Hiya Wiz,
I've been having this problem off and on for a while now with Spybot.
I'll run SB and go thru the "eliminate problems".
But [like just now] a flag pops up and basically says: CAN'T FIX; FILES STILL IN USE; COULD BE FIXED AFTER RE-START.
And - "Do you want SB to reactivate upon a reboot?" to clear out THE PROBLEM.
So I clicked YES.
So what happened was SB went thru, yet, another entire [long] complete scan, and still popped up the exact same 'problem'.
When I clicked on "fix problem", the same merry-go-round procedures popped up. ie - re-running SB didn't accomplish anything. A waste of time, really.
I still have these files that, I guess, are a
problem according to SB, but that they can't seem to fix.
The problems are:
HKEY_USERS\S-1-5-18\Software\new.net
HKEY_USERS\DEFAULT\Software\new.net
Thanks Wiz, if you can enlighten me here on the ins and outs of Spybot.
SPYBOT GLITCH, I think
Moderator: Wiz Feinberg
-
Chip Fossa
- Posts: 4366
- Joined: 17 Sep 1998 12:01 am
- Location: Monson, MA, USA (deceased)
-
Wiz Feinberg
- Posts: 6113
- Joined: 8 Jan 1999 1:01 am
- Location: Mid-Michigan, USA
Chip;
You have acquired a Winsock hijacker; New.net. I won't bore you with the details about New.net, but I can tell you that improper removal of this browser plug-in will break your ability to connect to the Internet. Are you using the current version of Spybot and have you updated ALL available detections?
If your Spybot is up to date and has not been able to remove New.net in normal mode try rebooting into Safe Mode and run the scan from there, rebooting back into safe mode if necessary to run a followup scan.
If that fails you have four options:
You have acquired a Winsock hijacker; New.net. I won't bore you with the details about New.net, but I can tell you that improper removal of this browser plug-in will break your ability to connect to the Internet. Are you using the current version of Spybot and have you updated ALL available detections?
If your Spybot is up to date and has not been able to remove New.net in normal mode try rebooting into Safe Mode and run the scan from there, rebooting back into safe mode if necessary to run a followup scan.
If that fails you have four options:
- Use System Restore to restore the system to a time before the infection occured
- Try to repair your TCP/IP stack using the Windows XP Networking Repair function for the Network Connection you use to connect to the 'Net. If that fails you might have to remove networking completely and have XP re-detect your network adapter and reinstall networking components.
- Get more spyware repair tools, like Windows Defender and see if it/they can fix the problem and restore the original TCP stack.
- Download a specialized tool to repair the XP Winsock (Google for "fix+xp+winsock" or fix+new+net" )
-
Chip Fossa
- Posts: 4366
- Joined: 17 Sep 1998 12:01 am
- Location: Monson, MA, USA (deceased)
Thanks Wiz.
I was running SB 1.3, and now have updated to the current SB 1.4.
It not only took care of that 'news' bug, but came up with 37 other problems. All were fixed by SB v1.4.
You had me frightened there about the consequences of that 'news' bug, and I am now much relieved.
You da bess, Wiz. Once again, a huge thank you.
I was running SB 1.3, and now have updated to the current SB 1.4.
It not only took care of that 'news' bug, but came up with 37 other problems. All were fixed by SB v1.4.
You had me frightened there about the consequences of that 'news' bug, and I am now much relieved.
You da bess, Wiz. Once again, a huge thank you.
-
erik
- Posts: 2018
- Joined: 7 Mar 2000 1:01 am
-
Jack Stoner
- Posts: 22147
- Joined: 3 Dec 1999 1:01 am
- Location: Kansas City, MO
Spybot, earlier versions, has had a problem with identifying "real" system files as spyware. I haven't run into any lately but in some earlier versions it was targeting a needed SoundBlaster file as spyware and if deleted the sound would not work. Same way with an HP printer file.
I haven't had this type of problem with AdAware.
I haven't had this type of problem with AdAware.
-
Wiz Feinberg
- Posts: 6113
- Joined: 8 Jan 1999 1:01 am
- Location: Mid-Michigan, USA
Chip;
I happy to have been able to help solve your new.net (and other previously unknown spyware) problem.
This is a good time to remind everybody to make sure that all of your protective programs are up-to-date, latest versions, with the most current detection definitions. Most freeware anti-spyware programs require manual updating for both the definitions and any program upgrades. Some allow you to upgrade over the previous version while others require that you uninstall the previous version prior to installing the new one. In the case of SpywareBlaster you are also urged to remove all protection ("Disable") before uninstalling the old version. This is to clear out old or invalid protections.
I try to Post announcements whenever the main freeware anti-spyware /adware programs are updated on my security blog. I also discuss emerging virus and spyware threats and reveal their methods of infection and detection. I sometimes have Posts concerning new variants of "Rogue" anti-spyware programs. These are programs that popup system-like messages containing false alerts about infections that can be removed by purchasing the program listed on the popup notice. I call these sleazeware programs. My blog has links to the major anti-spyware tool websites and removal help forums.
------------------
Bob "Wiz" Feinberg
Moderator of the SGF Computers Forum
<small>Visit my Wiztunes Steel Guitar website at: http://www.wiztunes.com/
or my computer troubleshooting website: Wizcrafts Computer Services,
or my Webmaster Services webpage.
Learn about current computer virus and security threats here.
Read Wiz's Blog for security news and update notices</small>
I happy to have been able to help solve your new.net (and other previously unknown spyware) problem.
This is a good time to remind everybody to make sure that all of your protective programs are up-to-date, latest versions, with the most current detection definitions. Most freeware anti-spyware programs require manual updating for both the definitions and any program upgrades. Some allow you to upgrade over the previous version while others require that you uninstall the previous version prior to installing the new one. In the case of SpywareBlaster you are also urged to remove all protection ("Disable") before uninstalling the old version. This is to clear out old or invalid protections.
I try to Post announcements whenever the main freeware anti-spyware /adware programs are updated on my security blog. I also discuss emerging virus and spyware threats and reveal their methods of infection and detection. I sometimes have Posts concerning new variants of "Rogue" anti-spyware programs. These are programs that popup system-like messages containing false alerts about infections that can be removed by purchasing the program listed on the popup notice. I call these sleazeware programs. My blog has links to the major anti-spyware tool websites and removal help forums.
------------------
Bob "Wiz" Feinberg
Moderator of the SGF Computers Forum
<small>Visit my Wiztunes Steel Guitar website at: http://www.wiztunes.com/
or my computer troubleshooting website: Wizcrafts Computer Services,
or my Webmaster Services webpage.
Learn about current computer virus and security threats here.
Read Wiz's Blog for security news and update notices</small>
-
Jon Light (deceased)
- Posts: 14336
- Joined: 4 Aug 1998 11:00 pm
- Location: Saugerties, NY
Hey Bob Wiz---quick question:
I've got AdAware, SpybotS&D, SpywareBlaster and SpywareGuard. I keep all of them up to date but SpywareGuard has not had an update available since 1/2004. It always tells me "No updates available. You have the latest definitions." Which makes me think that this is an obsolete program. Any insight on this?
I've got AdAware, SpybotS&D, SpywareBlaster and SpywareGuard. I keep all of them up to date but SpywareGuard has not had an update available since 1/2004. It always tells me "No updates available. You have the latest definitions." Which makes me think that this is an obsolete program. Any insight on this?
-
Wiz Feinberg
- Posts: 6113
- Joined: 8 Jan 1999 1:01 am
- Location: Mid-Michigan, USA
Jon;
SpywareGuard is no longer being updated, but it uses hueristic detection to identify potential browser hijackers. It offers very limited benefits considering that Windows Defender and Spybot S&D both have modules that watch out for browser and system changes and halt them, or popup a challenge to allow or deny the action. I stopped using it in early 2005. If you are not using Defender you can turn on the TeaTimer in Spybot S&D, to monitor system change attempts.
If you don't have any other program that monitors browser home page and search page changes, then use SpywareGuard as a layer of defense. It is 2 1/2 years behind the developments in the spyware business and won't stop many current threats.
------------------
Bob "Wiz" Feinberg
Moderator of the SGF Computers Forum
<small>Visit my Wiztunes Steel Guitar website at: http://www.wiztunes.com/
or my computer troubleshooting website: Wizcrafts Computer Services,
or my Webmaster Services webpage.
Learn about current computer virus and security threats here.
Read Wiz's Blog for security news and update notices</small>
<font size="1" color="#8e236b"><p align="center">[This message was edited by Wiz Feinberg on 21 May 2006 at 01:29 PM.]</p></FONT>
SpywareGuard is no longer being updated, but it uses hueristic detection to identify potential browser hijackers. It offers very limited benefits considering that Windows Defender and Spybot S&D both have modules that watch out for browser and system changes and halt them, or popup a challenge to allow or deny the action. I stopped using it in early 2005. If you are not using Defender you can turn on the TeaTimer in Spybot S&D, to monitor system change attempts.
If you don't have any other program that monitors browser home page and search page changes, then use SpywareGuard as a layer of defense. It is 2 1/2 years behind the developments in the spyware business and won't stop many current threats.
------------------
Bob "Wiz" Feinberg
Moderator of the SGF Computers Forum
<small>Visit my Wiztunes Steel Guitar website at: http://www.wiztunes.com/
or my computer troubleshooting website: Wizcrafts Computer Services,
or my Webmaster Services webpage.
Learn about current computer virus and security threats here.
Read Wiz's Blog for security news and update notices</small>
<font size="1" color="#8e236b"><p align="center">[This message was edited by Wiz Feinberg on 21 May 2006 at 01:29 PM.]</p></FONT>
-
Jon Light (deceased)
- Posts: 14336
- Joined: 4 Aug 1998 11:00 pm
- Location: Saugerties, NY
Thanks. I've got Teatimer running. So I guess I'll just ditch SG then. I'm surprised because a while ago I uninstalled it and downloaded it again, thinking that maybe that would get me access to a newer version or newer updates. Can't see why they left it up there to download if it was a dead horse. But no harm done and I'm surely not going to whine about freeware. I appreciate the people who make these things available.
-
Wiz Feinberg
- Posts: 6113
- Joined: 8 Jan 1999 1:01 am
- Location: Mid-Michigan, USA
-
Chip Fossa
- Posts: 4366
- Joined: 17 Sep 1998 12:01 am
- Location: Monson, MA, USA (deceased)
Wiz,
Could you point where to go in SpyBlaster to "disable all protection" before installing a new version.
I also noticed TEATIMER when I re-ran SpyBot with the new 1.4 version, but didn't pay attention to it. How do you find it in SB? I searched the index and looked around, but can't seem to get there.
Also, why do you need to monitor system change attempts, if SB would isolate that anyway, and shouldn't your anti-virus program pick that up? Maybe it's not a real virus? A bit confused, here.
Hope this is still on topic.
<font size="1" color="#8e236b"><p align="center">[This message was edited by CHIP FOSSA on 22 May 2006 at 08:55 AM.]</p></FONT>
Could you point where to go in SpyBlaster to "disable all protection" before installing a new version.
I also noticed TEATIMER when I re-ran SpyBot with the new 1.4 version, but didn't pay attention to it. How do you find it in SB? I searched the index and looked around, but can't seem to get there.
Also, why do you need to monitor system change attempts, if SB would isolate that anyway, and shouldn't your anti-virus program pick that up? Maybe it's not a real virus? A bit confused, here.
Hope this is still on topic.
<font size="1" color="#8e236b"><p align="center">[This message was edited by CHIP FOSSA on 22 May 2006 at 08:55 AM.]</p></FONT>
-
Jon Light (deceased)
- Posts: 14336
- Joined: 4 Aug 1998 11:00 pm
- Location: Saugerties, NY
Let's see if I get this right----
in Spybot S&D:
click "Mode"
---select "advanced mode" and say 'yes" when asked.
click "tools
double click "resident"
check "tea timer"
If it is already checked off then you opted for it during your installation.
The rest of your last post I won't touch. No idea.
And Wiz--I'll just leave SG be. No harm.
Thanks.
in Spybot S&D:
click "Mode"
---select "advanced mode" and say 'yes" when asked.
click "tools
double click "resident"
check "tea timer"
If it is already checked off then you opted for it during your installation.
The rest of your last post I won't touch. No idea.
And Wiz--I'll just leave SG be. No harm.
Thanks.
-
Wiz Feinberg
- Posts: 6113
- Joined: 8 Jan 1999 1:01 am
- Location: Mid-Michigan, USA
Chip asked: <BLOCKQUOTE><font size="1" face="Verdana, Arial, Helvetica">quote:</font><HR><SMALL>
Wiz,
Could you point where to go in SpyBlaster to "disable all protection" before installing a new version.
Also, why do you need to monitor system change attempts, if SB would isolate that anyway, and shouldn't your anti-virus program pick that up? Maybe it's not a real virus? A bit confused, here.
</SMALL><HR></BLOCKQUOTE>
Chipper
To disable all protection in SpywareBlaster open the application and look at the bottom links on the "Status page," under "Quick Tasks." There is a link labeled "Disable All Protection." Click it to remove all protection, then click the X in the top right to close SpywareBlaster, then uninstall it, then install the new version.
The Spybot Teatimer will indeed notice attempts to change the IE homepage and will block the process unless you specifically tell it to allow the change.
Anti-virus programs are programmed to look for file signatures that match known viruses. What we are dealing with here is not viruses but spyware. They are apples and oranges, sometimes overlapping, but mostly different camps. Don't expect your anti virus program to watch out for browser homepage changes, or search engine hijacking.
Browser hijackers are designed to present victims with a new homepage that is crafted to generate revenue from people visiting it willingly or otherwise. It will contain PPV ads that generate commissions per view, as well as PPC ads that pay when you click on them. Some of the homepage hijackers lead to search pages, others to porn websites, others to phishing scam websites.
Search hijacks replace the default addressbar search function with their own search engine results, from which the sleazebags get paid commissions for every visitor they deliver.
As regards how to activate the Teatimer, Jon Light answered that correctly.
------------------
Bob "Wiz" Feinberg
Moderator of the SGF Computers Forum
<small>Visit my Wiztunes Steel Guitar website at: http://www.wiztunes.com/
or my computer troubleshooting website: Wizcrafts Computer Services,
or my Webmaster Services webpage.
Learn about current computer virus and security threats here.
Read Wiz's Blog for security news and update notices</small><font size="1" color="#8e236b"><p align="center">[This message was edited by Wiz Feinberg on 22 May 2006 at 02:21 PM.]</p></FONT>
Wiz,
Could you point where to go in SpyBlaster to "disable all protection" before installing a new version.
Also, why do you need to monitor system change attempts, if SB would isolate that anyway, and shouldn't your anti-virus program pick that up? Maybe it's not a real virus? A bit confused, here.
</SMALL><HR></BLOCKQUOTE>
Chipper
To disable all protection in SpywareBlaster open the application and look at the bottom links on the "Status page," under "Quick Tasks." There is a link labeled "Disable All Protection." Click it to remove all protection, then click the X in the top right to close SpywareBlaster, then uninstall it, then install the new version.
The Spybot Teatimer will indeed notice attempts to change the IE homepage and will block the process unless you specifically tell it to allow the change.
Anti-virus programs are programmed to look for file signatures that match known viruses. What we are dealing with here is not viruses but spyware. They are apples and oranges, sometimes overlapping, but mostly different camps. Don't expect your anti virus program to watch out for browser homepage changes, or search engine hijacking.
Browser hijackers are designed to present victims with a new homepage that is crafted to generate revenue from people visiting it willingly or otherwise. It will contain PPV ads that generate commissions per view, as well as PPC ads that pay when you click on them. Some of the homepage hijackers lead to search pages, others to porn websites, others to phishing scam websites.
Search hijacks replace the default addressbar search function with their own search engine results, from which the sleazebags get paid commissions for every visitor they deliver.
As regards how to activate the Teatimer, Jon Light answered that correctly.
------------------
Bob "Wiz" Feinberg
Moderator of the SGF Computers Forum
<small>Visit my Wiztunes Steel Guitar website at: http://www.wiztunes.com/
or my computer troubleshooting website: Wizcrafts Computer Services,
or my Webmaster Services webpage.
Learn about current computer virus and security threats here.
Read Wiz's Blog for security news and update notices</small><font size="1" color="#8e236b"><p align="center">[This message was edited by Wiz Feinberg on 22 May 2006 at 02:21 PM.]</p></FONT>
-
Chip Fossa
- Posts: 4366
- Joined: 17 Sep 1998 12:01 am
- Location: Monson, MA, USA (deceased)