Does Immunization Emulate an Ad Blocker?

[bfan001]

I recently installed SpyBot when my computer contracted some malware, and it, along with Malware Bytes, was invaluable in helping me get rid of the infections. So I am most grateful that it was here to help. But I have seen something odd since the installation.

I often view videos on CBS.Com and in the past, was able to do so using both IE9 and Firefox 4. But since installing SpyBot, I can only watch in Firefox. IE gives a message that there is an ad blocker in my browser, but I have checked all add-ons and can't find one. That makes me wonder if something in Spybot is causing the issue in IE.

Thoughts?

 

[spybotsandra]

Hello,

Please open Spybot - Search & Destroy in the Advanced mode via the menu item Mode.
Now select 'Tools' - 'Resident' from the navigation bar on the left.
Please untick the checkbox in front of the 'SDHelper'.
Does that the trick?

Best regards
Sandra
Team Spybot

 

[bfan001]

Hello,

Please open Spybot - Search & Destroy in the Advanced mode via the menu item Mode.
Now select 'Tools' - 'Resident' from the navigation bar on the left.
Please untick the checkbox in front of the 'SDHelper'.
Does that the trick?

Best regards
Sandra
Team Spybot

I still get the same problem, although I did look in my Add-On list in IE and I no longer see the Spybot add-on. So it did turn off the IE protection.

Given that it only happens in IE and not in Firefox, I got to looking at my IE settings and in the Restricted Security zone, I see a bunch of domains added. I'm assuming Spybot added these. I am wondering if one of those is blocking the domain CBS uses for its ads, hence it thinking I am blocking the ads. Is there an easy way to clear those sites from the zone, test CBS and then put the sites back in the restricted zone after?

 

[spybotsandra]

Hello,

Please run Spybot-S&D and select "Spybot-S&D" --> "Immunize" in the navigation bar on the left. Please hit "Undo".

Best regards
Sandra
Team Spybot

 

[lewisje]

Given that it only happens in IE and not in Firefox, I got to looking at my IE settings and in the Restricted Security zone, I see a bunch of domains added. I'm assuming Spybot added these. I am wondering if one of those is blocking the domain CBS uses for its ads, hence it thinking I am blocking the ads. Is there an easy way to clear those sites from the zone, test CBS and then put the sites back in the restricted zone after?

Spybot did add them, but I just tested cbs.com in Internet Explorer 9 with not just the Spybot additions to Restricted Sites but also with Peter Lowe's Ad Servers added to Restricted Sites via ZonedOut, and with the PrivacyChoice cookie settings, and with a full HOSTS file, and even with a couple Tracking Protection Lists from Fanboy, and I was still able to see the videos on cbs.com, while in Firefox with a full Spybot immunization and Adblock Plus with EasyList, I wasn't able to see the videos until I disabled Adblock Plus.

Are you sure that you aren't maybe using Simple Adblock? I'm sure that it's not the Spybot immunizations that are causing you trouble.


Anyway, to answer your top question, yes the Immunization does use a similar mechanism to an ad-blocker, even though it only blocks malware domains; it adds the same entries to the HOSTS file to keep all programs from loading those domains, to the Restricted Sites zone to keep Internet Explorer from even trying to execute scripts and ActiveX controls from those domains (in addition to adding ActiveX killbits preventing many bad controls from being installed or loaded), and to permissions.sqlite or the old hostperm.1 on Firefox to keep Firefox from loading images, installing software, or launching popups from those domains (the content policy hooked into by this file is also used by Adblock Plus to block content).

Also, Spybot adds entries to the Internet Explorer cookie policy, Opera cookies4.dat, and Firefox permissions.sqlite, hostperm.1, or cookperm.txt to enhance privacy, and it notably adds entries to Opera's plugin-ignore.ini to block bad plugins and to its urlfilter.ini to block specific URL patterns, in the manner most approximating an ad-blocker.

 

[bfan001]

Spybot did add them, but I just tested cbs.com in Internet Explorer 9 with not just the Spybot additions to Restricted Sites but also with Peter Lowe's Ad Servers added to Restricted Sites via ZonedOut, and with the PrivacyChoice cookie settings, and with a full HOSTS file, and even with a couple Tracking Protection Lists from Fanboy, and I was still able to see the videos on cbs.com, while in Firefox with a full Spybot immunization and Adblock Plus with EasyList, I wasn't able to see the videos until I disabled Adblock Plus.

Are you sure that you aren't maybe using Simple Adblock? I'm sure that it's not the Spybot immunizations that are causing you trouble.

I looked through my add-ons for anything that even remotely resembled an Ad Blocker and don't see one. That was one of the first things I thought of.

What I may do is disable all my add-ons except the Adobe Flash Player (since IE needs that to play the videos, of course ) and leave the immunizations intact. If that works, I will reenable add-ons one at a time until I find the culprit.