Results 1 to 5 of 5

Thread: worm in updater

  1. #1
    Junior Member
    Join Date
    Jun 2008
    Location
    Southern New Jersey, USA
    Posts
    2

    Default worm in updater

    I need to report a bug in SB S&D

    There is a worm in the updater!

    I saw evidence of it when I first changed my firewall to Online Armor. The list of Allowed Hosts to 127.0.0.1 took minutes to scroll through and were to sites that I would never approve. It took a long time for me to block every one.



    This list has gotten so long that it takes several minutes for me to just scroll down it.

    I did not know it was the problem, but I began to suspect SB S&D when my firewall would ask me if I wanted to allow the "New Host Entry that has been detected" when I was running the SB update.

    It was not until very recently that my antivirus made me aware of it.
    This is what it said about it:

    Antivirus Program – Avast 4.8
    C:\Program Files\SpywareBlaster\sbautoupdate.exe
    Win32:Trojan-gen {Other}
    Virus/Worm
    080626-0, 06/26/2008

    By the way, this is a new computer, I am running Win XP Pro and I downloaded SB S&D from one of the links on the site.

    The same thing has been happening on my daughter's computer for a few months before I got this new computer. I blamed her for going to unsafe sites. I reformated her computer and promply reinstalled SB S&D. The same things happened. Again I blamed her. I have since apologized.

    Her computer is Win XP.

  2. #2
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default

    Hello moew27,

    Quote Originally Posted by moew27 View Post
    It was not until very recently that my antivirus made me aware of it.
    This is what it said about it:

    Antivirus Program – Avast 4.8
    C:\Program Files\SpywareBlaster\sbautoupdate.exe
    Win32:Trojan-gen {Other}
    Virus/Worm
    080626-0, 06/26/2008
    That may be a false positive by Avast 4.8 regarding SpywareBlaster.

    Regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  3. #3
    Spybot Advisor Team [Retired] md usa spybot fan's Avatar
    Join Date
    Oct 2005
    Posts
    5,859

    Default

    moew27:

    Why are you blocking those entries? Those entries in the HOSTS file equate those domain names to your system to prevent access to those sites. It is part of the protection Spybot offers and you are negating it.

    If you do not want to prevent access to these sites, rather than have Online Armor block adding the entries just don't add them to begin with:
    • Go into Spybot > Immunize.
    • Right click on the right hand pane and select "Deselect all".
    • Scroll down to the bottom of the right hand pane and under Windows check "Global (Hosts)".
    • Click the "Undo" button at the top of the right pane.
    • Right click on the right hand pane and select "Select all".
    • Scroll down to the bottom of the right hand pane and under Windows uncheck "Global (Hosts)".
    • Leave "Global (Hosts)" uncheck so Spybot does not add entries to the HOSTS file.

    __________

    Suggested reading:
    Last edited by md usa spybot fan; 2008-06-27 at 01:40.

    Getting an answer is one thing, learning is another.


    Microsoft Windows XP Home Edition running on a 2.40GHz Intel® Pentium® 4 Processor with 512 MB of RAM and a 533 MHz System Bus.

  4. #4
    Junior Member
    Join Date
    Jun 2008
    Location
    Southern New Jersey, USA
    Posts
    2

    Default Bonking my head here

    Quote Originally Posted by md usa spybot fan View Post
    Why are you blocking those entries? Those entries in the HOSTS file equate those domain names to your system to prevent access to those sites. It is part of the protection Spybot offers and you are negating it.
    Thank you for explaining that to me.
    I have allowed all of the entries in the hosts files .


    Quote Originally Posted by tashi View Post

    That may be a false positive by Avast 4.8 regarding SpywareBlaster.
    SpywareBlaster!!!!!! I thought it was Spybot S&D!!!

    Well, gee, umm, well then, it looks as though I am in the wrong forum.

    Thanks to all.

    Moew27 turns and looks for the door and the map for the spywareblaster forum.

  5. #5
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default

    Hello,

    Wilders has a good forum for SpywareBlaster discussion.

    As you can see by this topic, AVG False-Positive Detection on sbautoupdate.exe, it's not the first time an AV has flagged "sbautoupdate.exe".

    The legitimate sbautoupdate.exe file is digitally signed by "Javacool Software LLC", and has the following checksums:

    MD5: 5D0E5821EB35CDA9C320C1BDF1A4B695
    SHA1: 62B09B3503C05A3CC853BB8BDFCC8292FD200E53
    Regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •