Tex10's Topic only :Spybot Freezes PC at: 23282/31725 Gain.Gator.

[Tex10]

Please assist as I am unable to complete a Spybot - Search & Destroy Version 1.4 because when Running bot-check it gets to approximately (varies slightly) 23282/31725: Gain.Gator and then just freezes the computer. I have to hold the power button until it shuts down and the restart the computer by powering up. I have run the Ad-Aware SE Personal with the latest definitions, run MS AntiSpyware and the free Scan (both virus and spyware from http://housecall.trendmicro.com/. From advice from jw50 on the SpywareInfo Forum at http://forums.spywareinfo.com/index.php?showtopic=62434&st=0&gopid=332812&#entry332812 I have also downloaded, installed and run CCleaner and Ewido Security Suite and many other procedures to resolve this problem. I can run a complete Spybot - Search & Destroy in "Safe Mode" most times, but always freezes when running it under both User Logons in "Normal" mode. Each User has "Administrator" rights. I believe the computer is free of "Malware", "Spyware", "Adware", etc. Please help. Any suggestions would be greatly appreciated. Thanks in advance.

Information about the Computer System:
Windows XP Home Edition, Version 5.1.2600 Service Pack 2 Build 2600
System Manufacturer: ECS, System Model: P4S5A/DX
Processor: x86 Family 15 Model 2 Stepping 4 GenuineIntel ~1693 MHz
BIOS Version/Date: American Megatrends Inc. 07.00T, 4/2/2001
SMBIOS Version: 2.3
Total Physical Memory: 768.00 MB
Hard Drive: 40 GB with 20.5 GB of Free Space.

 

[md usa spybot fan]

From the total scan count of 31725 I think that you may be running with updates from 2005-11-26 (you can check by going into Spybot > Help > About). According to the following posting there were changes made to Gain.Gator signatures with the 2005-12-02 updates:
Detection updates 2005-12-02
http://forums.spybot.info/showthread.php?t=722

This may not alleviate the problem, but try to update Spybot and re-run the scan.

 

[Tex10]

From the total scan count of 31725 I think that you may be running with updates from 2005-11-26 (you can check by going into Spybot > Help > About). According to the following posting there were changes made to Gain.Gator signatures with the 2005-12-02 updates:
Detection updates 2005-12-02
http://forums.spybot.info/showthread.php?t=722

This may not alleviate the problem, but try to update Spybot and re-run the scan.

Thanks for the reply md usa spybot fan; I have the latest definition file dated 2005-12-02 with a total scan count of 32232. I just tried another run of Spybot S & D and it frooze the computer. Any other suggestions? Thanks...

 

[md usa spybot fan]

Any other suggestions?

No, I'm sorry I don't really have any suggests to correct the problem.

You could attempt to eliminating the scan for Gain.Gator and possibly the Spybot scan will continue to completion and at least check for other possible malware on the system. To do that go into Spybot > Mode > Advanced mode > Settings > Ignore products. Once in the list find GAIN.Gator and check it. That will cause Spybot to ignore (bypass) checking for GAIN.Gator on subsequent scans.

There have been several reports of hangs during scans recently. I hope that someone from the Team Spybot development staff will start looking into the problem and suggest ways to fix or overcome the problems.

 

[Tex10]

No, I'm sorry I don't really have any suggests to correct the problem.

You could attempt to eliminating the scan for Gain.Gator and possibly the Spybot scan will continue to completion and at least check for other possible malware on the system. To do that go into Spybot > Mode > Advanced mode > Settings > Ignore products. Once in the list find GAIN.Gator and check it. That will cause Spybot to ignore (bypass) checking for GAIN.Gator on subsequent scans.

There have been several reports of hangs during scans recently. I hope that someone from the Team Spybot development staff will start looking into the problem and suggest ways to fix or overcome the problems.

Hi md usa spybot fan; Unfortunately I may have misled you by mentioning Gain.Gator. I was only using it as a reference point. The freezing happens about 3/4 of the way through a scan. It could freeze on C2.Lop, Gain.Gator, etc. at about 3/4 of the way through the scan. This is not a definite location and varies with each scan. Maybe there is some other solution we can work with. Thanks....

 

[Tex10]

No, I'm sorry I don't really have any suggests to correct the problem.

You could attempt to eliminating the scan for Gain.Gator and possibly the Spybot scan will continue to completion and at least check for other possible malware on the system. To do that go into Spybot > Mode > Advanced mode > Settings > Ignore products. Once in the list find GAIN.Gator and check it. That will cause Spybot to ignore (bypass) checking for GAIN.Gator on subsequent scans.

There have been several reports of hangs during scans recently. I hope that someone from the Team Spybot development staff will start looking into the problem and suggest ways to fix or overcome the problems.

Hi md usa spybot fan; I see that there has been many people reading this tread, but other than yourself, no-one is replying. Do you know or have you escalated this issue to the Team Spybot development staff? Sure hope that someone will reply. Thanks for your help.....

 

[bitman]

Other than Microsoft AntiSpyware, do you have any other Real-time protection such as antivirus? Try turning these off when you scan to see if they're interacting with the scan. Obviously, don't access the Internet and preferably don't have anything else running during the scan.

To disable the MS AntiSpyware Real-time Agents, right-click the System Tray icon and select the Security Agent Status. You can disable and re-enable them here before and after the scan.

Each Anti-virus has a different method to do this, so ask if you can't find a way and we'll try to help. This is not a long term solution, but an attempt to determine what's causing the hangs.

 

[Tex10]

Other than Microsoft AntiSpyware, do you have any other Real-time protection such as antivirus? Try turning these off when you scan to see if they're interacting with the scan. Obviously, don't access the Internet and preferably don't have anything else running during the scan.

To disable the MS AntiSpyware Real-time Agents, right-click the System Tray icon and select the Security Agent Status. You can disable and re-enable them here before and after the scan.

Each Anti-virus has a different method to do this, so ask if you can't find a way and we'll try to help. This is not a long term solution, but an attempt to determine what's causing the hangs.

Thanks for the reply bitman; I have tried this method of disabling the MS AntiSpyware Real-time Agents and closing all running application from the System Tray including the AntiVirus software. I also have run MSConfig and selected the "Diagnostic Startup -load basic devices and services only", did a restart and tried running Spybot S & D in this mode. The Spybot S & D still frooze the computer. Any other suggestions would be appreciated.

 

[bitman]

Tex10: Please try this:

• In Spybot click Mode>Advanced to switch to Advanced mode and answer Yes to the question.
• Click the Settings button on the lower left pane.
• Click File Sets near the upper left.
• In the right pane uncheck all but the last two; Spybots.sbi and Trojans.sbi

Now return to the Spybot S&D menu (button at upper left) and run a scan.

What happens?

 

[Tex10]

Tex10: Please try this:

• In Spybot click Mode>Advanced to switch to Advanced mode and answer Yes to the question.
• Click the Settings button on the lower left pane.
• Click File Sets near the upper left.
• In the right pane uncheck all but the last two; Spybots.sbi and Trojans.sbi

Now return to the Spybot S&D menu (button at upper left) and run a scan.

What happens?

Hi bitman; Thanks for the reply. Having only the last two (Spybots.sbi and Trojans.sbi) selected allows a complete scan to run and complete. What does this tell us? What do I do next to determine what the problem is? Finally some progress with this problem. I am excited.....

 

[bitman]

I was trying to confirm that the detections themselves weren't the problem as I'd suspected. It appears that some combination or build-up from previous detections may be involved. I'm not at all sure what it is, but at least we proved it wasn't a direct conflict with the C2.lop or GAIN:Gator detections, which likely rules out malware too.

I'd next like to determine if it's an interaction with any other specific detections, but first, would you please post just the first couple sections from a full Spybot Report? I want to make sure everything's current and it's not an issue with out of date or mixed files.

Just run another scan the same way since a successful scan is all that's needed, we don't really care what the resilts are. Then, right-click in the results screen and select 'Save full report to file...' and save it where you can easily find it. Open the file itself by double clicking and copy everything from the beginning up to the 'Startup entries list' section heading, but not the start-ups themselves. Paste this into your next post.

After we know there isn't a file issue we'll look at options to determine if there's interaction with other detections.

 

[Tex10]

I was trying to confirm that the detections themselves weren't the problem as I'd suspected. It appears that some combination or build-up from previous detections may be involved. I'm not at all sure what it is, but at least we proved it wasn't a direct conflict with the C2.lop or GAIN:Gator detections, which likely rules out malware too.

I'd next like to determine if it's an interaction with any other specific detections, but first, would you please post just the first couple sections from a full Spybot Report? I want to make sure everything's current and it's not an issue with out of date or mixed files.

Just run another scan the same way since a successful scan is all that's needed, we don't really care what the resilts are. Then, right-click in the results screen and select 'Save full report to file...' and save it where you can easily find it. Open the file itself by double clicking and copy everything from the beginning up to the 'Startup entries list' section heading, but not the start-ups themselves. Paste this into your next post.

After we know there isn't a file issue we'll look at options to determine if there's interaction with other detections.

Hi bitman; Here is what I got.


--- Search result list ---
Congratulations!: No immediate threats were found. ()



--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-11-28 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2005-05-31 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2005-05-31 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2005-12-09 Includes\Cookies.sbi
2005-12-09 Includes\Dialer.sbi
2005-12-09 Includes\Hijackers.sbi
2005-12-09 Includes\Keyloggers.sbi
2005-12-09 Includes\Malware.sbi
2005-12-09 Includes\PUPS.sbi
2005-12-09 Includes\Revision.sbi
2005-12-09 Includes\Security.sbi
2005-12-09 Includes\Spybots.sbi (*)
2005-02-17 Includes\Tracks.uti
2005-12-09 Includes\Trojans.sbi (*)



--- System information ---
Windows XP (Build: 2600) Service Pack 2
/ .NETFramework / 1.0: Microsoft .NET Framework 1.0 Service Pack 3 (KB867461)
/ .NETFramework / 1.0: Microsoft .NET Framework Service Pack 1
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
/ DataAccess: Microsoft Data Access Components KB870669
/ DataAccess: Patch Available For XMLHTTP Vulnerability
/ DataAccess: Patch Available For XMLHTTP Vulnerability
/ DataAccess: Security update for Microsoft Data Access Components
/ DataAccess: Security Update for Microsoft Data Access Components
/ DirectX: DirectX Update 819696
/ Internet Explorer 6 / SP1: Windows XP Hotfix - KB834707
/ Windows Media Player: Windows Media Player Hotfix [See KB837272 for more information]
/ Windows Media Player / SP0: Windows Media Player Hotfix [See wm828026 for more information]
/ Windows Media Player: Windows Media Update 320920
/ Windows Media Player: Windows Media Update 320920
/ Windows Media Player: Windows Media Update 819639
/ Windows Media Player: Windows Media Update 828026
/ Windows XP / SP2: Windows XP Service Pack 2
/ Windows XP / SP3: Windows XP Hotfix - KB834707
/ Windows XP / SP3: Windows XP Hotfix - KB867282
/ Windows XP / SP3: Windows XP Hotfix - KB873333
/ Windows XP / SP3: Windows XP Hotfix - KB873339
/ Windows XP / SP3: Security Update for Windows XP (KB883939)
/ Windows XP / SP3: Windows XP Hotfix - KB885250
/ Windows XP / SP3: Windows XP Hotfix - KB885835
/ Windows XP / SP3: Windows XP Hotfix - KB885836
/ Windows XP / SP3: Windows XP Hotfix - KB885884
/ Windows XP / SP3: Windows XP Hotfix - KB886185
/ Windows XP / SP3: Windows XP Hotfix - KB887472
/ Windows XP / SP3: Windows XP Hotfix - KB887742
/ Windows XP / SP3: Windows XP Hotfix - KB887797
/ Windows XP / SP3: Windows XP Hotfix - KB888113
/ Windows XP / SP3: Windows XP Hotfix - KB888302
/ Windows XP / SP3: Security Update for Windows XP (KB890046)
/ Windows XP / SP3: Windows XP Hotfix - KB890047
/ Windows XP / SP3: Windows XP Hotfix - KB890175
/ Windows XP / SP3: Windows XP Hotfix - KB890859
/ Windows XP / SP3: Windows XP Hotfix - KB890923
/ Windows XP / SP3: Windows XP Hotfix - KB891781
/ Windows XP / SP3: Security Update for Windows XP (KB893066)
/ Windows XP / SP3: Windows XP Hotfix - KB893086
/ Windows XP / SP3: Security Update for Windows XP (KB893756)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Update for Windows XP (KB894391)
/ Windows XP / SP3: Hotfix for Windows XP (KB896344)
/ Windows XP / SP3: Security Update for Windows XP (KB896358)
/ Windows XP / SP3: Security Update for Windows XP (KB896422)
/ Windows XP / SP3: Security Update for Windows XP (KB896423)
/ Windows XP / SP3: Security Update for Windows XP (KB896424)
/ Windows XP / SP3: Security Update for Windows XP (KB896428)
/ Windows XP / SP3: Security Update for Windows XP (KB896688)
/ Windows XP / SP3: Update for Windows XP (KB896727)
/ Windows XP / SP3: Update for Windows XP (KB898461)
/ Windows XP / SP3: Security Update for Windows XP (KB899587)
/ Windows XP / SP3: Security Update for Windows XP (KB899588)
/ Windows XP / SP3: Security Update for Windows XP (KB899591)
/ Windows XP / SP3: Security Update for Windows XP (KB900725)
/ Windows XP / SP3: Update for Windows XP (KB900930)
/ Windows XP / SP3: Security Update for Windows XP (KB901017)
/ Windows XP / SP3: Security Update for Windows XP (KB901214)
/ Windows XP / SP3: Security Update for Windows XP (KB902400)
/ Windows XP / SP3: Security Update for Windows XP (KB904706)
/ Windows XP / SP3: Security Update for Windows XP (KB905414)
/ Windows XP / SP3: Security Update for Windows XP (KB905749)

 

[bitman]

That's it and they look OK, though I wanted the '--- System information ---' section after it too, just to be sure about the condition of Windows. You could post that if you wish, even add it to the post above using edit, I'll see it.

I have to head out to real life for awile, probably won't post again until late evening. I need to think about the best step to take next anyway. Feel free to try adding back the detections one at a time by checking the SBI filenames in File Sets one at a time in reverse (Security, then Revision, etc.) and running a scan. At some point it should freeze again.

If you'd rather wait til later, that's fine, but if you've got more time now then later the above should at least tell us what combination might be causing the freeze. Once it does freeze, try scanning only the last one checked with the Spybots.sbi checked also. Then we'll know if it's the combination of all the SBI files or just the two checked that's causing it.

Lot's of testing, so take it at whatever pace works for you, I'll get back as I'm able.

 

[Tex10]

That's it and they look OK, though I wanted the '--- System information ---' section after it too, just to be sure about the condition of Windows. You could post that if you wish, even add it to the post above using edit, I'll see it.

I have to head out to real life for awile, probably won't post again until late evening. I need to think about the best step to take next anyway. Feel free to try adding back the detections one at a time by checking the SBI filenames in File Sets one at a time in reverse (Security, then Revision, etc.) and running a scan. At some point it should freeze again.

If you'd rather wait til later, that's fine, but if you've got more time now then later the above should at least tell us what combination might be causing the freeze. Once it does freeze, try scanning only the last one checked with the Spybots.sbi checked also. Then we'll know if it's the combination of all the SBI files or just the two checked that's causing it.

Lot's of testing, so take it at whatever pace works for you, I'll get back as I'm able.

Hi bitman; Okay, I have used the "Edit" and included the "System Information" as requested. I will start adding the detections one at a time. I will have to do this later as well as I have to go shopping for food. Thanks again. I do appreciate it.....

 

[Tex10]

Hi bitman; This morning I started adding the File Sets back and running a scan with each. The Spybot program frooze the computer after adding "Hijackers.sbi" at "GoldenPlace.Casino". The definitions that were selected are:
"Trojans.sbi"
"Spybots.sbi"
"Security.sbi"
"Revision.cbi"
"PUPS.sbi"
"Malware.sbi"
"Keyloggers.sbi"
"Hijackers.sbi"
The only two left to check (select) were:
"Dialer.sbi"
"Cookies.sbi"
Hope this helps in determining the resolution to this matter...

 

[Tex10]

Hi bitman; This morning I started adding the File Sets back and running a scan with each. The Spybot program frooze the computer after adding "Hijackers.sbi" at "GoldenPlace.Casino". The definitions that were selected are:
"Trojans.sbi"
"Spybots.sbi"
"Security.sbi"
"Revision.cbi"
"PUPS.sbi"
"Malware.sbi"
"Keyloggers.sbi"
"Hijackers.sbi"
The only two left to check (select) were:
"Dialer.sbi"
"Cookies.sbi"
Hope this helps in determining the resolution to this matter...

Hi Bitman; it has been awhile since I posted the above and I have not heard from you. I understand that it has been over the holidays, but I would still like to solve this problem. Looking forward to your reply after you review this post. Thanks....