Results 1 to 7 of 7

Thread: Something hijacked my Spybot S&D

  1. #1
    Junior Member
    Join Date
    Oct 2005
    Posts
    4

    Default Something hijacked my Spybot S&D

    I love spybot S&D, but I did have something hijack Spybot for several months. I did scan after scan with Spybot, Microsofts spyware detector, Pest Patrol, and Adaware and nothing found it. I even ran 2 sets of virus software.

    I knew something was hijacking my system because every time I tried to update all of my spyware it would never remain updated. When I tried to update from S&D it would usually come up with a bad checksum. I could and did, for a while, update and scan every day to no avail, even with all of my spy software and my virus software.

    Finally I downloaded the new version of Spybot 1.4 and its update from the website, and when I ran the spy check it found 17 spybots, and now my system runs perfectly fine now.

  2. #2
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,492

  3. #3
    Senior Member
    Join Date
    Oct 2005
    Location
    Los Angeles
    Posts
    219

    Default Misery loves company

    you might want to try a few other scanners and on line anti virus scans
    like bit-defender and kaspersky, panda, trend micro, etc
    be sure and update and turn on full scanning ( options very scanner dependent)
    also EWIDO or trojan hunter
    these things tend to bunch together
    what protection do you run?
    how did you get infected?
    can't be more specific without knowing your os
    you are fully patched- right?

    all the best
    wyrmrider

  4. #4
    Junior Member
    Join Date
    Oct 2005
    Posts
    4

    Default

    I think we got it when my wife tried to buy some flowers on line. My pest Patrol went crazy beeping warning of cookies. She went back to that site 2 or 3 more times while I was not in the room. It seem to be trying to hijack her browser too. She uses IE and I use Mozilla. I think that is where we got it. I also could have picked it up from one of my pictures. I love photos and I canít resist downloading wallpaper.

    I think my Webshots collection is infected, because I have had to reinstall XP a bunch of times, because I just seem canít live without them since I spent money and 2 years collecting them.

    Also, but I am not sure, but I think it also infected my Spybot S&D includes. I am just very happy that I was able to get rid of the Blankity Blank thing.

  5. #5
    Junior Member
    Join Date
    Oct 2005
    Posts
    4

    Default

    Now that I have had some time to think about this. I do remember several years ago I was asked to approve the addition of 207mm.net or 307mm.net or something very similar. When I installed the new Spybot 1.4 at first it would not allow the software to delete Advcheck.dll. It said I did not have permission. I however am running as an administrator on my computer. Since I run Tea Time and the Microsoft spyware simultaneously the Microsoft asked permission to allow the 207mm.net or the 307mm.net browser tweak, to which I said no.

  6. #6
    Esteemed Member
    Join Date
    Oct 2005
    Posts
    554

    Default

    gszwag: Most of your problems are more likely coming from interactions between the different antispyware products, more specifically the active protection portions of these products or issues within the products themselves. A hijack is possible, but doesn't really explain the issues you were seeing.
    Since I run Tea Time and the Microsoft spyware simultaneously the Microsoft asked permission to allow the 207mm.net or the 307mm.net browser tweak, to which I said no.
    It's 139mm.com and a known issue with Microsoft AntiSpyware. You should have allowed it since it's one of Spybot S&D's Immunize; Restricted Sites entries. MSAS makes it sound like a bad thing, but it's wrong as the links below discuss.
    http://spybot.safer-networking.de/en...005-06-21.html
    http://spybot.safer-networking.de/en...005-07-01.html
    http://support.microsoft.com/?kbid=902956
    I knew something was hijacking my system because every time I tried to update all of my spyware it would never remain updated. When I tried to update from S&D it would usually come up with a bad checksum. I could and did, for a while, update and scan every day to no avail, even with all of my spy software and my virus software.
    This is most likely a problem that's been building over the last few months as Spybot S&D's Detections Updates grew in size and the Updates Download servers started to become overloaded. This situation was improved greatly over the last few weeks as new update server(s) were added and issues with several others were fixed.
    http://forums.spybot.info/showthread.php?p=174#post174
    Finally I downloaded the new version of Spybot 1.4 and its update from the website, and when I ran the spy check it found 17 spybots, and now my system runs perfectly fine now.
    Glad to hear it, but this is probably less an issue of a specific peice of malware then the differences between Spybot S&D 1.3 and 1.4 versions, even when they're using the same Detections Updates. Version 1.3 has known issues with some of the more current detections, so even though it may be updated it really isn't detecting everything that 1.4 can.

    This is why the first thing recommended is to upgrade to SS&D 1.4 before attempting other fixes. For example:
    http://forums.spybot.info/showthread.php?p=505#post505

    Moral of the story; keep your anti-malware applications up to date and be aware that changes you make in one of these applications can be affected by or cause issues with others. The more such applications you have, the more possibility for interaction. I'd keep the number of such applications down to no more then two anitspyware with only one operating in active mode and one active mode antivirus. Use online scans from different antivirus vendors occasionally as a crosscheck. Any more then this is overkill and will take more time to keep updated then it's worth.

    It's far more important that the products you use are up to date, including current detections/signatures then having larger numbers of outdated products. If you're having problems updating in the future, get to a forum or other support site immediately since it's always possible that malware is causing the issue as you originally thought.

  7. #7
    Junior Member
    Join Date
    Oct 2005
    Posts
    4

    Default

    Thanks for the great info bitman and everyone!
    Last edited by gszwag; 2005-11-04 at 21:33.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •