I have three PC's myself on one network, 2 XP-Home, 1 XP-Pro, plus I look after another two on another network, all with SP2 and all up to date with MS updates. Processors vary from P4, to Core2Duo and also a Core Solo Centrino in a notebook. All of the PC's have 1GB memory.
Three use AVG antivirus and two CA antivirus. All have ZA firewalls (primarily to stop outgoing) as the routers on both networks have internal firewalls. All use Internet Explorer and Outlook Express.
All of these PC's have the current SpybotSD with both IE Browser plug in and Teatimer enabled. On installation of Spybot on each PC, I can confirm that there were no folders specified by default in the download directories option. After the install, I specifically added a single download directory (the same on all PC's). It has not subsequently changed on any of the machines since.
None of the above machines has experienced any problems with completing SpybotSD scans which are done immediately following each SpybotSD update.
I know that the above doesn't help overcome the problem Guardian666 is having, but it does confirm that the problem is not being experienced by all, which makes it all the more mystifying.
I ran my first scan today on my new Vista computer which took Approx 12 mins to complete with no problems experianced.
I am running Vista Home Premium Fully Patched (I've not installed SP1 Yet due to concerns about compatiblity with some of my programs).
I'm also running Spyware Blaster 4.0, Windows Defender, Avast 4.8.1169 Free Edition, Zone Alarm Free Edition 7.1.248.000.
I also have a router with a built-in Firewall
Last edited by Terminator; 2008-04-02 at 16:08. Reason: Added extra scan info
If it ain't broke, don't fix it!
@Greyfox
The input is appreciated and you said it best, all the more mystifying. I have been running Spybot in so many different configurations of OS and application environments for so long that it would take ages to list and I have never had problems either, until the latest update and after that even rolling back does not work anymore. That's what's bugging me about all this. If I was some novice who was doing this for the first time, I can understand how I might be the problem but I have been in this field for 15+ years and using this software since its inception so I just don't get it why its doing this. And formatting starting everything over is not an option on a network of 8 machines used for business everytime something goes bump.
@Terminator
I am very happy that it is working for you and I hope that it continues because it becomes frustrating only when it doesn't work.
Last edited by Guardian666; 2008-04-02 at 20:20. Reason: Reduce the quoted content
Could it be possible that you have downloaded the beta detection updates and you are also using them in the scan. This could be a reason why
you have additional download directories which don't seem to be in the normal detection updates. If yes, please deactivate the beta detection updates in the
"File sets".
A tool which can be used for tracking problems like this is "Filemon":
http://technet.microsoft.com/de-de/s...42(en-us).aspx
It is not easy to use and it can give you a lot of hints but not every hint is leading to the cause. Read the tutorial before using the
tool.
What should you do?
1. Start Filemon.
2. Start Spybot-S&D and start a scan.
3. Before the scan reaches the point where you have experienced the freezing please start the log function of Filemon. Of course you could
also start the log before starting the Spybot-S&D scan but this will only make an unnecessary long log file which takes more time to investigate and which includes many useless information.
What are we searching for?
During the freeze there should be hints like entries where the requests are not successful. Maybe these entries repeat themselves as well. If you have found them
following information are useful: The full path name and the additional information in the "Other" column. Enlarge the columns with the mouse cursor if necessary. You can scroll back the log as well if necessary.
So we are looking for loops, file not found errors, access errors or anything similar to it. As long as there are new request for new files from Spybot-S&D then the software is not freezing. This only means it is still scanning files but Spybot-S&D doesn't indicate the progress. If the are additional download directories it could take several hours depending from the numbers of files which should be scanned.
Please consider that finding the cause will only allow the user to find a workaround so that Spybot-S&D can at least finish the scan. Maybe every single user with this problem finds different file names. So please don't make any changes without individual instructions.
It seems that there are many confusions about the "Download directories".
In this case, we need more explanations what it is. First of all, we need a roughly idea how Spybot-S&D makes a scan. This is copy from one of the FAQ:
"Why is Spybot-S&D that fast?
There are different ways to search for spies. One would be to search the complete registry and hard disk for suspicious entries and files. That can take a lot of time.
Spybot-S&D takes advantage of the fact that all spies have to anchor themselves at a few places over the system to get active. It starts to search at this places, following the information gathered there to catch the whole spy."
In other words, Spybot-S&D does not scan every single registry entry nor every single file by default. It searches for hints and if it finds anything it will follow it back to the root. This is only a roughly explanation and it must not apply to every single detection but at the moment it should be enough for us.
Adding folders to the "Download directories" allow you to scan for malware files without regarding the hints in the system. This is useful for detecting inactive malware. For example if you have downloaded an installer of a software and you want to know if this is any kind of malware which is already in the database of Spybot-S&D then you have to add the folder to the "Download directories" where you have downloaded the file. This is the reason why it is called "Download directories", an antivirus software would call this making a deep scan. Be aware, even if an installer has passed the test once, there is always the possibity that it is a not detected malware. So repeating a download directory scan isn't wrong especially with new detection updates.
By the way, there is already a single file detection available.(Beta test?) It is much faster because you don't have to go through the whole scan and it can do even more than the download directories but I don't understand it so I cannot give you any more details.
Running 1.5.1.18 on XP SP2 machine and scan hangs at 62097/121366, virtumonde.dll. Also run AVG and Spyware Terminator real time - they are running when I run Spybot. I need to invoke Task Manager to close Spybot. Suggestions?
@chi-va
It is not just a possibility but an absolute fact that the beta is downloaded and installed and searching. Also, I already reported on my first post that Spybot is not "freezing", I can pause it, stop it and even cancel and close it without a problem, just no progress and completion. So I shall download and use Filemon to figure out what and where its getting stuck and I will let everyone know.
Also, thanks for clarifying the "Download Directories" for everyone since I think its taking us away from the problem that I brought up and I know what they are already. This way we can focus on what is actually ailing us (or me at least).
@Angelb63, Ungarsdequebec
Please start your own threat if you haven't already found a workaround. You will get more attention with
your own threat and it would make it easier for the helpers. According to this, we will get an impression how
many users really have similar problems.
@drmsucks
I'm afraid I have the same advise for you but it maybe necessary to start a new threat in the malware removal
forum because it seems that Spybot-S&D has problems to fix Virtumonde. I cannot confirm if you infected with Virtumonde or
not or if this is only a coincidence that it stops there. Before starting a new threat in the removal forum it is important that
you read the instructions for using the malware removal forum first.
@Guardian666
I'm sorry. I know that you mean no progress. "Freezing" wasn't the right word but apart from that using
Filemon isn't wrong no matter if it is "freezing", "hanging" or "aborting scan". If Spybot-S&D is the culprit itself
then it is likely that it is caused by the last detection updates or the new rootkits plugins because you didn't have problems before if
I have understand this correctly. Anyway, please try Filemon. It is better than guessing all the time.
Ok, sorry about the delay everyone but here are the findings and I am not sure the best way to display them, so here goes nothing.
1. Refer to the screen shot and you can see that it gets stuck at 125015/127706 while scanning directories which of course it doesn't tell you, hence why we are using the Filemon to post some data.
2. Filemon, which took a small learning curve to get a hang of, reveals that it is going through the directories and it is not actually getting stuck but among all the "Successful" indications are regular and consistent "Failed" entries which I don't personally get, so I have attached it here for you to look at. As you requested, I limited it to a small amount as it would be WAY TOO BIG to post hours of data and it wouldn't lend any more insight than a small portion anyway.
3. Finally you can see that I can successfully stop the process and it will stop as it is not "frozen" so it still responds. At this point, you can see that it shows the directory where it last was in the status bar.
Final assessment, we are still at square one as to why it won't complete and why it gets "stuck" in scanning directories and won't complete no matter how long it runs. Hopefully someone can make something of this and we can use the feature of download directories rather than removing them just to get it to complete.