Page 3 of 7 FirstFirst 1234567 LastLast
Results 21 to 30 of 66

Thread: Distributed Testing, updated to 1.6 and leaving beta status

  1. #21
    Junior Member
    Join Date
    Oct 2008
    Location
    Germany, Herzberg
    Posts
    8

    Unhappy SDDT Scan hangs (reproducably scince yesterday)

    Scince yesterday, "SDistTestSvc.ex" regularily hangs with 99% CPU usage after a few scans.


    The GUI console shows:

    (i) 25.10.2008 02:27 Queued tests:
    (i) 25.10.2008 02:27 SDDT-Virtumonde.Dll-Yodama.sbi 4074 2008-10-24 11:33:32
    (i) 25.10.2008 02:27 SDDT-new-micha.sbi 4089 2008-10-24 14:13:49
    (i) 25.10.2008 02:27 SDDT-Virtumonde.sdn-Yodama.sbi 4075 2008-10-24 11:33:35
    (i) 25.10.2008 02:27 SDDT-Smitfraud-C.gp_RG-rene.sbi 4094 2008-10-24 17:29:57
    (i) 25.10.2008 02:27 SDDT-Win32.Agent.aec-micha.sbi 4078 2008-10-24 14:13:47
    (i) 25.10.2008 02:27 SDDT-Netbus-micha.sbi 4079 2008-10-24 14:13:48
    (i) 25.10.2008 02:27 SDDT-Win32.VB.bco-micha.sbi 4080 2008-10-24 14:13:48
    (i) 25.10.2008 02:27 SDDT-Win32.Agent.wf-micha.sbi 4081 2008-10-24 14:13:48
    (i) 25.10.2008 02:27 SDDT-PoisonIvy-micha.sbi 4082 2008-10-24 14:13:48
    (i) 25.10.2008 02:27 SDDT-Joke.Password-micha.sbi 4083 2008-10-24 14:13:48
    (i) 25.10.2008 02:27 SDDT-Win32.Autoit.p-micha.sbi 4084 2008-10-24 14:13:48
    (i) 25.10.2008 02:27 SDDT-Win32.SdBot.aad-micha.sbi 4085 2008-10-24 14:13:49
    (i) 25.10.2008 02:27 SDDT-Win32.VB.dn-micha.sbi 4086 2008-10-24 14:13:49
    (i) 25.10.2008 02:27 SDDT-Win32.mIRC.603-micha.sbi 4087 2008-10-24 14:13:49
    (i) 25.10.2008 02:27 SDDT-MSNFlood-micha.sbi 4088 2008-10-24 14:13:49

    ...then...

    loading and testing the sbi's - all with "success"

    ...until SDDT-Virtumonde.sdn-Yodama.sbi (>> which has been tested at last, although it seems to be the first one to be tested according to the list above?!).


    There's no "success" after testing SDDT-Virtumonde.sdn-Yodama.sbi

    but

    - playing a "ping"-sound (like if there would be a dialog box, however, there isn't one!)

    - almost freezing CPU by 99% usage by the "SDistTestSvc.ex" process (OK, it's a Pentium III M at 1.1 GHz, however, it's been working fine so fare with all other SaferNW products inclunding SDDT.)

    - no chance to stop the process, neither in GUI window ("stop service") nor in the win2K task manager ("stop process") - access denied; however, machine can be shot down w/o probs.


    Here are some more details about the context:

    SDistTestSvc.ex:
    - 21 GDI objects
    - 115 handles
    - 8 threads
    - 5.952 KB memory
    - 6.320 KB max. memory
    - 5.672 KB virtual memory
    - CPU time: 99% usage starts after a few seconds of CPU time

    System:
    - Win2K SP4 with IE6 on a HP omnibook 6100 with PIIIM at 1.1GHz
    - round about 35 other processes running (standard windows stuff, HP/Intel/ATI/Touchpad/deskjet-drivers, AtomiX TimeSync, RoboForm, SD TeaTimer - that's it.)
    - NO other task bar applications running

    Well, 'm sorry, but seem's to be a bug??

    _________

    btw.: Plz, keep your comments about w2k/IE6 :P , as I MUST use it for my job!

    p.s.: Messengers show'n in my profile are all disabled currently. However, feel free to drop me a line or call/chat me by GoogleTalk: logonautics@googlemail.com.
    Last edited by Acamas; 2008-10-25 at 05:08.

  2. #22
    Junior Member
    Join Date
    Oct 2008
    Location
    Germany, Herzberg
    Posts
    8

    Default

    Update:

    with Standalone: it works fine
    1) scans for 30 sec. (sbsdscan.exe: 95%CPU)
    2) stops with popup: ~ "It's recommended to reboot..."
    3) user input "yes" or "no" (doesn't matter)
    4) scans for ~ 60+ sec. (sbsdscan.exe: 95%CPU)
    5) after scanning has ended > SDistTestStandAlone.exe: 98%CPU for a few minutes
    6) 9x%CPU ends, everything is fine, Standalone can be closed.

    with Service: it hangs
    1) scans for 30 sec. (sbsdscan.exe: 95%CPU)
    2) stops with the wav-sound of a popup; however, there is no popup to click on
    3) no popup = no user input >> it hangs!

    __________

    exe-files @ \\...\SpybotSD\DistTest\

    sbsdscan.exe (2008-06-13 09:05:01)
    SDistTestConsole.exe (1.6.0.14)
    SDistTestStandAlone.exe (1.6.0.12)
    SDistTestSvc.exe (1.6.0.10) {now deactivated}
    Last edited by Acamas; 2008-10-25 at 09:36.

  3. #23
    Member of Team Spybot PepiMK's Avatar
    Join Date
    Oct 2005
    Location
    Planet Earth
    Posts
    3,574

    Default

    Hmmm...

    The reboot parameter should be ignored on all nonvisual scanners. I'll tell detectives to make sure this is checked in all detection rules, and make sure there's an additional check inside the code to skip this.
    Just remember, love is life, and hate is living death.
    Treat your life for what it's worth, and live for every breath
    (Black Sabbath: A National Acrobat)

  4. #24
    Senior Member Yodama's Avatar
    Join Date
    Oct 2005
    Location
    Buchenheim
    Posts
    1,110

    Default

    hello,

    updated the rules in question to have the ignore parameter to be checked before the reboot parameter.

    I also got to note that the 25.10.2008 02:27 SDDT-Virtumonde.sdn-Yodama.sbi
    was very large since it contained all of our upgraded Virtumonde.sdn rules. This in itself could cause long scan duration.

    On the other hand, if the reboot parameter got triggered on Logonaut's computer, that means Virtumonde files got found.
    @ Logonaut
    If you entered the same email address to the SDDT as you used to register to this forums, than your scan results will be listed in your user control panel in "my scans". There you can see the details if there had been hits. Based on this result we can also provide you with a specialized SBI file.
    born in the shadow to die in the shadow, that is the fate of the shinobi

    Spybot S&D Downloads

    Please help us improve Spybot and download our distributed testing client.

  5. #25
    Junior Member
    Join Date
    Aug 2008
    Posts
    5

    Default McAfee keeps catching a "virus" in the ini file

    For about the past week McAfee keeps thinking that there is a virus in connection with the Distributed Testing Client.

    Here is what McAfee reports each time:
    McAfee has automatically blocked and removed a Virus.
    About this Virus
    Detected: Univ.script/99a (Virus)
    Location: C:\Program Files\SDTest\sbsdscan.ini

    And here is what appears to be culprit in the Testing Client:
    (i) 10/28/2008 10:31 AM Queued tests:
    (i) 10/28/2008 10:31 AM SDDT-PoisonIvy-micha.sbi 4082 2008-10-24 14:13:48
    (i) 10/28/2008 10:31 AM Testing now: SDDT-PoisonIvy-micha.sbi...
    (i) 10/28/2008 10:31 AM Downloading next: SDDT-PoisonIvy-micha.sbi
    (i) 10/28/2008 10:31 AM File received.
    (i) 10/28/2008 10:31 AM Wrote configuration file.
    (!) 10/28/2008 10:31 AM The log file that should have been created (logs\4082.xml) was not found!
    (!) 10/28/2008 10:31 AM Damn, could not upload results, will try again later!
    (i) 10/28/2008 10:31 AM Failed, need to retest!

    That same test shows up over and over again, always having failed (very likely because McAfee is snatching up part of it each time).

    Since it seems that it is not able to upload results, I would guess that you all would never find out about this unless someone posted (like I am doing; I don't know if anyone else posted as I only checked this thread as this seemed to be the place to post such a thing).

    I hope the above is helpful. Let me know if you all need more info.

    Also, I do hope that it can be fixed at some point so that McAfee doesn't keep killing that test.


  6. #26
    Junior Member
    Join Date
    Aug 2008
    Posts
    5

    Default SDDT-Virtumonde.sdnc-Yodama test never finishes

    In a similar vien to Logonaut's posts a little earlier in this thread I am observing that the SDDT-Virtumonde.sdnc-Yodama test has run for about 12 hours now, consistently consuming about 50% of my dual-core processor. Surely the test should have finished by now?!

    Like Logonaut I am observing this with the SDistTestSvc.exe. As far as I know I am using the most current version.

    This is the last entry (before I stop the service in a minute):
    (i) 10/28/2008 7:14 PM
    (i) 10/28/2008 7:14 PM Queued tests:
    (i) 10/28/2008 7:14 PM SDDT-Virtumonde.sdn-Yodama.sbi 4130 2008-10-28 15:48:33
    (i) 10/28/2008 7:14 PM SDDT-Smitfraud-C.-Yodama.sbi 4131 2008-10-28 15:48:33
    (i) 10/28/2008 7:14 PM SDDT-Virtumonde.sci-Yodama.sbi 4129 2008-10-28 15:48:33
    (i) 10/28/2008 7:14 PM SDDT-AdDestination-Yodama.sbi 4128 2008-10-28 15:48:33
    (i) 10/28/2008 7:14 PM SDDT-PoisonIvy-micha.sbi 4082 2008-10-24 14:13:48
    (i) 10/28/2008 7:14 PM SDDT-Virtumonde.scic-Yodama.sbi 4125 2008-10-28 15:48:31
    (i) 10/28/2008 7:14 PM SDDT-Virtumonde.dllc-Yodama.sbi 4126 2008-10-28 15:48:31
    (i) 10/28/2008 7:14 PM SDDT-Virtumonde.sdnc-Yodama.sbi 4127 2008-10-28 15:48:33
    (i) 10/28/2008 7:14 PM Testing now: SDDT-Virtumonde.sdnc-Yodama.sbi...
    (i) 10/28/2008 7:14 PM Downloading next: SDDT-Virtumonde.sdnc-Yodama.sbi
    (i) 10/28/2008 7:14 PM File received.
    (i) 10/28/2008 7:14 PM Wrote configuration file.

    It is currently almost 8:00 am the next morning.

    Thought you all would want to know.

    Let me know what additional info you need from me.


  7. #27
    Member of Team Spybot Buster's Avatar
    Join Date
    Oct 2005
    Location
    Bochum/Germany
    Posts
    389

    Default

    Hello ispycookies!
    Thanks for this information. Please send the "C:\Program Files\SDTest\sbsdscan.ini" file to detections@spybot.info as we would like to reproduce this. Thanks in advance!
    "The advantage of wisdom is that you can always act the fool. The opposite is quite tough."

    K. Tucholsky

    _______________________________________________________________

    Please help us improve Spybot and download our distributed testing client.

  8. #28
    Junior Member
    Join Date
    Aug 2008
    Posts
    5

    Default

    File(s) sent. I had a heck of time trying to get McAfee to stop scanning files everywhere (and thus stripping out the INI files it thinks are viruses). Since I think the "infected" files did not make it through, here is the complete text from the ini files that trigger a Virus quarantine by McAfee:
    Code:
    [Filesets]
    SDDT-PoisonIvy-micha.sbi=True
    
    [Main]
    DoSpyware=1
    DoTracks=0
    IgnoreSbiError=1
    DownloadDirRecursive=0
    LogUse=0
    LogOverwrite=0
    LogDetails=0
    
    [Results]
    XMLLocation=C:\Program Files\SDistTest\logs\4019.xml
    The ini file that should have made it through would be related to the Virtumonde test.

    Hope this all helps!


  9. #29
    Junior Member
    Join Date
    Oct 2008
    Location
    Kent, UK
    Posts
    7

    Default

    Hi there folks,

    This is my first post on the spybot forums as I have been encouraged to post about my experiences with the Test Client.

    Basically I get a combination of the results from both Logonaut and ispycookies.

    Sometimes it will behave very well and other times it just keeps asking me to restart my computer as in Logonauts case.

    Its mainly very similar to ispycookies case though, I can email the ini if you would like me to Buster as mine is still intact (I am using avast).

    Basically long story short it is getting stuck on the “SDDT-Virtumonde.sdnc-Yodama.sbi 4127 2008-10-28” file. I too tried to leave it running but as my computer runs at about 99% load when this happens I haven't chanced leaving it on for about an hour or two.

    Here is what I see (and have seen for the last few days) when I start the Test Console:

    (Service started successfully.)
    (i) 29/10/2008 15:00
    (i) 29/10/2008 15:00 Queued tests:
    (i) 29/10/2008 15:00 SDDT-Virtumonde.sdn-Yodama.sbi 4134 2008-10-29 13:00:11
    (i) 29/10/2008 15:00 SDDT-Smitfraud-C.-Yodama.sbi 4135 2008-10-29 13:00:12
    (i) 29/10/2008 15:00 SDDT-Virtumonde.sci-Yodama.sbi 4133 2008-10-29 13:00:11
    (i) 29/10/2008 15:00 SDDT-AdDestination-Yodama.sbi 4132 2008-10-29 13:00:10
    (i) 29/10/2008 15:00 SDDT-Alpha-20081027-Buster.sbi 4123 2008-10-27 17:38:44
    (i) 29/10/2008 15:00 SDDT-Alpha-20081027-Yodama.sbi 4124 2008-10-28 08:14:50
    (i) 29/10/2008 15:00 SDDT-Virtumonde.scic-Yodama.sbi 4125 2008-10-28 15:48:31
    (i) 29/10/2008 15:00 SDDT-Virtumonde.dllc-Yodama.sbi 4126 2008-10-28 15:48:31
    (i) 29/10/2008 15:00 SDDT-Virtumonde.sdnc-Yodama.sbi 4127 2008-10-28 15:48:33
    (i) 29/10/2008 15:00 Testing now: SDDT-Virtumonde.sdnc-Yodama.sbi...
    (i) 29/10/2008 15:00 Downloading next: SDDT-Virtumonde.sdnc-Yodama.sbi
    (i) 29/10/2008 15:00 File received.
    (i) 29/10/2008 15:00 Wrote configuration file.
    I hope this can be resolved soon as I would really like to continue helping with the Beta.

    If there is any more information you require please just ask and I’ll do my best to help.

    Cheers,

    Harv

  10. #30
    Junior Member
    Join Date
    Oct 2008
    Location
    Germany, Herzberg
    Posts
    8

    Default

    @MK & SDDT team:

    Due to the current prob's, I'd been forced to deactivate SDDT. However, I'd like to go on using it.

    So it would be great, if you could give a little hint to all of us, when the trouble will be fixed.

    Thx!

    Logo

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •