Hi. I'm cleaning up an old computer and spybot gets 'stuck' on this file when I do the scan. I saw an old post on how to manually delete that file but none of the files it suggests removing are on the machine. Has anyone else experienced this problem?

Hello rickpx14,

Hi. I'm cleaning up an old computer
Is this your computer?

Best regards. :)

Well, it is now. It hasn't been used since 2005...its an older gateway computer that I'm trying to clean up but this particular file is making spybot get stuck. any advice? thanks

Hi rickpx14,

What is the operating system please? :)

Moved thread from the Malware removal forum so other members experiencing the same issue when running Spybot-S&D can post.

No malware logs please. :)

I'm having the same issue, Running Windows 7 home premium, Spybot stops running when it is checking for porvis.hlpr. I have to end task Spybot to get it shut down
It just started after the last update on 10/13

I have none of the files or registry entries listed in the other post and have run other AV/Malware products and they don't find anything wrong

I'm having the exact experience as Toonman above. This happens at roughly 80% on the scan. The one entry found in the scan at that point is Fraud.Sysguard

Fraud.Sysguard: [SBI $E7C9E8DB] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-4147262737-4177293124-3730816646-1000\Software\wpyyaxvbft

(Manually removing this reg entry results in it being added again on next reboot.)

When it encounters Pornis.hlpr and stalls (I've waited at least an hour with no movement) I have to manually TaskManager it down so I've yet to attempt to remove Fraud.Sysguard.

Also tried the manual removal instructions for Pornis.hlpr but they seem entirely inapplicable because none of those files exist on my system. I've also run Malwarebytes but it detected no problems.

I'm running Vista Home Premium 32. It's my machine.

I got the pornis.hlpr also on my Win7 IE8 computer. Can someone please help. Spybot hangs up when it detects it. Is this also known by another name? Thanks! Its funny that Norton & Windows essentials do not detect it at all.

Same as the other posts.

Windows Vista Home Premium with SP2; Pentium D with 3 Gb Ram. Have to reboot or clear with procexp (sysinternals) to kill it.

Jim

Thank you for reporting, I have left a message for our detectives linking to this thread. :)

:sad:Yes I have been having a similar problem; a blue screen & stop Error code 0x0000008e, (0xc0000005 , 0x00000000 , 0xf075bc38, 0x000000000 ) appears during scanning with spybot at the same point -pornis.hlpr file.... However, I have to manually restart my PC. I have tried repairing my regestry and all other scans ie. defender, Avast etc. come up clean. I'm running windows XP home SP3. This has only been happening since the day before yesterday, my last succesful scan was 4 days ago.

I am having problems with this too. When Spybot reaches Pornis.hlpr in its scan, my laptop restarts. I tried a scan in safe mode which ran completely and detected nothing. Still, when I tried again (not in safe mode) my computer restarted once Pornis.hlpr was reached. I am running XP, and have not had any other issues for some time. I hope someone can point me in the right direction--I'm stumped!

I hope the Spybot Team gets on this as it is quite nasty! I think I picked it up through a redirected website as I don't like Porn but, my 3 teenage boys might have got it installed..! Gosh knows what they are doing when I am working..!!!

:confused:Hi, I don't know if it is the right way to get into that thread... I was intending to read the different posts until the solution was found and apply it to my own case... but it seems I should not... so, I just try. Please let me know if I should open another thread, even though I have the same problem as rickx14 and others. :confused::thanks:

Hi,

This machine is an older Windows XP (that we use as a spare). And while my experience somewhat similar, it definetely sounds a little different?

You see, we have Microsoft Security Essentials installed on this machine (and it has been acting very strange lately - updating a whole lot and what not). Most days like twice a day even (and when it downloads it basically freezes the machine so no other activity can take place)! And starting on the thirteenth I noticed even more updates than usual. Only this time I actually had click install for them. All of which I did and then on the following day (the 14th) I had like five or six more "Windows Updates".

Anyways they all downloaded except for one which was that of KB2267610. And thank heavens for Spybot (and me having kept it updated). Because Spybot interupted the "Microsoft Windows Update" (which if clicked on would take you to the Microsoft update website). All of which I found to be very odd? Therefore I clicked on stop/block download (as Spybot had suggested) and I scribbled down this message:

"Encountered and Terminated WIN32.RJump.C"
C:Windows\Sotware Distribution\Download\Install\MSSE Update Install- X86fre-En-US-xp.exe

So knowing that it was the KB2267610 download, I went and looked it up on the Microsoft website. Although I wasn't able to find anything on there. However, as you know Microsoft only uses Bing (the "Non-Search Engine) these days so it is much, much harder (if not impossible) to find most anything. Therefore I had no ide whether it was for real or what?

However, before I could do anything about it the download started again (without even prompting me this time). And Spybot caught it again (you guy's really are the bomb)! And this time it gave me the following message:

"Encountered and Terminated SpyMyPc"
In C:Windows\Sotware Distribution\Download\Install\MSSE Update Install- X86fre-En-US-xp.exe

At this point it was getting late so I deleted the download altogether and thought that would be the end of it. WRONG! Because when I sat down at the computer then on Friday morning (the 15th) I noticed that it had rebooted. So I knew that I was in trouble from the get go! However, let me tell you how clever this thing really is? In that, when I looked down at the bottom right hand side of the screen? I noticed that it had "Muted" the sound on the Machine (I would assume so that no one would interrupt the download)?

At any rate at that point I set about trying to find the downloads, etc. (which I have and I have even removed the one that I felt was it). However the only that did was to stop MSSE (which obviosuly wasn't working very well to begin with if it had viral downloads working through it)?

So I googled KB2267610 however all I came up with was some things written in Chinese and what appeared to be a number of other foriegn languages. Therefore I didn't even want to click on those! So I tried running Spybot and I now have the same issue as the rest of these folks! IN that, I have attempted to run Spybot (only to have it freeze at Pornis.hlpr). And I know that Spybot had been up to date prior to this as well. However, I even tried re-installing Spybot and running it again (which worked at first). But after the scan I rebooted my machine and attempted to scan again and I am right back where I started from. Therefore I hope that this helps!

Thanks!!

hello,

since Pornis.hlpr drops its files to the temp directory and starts them from there the detection rules for Pornis.hlpr scan the temp directory. A temp directory with many files can cause stalls, to prevent this it is recommended to delete all temporary files and to never ever store any working data there (yes some people do that).

To delete the temp files you can use the secure shredder within Spybot S&D:

start Spybot S&D
switch to advanced mode
navigate to tools - secure shredder
select from Templates "add files from Temp folder"
click on "chop it away!" to delete the files


unless deactivated Spybot S&D will also ask you before a scan if you want to purge the temp files.
You can find this setting in advanced mode in settings - settings - automation - "offer to clean the temporary files folder"

@seedling
your Teatimer appears to show false positives, make sure to fully update Spybot S&D and then reboot your computer

I cleared out all of my temp files last night and it still stalled out
I'm 99% sure my laptop is not infected.
I've run several other spyware/malware/av programs and none of them find anything.
I think it might be a problem might be with the new updated from the 13th (my personal opinion)

Thanks. I went to do this but it does not show the shredder application (on the machine in question). I see where it is on my other machines but it doesnt show up on this particular machine. strange. it is the same version, is updated etc. any idea why the shredder application is not present/visible? thx...

I have this problem too...ran the scan SEVERAL times it locks up at about 80% same exact place a pornis.hlpr file. I NEED help...the network is infected with this bot virus! Any ideas how to move past and correct the problem. Im about ready to lose my mind! I need clear and precise instructions.....:)

Having the same thing with the 10/13 update. Thought at first I might have gotten a corrupt download, but I downloaded and deployed the file of all includes, but it didn't change a thing.

Windows XP SP3 + zillions of updates. :)

I do the cleaning of temp files you suggest. It is not a helpful solution. Problem persist. Spybot S&D is continuing collapsing at 80% of the scanning when it scans, in that moment the pornis file. I have restart the PC ( the windows blue screen of death appears). I have avast antivirus in my PC ( avast internet secure payment version) and is not detecting any problem. Also as the folks of this forum I have this problem in my Pc since the 14th october.

Please if spybot has this problem I can not scanning with it. Anyway Spybot protects even when we can not scan our pc?

I have a Compact Presario V6000 intel centrino with Windows XP I inform about mu PC if this information can help your team to find a solution.

Never before I had any problem with Spybot S&D . I was very happy with it an donated money.

Thank you very much for your answer.

Tried the team spybot instructions from Yodama
No good....
I also tried to rectify the problem by uninstalling the programme including all it's files i.e;
C:Program FilesSpybot - Search & Destroy
C:Documents and SettingsAll UsersApplication DataSpybot - Search & Destroy
And downloading it afresh...... Still no good.

This appears to be a problem with the spybot programme since 13/10 update.:sad:
RE: Updates: 2010-10-13

--------------------------------------------------------------------------------

2010-10-13
Malware
+ Bredolab.fb + FakeAlert.gen + Fraud.DesktopSecurity2010 + Fraud.InternetSecurity2010 + Fraud.SecureEssentials2010 + Fraud.Sysguard + Win32.FraudLoad.edt
Trojan
++ Pornis.hlpr ++ Win32.Agent.angq + Win32.Agent.fbx + Win32.Agent.sc + Win32.Bifrost ++ Win32.ClickPotatoLite + Win32.Muollo ++ Win32.OnLineGames.aseh + Win32.OnLineGames.down ++ Win32.OnLineGames.gqna ++ Win32.OnLineGames.gqoa ++ Win32.OnLineGames.kdka ++ Win32.OnLineGames.leta ++ Win32.OnLineGames.rzri ++ Win32.OnLineGames.scue ++ Win32.OnLineGames.smdd ++ Win32.OnLineGames.smdm ++ Win32.OnLineGames.snkn ++ Win32.OnLineGames.snmj ++ Win32.OnLineGames.snns ++ Win32.OnLineGames.snrp ++ Win32.OnLineGames.soaq ++ Win32.OnLineGames.soih ++ Win32.OnLineGames.soij ++ Win32.OnLineGames.sooa ++ Win32.OnLineGames.spir ++ Win32.OnLineGames.sqqn ++ Win32.OnLineGames.srtf ++ Win32.OnLineGames.srtl ++ Win32.OnLineGames.srzm ++ Win32.Shutdowner.bqq + Win32.Turkojan ++ Win32.Xpack.Gen3 + Win32.ZBot + Zlob.Downloader
Total: 3153258 fingerprints in 1069636 rules for 5855 products

Hello,

Please send us an e-mail with the content of your temp directory.
Therfore click on "start" , then "cmd" (without quotation marks).
Then "cd\"
"cd windows\temp"
and then
"dir > c:\content.txt"
Please send us the "content.txt".

Send the e-mail with the subject "Pornis.hlpr" to: detections(at)spybot.info .
Thanks. :)

Best regards
Sandra
Team Spybot

Hi,

I tried your suggestion Yodama, although my machine had been fully updated (I had the Spybot Update from the 13th running on machine when all of this occurred).

And I even went ahead and manually updated my machine this time. Oddly enough I could not open Spybot then as clicking on the icon would result in opening up the update (only) for some unknown reason. So I went to the website and downloaded a new copy of the program (directly from the site). Then I opened it, updated it, cleared my temp files (as was suggested to the others) and rebooted.

Upon rebooting the machine I opened up Spybot and went to "Immunize" (which resulted in an "Access Violation @ Address 005A2766 in Module 'SpybotSD.exe' read of address 4F4D54DS"). However, I continued onto run the scan.

However, as soon as I started the scan the MSSE program (which has no icon showing up in the right hand corner and I thought had deleted itself off of my machine suddenly starts downloading again). And not long after that happens I notice that the Spybot Scan was frozen again (only this time it was short - as in very early on - unlike the 80% positions of the past). And I also noticed that the Spybot Scan was frozen on "Fraud XP Antivirus" (and all the while MSSE has been suddenly attempting to download)????

So I simply stopped MSSE from downloading and voila the Spybot Scan takes off again! All of which seemed to work at first, as the scan was completed although it had nothing to report really? However, I tried running another scan (no good - stopped at 80% again). Then I cleared the temp files, attempted to update Spybot again, rebooted, cleared the temps again, checked updates and immunization again and started running a new scan only to get to 80% and stop. And I basically let it run off and on throughout the day like that to no avail.

And given the fact that Spybot is freezing (while MSSE is downloading in the back ground) then I am not so sure that I am getting "False Positives". In that, as I have stated my machine had the most recnt Spybot Update when all of this started. So I am not real sure what the deal is here? Although, you would have to agree that it is a mighty big coincedence that I couldn't find the KB2267610 Update on the Microsoft website either now right?

Also, I've e-mailed the content (as Sandra requested as well). And again, thanks for all of your help here no matter what!!

These instructions do not work for me /are not precise. Pls provide step by step what you need me to do, thanks.

Please send us an e-mail with the content of your temp directory.
Therfore click on "start" , then "cmd" (without quotation marks).
Then "cd\"
"cd windows\temp"
and then
"dir > c:\content.txt"
Please send us the "content.txt".

Also I need more instructions to send temp files.
I tried it without success.

Por exemple: Should i write "cmd" while charging windows or after...?
Write cmd ( the three letters at the same time or write one after the other)?

Thanks:eek:

Hello,

After you have booted your pc completely. ;)
Press Start (on the lower left on your screen).
Then choose Run.
Then just type cmd and hit OK.

Best regards
Sandra
Team Spybot

Hello,

Please send us an e-mail with the content of your temp directory.
Therfore click on "start" , then "cmd" (without quotation marks).
Then "cd\"
"cd windows\temp"
and then
"dir > c:\content.txt"
Please send us the "content.txt".

Send the e-mail with the subject "Pornis.hlpr" to: detections(at)spybot.info .
Thanks. :)

Best regards
Sandra
Team Spybot

Contents sent

Hello,

We have changed the detection rule for Pornis.hlpr, so it should not cause any more problems. :)
Please download the latest detection update (http://www.safer-networking.org/en/download/index.html) (2010/10/20).
Or choose the direct installation file (http://www.safer-networking.org/updates/files/spybotsd_includes.exe).
That should fix it.

Best regards
Sandra
Team Spybot

P.S.: Please do not use PM's for requesting help. The forum is there for a reason. ;) Thanks.

Thanks!

Hurrah ! thank you:heart:

Thank you:thanks:

WooHoo.. Thank You!