Just remember, love is life, and hate is living death.
Treat your life for what it's worth, and live for every breath
(Black Sabbath: A National Acrobat)
To confirm I am also receiving two Warning messages ¾ way through scan at 125671/149078 (…\Includes\Trojan.sti) and at the end 138085/149078 (….\Includes\TrojanC.sti) with the wording ’Please wait scanning download directories’ Closing the warning window sets the scan off again with no problems found at end of scan. This occurred after download on 24/4/08. As with you two lap tops are in use on local network. One is running XP2 the other Vista Business. Both have Spybot Version 1.5.1.15 (oh! but so slow to load up against 1.4) and both have now the identical problem when scanning with Spybot. When time permits will download version 1.5.20. onto one to try it. Glad to know that this is new problem and scan still works but very annoying bug for novice users.
So, where do you get the anti-rootkit plugin?
And where is the "Includes errors.log?
Thanks.
vegaspat:
On the following Web page:
- Downloads - The home of Spybot-S&D!
http://www.spybot.info/en/download/index.html
This item:
- Anti rootkit plugins 1.0 - product description
md5: EE7278BC89D4557CFD7127EACC37EE70
Supported only for version 1.5.2 or above!
This adds improved capabilities to find rootkits. Only needed if you do not want to use the update function integrated into Spybot-S&D.
Please note: Supported only for version 1.5.2 or above!
The direct download link is:
________
You can view the "Include errors.log" using either of these two methods:
- Method 1:
- Go into Spybot > Mode > Advanced mode > Tools > View Reports.
- Click the View previous reports button on the top of the right hand pane.
- Look for the "include errors" file
Highlight it and click open (or double click on it).- Method 2:
- Using Windows Explorer, navigate to the "Include errors.log" located in one of the following directories:
- Windows 95 or 98:
C:\Windows\Application Data\Spybot - Search & Destroy\Logs- Windows ME:
C:\Windows\All Users\Application Data\Spybot - Search & Destroy\Logs- Windows NT, 2000 or XP:
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs- Windows Vista:
C:\ProgramData\Spybot - Search & Destroy\Logs- Double click on the file and it should open with Notepad.
Getting an answer is one thing, learning is another.
Microsoft Windows XP Home Edition running on a 2.40GHz Intel® Pentium® 4 Processor with 512 MB of RAM and a 533 MHz System Bus.
Thanks so much for the prompt response and info.
The root analyzer page has mentioned some problems is it a separate uninstall or would one have to uninstall the 1.4 to remove that add on?
Secondly the error that is subject of this thread, is it just a glitch that doesn't affect security or is it a security hazard, also does the root analyzer merely correct the error window or does it fix a real problem?
Bottom line for me is: Does 1.4, even with that error window popping up, do its security job. I.E. are our computers secure using the 1.4 with or without the rootkit analyzer add on?
Thanks to S&D team for all their good works and their help on this forum.
Not sure which RootAlyzer page mentions problems - I haven't seen any Spybot-S&D plugin related reports there, and while these two use the same technology, they do use a different approach in that RootAlyzer shows everything detected as hidden, while the plugins would only detect stuff known as bad.
Removal would work through removing the files in the Plugins\ that are named after kinds of tea, but as I wrote before: you cannot simply deduce errors/problems in one from those in the other.
And the subject of this thread: it's neither a "glitch" nor a "hazard": it's simply that the scan will not be as thorough in older versions. It "does its job", minus those new rootkit detections (which doesn't mean that no rootkits would be detected, just not the ones that would be detected using these plugins).
Just remember, love is life, and hate is living death.
Treat your life for what it's worth, and live for every breath
(Black Sabbath: A National Acrobat)
GEEWIZ:
Some added thoughts/information to what PepiMK wrote:
By the "root analyzer page" I assume are referring to the RootAlyzer forum. The RootAlyzer.exe program is a standalone utility that scans your system looking for all hidden objects. The detection rules that use the Anti rootkit plugins during a Spybot "Check for problems" are looking for specific known rootkits.
The three (3) current Anti rootkit plugins (Chai.dll, Fennel.dll and Mate.dll) are stored in the following folder and deleting them would remove them without uninstalling:
- C:\Program Files\Spybot - Search & Destroy\Plugins
The bottom line is that using Spybot 1.4 without the Anti rootkit plugins you are not taking advantage of the rootkit scans (We've got great, new plugins for Spybot and a complete new tool - the RootAlyzer!) and not upgrading to Spybot 1.5.2 you are not taking advantage of many other improvements (Welcome to Spybot - Search & Destroy 1.5).
Getting an answer is one thing, learning is another.
Microsoft Windows XP Home Edition running on a 2.40GHz Intel® Pentium® 4 Processor with 512 MB of RAM and a 533 MHz System Bus.