Results 1 to 8 of 8

Thread: Spybot and Windows 8

  1. #1
    Junior Member
    Join Date
    Nov 2013
    Posts
    27

    Default Spybot and Windows 8

    Have used Spybot for about 6 years on my old PC (Vista). Hardly ever any bad stuff to remove.
    Recently moved to Windows 8 and first scan has 253 items!!! Some of them seem to relate to registry key, how can I kill all these baddies safely?
    If you can help, a reply in non-technical language would be great.

  2. #2
    Spybot Advisor Team Zenobia's Avatar
    Join Date
    Oct 2005
    Posts
    5,178

    Default

    253 items looks like a lot,but Spybot also scans for usage tracks,so not everything found in your scan is necessarily bad:
    http://www.safer-networking.org/faq/usage-tracks/
    To tell if anything listed in the Spybot scan is a usage track or not,you can scroll over to the right and see what category it is listed as,or you can click on it with your mouse,and the category will show over to the left,if you're using anything above Spybot 1.6.2.

    If you're using Spybot 1.6.2,tracks would show as green.

    Also,some things could be tracking cookies,which would be a minimal threat.

    If you think that what's being found isn't mainly tracks,please post back and let me know.

  3. #3
    Junior Member
    Join Date
    Nov 2013
    Posts
    27

    Default

    Quote Originally Posted by Zenobia View Post
    253 items looks like a lot,but Spybot also scans for usage tracks,so not everything found in your scan is necessarily bad:
    http://www.safer-networking.org/faq/usage-tracks/
    To tell if anything listed in the Spybot scan is a usage track or not,you can scroll over to the right and see what category it is listed as,or you can click on it with your mouse,and the category will show over to the left,if you're using anything above Spybot 1.6.2.

    If you're using Spybot 1.6.2,tracks would show as green.

    Also,some things could be tracking cookies,which would be a minimal threat.

    If you think that what's being found isn't mainly tracks,please post back and let me know.
    Hi

    About 80 of the things are marked "very critical" -they are in 3 locations - Barowwsoe2save; montera.toolbar; toolbar.mysearchdial. all are type registry key and category malware.
    Is there a way to get rid of them?? I have Spybot 2.1.18.0 Malware scanner 2.1.18.177.
    Is there a way I can print the scan results?

    Thanks for your help

    Grandadis64 (Malc)

  4. #4
    Spybot Advisor Team Zenobia's Avatar
    Join Date
    Oct 2005
    Posts
    5,178

    Default

    You're welcome.

    If you haven't already tried scanning this way,try opening Spybot-S&D Start Center,rightclick System Scan,then select Run As Administrator.When the scan is done,click Fix Selected.
    After that's all done,you can restart your computer,and whenever you have time,please do another Spybot scan the same way as above,running as administrator.(I apologize for asking you to run two scans so close together,but I'd like to check that the problems don't return.)

    After you click Fix selected,click Save Scan log over to the right,then click Save when the window comes up.Then go to Show Previous logs,scroll down to the one that say Scan Results.If there are more than one Scans Results logfile,then the one you want has the date stuck to the end of it.If you did the scan today,it would look similar to this:Scan Results.131108-2022.txt
    Doubleclick it,when notepad opens go to Edit,then Select All,then rightclick somewhere in the notepad window and select Copy,then paste the logfile here.

  5. #5
    Junior Member
    Join Date
    Nov 2013
    Posts
    27

    Default

    Quote Originally Posted by Zenobia View Post
    You're welcome.

    If you haven't already tried scanning this way,try opening Spybot-S&D Start Center,rightclick System Scan,then select Run As Administrator.When the scan is done,click Fix Selected.
    After that's all done,you can restart your computer,and whenever you have time,please do another Spybot scan the same way as above,running as administrator.(I apologize for asking you to run two scans so close together,but I'd like to check that the problems don't return.)

    After you click Fix selected,click Save Scan log over to the right,then click Save when the window comes up.Then go to Show Previous logs,scroll down to the one that say Scan Results.If there are more than one Scans Results logfile,then the one you want has the date stuck to the end of it.If you did the scan today,it would look similar to this:Scan Results.131108-2022.txt
    Doubleclick it,when notepad opens go to Edit,then Select All,then rightclick somewhere in the notepad window and select Copy,then paste the logfile here.
    Hi

    Down to 5 baddies now, only one looks serious.
    I scanned 3 times as administrator final results below.
    Can I get rid of these last few. Also, in future can I do any damage by asking spybot to "fix all"?

    Thanks again for your help, I will make a donation to spybot.

    Search results from Spybot - Search & Destroy

    09/11/2013 15:09:25
    Scan took 00:23:38.
    5 items found.

    RelevantKnowledge: [SBI $1F0CE9A4] Settings (Registry Key, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle

    MS DirectInput: [SBI $9A063C91] Most recent application (Registry Change, nothing done)
    HKEY_USERS\S-1-5-21-893019987-3953130637-173789047-1001\Software\Microsoft\DirectInput\MostRecentApplication\Name

    MS DirectInput: [SBI $7B184199] Most recent application ID (Registry Change, nothing done)
    HKEY_USERS\S-1-5-21-893019987-3953130637-173789047-1001\Software\Microsoft\DirectInput\MostRecentApplication\Id

    Cache: [SBI $49804B54] Browser: Cache (35) (Browser: Cache, nothing done)


    History: [SBI $49804B54] Browser: History (4) (Browser: History, nothing done)



    --- Spybot - Search & Destroy version: 2.1.18.131 DLL (build: 20130516) ---

    2013-05-16 blindman.exe (2.1.18.151)
    2013-05-16 explorer.exe (2.1.18.177)
    2013-05-16 SDBootCD.exe (2.1.18.109)
    2013-05-16 SDCleaner.exe (2.1.18.110)
    2013-05-16 SDDelFile.exe (2.1.18.94)
    2013-06-18 SDDisableProxy.exe
    2013-05-16 SDFiles.exe (2.1.18.135)
    2013-03-20 SDFileScanHelper.exe (2.1.16.1)
    2013-05-16 SDFSSvc.exe (2.1.18.208)
    2013-05-16 SDHookHelper.exe (2.1.18.2)
    2013-05-16 SDHookInst32.exe (2.1.18.2)
    2013-05-16 SDHookInst64.exe (2.1.18.2)
    2013-05-16 SDImmunize.exe (2.1.18.130)
    2013-05-16 SDLogReport.exe (2.1.18.107)
    2013-05-16 SDOnAccess.exe (2.1.18.4)
    2013-05-16 SDPESetup.exe (2.1.18.3)
    2013-05-16 SDPEStart.exe (2.1.18.86)
    2013-05-16 SDPhoneScan.exe (2.1.18.28)
    2013-05-16 SDPRE.exe (2.1.18.22)
    2013-05-16 SDPrepPos.exe (2.1.18.10)
    2013-05-16 SDQuarantine.exe (2.1.18.103)
    2013-05-16 SDRootAlyzer.exe (2.1.18.116)
    2013-05-16 SDSBIEdit.exe (2.1.18.39)
    2013-05-16 SDScan.exe (2.1.18.177)
    2013-05-16 SDScript.exe (2.1.18.53)
    2013-05-16 SDSettings.exe (2.1.18.136)
    2013-05-16 SDShell.exe (2.1.18.2)
    2013-05-16 SDShred.exe (2.1.18.107)
    2013-05-16 SDSysRepair.exe (2.1.18.101)
    2013-05-16 SDTools.exe (2.1.18.150)
    2013-07-25 SDTray.exe (2.1.21.129)
    2013-05-16 SDUpdate.exe (2.1.18.91)
    2013-05-16 SDUpdSvc.exe (2.1.18.76)
    2013-07-10 SDWelcome.exe (2.1.21.129)
    2013-05-15 SDWSCSvc.exe (2.1.18.2)
    2013-06-19 spybotsd2-translation-frx.exe
    2013-10-16 unins000.exe (51.1052.0.0)
    1999-12-02 xcacls.exe
    2012-08-23 borlndmm.dll (10.0.2288.42451)
    2012-09-05 DelZip190.dll (1.9.0.107)
    2012-09-10 libeay32.dll (1.0.0.4)
    2012-09-10 libssl32.dll (1.0.0.4)
    2013-05-16 SDAdvancedCheckLibrary.dll (2.1.18.98)
    2013-05-16 SDAV.dll
    2013-05-16 SDECon32.dll (2.1.18.113)
    2013-05-16 SDECon64.dll (2.1.18.113)
    2013-04-05 SDEvents.dll (2.1.16.2)
    2013-05-16 SDFileScanLibrary.dll (2.1.18.12)
    2013-05-16 SDHook32.dll (2.1.18.2)
    2013-05-16 SDHook64.dll (2.1.18.2)
    2013-05-16 SDImmunizeLibrary.dll (2.1.18.2)
    2013-05-16 SDLicense.dll (2.1.18.0)
    2013-05-16 SDLists.dll (2.1.18.4)
    2013-05-16 SDResources.dll (2.1.18.7)
    2013-05-16 SDScanLibrary.dll (2.1.18.131)
    2013-05-16 SDTasks.dll (2.1.18.15)
    2013-05-16 SDWinLogon.dll (2.1.18.0)
    2012-08-23 sqlite3.dll
    2012-09-10 ssleay32.dll (1.0.0.4)
    2013-05-16 Tools.dll (2.1.18.36)
    2013-11-06 Includes\Adware.sbi (*)
    2013-11-06 Includes\AdwareC.sbi (*)
    2010-08-13 Includes\Cookies.sbi (*)
    2012-11-14 Includes\Dialer.sbi (*)
    2012-11-14 Includes\DialerC.sbi (*)
    2012-11-14 Includes\HeavyDuty.sbi (*)
    2012-11-14 Includes\Hijackers.sbi (*)
    2012-11-14 Includes\HijackersC.sbi (*)
    2013-10-16 Includes\iPhone.sbi (*)
    2013-06-25 Includes\Keyloggers.sbi (*)
    2013-10-29 Includes\KeyloggersC.sbi (*)
    2013-05-29 Includes\Malware.sbi (*)
    2013-11-06 Includes\MalwareC.sbi (*)
    2012-11-14 Includes\PUPS.sbi (*)
    2013-10-22 Includes\PUPSC.sbi (*)
    2012-11-14 Includes\Security.sbi (*)
    2013-10-29 Includes\SecurityC.sbi (*)
    2013-05-22 Includes\Spyware.sbi (*)
    2013-08-06 Includes\SpywareC.sbi (*)
    2011-06-07 Includes\Tracks.sbi (*)
    2012-11-19 Includes\Tracks.uti (*)
    2013-01-16 Includes\Trojans.sbi (*)
    2013-05-13 Includes\TrojansC-02.sbi (*)
    2013-11-06 Includes\TrojansC-03.sbi (*)
    2013-10-22 Includes\TrojansC-04.sbi (*)
    2013-05-08 Includes\TrojansC-05.sbi (*)
    2013-08-06 Includes\TrojansC.sbi (*)

  6. #6
    Spybot Advisor Team Zenobia's Avatar
    Join Date
    Oct 2005
    Posts
    5,178

    Default

    You're welcome.And thank you,you've been doing great.
    These are just tracks,so no need to worry about them.
    MS DirectInput: [SBI $9A063C91] Most recent application (Registry Change, nothing done)
    HKEY_USERS\S-1-5-21-893019987-3953130637-173789047-1001\Software\Microsoft\DirectInput\MostRecentApplication\Name

    MS DirectInput: [SBI $7B184199] Most recent application ID (Registry Change, nothing done)
    HKEY_USERS\S-1-5-21-893019987-3953130637-173789047-1001\Software\Microsoft\DirectInput\MostRecentApplication\Id

    Cache: [SBI $49804B54] Browser: Cache (35) (Browser: Cache, nothing done)


    History: [SBI $49804B54] Browser: History (4) (Browser: History, nothing done)
    This one is Relevant Knowledge:
    RelevantKnowledge: [SBI $1F0CE9A4] Settings (Registry Key, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle
    It is listed in the category pups and spyware on this page:
    Threat Details:

    Categories:

    • spyware
    • pups




    Description:
    RelevantKnowledge is a software to get information from users for market research. It can be installed in background without user consent. When installed manually the EULA shows that the user is required to be at least 18 years of age but this is only shown in the EULA and no where else in the installer. RelevantKnowledge installs itself as browser add-on and hooks itself to many system processes using a winlogon entry.
    http://forums.spybot.info/showthread...evantKnowledge

    In case the particular part of Relevant Knowledge listed in your logfile is a pup,I'll just link you to the description for what a pup is:
    http://www.safer-networking.org/faq/pups/

    The Relative Knowledge listed in your logfile is a Chrome Browser extension.If you would prefer to remove it,you can try removing it manually from your Chrome extensions,if it is listed there.There are instructions for removing extensions on this page:
    https://support.google.com/chrome/answer/113907?hl=en
    I'm unsure if it would be listed as Relative Knowledge or not,so if you do decide to try to remove it and don't see it there,just let me know,and I'll refer you to the malware removal forum.

    Also,if you decide to remove the Google Chrome extension,you might want to double check that Relative Knowledge is not installed in Programs and Features.To check for it,refer to method 2 on this page to get to Programs and Features on this page:
    https://kb.wisc.edu/page.php?id=27423

    Also, in future can I do any damage by asking spybot to "fix all"
    Once in a while,Spybot might find a false positive,but it backs up what it removes into quarantine in case anything might need to be recovered later,so the chances for damage are usually very minimal.
    This is what a false positive is:
    http://www.pcmag.com/encyclopedia/te...false-positive

    How is your computer running now?Everything seem to be okay?

  7. #7
    Junior Member
    Join Date
    Nov 2013
    Posts
    27

    Default

    Hi

    Computer is running fine, thank you very much for all your help.
    Hopefully my next scan won't send me into panic mode!! But it's great to know there is someone out there to ask if it does

    Thanks again

    grandadis64 (Malc)

  8. #8
    Spybot Advisor Team Zenobia's Avatar
    Join Date
    Oct 2005
    Posts
    5,178

    Default

    Good,glad to hear your computer is running good.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •