Spybot-S&D 2.0 Beta 4 release thread
Spybot-S&D 2.0 Beta 4 just got released!
This release sees speed enhancements, greater stability and improved Live Protection.
See our our official release announcement for more details and download links.
Please help with beta-testing so Spybot-S&D 2.0 final will be rock stable.
You may use this thread for general comments about the beta release, please open new threads if you like to discuss specific issues.
Regarding the Rootkit Scanner:
It finds thousands of entries.
The common factor is; under Details it reports 'Invisible to Win32'.
Hopefully this is less buggy, and hopefully it works better overall.
As it appears no-one is following the suggestion to use this thread for reporting issues with BETA4, I thought I might give it a bump.
Anyway, why is the Rootkit Scanner doing what I reported?
Is that normal (I certainly hope not)?
Patiently awaiting a reply...
I know at least that some rootkits rely on Registry entries with strings containing the null character (ASCII/UTF8/UTF16 code-point 0), because that character ends a C-style string, so regedit won't pick up anything after the null character, even though lower-level APIs for accessing the Registry do pick up the entire string and make use of it.
One possibility is that such strings are in fact handled incorrectly by the Win32 API (the lowest-level API for which ordinary Windows programs can be programmed) but correctly by the Native API, used by the kernel, drivers, and...rootkits.
OK, but Kaspersky and GMER find nothing.
I noticed the entries appeared to all be in User folders, in the Application Data/*/*/*/*/*... subfolders. (where * is Application Data again), this repeats several times, literally thousands of entries.
After a couple hours I shut down the scanner, because it was not finding anything new, just repeating, except in a different User folder.
I would imagine a more inexperienced user might delete all those entries, possibly wrecking their OS.
The fact I am running X64 version of Windows would not have anything to do with it?
Anyway, uninstalled and awaiting next BETA.
Send the false-positives to the Spybot team, or make a log.
So, you do not have this issue?
Originally Posted by imageek
If it is specific only to my rig, I do not believe that will be worth the many, many hours it would take to complete, and I will simply forego the use of SBS&D.
If others will verify they are experiencing the same thing, and submit their own logs/false positives, then perhaps I might make the effort...
I have been busy with a lot of things lately, therefore I haven't had the opportunity or time to test out the new beta version. In addition, I don't try beta software on my current PC, or basically I do, but I use a virtual machine.
I have no reluctance trying BETA software, but when I find it is not operating properly it is quickly uninstalled (as is the case here).
Originally Posted by imageek