PDA

View Full Version : Is this a false positive?



robco
2006-12-05, 15:48
Hi,
Every time S&D runs (daily), the following messages appear:

Some problems couldn't be fixed; the reason could be that the associated files are still in use (in memory).
This could be fixed after a restart.
May Spybot-S&D run on your next system startup?
(yes) (no)

Then this message:

24 problems fixed.
1 problems could not be fixed. Please restart your computer.

Finally every time I restart my computer Spybot S&D finds nothing other than a few cookies it shows as non-critical so I leave them alone and it ends. And then it runs at 4AM with the same message as above.

Any idea what's going on here? Do you need additional info? Just let me know what.

Thanks,
Rob

md usa spybot fan
2006-12-05, 17:17
It might be helpful if you posted a log of the actual detection that you are questioning. After you run a scan that includes the detection in question:
Attempt to "Fix selected problems".
After answering the " run on your next system startup?" either "Yes" or "No", right click on the results list, select "Copy results to clipboard".
Then paste those results (Ctrl+V) to a new post in this thread.
Or as an alternative post a Fixes.yymmdd-hhmm log from a previous running that shows the problem detection.

By default here are two Checks.yymmdd-hhmm logs produced during a scan. The second Checks.yymmdd-hhmm has the details of what the scan found. A Fixes.yymmdd-hhmm log is produced if you fix or attempt to fix something.

Two methods to copy that information:
Method 1:
Go into Spybot > Mode > Advanced mode > Tools > View Reports > View Pervious reports. Look for the Fixes.yymmdd-hhmm.log file that contains the detections that you like to me to help you with. Open it. To copy it to the Clipboard, right click on the listing and select Select All > Right click again and select Copy. Paste (Ctrl+V) the contents of the Clipboard into a new post in this thread.
Method 2
The Checks.yymmdd-hhmm.log and Fixes.yymmdd-hhmm.log files are stored in the following folders:
Windows 95 or 98:
C:\Windows\Application Data\Spybot - Search & Destroy\Logs
Windows ME:
C:\Windows\All Users\Application Data\Spybot - Search & Destroy\Logs
Windows NT, 2000 or XP:
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs
Using Windows Explorer, navigate to the correct Fixes.yymmdd-hhmm.log. Double click on it and it should open with Notepad. To copy it to the Clipboard, right click on the listing and select Select All > Right click again and select Copy. Paste (Ctrl+V) the contents of the Clipboard into a new post in this thread.

robco
2006-12-06, 09:15
I think I fixed the problem while I was snooping around to get the files to post here. Here's what I saw in the ealier file:

Log: Activity: SchedLgU.Txt (Backup file, fixing failed)
C:\WINDOWS\SchedLgU.Txt

Then I looked in the results (in the Spybot S&D window) for this item and just checked it and pressed the Fix Now button. Here's the entry from the next Fixes log.

Log: Activity: SchedLgU.Txt (Backup file, nothing done)
C:\WINDOWS\SchedLgU.Txt

I'm no longer being prompted to run at boot time. Would you agree it appears to be 'fixed'? I've attached the two Fixes logs.

Thanks again for your help with this.

Rob

spybotsandra
2006-12-06, 14:18
Hello,

The Sti_Trace.log file is opened on many machines; mainly on Windows 2k/XP/ME. The reason is that the Still Image Monitor is running all the time, using this file. You can use msconfig to disable the Still Image Monitor, but as it is of no harm I would suggest to add this log file to the single ignore list.

The same is valid for the SchedLgU.txt; it is the log file of the scheduler. If the scheduler is running, this file is kept open. If you are not using the scheduler, I suggest disabling it, this will not only allow you to back up this file, but also save some RAM (to add a problem to the single ignore list, simply right-click on it in the results list, and choose the appropriate menu item.).

Best regards
Sandra
Team Spybot

robco
2006-12-08, 09:28
Sandra,
Thanks for the info.
The incident seems a little bizarre. I have nothing in my Ignore Single Entries list and yet the problem that was soo annoying for several weeks has disappeared - not that I'm complaining :D: I'm just going to leave well enough alone and archive the instructions for dealing with the problem should it arise again.

Now I think I can go ahead and install the beta update knowing I don't have any outstanding issues. And I can look forward to moving that maintenance to clients' computers where I never wanted to run Teatimer before because of the cosmetic as well as the nag factors. And yes I know about the patch to Teatimer - I use it on my own machine but don't have the time to migrate it elsewhere. I'm grateful to whoever was kind enough to finally deal with the issues. It will be nice when the fix is in the final code...

So very pleasant to deal with folks here!:bigthumb:

Rob