete items in Temp etc...open your IE and then click on Tools, then Internet Options....then under Browsing History click on Delete....then another window will open up for Delete All (check the box).

Once this is done then try your Immunization again.

Of ALL the friends I have....only ONE person has had immunization problems...and that was because the machine was already infected with malware :sad:

Hoffmaister
2010-01-26, 17:49
Same problem here, been wrestling with it for weeks. I have NONE of the software listed in the "usual reasons" sticky thread.

Windows XP Pro x64
IE8
Avast Home
SpywareBlaster
Spybot S&D


Hi
I have the same config as you, tried everything. But then I go under tools>internet options>advance> reset Internet Explorer settings.(IE8)
Then I run Immunization again, all gone:laugh:

Hope this help

Arne

a4nic8er
2010-01-27, 23:05
Hi
I have the same config as you, tried everything. But then I go under tools>internet options>advance> reset Internet Explorer settings.(IE8)
Then I run Immunization again, all gone:laugh:

Hope this help

Arne

OK, tried that. Unfortunately all it did was change the sections where the 969 non-immunized items are. See attachment and compare it to the one in my previous post.

a4nic8er
2010-01-28, 02:27
@ Hoffmaister: are you running XP Pro 64 bit?

Here's what I have done to try and trace the cause of this problem...

Isolated from internet.
Restored to image from 30 November 2009
http://a4nic8er.com/images/SSandD/SSD-immincomp3A.PNG

NO Microsoft Updates installed!

Disabled SpywareBlaster protection.
Uninstalled Avast! 4.8.
Rebooted.
http://a4nic8er.com/images/SSandD/SSD-immincomp3B.PNG

Immunized.
http://a4nic8er.com/images/SSandD/SSD-immincomp3C.PNG

So far, so good (remember, still no Microsoft updates).
Connected to internet, updated SS&D.

http://a4nic8er.com/images/SSandD/SSD-immincomp3D_upd.PNG

Started SS&D.
http://a4nic8er.com/images/SSandD/SSD-immincomp3E1.PNG

Immunized, 1737 items failed. See attachment immudebug1737-1.zip for 990KB immunization debug text file.
http://a4nic8er.com/images/SSandD/SSD-immincomp3E2.PNG

Updated and enabled SpywareBlaster protection. No change.
Rebooted. No Change.
Immunized. No change.
Removed Immunization, reset Internet options to default (deleting all personal settings).
Rebooted.
Immunized. Note, all 1737 failures are now in one section - Internet Explorer (64 bit) \Software (Secure Domains). See attachment immudebug1737-2.zip for 293KB immunization debug text file.
http://a4nic8er.com/images/SSandD/SSD-immincomp3F.PNG

Installed 9 Microsoft High Priority updates (may as well, I have proven that they are not causing the problem).

http://a4nic8er.com/images/SSandD/SSD-immincomp3G.PNG

Rebooted.
Installed Avast!5.
Rebooted.
Ran SS&D Immunization again. No change.

Conclusion: The problem arose when only SS&D updates alone were installed. The issue is with SS&D itself, when running on XP 64-bit systems.
*edit* I suspect the issue is with the 658KB "Base trojan horse detections 2009-12-09"

a4nic8er
2010-02-04, 01:36
Updated SS&D (yes both updates - screenshot taken midway through update).

http://a4nic8er.com/images/SSandD/SSD-immincom4A_upd.PNG

Immunized, 1869 items failed (up from 1737, an increase of 132 items). Half of the new detections succeeded. Each of the sections showing 11 items unprotected had 22 prior to imminization attempt.
http://a4nic8er.com/images/SSandD/SSD-immincom4B.PNG


Immunized again. Slight change to placing of immunization failures, from IE 32 bit to IE 32/64 bit, but still the same number.
http://a4nic8er.com/images/SSandD/SSD-immincom4C.PNG

Removed Immunization, reset Internet options to default (without deleting all personal settings).
Immunized. Note, all 1869 failures are once again all moved to one section - Internet Explorer (64 bit) \Software (Secure Domains).
http://a4nic8er.com/images/SSandD/SSD-immincom4D.PNG

New day, same stuff :\

a4nic8er
2010-02-04, 02:17
No such issues with XP Pro 32 bit or Windows 7 RC 64 bit on same machine, only XP Pro 64 bit.

http://a4nic8er.com/images/SSandD/SSD-immincom4E-W7.png

spybotsandra
2010-02-04, 11:35
Hello,

Did you also undo the immunization and then immunize again?

Best regards
Sandra
Team Spybot

a4nic8er
2010-02-05, 00:03
Hello,

Did you also undo the immunization and then immunize again?

Best regards
Sandra
Team Spybot

Yes. I did that and quite a few other things. My actions and the interesting results from them can be easily followed by reading page one of this thread.

*edit* There's even a couple of immunization debug files there too, if anyone at Spybot is interested in looking at them.

Sephiroth
2010-02-07, 17:48
Sorry for the lack of responses. The forums had an issue with my posting permissions and I had to get an admin to fix me up. My results are the same however. Spybot immunizes Windows 7 32/64, Windows Vista 32/64, and XP 32, but not XP x64 Edition. It fully immunizes Firefox, but IE acts strange with immunizations. For example, every other item had X number of unimmunized entries. Well once in a blue moon it will immunize those, but then one farther down the list will GAIN unimmunized entries so that the exact same count of unimmunized entries is the same. I do NOT use IE at ALL, but like to keep it immunized anyway. I am required to use it for Windows Update obviously, and I worry about hijackers and things.

*EDIT*

One thing to note is that I do not install Vista/7 software on my XP machines due to the increased resource usage. As such, I have IE6, not IE7 or IE8 on the machine. I also have Media Player 10, and I use Star Office, not MS Office. Anyway, I have IE6 where one of these guys posted that he had IE8, so I believe that this is an issue not related to the version of IE.

Gopher John
2010-02-07, 19:40
I have IE8 running on WinXP Pro SP3, and am not seeing any increased resource usage over when I had IE6 or IE7. It runs fine and is far safer that the previous IE offerings. I use Firefox 3.6 as my default browser.

spybotsandra
2010-02-10, 15:35
Hello,

Please also try to click a second time on the immunization tab after immunizing.
Does this change anything?

If this does not help please try the following:
1. Start your PC in safe mode (http://www.computerhope.com/issues/chsafe.htm).
2. Launch Spybot.
3. Unselect all the options in the immunization tab except the ones which are not immunized.
4. Undo Immunization.
5. Redo Immunization.

Best regards
Sandra
Team Spybot

a4nic8er
2010-02-10, 23:56
Hello,

Please also try to click a second time on the immunization tab after immunizing.
Does this change anything?

If this does not help please try the following:
1. Start your PC in safe mode (http://www.computerhope.com/issues/chsafe.htm).
2. Launch Spybot.
3. Unselect all the options in the immunization tab except the ones which are not immunized.
4. Undo Immunization.
5. Redo Immunization.

Best regards
Sandra
Team Spybot

Ok. Tried that, several times. Appeared to work until reboot into normal mode but I suspect it was just moving the unprotected items around again. Upon normal restart and Immunization check, I end up with 5919 unprotected items in IE 32 bit (Domains). Uncheck everything but that section, undo, immunize. Looks ok. Select all, check again. Now have 1857 unprotected in IE 32 bit (secure domains) plus 1857 unprotected in IE 64 bit (secure domains). Deselect all but those two, undo, immunize, have to 1857 in IE 64 bit (secure domains). Stuff this, select all, check again, 1857 unprotected in IE 64 bit (secure domains), right back where we started from.

SpybotS&D won't immunize IE 64 bit (secure domains) properly, but appears to be immunizing 32 bit IE ok. While wondering if this is going to be rectified, I will make sure not to use 64 bit IE 8.

Sephiroth
2010-02-14, 00:04
tried your suggestions to no avail. I had already tried immunizing multiple times and that never worked. It seems to have a set number of immunizations it simply refuses to do and shuffles around what cannot be immunized. This is now also affecting a friend's computer, which is XP Pro 32bit. He has IE6 also since XP becomes unusable for his system (512MB RAM) if he installs 7 or 8.

Sephiroth
2010-02-15, 08:40
Alright after the latest Spybot updates it immunized some, but not all entries. However, I decided to try my weekly chore of selecting only the ones that won't immunize and undo the immunization, then redo it. This worked on a few, so I deselected those, and after multiple times of chasing the immunization bug around (immunize one, another loses immunization) I finally got everything immunized. This is ALL IE-related. The hosts file and FF immunize perfectly each time. We'll see what happens when the team releases another update though...

a4nic8er
2010-02-18, 00:04
Latest update: No better, worse if anything.

2193 Immunization failures, spread all over.

http://a4nic8er.com/images/SSandD/SSD-immincom7C.PNG

Took 10 -15 minutes of rebooting into safe mode, immunize, check again, select each section, undo, redo, check again, reboot in normal mode, check again, select each section, undo, immunize, check again, select all, check again, undo, immunize, check again - just to get the 2193 failures into the same section - IE (64 bit) \SOFTWARE (Secure Domains).

Still no such issue with XP 32 bit or W7 RC 64 bit, only XP 64 bit!

Also noted that it takes 50 seconds to exit SS&D on XP 64 bit while it "unloads user registry hives." This takes less than 1 second with XP 32 bit and W7 RC 64 bit.

And in case you are wondering, I have completed full virus scans (Avast), Live Onecare scan, rootkit scan (Sophos), HJT (all with a clean bill of health).

a4nic8er
2010-02-24, 23:40
New update, same old crap.

Chased the failed immunizations around the various sections for a while until I stumbled accross a method for quickly geting them all into IE (64 bit) \SOFTWARE (Secure Domains).

1. Start SS&D immunization and "Undo" (remove all SS&D immunizations).
2. Start SpywareBlaster and "Disable all protection".
3. Return to SS&D and Immunize. 2217 immunization failures in IE (64 bit) \SOFTWARE (Secure Domains).
4. Return to SpywareBlaster and "Enable all protection".
5. Close SpywareBlaster.
6. In SS&D, "Check Again". Still have 2217 immunization failures in IE (64 bit) \SOFTWARE (Secure Domains).

a4nic8er
2010-03-17, 07:37
2277 now

a4nic8er
2010-03-24, 22:57
2337 now

tfrimet
2010-04-06, 23:38
spybot S&D 1.6.2.46
The IE 8 - 32 bit software (domains) leaves 5891 showing as unprotected.
I tried "safe-mode" - did not have the desired effect.
I have uninstalled, and reinstalled.


I have also "undo-immunize" and "redo-immunize all entries, as well as only the 5891 domain issue.

Vista-Administrator is not an issue - tried that - no effect.

HP A6838f Pentium Dual CPU E2220 2.40 GHz 4GB Ram 64 bit OS
Windows Vista SP 2
Kaspersky Internet Security 8.00.454

Not running into any problems on a separate laptop running Windows 7, 64 bit OS, with Norton.

I have several users on the PC. I am the admin account, and that is where the problem appears.

Only \SOFTWARE (Domains) is affected.

I do not remember when this problem first started. :oops:

What happens when I de-immunize is that thousands are left "protected". And when I reapply immunization, thousands are still left "unprotected".

Perhaps it is just a registry glitch. Any suggestions? :red:

a4nic8er
2010-04-12, 00:44
I now have 3465 immunization failures in IE (64 bit) \SOFTWARE (Secure Domains).

spybotsandra
2010-04-29, 13:07
Hello,

Please open regedit with admin rights (Start>type 'regedit' in search bar>right-click and select 'Run as administrator')

open:
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
or on a x86/32bit system:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
and delete the folder 'Domains'.

If this refuses to delete, right-click and select 'Permissions...', select your username from the list (or find it by clicking Add...>Advanced...>Find Now and then select your username and click OK). Then tick the Allow boxes, click OK and delete.

You can now open Spybot and select Immunize, and once it has scanned, select Immunize at the top.

Best regards
Sandra
Team Spybot

a4nic8er
2010-05-03, 02:19
Sorry for the delay, had pretty much given up on getting a response to this problem.

Tried your suggested solution, but that only clears the 32 bit IE Immunization data.
So I deleted the appropriate registry key for the 64 bit IE domains folder, which (after Immunization) resulted in 4 Unprotected in Internet Explorer (64 bit) \SOFTWARE (Domains) & 5045 Unprotected in Internet Explorer (64 bit) \SOFTWARE (Secure Domains).

Resorted to the prior method of > "Undo" SS&D Immunization > Disable all SpywareBlaster protection > Immunize with SS&D, get 5049 Unprotected in Internet Explorer (64 bit) \SOFTWARE (Secure Domains) > Enable all SpywareBlaster protection.

Arctucas
2010-05-03, 15:36
I had started my own thread (http://forums.spybot.info/showthread.php?t=57079) on this issue, but I would like to contribute here also.

I have the same problem; Windows XP Professional 64-bit, 5000+ 'Unprotected' entries under Internet Explorer (64 bit) \SOFTWARE (Secure Domains).

I tried the registry fix suggested above, to no avail.

I have uninstalled and reinstalled Spybot, and I noticed that until I did the April 26 update, all was well.

Also, my Windows 7 Ultimate 64-bit installation works perfectly, even with the same update.

I have been using Spybot S&D since the 0.9 BETA, and this the first issue of this kind I have experienced.

Hopefully, the next update will resolve it, or even better, version 2.0 will be released soon!

Thank you for reading.

Arctucas
2010-05-04, 02:40
I wanted to post an update: I managed to get all immunizations to work.

All I did was reformat and reinstall Windows, install Spybot, update and immunize before I went to Windows Update to install IE 8.

Sort of drastic, but it worked!

We shall see what happens Wednesday when the new updates are released.

a4nic8er
2010-06-10, 08:03
7377 now

1301 Unprotected in Internet Explorer (64 bit) \SOFTWARE (Domains).
6076 Unprotected in Internet Explorer (64 bit) \SOFTWARE (Secure Domains).

Oh wait, a patch is available.

Make that 7473

1389 Unprotected in Internet Explorer (64 bit) \SOFTWARE (Domains).
6084 Unprotected in Internet Explorer (64 bit) \SOFTWARE (Secure Domains).

a4nic8er
2010-06-26, 04:21
8349 items unprotected.
2192 in Internet Explorer (64 bit) \SOFTWARE (Domains).
6157 in Internet Explorer (64 bit) \SOFTWARE (Secure Domains).

a4nic8er
2010-07-15, 00:59
8910 items unprotected.
2709 in Internet Explorer (64 bit) \SOFTWARE (Domains).
6204 in Internet Explorer (64 bit) \SOFTWARE (Secure Domains)

lewisje
2010-07-15, 02:02
Have you tried running Spybot as an administrator?

If that doesn't work, this might: http://wiki.spybot.info/index.php/Registry_Tweaks#ImmunizeIE8

a4nic8er
2010-07-17, 03:03
Have you tried running Spybot as an administrator?

If that doesn't work, this might: http://wiki.spybot.info/index.php/Registry_Tweaks#ImmunizeIE8

Spybot will only immunize when run as administrator, so yes.

Thanks, tried that. Did not fix. The problem is not that Spybot fails to immunize IE completeley but that, since the "base trojan horse" detection rules update of December 9 2009, it has failed to immunize the Domains portions of the IE (64 bit)\SOFTWARE. The (32 bit) & (32\64 bit) sections continue to immunize correctly.

This is all explained back on page one, including the steps I took to isolate where and when the problem originally occurred and includes posted immudebug files (which still have not been viewed).

spgandau
2010-07-23, 15:49
I had the same problem.
downloaded the update of 7/21/2010, and suddenly had 79 items which would not immunize in the Global (Hosts).
After following the steps shown above, it worked well. everything has immunized correctly.

Win 7 32 bit
3 GB RAM
2.1 Ghz Athlon 64 x 2
primary browser is Firefox

a4nic8er
2010-07-27, 02:14
Win 7 32 bit


It's a 64-bit problem.

a4nic8er
2010-08-11, 03:10
http://a4nic8er.com/images/SSandD/SSD-immincomp100804.jpg
Possibly related: The time taken to load and unload registry hives appears to be increasing when opening and closing SS&D as the number of failed immunizations increases (on affected XP 64-bit systems).