Bonjour.

I renewed my licence for home edition yesterday.
I was suspecting a malware problem, as the internet transfers appears a lot slower for the last few days :
Drobox and Firefox showed both establishing connections with 007guard.com and 1e100.net.
I understood, from another post in spybot forum that 007guard is related Spybot,
and from other researchs, that 1e100.net is a Google utilitary hostname.

I have been using Spybot for years, as a reliable product.

Now, Spybot is showing a few weird behviors :

I can not access the parameters.
Impossible to enable "Realtime Protection" (rev.001)
The system scan seems to complete but does not seems to close, and the user interface does not update.
The start-up tool center user interface remains busy, r(showing the hourglass), its the tabs are not accessible.



What should I look to, in order to have Spybot to behave properly ?
Iwas suspecting some kind of "user account protection problem, but I found nothing...

I still need to find the problems on my computer:
the processor is heating (fan running high speed),
and connection remain slow.

Rev.001 : 20180217-1300H : Risque : Addition to text

rev.002 : 20180217-1340H : Risque : Addition to Thread

SDSetting.exe does not run.
I tried to start it using every compatibility possibility.
It seems to exit, or to be terminated without any warning or error message.

Proceeding to maintenance of my computer, suspecting the presence of a malware,
I observed through the Resources Manager that there is a link established between
Dropbox (while synchronizing), and an obscur site called www.007guard.com.

Searching about 007guard, I found a post in Spybot forum saying that 007guard is a Spybot Address. Fwww!

I do not know much about the way Spybot works, but, could someone explains me, in general terms, how Spybot interact with Droobox, or other cloud services ?

Hello Risque,



Searching about 007guard, I found a post in Spybot forum saying that 007guard is a Spybot Address. Fwww!


Could you provide a link to that post please. :)

Best regards.

Tashi,

I was referring to the most recent post
https://forums.spybot.info/showthread.php?74388-Fixing-the-007guard-com-issue-for-good published 2017-03-23.

There is also
https://forums.spybot.info/showthread.php?20443-hosts-immunisation-www-007guard-com and a few others.

Reading, learning, I understand there should be an host list somewhere.
I am not sure where it should be.
Found "host" (without extension) in
C:\Windows\System32\drivers\etc

If I am not mistaken, I understand that this file provides ip addresses for series sites,
directing malwares to connect to local host ( to remain inside the computer ) instead of connecting outside.

But, is 007guard.com a malware, or not ?
And, why Dropbox and Firefox want to connect to 007guard.com ?

rev.002 : 20180217-1340H : Risque : Addition to Thread

SDSetting.exe does not run.
I tried to start it using every compatibility possibility.
It seems to exit, or to be terminated without any warning or error message.

Problem partly solved.

Found posts
https://www.safer-networking.org/2016/fix-system-scan-freeze-zlob-zipcodec/
https://www.safer-networking.org/faq/scan-freezes-zlob-zipcodec/

Applied patch
https://www.safer-networking.org/files/spybotsd2-install-iefreezefix.exe
(https://www.safer-networking.org/files/spybotsd2-install-iefreezefix.exe)
I now have access to Parameters SDSettings.exe,
but SDTools.exe still freezing.

Hello Risque,



I was suspecting a malware problem, as the internet transfers appears a lot slower for the last few days :


Do you have any other reason to suspect malware?



but SDTools.exe still freezing.

Sorry to hear this, please open a support ticket (https://www.safer-networking.org/contact/home-edition-support/) for that issue. :)

Best regards,
tashi

Do you have any other reason to suspect malware?

Yes.

In the night of 14 to 15 February, I attended to my computer, to control the advancement of some podcast download.
No light in the room. Suddenly, the brightness of my computer screen increased.
My computer never did that before, and never did that since.
It is also gong with the fac that, from that day, the internet connection seems slower...

I am convinced that someone was spying on me through the camera.
Someone unexperienced ?
Someone leaving voluntarily a hint ?

Those are not my usual thoughts... But, that left a strong impression.

What do you think of that ?

You may also contact me through private messaging.

Hello Risque,

If you would like the system checked by a volunteer analyst please see the Malware Removal Forum (http://forums.spybot.info/forumdisplay.php?f=22) sticky which includes guidelines and instructions in post #2 on how to provide the logs from Farbar Recovery Scan Tool and aswMBR, which are used in the preliminary analysis.

http://forums.spybot.info/showthread.php?t=288

Then start a new topic in that forum providing the logs and a link back to this thread please. :)

Best regards.

If you would like the system checked by a volunteer analyst [...]

I will need some time to organize, as my work is keeping me quite busy,
but I will definitely use this opportunity.

Thank you.