Unprotected Files

[devin104]

When I run the immunize function of S&D the results state that there are 814 files unprotected.

I have run the S&D search and destroy function and have "fixed and repaired" any items that come up. Unfortunately after doing this when I run "Immunize" again it still shows 814 files unprotected. :red:

Should I be concerned that 814 files are shown as being unprotected? If so, what should I do? :euro:

thank you

Devin

 

[md usa spybot fan]

devin104:

What Windows OS are you running?

What version of Spybot - Search & Destroy are you running (Spybot » Help » About)?

What category (profile) are the unimmunized entries in?

 

[devin104]

Immunization problems

I am running Windows XP

The Version of Spybot I am using is: Spybot 1.6.0

The profiles with unprotected files are:

Firefox:

Default Cookies
Default Images
Default Installations
Default popups

Internet Explorer (32 Bit)

Software Cookies
Software Domains
Software Secure Domains

Internet Explorer (32/64 bit)

Default Cookies
Default Domains
Default Secure Domains
Administrator Lewis-HOB7J3
Administrator Lewis-HOB7J3
Administrator Lewis-HOB7J3

Windows

Global Hosts

I hope this answers your questions ok

Thank you

Devin

 

[md usa spybot fan]

Devin

... I hope this answers your questions ok ...

Not entirely. Are you indicating that there are some of the 814 unprotected items in each of those profiles?

If so, immunize as follows:

• Go into Spybot > Immunize.
• Click the "Immunize" button at the top of the right pane (the button with large green plus sign).

If not, please list the profiles that have unprotected items and the quantities of unprotected and protected in those profiles.

 

[devin104]

Infection breakdown

What I meant to indicate was that the total number of affect files is 814.

I hope what I enter below is clearer:

Profile Unprotected Files

Firefox:

Default Cookies 1
Default Images 81
Default Installations 81
Default popups 81

Internet Explorer (32 Bit)

Software Cookies 1
Software Domains 1
Software Secure Domains 81

Internet Explorer (32/64 bit)

Default Cookies 1
Default Domains 81
Default Secure Domains 81
Administrator Lewis-HOB7J3 1
Administrator Lewis-HOB7J3 81
Administrator Lewis-HOB7J3 81

Windows

Global Hosts 81

 

[md usa spybot fan]

devin104:

Since that is the case, did you attempt to do as I suggested???

...

If so, immunize as follows:

• Go into Spybot > Immunize.
• Click the "Immunize" button at the top of the right pane (the button with large green plus sign).

I believe that you are going into Spybot > Immunize and not actually immunizing just reporting what you see!!!

Please click the "Immunize" button at the top of the right pane and report what happens!!!

 

[devin104]

Bad Cheksum?

Bingo. Your cure worked.

I have one other question.

When I do "updates" I get a message that says:

"Immunization !!!Bad Checksum!"

What should I do to repair this?

Thank you

Devin

 

[md usa spybot fan]

devin104:

When you get "Bad Checksum!" errors select another download site and try the update again.

 

[devin104]

New issue: Load Zip Error & Antivirus XP2008

I have done as you suggested and the update worked correctly.

Now what I hope will be my final question.

This morning when I turned on my computer two message came up on the main screen:

1. "Load Zip Error" "No Such Directory"

Once I click the message "O.K." the following message pops up:

2. "Antivirus XP2008" "An error occurred while loading database" "Probably your database file outdated or have invalid format"

I do not know why these messages are coming up. What do I need to do to remedy this problem?

Thank you

Devin

 

[devin104]

Threat Detected: Trojan Horse Downloader.Generic

Shortly after posting my last message my AVG Resident Alert Shield popped up the following message:

"Threat Detected"

File Name: C:\WINDOWS/System32\b1PHcn810e5bn.scr
Trojan horse downloader.generic 7.AGGJ
Detected on Open

YIKES...what should I do

 

[blues]

have you downloaded some screensavers? they can be infected sometimes.

files with the extension .scr is screensavers i think.

here is some information to you about the .scr extension:

In November 2007 the SCR file extension started to be used to transmit a Trojan. As a script or a screen saver this file can execute other files which carry the Trojan. The SCR file may be embedded within a ZIP file which could also contain a file with a double extension.

Many Windows screen savers come with a .SCR extension by default. Usually these will be found in the Windows main directory. Use caution if you receive a screen saver file via E-mail. These files can contain executable code and can be worms or viruses. Note: This file type can become infected and should be carefully scanned if someone sends you a file with this extension.

maybe you want to ask for help in the malware removal forums http://forums.spybot.info/forumdisplay.php?f=22

 

[devin104]

screensaver

I have not downloaded any new screensavers.

It is the darndest thing. I run the SpyBot search and destroy and it shows no problems but I just ran Ewido anti-spyware and it showed two trojans.

I am soooo confused.

I will check the malware link you have suggested.

thank you

Devin

 

[drragostea]

Just to add on to blues suggestion:

AntiVirus XP 2008 is a rogue anti-spyware program that uses deceiving marketing techniques to force the user to purchase the program. In most cases, the registration key fails to confirm, or if it does, the rogue programs ability to remove the "infections" are still disabled.
http://en.wikipedia.org/wiki/Rogue_software
--
At the moment Spybot-SD does not detect AntiVirus XP 2008.

I'm betting that AVG and Ewido (AVG Anti-malware) was correct about the trojan.

Your best choice would be to visit the Malware Forums like blues said. Better safe than sorry.
--
Consider posting in the Malware Removal forum and having someone take a look at your system.

If you decide to have an experienced malware removal specialist assist you, please follow the procedure in this link to run scans and produce a HijackThis log:

• "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance).

 

[tao2o8]

unprotected itmes

since updating to s+d 1.6.0.30.i have the same problems with unprotected files .i've never had the problem before.there are 269 unprotected in the list "global" (hosts). i updated today,about 1 hour ago ,the same problem persists.immunising from the sidebar or on the toolbar makes no difference?any help appreciated.
thanks,tao2

winxp2
s+d 1.6.0.30

 

[devin104]

Malware Problem

drragostea:

I appreciate your input very much.

I did post my problem in the Malware Forum (Load Zip Error; Antivirus XP2008; Trojan -devin104 ).

There have been 77 views of my post but so far no solution has been offered.

I am not sure if this is because I did something wrong in my posting or if none of the viewers so far have a solution.

I would be most appreciative for help on this matter.

About a year ago I had another problem with a Zlob issue and on of the S&D experts by the name of Shaba did a great job in helping me. :euro:

Hopefully someone will come to my computers rescue soon. :snorkle:

Thank you

Devin

 

[drragostea]

Hello Devin. Yes, although they are just simply views, the Malware Forum is swarmed with requests. Please be patient. Malware Fighters (volunteers) are doing the best they can in assisting all of you, however they cannot be on 24/7. We all have real lives and problems. :santa:

@tao: Have you clicked "Immunize" again (as that solution worked for devin104)? Can you Undo the Immunization and Redo it? Do you have any browsers open during the process?

 

[devin104]

The Malware Plot thickens

Today my computer got attacked by: Trojan.selfkill.naf

I am also now getting a series of "A runtime error has ocurred" and asking me if I wish to "debug."

I do not know if these notices are legitimate or not. I suspect they are related to malware.

The include:

Line 27 error "Null" is null or not an object

Line 45 error object expected

Line 203 error object expected.

I sure wish somebody could help me on these problems as I am getting quite concerned about my poor laptop :red:

Thank you

Devin

 

[drragostea]

Devin, can you confirm the trojan?

You should have read the "BEFORE YOU POST" sticky. You were advised not to bump your thread.
http://forums.spybot.info/showthread.php?t=32667
--
It it has been four (4) or more days with no response, please post in the waiting room.

What PC is that in your Malware thread? A personal computer (desktop) or a labtop?

 

[devin104]

threat to laptop

The treat is on my laptop.

Sorry but I do not even know what "bump a thread" means

Thank you

Devin

 

[drragostea]

In simpler terms, it means like posting another post before you received a response.

In the Malware Forums, it can mean:
-Bumping as in "Hello?, anybody there?, i need help... : (, &etc.)
-Or bumping as in posting another log before the user has received a response.

The treat is on my laptop.

I actually thought you meant "treat" as in literally. :laugh:

I know, you meant "threat".