Problems in Spybot S&D Includes-trojanC

[PepiMK]

One would think the brilliant team behind Spybot S&D could tinker with 1.4 so as to make 1.4 compatible with latest detection rules.

Well, you can download the manual installer for the newest anti-rootkit plugins and install them on 1.4 as well. They do have a compatibility mode when loaded by 1.4, but not with official support

[Ken895]

I'm in the same boat with v1.4, with one more problem - the first time I got this error (right after I updated), I also actually had a trojan. It said that I should remove it and disconnect from the internet while I reboot, since it attached something to XP's 'login' as well.

I followed Spybot's instructions, since it has never lead me astray before, and running it again says that there are now no problems found, but I wanted to confirm that everyone else is getting *two* errors about trojans when they run the updated v1.4 - one more than 3/4 of the way through and one right at the end. I hope that's what everyone's getting, because that's what I'm getting on my second computer that hopefully wasn't infected (but is on my network)...

To confirm I am also receiving two Warning messages ¾ way through scan at 125671/149078 (…\Includes\Trojan.sti) and at the end 138085/149078 (….\Includes\TrojanC.sti) with the wording ’Please wait scanning download directories’ Closing the warning window sets the scan off again with no problems found at end of scan. This occurred after download on 24/4/08. As with you two lap tops are in use on local network. One is running XP2 the other Vista Business. Both have Spybot Version 1.5.1.15 (oh! but so slow to load up against 1.4) and both have now the identical problem when scanning with Spybot. When time permits will download version 1.5.20. onto one to try it. Glad to know that this is new problem and scan still works but very annoying bug for novice users.

[Lancer]

Well, you can download the manual installer for the newest anti-rootkit plugins and install them on 1.4 as well. They do have a compatibility mode when loaded by 1.4, but not with official support

Thanks PepiMK. Installing the anti-rootkit plugin worked for me (stopped the error message).

[vegaspat]

So, where do you get the anti-rootkit plugin?

And where is the "Includes errors.log?

Thanks.

[md usa spybot fan]

vegaspat:

On the following Web page:

• Downloads - The home of Spybot-S&D!
  http://www.spybot.info/en/download/index.html

This item:

• Anti rootkit plugins 1.0 - product description
  md5: EE7278BC89D4557CFD7127EACC37EE70
  
  Supported only for version 1.5.2 or above!
  This adds improved capabilities to find rootkits. Only needed if you do not want to use the update function integrated into Spybot-S&D.

Please note: Supported only for version 1.5.2 or above!

The direct download link is:

• http://www.spybotupdates.com/files/spybotsd_plugins.exe

________

You can view the "Include errors.log" using either of these two methods:

1. Method 1:
   • Go into Spybot > Mode > Advanced mode > Tools > View Reports.
   • Click the View previous reports button on the top of the right hand pane.
   • Look for the "include errors" file
     Highlight it and click open (or double click on it).
2. Method 2:
   • Using Windows Explorer, navigate to the "Include errors.log" located in one of the following directories:
     • Windows 95 or 98:
       C:\Windows\Application Data\Spybot - Search & Destroy\Logs
     • Windows ME:
       C:\Windows\All Users\Application Data\Spybot - Search & Destroy\Logs
     • Windows NT, 2000 or XP:
       C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs
     • Windows Vista:
       C:\ProgramData\Spybot - Search & Destroy\Logs
   • Double click on the file and it should open with Notepad.

[vegaspat]

Thanks so much for the prompt response and info.

[terrypin]

I have to stay with 1.4 for now too, Krish. 1.5.2 slows me down too much.

I've just upgraded to 1.5 and running first scan now. Can you or anyone else give more information about 1.5 slowness please? Any comparative data?

--
Terry, East Grinstead, UK

[GEEWIZ]

Well, you can download the manual installer for the newest anti-rootkit plugins and install them on 1.4 as well. They do have a compatibility mode when loaded by 1.4, but not with official support

The root analyzer page has mentioned some problems is it a separate uninstall or would one have to uninstall the 1.4 to remove that add on?

Secondly the error that is subject of this thread, is it just a glitch that doesn't affect security or is it a security hazard, also does the root analyzer merely correct the error window or does it fix a real problem?

Bottom line for me is: Does 1.4, even with that error window popping up, do its security job. I.E. are our computers secure using the 1.4 with or without the rootkit analyzer add on?

Thanks to S&D team for all their good works and their help on this forum.

[PepiMK]

Not sure which RootAlyzer page mentions problems - I haven't seen any Spybot-S&D plugin related reports there, and while these two use the same technology, they do use a different approach in that RootAlyzer shows everything detected as hidden, while the plugins would only detect stuff known as bad.

Removal would work through removing the files in the Plugins\ that are named after kinds of tea, but as I wrote before: you cannot simply deduce errors/problems in one from those in the other.

And the subject of this thread: it's neither a "glitch" nor a "hazard": it's simply that the scan will not be as thorough in older versions. It "does its job", minus those new rootkit detections (which doesn't mean that no rootkits would be detected, just not the ones that would be detected using these plugins).

[md usa spybot fan]

GEEWIZ:

Some added thoughts/information to what PepiMK wrote:

The root analyzer page has mentioned some problems is it a separate uninstall or would one have to uninstall the 1.4 to remove that add on?

By the "root analyzer page" I assume are referring to the RootAlyzer forum. The RootAlyzer.exe program is a standalone utility that scans your system looking for all hidden objects. The detection rules that use the Anti rootkit plugins during a Spybot "Check for problems" are looking for specific known rootkits.

The three (3) current Anti rootkit plugins (Chai.dll, Fennel.dll and Mate.dll) are stored in the following folder and deleting them would remove them without uninstalling:

• C:\Program Files\Spybot - Search & Destroy\Plugins

Bottom line for me is: Does 1.4, even with that error window popping up, do its security job. I.E. are our computers secure using the 1.4 with or without the rootkit analyzer add on?

The bottom line is that using Spybot 1.4 without the Anti rootkit plugins you are not taking advantage of the rootkit scans (We've got great, new plugins for Spybot and a complete new tool - the RootAlyzer!) and not upgrading to Spybot 1.5.2 you are not taking advantage of many other improvements (Welcome to Spybot - Search & Destroy 1.5).