PDA

View Full Version : Spybot freezes when trying to purge Recovery



Telstar
2006-11-26, 04:37
Hi,

Windows XP Home SP2
768 RAM
Spybot 1.4

Been using Spybot for about 4 years and recently had an infection where
Spybot picked up YazzleSudoku and Smitfraud-C. threats.
I had Spybot fix them and, among other items, they are now in the Recovery area of Spybot.

Problem is when I go to Purge them from Recovery...Spybot simply freezes.
When I go to the Task Manager, it shows Spybot as "Not Responding".

So, I have a few questions:

1) Is there anything I can do to fix the freezing so I can complete the Purge operation?

2) If it requires me to install Spybot again, what happens to those items still in Recovery when I Add/Remove Spybot?
I looked for a "Recovery" file in the Spybot Directory that I thought I could simply delete but couldn't find anything that I thought was related to Recovery.

3) Is it possible that I could do anything to "unleash" these threats back into my system if I download a new Spybot?

4) Is it possible to "install over" the existing Spybot that I have and the new download will copy all the same settings (e.g. the "Ignores") or should I just start over?

Thank you. :)

Zenobia
2006-11-26, 07:47
Have you tried just selecting one or two items at a time in the Recovery area of Spybot,and then purging them,then going back and purging a couple more?That might go a bit slow if there's a lot of items in the Recovery area,but it might stop Spybot from freezing when purging,and that way you'd avoid having to reinstall Spybot.

Telstar
2006-11-26, 08:03
Hi Zenobia,

Yes, earlier I tried one of the more innocuous items that are there and got the same result...total freeze...Task Manager to close Spybot.

I will say that in Advanced>Settings>Settings the timer for "Age of Recovery" has always been 30 days (though I just changed it to 7 days), so there are items that have been in Recovery for a pretty long time (since I rarely had a need to go there until now)...certainly way more than 30 days...so that feature did not work at all.

I was searching the Forums to see if anyone else had this problem and haven't come across the exact same situation as mine...one thread had the suggestion to make sure the "three items for Recovery" were checked...which mine have been checked all along.

I did discover through reading the other threads where the Recovery files are located...C:\Documents and Settings\Application Data\Spybot\Recovery and was comtemplating whether or not to try and delete them from there but, decided to wait for some replies to my post.

Any suggestions?

And, thank you for your reply. :)

md usa spybot fan
2006-11-26, 08:10
1) Is there anything I can do to fix the freezing so I can complete the Purge operation?
I never encountered the problem so I really can not tell you what may be causing the problem.



2) If it requires me to install Spybot again, what happens to those items still in Recovery when I Add/Remove Spybot?
I looked for a "Recovery" file in the Spybot Directory that I thought I could simply delete but couldn't find anything that I thought was related to Recovery.
The recover files are not deleted when you do an Add/Remove program.

By default the recovery files for Spybot-S&D are stored in.zip folders in one of the following locations:
Windows 95 or 98:
C:\Windows\Application Data\Spybot - Search & Destroy\Recovery
Windows ME:
C:\Windows\All Users\Application Data\Spybot - Search & Destroy\Recovery
Windows NT, 2000 or XP:
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery
Since you indicate that you are having problems using Spybot > Recovery > selecting the item(s) that you no longer want to keep and using the "Purge selected items" option on the top of the screen, you can delete the recovery files manually. The .zip folders are password protected to prevent accidental deletion. The password is "recovery" (no quotes).


3) Is it possible that I could do anything to "unleash" these threats back into my system if I download a new Spybot?
That would only happen if you recovered the files via Spybot > Recovery > Recover selected items.


4) Is it possible to "install over" the existing Spybot that I have and the new download will copy all the same settings (e.g. the "Ignores") or should I just start over?
Most of the settings are retained during reinstallation, but the recovery files are also retained. See:
How to uninstall?
http://www.safer-networking.org/en/faq/27.html

Telstar
2006-11-26, 08:29
Ok, md usa...thanks for your reply also.

Yep, as I indicated in my previous post, I found where the Recovery files are located @ C:\Documents and Settings\Application Data\Spybot\Recovery.


The recovery files are not deleted when you do an Add/Remove program.
This being the case and since I probably have corrupted file(s) causing this problem I'd like to go ahead and try deleting them per your suggestion.

Obviously I'm very concerned about reinfecting my system, I've just spent the last day or so working with MVP advisors in another Technical Forum in removing some malware (e.g. Trojan.W32.ZLOB), spyware and IE Helpers (BHO's) that were causing me problems...(constant Alerts by my WinPatrol, Windows Defender, AVG AV and AVG AS, etc).

Right now, all seems fixed and I'm not getting any Alerts and my program scans are all good.

So, can I just go ahead and delete those zip Folders (thanks for the Password)... and be assured that everything in them (the malware) is completely gone?

If I can do that, I'll uninstall Spybot and reinstall a new one that hopefully will fix the Recovery issue.

Any other suggestions?

Thanks again. :)

http://h1.ripway.com/iautotron/InfectionafterAvengerSpybotYaz_Smitfraud.png

Telstar
2006-11-26, 09:46
you can delete the recovery files manually. The .zip folders are password protected to prevent accidental deletion. The password is "recovery" (no quotes).
Just wanted to let you all know that I tried deleting a few of the zip files in Recovery and I was not prompted for a Password..they went straight to the Recycle Bin which I emptied with no problem.

I think it's quite possible that because of the large, no...huge, amount of files that were in the Recovery Folder (remember, I had not checked there to Purge any files in a "long" time):
Recovery Folder>
Size: 3.39 MB
Size on Disk: 10.1 MB
2,230 Files

Folder Attributes was checked at "Read Only".
Created March 27, 2003 (the long time I mentioned).

Remember though, I said the Settings> "Age of Recovery" was checked for 30 days...so this apparently never did purge any files "automatically" and they just accumulated to where they are today.

I'm going to go ahead and start deleting...the Smitfraud and Yazzle files that I'm concerned with are easily identified so I'll work around those. When I get to where I only have those left, I'll restart Spybot and see if the Purge Recovery works then...I'll let you know.

:)

Telstar
2006-11-26, 10:30
.....................................Success!

I was able to get Purge Recovery to work.

Apparently there is a threshold in the Recovery Folder where a large size (MB) of data can "choke" the Purge operation.

It took quite a while for me to delete the majority of the files (2,230..don't know how many zip folders were there but...a lot). I think I could have deleted them all at the same time with no problem but I was deleting and sending about 200KB to the Recycle Bin at a time.

Why files were not automatically purged after the 30 days?
I don't know...that should have been happening I think.

So, bottom line, at least based on this user's experience today:
1) If someone posts with a similar problem...have them go to their Recover Folder and check the size (Properties)...if it's stuffed full like mine was, this then is probably the reason for the failure to Purge.

2) Have them start deleting manually and trying Spybot occasionally to see if it "unfreezes" and completes the Purge operation...at some point it will.

Why I was not prompted for the password, I don't know but I never required it.

After I was done, I ran CCleaner and RegSeeker just to clean out eveything and then rebooted (probably not necessary).

So, there you have it...g'day! :bigthumb: