Distributed Testing, updated to 1.6 and leaving beta status

SDDT Scan hangs (reproducably scince yesterday)

Scince yesterday, "SDistTestSvc.ex" regularily hangs with 99% CPU usage after a few scans.


The GUI console shows:

(i) 25.10.2008 02:27 Queued tests:
(i) 25.10.2008 02:27 SDDT-Virtumonde.Dll-Yodama.sbi 4074 2008-10-24 11:33:32
(i) 25.10.2008 02:27 SDDT-new-micha.sbi 4089 2008-10-24 14:13:49
(i) 25.10.2008 02:27 SDDT-Virtumonde.sdn-Yodama.sbi 4075 2008-10-24 11:33:35
(i) 25.10.2008 02:27 SDDT-Smitfraud-C.gp_RG-rene.sbi 4094 2008-10-24 17:29:57
(i) 25.10.2008 02:27 SDDT-Win32.Agent.aec-micha.sbi 4078 2008-10-24 14:13:47
(i) 25.10.2008 02:27 SDDT-Netbus-micha.sbi 4079 2008-10-24 14:13:48
(i) 25.10.2008 02:27 SDDT-Win32.VB.bco-micha.sbi 4080 2008-10-24 14:13:48
(i) 25.10.2008 02:27 SDDT-Win32.Agent.wf-micha.sbi 4081 2008-10-24 14:13:48
(i) 25.10.2008 02:27 SDDT-PoisonIvy-micha.sbi 4082 2008-10-24 14:13:48
(i) 25.10.2008 02:27 SDDT-Joke.Password-micha.sbi 4083 2008-10-24 14:13:48
(i) 25.10.2008 02:27 SDDT-Win32.Autoit.p-micha.sbi 4084 2008-10-24 14:13:48
(i) 25.10.2008 02:27 SDDT-Win32.SdBot.aad-micha.sbi 4085 2008-10-24 14:13:49
(i) 25.10.2008 02:27 SDDT-Win32.VB.dn-micha.sbi 4086 2008-10-24 14:13:49
(i) 25.10.2008 02:27 SDDT-Win32.mIRC.603-micha.sbi 4087 2008-10-24 14:13:49
(i) 25.10.2008 02:27 SDDT-MSNFlood-micha.sbi 4088 2008-10-24 14:13:49

...then...

loading and testing the sbi's - all with "success"

...until SDDT-Virtumonde.sdn-Yodama.sbi (>> which has been tested at last, although it seems to be the first one to be tested according to the list above?!).


There's no "success" after testing SDDT-Virtumonde.sdn-Yodama.sbi

but

- playing a "ping"-sound (like if there would be a dialog box, however, there isn't one!)

- almost freezing CPU by 99% usage by the "SDistTestSvc.ex" process (OK, it's a Pentium III M at 1.1 GHz, however, it's been working fine so fare with all other SaferNW products inclunding SDDT.)

- no chance to stop the process, neither in GUI window ("stop service") nor in the win2K task manager ("stop process") - access denied; however, machine can be shot down w/o probs.


Here are some more details about the context:

SDistTestSvc.ex:
- 21 GDI objects
- 115 handles
- 8 threads
- 5.952 KB memory
- 6.320 KB max. memory
- 5.672 KB virtual memory
- CPU time: 99% usage starts after a few seconds of CPU time

System:
- Win2K SP4 with IE6 on a HP omnibook 6100 with PIIIM at 1.1GHz
- round about 35 other processes running (standard windows stuff, HP/Intel/ATI/Touchpad/deskjet-drivers, AtomiX TimeSync, RoboForm, SD TeaTimer - that's it.)
- NO other task bar applications running

Well, 'm sorry, but seem's to be a bug?? :sad:

_________

btw.: Plz, keep your comments about w2k/IE6 :P , as I MUST use it for my job!

p.s.: Messengers show'n in my profile are all disabled currently. However, feel free to drop me a line or call/chat me by GoogleTalk: logonautics@googlemail.com.
 
Last edited:
Update:

with Standalone: it works fine
1) scans for 30 sec. (sbsdscan.exe: 95%CPU)
2) stops with popup: ~ "It's recommended to reboot..."
3) user input "yes" or "no" (doesn't matter)
4) scans for ~ 60+ sec. (sbsdscan.exe: 95%CPU)
5) after scanning has ended > SDistTestStandAlone.exe: 98%CPU for a few minutes
6) 9x%CPU ends, everything is fine, Standalone can be closed.

with Service: it hangs
1) scans for 30 sec. (sbsdscan.exe: 95%CPU)
2) stops with the wav-sound of a popup; however, there is no popup to click on
3) no popup = no user input >> it hangs!

__________

exe-files @ \\...\SpybotSD\DistTest\

sbsdscan.exe (2008-06-13 09:05:01)
SDistTestConsole.exe (1.6.0.14)
SDistTestStandAlone.exe (1.6.0.12)
SDistTestSvc.exe (1.6.0.10) {now deactivated}
 
Last edited:
hello,

updated the rules in question to have the ignore parameter to be checked before the reboot parameter.

I also got to note that the 25.10.2008 02:27 SDDT-Virtumonde.sdn-Yodama.sbi
was very large since it contained all of our upgraded Virtumonde.sdn rules. This in itself could cause long scan duration.

On the other hand, if the reboot parameter got triggered on Logonaut's computer, that means Virtumonde files got found.
@ Logonaut
If you entered the same email address to the SDDT as you used to register to this forums, than your scan results will be listed in your user control panel in "my scans". There you can see the details if there had been hits. Based on this result we can also provide you with a specialized SBI file.
 
McAfee keeps catching a "virus" in the ini file

For about the past week McAfee keeps thinking that there is a virus in connection with the Distributed Testing Client.

Here is what McAfee reports each time:
McAfee has automatically blocked and removed a Virus.
About this Virus
Detected: Univ.script/99a (Virus)
Location: C:\Program Files\SDTest\sbsdscan.ini

And here is what appears to be culprit in the Testing Client:
(i) 10/28/2008 10:31 AM Queued tests:
(i) 10/28/2008 10:31 AM SDDT-PoisonIvy-micha.sbi 4082 2008-10-24 14:13:48
(i) 10/28/2008 10:31 AM Testing now: SDDT-PoisonIvy-micha.sbi...
(i) 10/28/2008 10:31 AM Downloading next: SDDT-PoisonIvy-micha.sbi
(i) 10/28/2008 10:31 AM File received.
(i) 10/28/2008 10:31 AM Wrote configuration file.
(!) 10/28/2008 10:31 AM The log file that should have been created (logs\4082.xml) was not found!
(!) 10/28/2008 10:31 AM Damn, could not upload results, will try again later!
(i) 10/28/2008 10:31 AM Failed, need to retest!

That same test shows up over and over again, always having failed (very likely because McAfee is snatching up part of it each time).

Since it seems that it is not able to upload results, I would guess that you all would never find out about this unless someone posted (like I am doing; I don't know if anyone else posted as I only checked this thread as this seemed to be the place to post such a thing).

I hope the above is helpful. Let me know if you all need more info.

Also, I do hope that it can be fixed at some point so that McAfee doesn't keep killing that test.

:)
 
SDDT-Virtumonde.sdnc-Yodama test never finishes

In a similar vien to Logonaut's posts a little earlier in this thread I am observing that the SDDT-Virtumonde.sdnc-Yodama test has run for about 12 hours now, consistently consuming about 50% of my dual-core processor. Surely the test should have finished by now?! :scratch:

Like Logonaut I am observing this with the SDistTestSvc.exe. As far as I know I am using the most current version.

This is the last entry (before I stop the service in a minute):
(i) 10/28/2008 7:14 PM
(i) 10/28/2008 7:14 PM Queued tests:
(i) 10/28/2008 7:14 PM SDDT-Virtumonde.sdn-Yodama.sbi 4130 2008-10-28 15:48:33
(i) 10/28/2008 7:14 PM SDDT-Smitfraud-C.-Yodama.sbi 4131 2008-10-28 15:48:33
(i) 10/28/2008 7:14 PM SDDT-Virtumonde.sci-Yodama.sbi 4129 2008-10-28 15:48:33
(i) 10/28/2008 7:14 PM SDDT-AdDestination-Yodama.sbi 4128 2008-10-28 15:48:33
(i) 10/28/2008 7:14 PM SDDT-PoisonIvy-micha.sbi 4082 2008-10-24 14:13:48
(i) 10/28/2008 7:14 PM SDDT-Virtumonde.scic-Yodama.sbi 4125 2008-10-28 15:48:31
(i) 10/28/2008 7:14 PM SDDT-Virtumonde.dllc-Yodama.sbi 4126 2008-10-28 15:48:31
(i) 10/28/2008 7:14 PM SDDT-Virtumonde.sdnc-Yodama.sbi 4127 2008-10-28 15:48:33
(i) 10/28/2008 7:14 PM Testing now: SDDT-Virtumonde.sdnc-Yodama.sbi...
(i) 10/28/2008 7:14 PM Downloading next: SDDT-Virtumonde.sdnc-Yodama.sbi
(i) 10/28/2008 7:14 PM File received.
(i) 10/28/2008 7:14 PM Wrote configuration file.

It is currently almost 8:00 am the next morning.

Thought you all would want to know.

Let me know what additional info you need from me.

:)
 
File(s) sent. I had a heck of time trying to get McAfee to stop scanning files everywhere (and thus stripping out the INI files it thinks are viruses). Since I think the "infected" files did not make it through, here is the complete text from the ini files that trigger a Virus quarantine by McAfee:
Code: 
[Filesets]
SDDT-PoisonIvy-micha.sbi=True

[Main]
DoSpyware=1
DoTracks=0
IgnoreSbiError=1
DownloadDirRecursive=0
LogUse=0
LogOverwrite=0
LogDetails=0

[Results]
XMLLocation=C:\Program Files\SDistTest\logs\4019.xml

The ini file that should have made it through would be related to the Virtumonde test.

Hope this all helps!

:)
 
Hi there folks,

This is my first post on the spybot forums as I have been encouraged to post about my experiences with the Test Client.

Basically I get a combination of the results from both Logonaut and ispycookies.

Sometimes it will behave very well and other times it just keeps asking me to restart my computer as in Logonauts case.

Its mainly very similar to ispycookies case though, I can email the ini if you would like me to Buster as mine is still intact (I am using avast).

Basically long story short it is getting stuck on the “SDDT-Virtumonde.sdnc-Yodama.sbi 4127 2008-10-28” file. I too tried to leave it running but as my computer runs at about 99% load when this happens I haven't chanced leaving it on for about an hour or two.

Here is what I see (and have seen for the last few days) when I start the Test Console:

(Service started successfully.)
Click to expand...
(i) 29/10/2008 15:00
(i) 29/10/2008 15:00 Queued tests:
(i) 29/10/2008 15:00 SDDT-Virtumonde.sdn-Yodama.sbi 4134 2008-10-29 13:00:11
(i) 29/10/2008 15:00 SDDT-Smitfraud-C.-Yodama.sbi 4135 2008-10-29 13:00:12
(i) 29/10/2008 15:00 SDDT-Virtumonde.sci-Yodama.sbi 4133 2008-10-29 13:00:11
(i) 29/10/2008 15:00 SDDT-AdDestination-Yodama.sbi 4132 2008-10-29 13:00:10
(i) 29/10/2008 15:00 SDDT-Alpha-20081027-Buster.sbi 4123 2008-10-27 17:38:44
(i) 29/10/2008 15:00 SDDT-Alpha-20081027-Yodama.sbi 4124 2008-10-28 08:14:50
(i) 29/10/2008 15:00 SDDT-Virtumonde.scic-Yodama.sbi 4125 2008-10-28 15:48:31
(i) 29/10/2008 15:00 SDDT-Virtumonde.dllc-Yodama.sbi 4126 2008-10-28 15:48:31
(i) 29/10/2008 15:00 SDDT-Virtumonde.sdnc-Yodama.sbi 4127 2008-10-28 15:48:33
(i) 29/10/2008 15:00 Testing now: SDDT-Virtumonde.sdnc-Yodama.sbi...
(i) 29/10/2008 15:00 Downloading next: SDDT-Virtumonde.sdnc-Yodama.sbi
(i) 29/10/2008 15:00 File received.
(i) 29/10/2008 15:00 Wrote configuration file.
Click to expand...

I hope this can be resolved soon as I would really like to continue helping with the Beta.

If there is any more information you require please just ask and I’ll do my best to help.

Cheers,

Harv :bigthumb:
 
@MK & SDDT team:

Due to the current prob's, I'd been forced to deactivate SDDT. However, I'd like to go on using it.

So it would be great, if you could give a little hint to all of us, when the trouble will be fixed.

Thx!

Logo
 
Hello,
we checked your file and everything is alright with it. Maybe it was a false positive with McAfee. We could not reproduce the situation so maybe it is fixed already and will be solved by the latest McAfee updates.

@ispycookies: You can restart your sddt we updated the current files and the problem should be solved

Best regards,
Markus
 
MisterW said:
Hello,
we checked your file and everything is alright with it. Maybe it was a false positive with McAfee. We could not reproduce the situation so maybe it is fixed already and will be solved by the latest McAfee updates.

@ispycookies: You can restart your sddt we updated the current files and the problem should be solved

Best regards,
Markus
Click to expand...
Thanks for the reply.

I have restarted sddt and it ran through everything fine, EXCEPT that McAfee is still finding a "virus" on the same test:
Code: 
(i) 11/3/2008 10:28 AM Testing now: SDDT-PoisonIvy-micha.sbi...
(i) 11/3/2008 10:28 AM Downloading next: SDDT-PoisonIvy-micha.sbi
(i) 11/3/2008 10:28 AM File received.
(i) 11/3/2008 10:28 AM Wrote configuration file.
(!) 11/3/2008 10:28 AM The log file that should have been created (logs\4082.xml) was not found!
(!) 11/3/2008 10:28 AM Damn, could not upload results, will try again later!
(i) 11/3/2008 10:28 AM Failed, need to retest!
Code: 
(Service stopped successfully.)
(Service started successfully.)
(i) 11/3/2008 10:38 AM 
(i) 11/3/2008 10:38 AM Queued tests:
(i) 11/3/2008 10:38 AM SDDT-PoisonIvy-micha.sbi        4082 2008-10-24 14:13:48
(i) 11/3/2008 10:38 AM Testing now: SDDT-PoisonIvy-micha.sbi...
(i) 11/3/2008 10:38 AM Downloading next: SDDT-PoisonIvy-micha.sbi
(i) 11/3/2008 10:38 AM File received.
(i) 11/3/2008 10:38 AM Wrote configuration file.
(!) 11/3/2008 10:38 AM The log file that should have been created (logs\4082.xml) was not found!
(!) 11/3/2008 10:38 AM Damn, could not upload results, will try again later!
(i) 11/3/2008 10:38 AM Failed, need to retest!
And McAfee snatches up and quarantine's the ini for the above test, same as before.

But at least all of the other tests ran successfully. :)

Hopefully a update to McAfee in the near future will fix this; otherwise that test is never going to complete! :sad:
 
Hi there folks,

Just wanted to post an update to let you know how I'm getting on.

It seems that shortly after I posted my original message the file that was causing the issue was fixed / reconfigured, now everything is going as well as before and the tests are processing / completing successfully.

Many thanks for looking into this issue; I can now get back to helping out with the Testing Console!

Cheers,

Harv :)
 
@team spybot: I had the same issue with the Yodama.sbi..
4800X2 Toledo AMD..
woo1.gif


Do I have to upload some f/p-files?
I did not have any time to read the procedures that relate to opensbi and such..
ph34r.gif


having some nasty issues of my own.. (including some health-issues..)

Kind regards,

Hoping to be able to support Team S&D soon again.. [in A financial manner]
 
Last edited:
@ PepiMK....

PepiMK said:
The license file for the command line scanner has expired today, a new update will be available asap, probably today :)
Click to expand...

I have downloaded and installed the latest update for the testing console, however, even though i have the latest update installed, when i click "about" in the program (which seems to go straight to the updater for some reason) I get the following: There's a new version, 1.6.1, available. Update to 1.6.1 is required to run after November 23rd, 2008. Do you want to download it? And when i click no, (as i have already did the update) it brings me to the about screen and says the following info: spybot s&d distributed testing console 1.6.1.15 Which is the latest version.....yet it keeps telling me a new update is available, and yet i already have it. Just thought i would let you know of this. Uninstall and install again does not help. So ya, little bug ;)
 
Last edited:
new update avail

129260 said:
I have downloaded and installed the latest update for the testing console, however, even though i have the latest update installed, when i click "about" in the program (which seems to go straight to the updater for some reason) I get the following: There's a new version, 1.6.1, available. Update to 1.6.1 is required to run after November 23rd, 2008. Do you want to download it? And when i click no, (as i have already did the update) it brings me to the about screen and says the following info: spybot s&d distributed testing console 1.6.1.15 Which is the latest version.....yet it keeps telling me a new update is available, and yet i already have it. Just thought i would let you know of this. Uninstall and install again does not help. So ya, little bug ;)
Click to expand...

Ditto. Same here.
 
You must log in or register to reply here.
Back
Top