Results 1 to 7 of 7

Thread: Probs with Spybot S&D

  1. #1
    Junior Member
    Join Date
    Apr 2007
    Posts
    8

    Default Probs with Spybot S&D

    After I have taken updates from S&D each scan says the number of bad items now covered after "Immunize". After taking the latest update this popped up as over 39000. This is not the number shown at the bottom of the screen whilst the scan is running and never has been. At the next scan the number of baddies reduced to 23000 appx; then 19000 appx. At the same time certain files from my McAfee Internet Security Suite have been somehow deleted - not by me - and McA say uninstall and reinstall, but McA still seems to be running OK and McA's own test confirms that. The S&D scan is also slower, now about 12 mins instead of 8 and PC is running slower generally.

    Have run Kaspersky which lists a number of files that could not be scanned as they were locked; I took a report but Kasp did not find any baddies in the accesible files.

    Leading on from this it seems that I could have been Hijacked so I ran 'Hijackthis' which reported as follows:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:30:29, on 19/08/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16512)
    Boot mode: Normal

    Running processes:
    E:\WINDOWS\System32\smss.exe
    E:\WINDOWS\system32\winlogon.exe
    E:\WINDOWS\system32\services.exe
    E:\WINDOWS\system32\lsass.exe
    E:\WINDOWS\system32\svchost.exe
    E:\WINDOWS\system32\svchost.exe
    E:\Program Files\Windows Defender\MsMpEng.exe
    E:\WINDOWS\System32\svchost.exe
    E:\Program Files\Ahead\InCD\InCDsrv.exe
    E:\WINDOWS\System32\svchost.exe
    E:\WINDOWS\System32\svchost.exe
    E:\WINDOWS\system32\spoolsv.exe
    E:\WINDOWS\System32\svchost.exe
    E:\Program Files\Common Files\LightScribe\LSSrvc.exe
    e:\program files\mcafee.com\agent\mcdetect.exe
    e:\PROGRA~1\mcafee.com\vso\mcshield.exe
    e:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    E:\WINDOWS\Explorer.EXE
    E:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    E:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    E:\Program Files\McAfee.com\VSO\mcvsshld.exe
    E:\PROGRA~1\mcafee.com\agent\mcagent.exe
    E:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    E:\PROGRA~1\mcafee.com\mps\mscifapp.exe
    E:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
    e:\progra~1\mcafee.com\vso\mcvsescn.exe
    E:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    E:\Program Files\McAfee.com\VSO\oasclnt.exe
    E:\Program Files\Windows Defender\MSASCui.exe
    E:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
    E:\Program Files\SiteAdvisor\6066\SiteAdv.exe
    E:\Program Files\McAfee\McAfee QuickClean\PlgUni.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    E:\WINDOWS\system32\ctfmon.exe
    E:\Program Files\SiteAdvisor\6066\SAService.exe
    E:\WINDOWS\System32\snmp.exe
    E:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    E:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    E:\WINDOWS\System32\alg.exe
    C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    E:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www./
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Mandy's Legs
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - E:\Program Files\SiteAdvisor\6066\SiteAdv.dll
    O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - e:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dll
    O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - e:\program files\mcafee.com\mps\popupkiller.dll
    O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - e:\program files\mcafee\spamkiller\mcapfbho.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - e:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - E:\Program Files\SiteAdvisor\6066\SiteAdv.dll
    O4 - HKLM\..\Run: [VSOCheckTask] "E:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] E:\Program Files\McAfee.com\VSO\mcvsshld.exe
    O4 - HKLM\..\Run: [MCAgentExe] e:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MPFExe] E:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [MPSExe] e:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
    O4 - HKLM\..\Run: [MSKAGENTEXE] E:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
    O4 - HKLM\..\Run: [MSKDetectorExe] E:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
    O4 - HKLM\..\Run: [Smapp] E:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    O4 - HKLM\..\Run: [OASClnt] E:\Program Files\McAfee.com\VSO\oasclnt.exe
    O4 - HKLM\..\Run: [Windows Defender] "E:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [DVDTray] E:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
    O4 - HKLM\..\Run: [SiteAdvisor] E:\Program Files\SiteAdvisor\6066\SiteAdv.exe
    O4 - HKLM\..\Run: [MCUpdateExe] e:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
    O4 - HKCU\..\Run: [McAfee QuickClean Imonitor] "E:\Program Files\McAfee\McAfee QuickClean\PlgUni.exe" /START
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "E:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - e:\program files\mcafee\spamkiller\mcapfbho.dll
    O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - e:\program files\mcafee\spamkiller\mcapfbho.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/micr...?1186588559890
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1186588528343
    O16 - DPF: {71057C18-0507-4747-86BC-E11CE7512C5F} (mailhelper Class) - https://register.btinternet.com/temp...control013.cab
    O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - https://register.btinternet.com/temp...control024.cab
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - E:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - E:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - e:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - e:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - e:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - E:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - E:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - E:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    O23 - Service: SiteAdvisor Service - McAfee, Inc. - E:\Program Files\SiteAdvisor\6066\SAService.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - E:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

    --
    End of file - 8299 bytes

    So far as locked files are concerned, I do not know how to unlock them and therefore I have not tried, on the basis that if Kas can't open them then there is a pretty good chance that no one else can either, although this is pure, perhaps naive, supposition. As suggested I have done nothing other than take the Hijack report at this point.

    Suggestions??? Or is S&D vulnerable in some way??

    Thanks & Kind Regards

    David

  2. #2
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,247

    Default

    Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
    "BEFORE you POST" (READ this Procedure before Requesting Assistance)
    http://forums.spybot.info/showthread.php?t=288
    All advice given is taken at your own risk.
    Please make sure you have read this information so we are on the same page.

    Hello David, this is the malware forum, I see no malware in the HJT log. If your Kaspersky scan is showing no issues, chances are you are clean.

    If you are having issues with Spybot S&D you can address these here:
    http://forums.spybot.info/forumdisplay.php?f=4

    You can use HJT to remove this junk if you wish. It IS NOT malware.

    Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www./
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

    Close all programs but HJT and all browser windows, then click on "Fix Checked"

    Run Clean Managerhttp://spyware-free.us/tutorials/cleanmgr/

    If I can help more, please let me know.

    Thanks
    MS-MVP Consumer Security 2007-08-09
    Proud Member ASAP
    UNITE Member 2006

  3. #3
    Junior Member
    Join Date
    Apr 2007
    Posts
    8

    Default Probs etc

    Thanks PSKELLEY

    I had read the notes before posting and felt that I had covered the 'basics' and was trying to avoid your need to state the obvious. On the question of 'locked files' that could not be scanned - is it possible for an outsider to dump something bad on my PC and then 'lock' that item; viz who can and does lock these files and is this relevant to security issues?

    My worry stems from the fact that a McAfee file and a registry entry were deleted by someone else and my S&D immunized count kept changing and was running very slowly - i.e. some external force was acting. S&D sets out and achieves more than any of the other similar types and I would want to ensure that info was fed back to keep it that way.

    Will take up the suggestion of the S&D forum.

    Thanks again

    David

  4. #4
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,247

    Default

    I had read the notes before posting and felt that I had covered the 'basics' and was trying to avoid your need to state the obvious. On the question of 'locked files' that could not be scanned - is it possible for an outsider to dump something bad on my PC and then 'lock' that item; viz who can and does lock these files and is this relevant to security issues?
    Sorry, I post that for everyone, you would be astounded at how many folks never see the Pinned information. We use the Kaspersky scan because it is one of the very best, I use these instructions myself:
    * The program will launch and then begin downloading the latest definition files:
    * Once the files have been downloaded click on NEXT
    * Now click on Scan Settings
    * In the scan settings make that the following are selected:
    * Scan using the following Anti-Virus database:
    * Standard
    * Scan Options:
    * Scan Archives
    * Scan Mail Bases
    * Click OK
    * Now under select a target to scan:
    * Select My Computer
    * This will program will start and scan your system.
    * The scan will take a while so be patient and let it run.
    * Once the scan is complete it will display if your system has been infected.
    * Now click on the Save as Text button:
    * Save the file to your desktop.

    I have never had a problem, but I am no Kaspersky expert. I would suggest you ask those questions to there technical support or perhaps at this forum:
    http://forum.kaspersky.com/index.php?showforum=4
    http://usa.kaspersky.com/support/

    http://ts.mcafeehelp.com/default.asp...ution=1024x768
    Good luck, I have been using them for years and have yet to get any comprehensive help.

    I also use Spybot S&D but I am far from being an expert, folks at the forum I directed you to will be able to assist with your questions.

    Thanks
    MS-MVP Consumer Security 2007-08-09
    Proud Member ASAP
    UNITE Member 2006

  5. #5
    Junior Member
    Join Date
    Apr 2007
    Posts
    8

    Default Probs

    Dear PSKELLEY,

    Thanks for those kind comments. I had run all of the things you suggested in Kaspersky and the only bone of contention left is the "locked files" which I will address to them.

    I will go to the S&D forum to see if any of the other "brains" out there have any suggestions on why the "Immumize" level should keep on changing.

    McAfee is probably the top end of nothing so far as security progs are concerned - they certainly do not have the 'friendly face' of S&D.

    I note that you are nearly exactly 2 years older than I am, and it is great to see you up there with the best.

    Thanks & Kind Regards

    David

  6. #6
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,247

    Default

    Hi David, I want you to know there are a lot of us still swinging a sword at our age here is some information that might be handy in the future.

    Here is some great information from experts in this field that will help you stay clean and safe online.
    http://users.telenet.be/bluepatchy/m...revention.html
    http://forums.spybot.info/showthread.php?t=279
    http://russelltexas.com/malware/allclear.htm
    http://forum.malwareremoval.com/viewtopic.php?t=14
    http://www.bleepingcomputer.com/forums/topict2520.html
    http://cybercoyote.org/security/not-admin.shtml

    Thanks...Phil
    Safer Networking Forums
    http://www.spybot.info/en/donate/index.html
    If you are reading this information...thank a teacher,
    If you are reading it in English...thank a soldier.
    MS-MVP Consumer Security 2007-08-09
    Proud Member ASAP
    UNITE Member 2006

  7. #7
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,247

    Default

    As the problem appears to be resolved this topic has been closed.

    If you need it re-opened please send me or a forum staff member a private message (pm) and provide a link to the thread; this applies only to the original topic starter.

    Anyone else with similar problems please start a new topic.

    Thanks
    MS-MVP Consumer Security 2007-08-09
    Proud Member ASAP
    UNITE Member 2006

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •