Spybot 1.5 released

[JDPower]

http://www.safer-networking.org/en/spybotsd15/index.html

[JAGO]

It feels... so much slower. Does anyone else think this?

[Forte Lambardi]

Seems the same to me.

 

I've been running 1.5 beta for some time now. I don't see a difference (other than the fact that I let TeaTimer do it's thing (before I didn't install it when I installed SBS&D.

[JDPower]

Well it was no slower (or faster) than the previous version on my system. Wasn't particularly impressed with it though, even found a couple of bugs in the tools section. The system internals (reg scanner) is now even less trustworthy than it used to be, listing an entry that was definitely not invalid. And the startup list showed 5 active entries that didn't actually exist in startup/msconfig. I reported it on the Spybot forum and the developer explained it away with this but I still think it shouln't be listing them:

 

if you're looking for malware, it's kind of important to know whether other users on the same machine got infected as well, or not. They're active the moment those users log on! (ok, in this case it's the template for new users and the LocalService and NetworkService accounts... but if you show them only on the account they're for, to see them, you would have to log in on that account, and then they WOULD be started before you had a chance to review them)

In this case, these accounts are accounts that Windows uses internally. S-1-5-20 should be the ID for the account "NetworkService", and S-1-5-18 is, if I'm not mistaken, the account "LocalService". If you open the Windows task manager, you will notice a few system applications are running under those accounts (you might have to add the "User Name" column to Task Managers display).

[Andavari]

The system internals (reg scanner) is now even less trustworthy than it used to be, listing an entry that was definitely not invalid.

It's been something I've avoided for years, and still continue to do so because of it stating something is invalid when it isn't.

 

I don't know what they did with the HOSTS file scanning "supposedly it was updated to alleviate some false positives," but it still gives me the exact same false positives as it did before. At least the scanning speed of the HOSTS file has vastly improved (probably because it's using my processors hyper-threading) because it was stupidly slow before in version 1.4.

 

One thing to look out for is after immunization is all the HOSTS files that will be created as .backup which will start eating up space if one uses a big HOSTS file.

 

And finally TeaTimer has been officially fixed, no need to use Resource Hacker on it anymore to fix it.

[Anthony A]

Well it sounds like 1.5 is not much better than 1.4. I rarely use 1.4 anymore so I will not bother updating to 1.5. I will wait for a major new release. My go to programs are AVG AS and SAS.

[Andavari]

Well it sounds like 1.5 is not much better than 1.4.

It's better than 1.4! They've fixed bugs and made enhancements while still retaining the GUI we're used to.

[Anthony A]

It's better than 1.4! They've fixed bugs and made enhancements while still retaining the GUI we're used to.

 

So I take it you consider it worth while to upgrade?

 

 

What about CCleaner cleaning S&D? I read this thread http://forum.piriform.com/index.php?showtopic=12075&hl= but I don't follow what they are getting at. Is there a change I have to make to the winapp.ini in CCleaner to get it to clean S&D 1.5?

[Andavari]

So I take it you consider it worth while to upgrade?

What about CCleaner cleaning S&D? I read this thread http://forum.piriform.com/index.php?showtopic=12075&hl= but I don't follow what they are getting at. Is there a change I have to make to the winapp.ini in CCleaner to get it to clean S&D 1.5?

Yeah it's worth upgrading.

 

That thread about CC not cleaning it only needs one entry changed in winapp.ini, it's what's highlighted in red in post #1 by Normandie.

[Anthony A]

Yeah it's worth upgrading.

 

That thread about CC not cleaning it only needs one entry changed in winapp.ini, it's what's highlighted in red in post #1 by Normandie.

Well I installed this on a relatives machine. Scanned with AVG AS, AVG AV, Ad-Aware. Other than some tracking cookies it was clean. Than ran S&D 1.5 and it detected some issues. I think they are false positives. There were several folders in C:/Windows/wt. There were also quite a few registry entires in there for it. These were all listed under a detected problem called Wild tangent. I'm not sure about these. Here is the report. The few tracking cookies found are no big deal but the rest I'm concerned about.

 

 

WildTangent: [sBI $2740DBFD] Settings (Registry value, nothing done)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Java VM\ClassPath=...;C:\Program Files\WildTangent\Apps\DRM0302Java.jar...

 

WildTangent: [sBI $3A3BDC07] Program directory (Directory, nothing done)

C:\WINDOWS\wt\

 

WildTangent: [sBI $5CF677A0] Class ID (Registry key, nothing done)

HKEY_CLASSES_ROOT\CLSID\{65E7DB1D-0101-4100-BD66-C5C78C917F93}

 

WildTangent: [sBI $98F61EF7] Interface (Registry key, nothing done)

HKEY_CLASSES_ROOT\Interface\{1FAD572E-1A3D-44D9-9C23-A87F922DA8C0}

 

WildTangent: [sBI $708F3A74] Interface (Registry key, nothing done)

HKEY_CLASSES_ROOT\Interface\{D8E9CCF6-8E64-4E39-95CE-C5333FCFBD1F}

 

WildTangent: [sBI $96E0810F] Type library (Registry key, nothing done)

HKEY_CLASSES_ROOT\TypeLib\{11066F62-0388-458C-B7E7-47E824894F20}

 

WildTangent: [sBI $6D7AAFCA] Type library (Registry key, nothing done)

HKEY_CLASSES_ROOT\TypeLib\{7946205B-FEF7-494F-A64B-3E992A780866}

 

WildTangent: [sBI $34D9CFFA] Root class (Registry key, nothing done)

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wtdmmpv.WTDMMPVersion

 

WildTangent: [sBI $34D9CFFA] Root class (Registry key, nothing done)

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wtdmmpv.WTDMMPVersion.1

 

WildTangent: [sBI $34D9CFFA] Class ID (Registry key, nothing done)

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65E7DB1D-0101-4100-BD66-C5C78C917F93}

 

WildTangent: [sBI $598B1C7C] Class ID (Registry key, nothing done)

HKEY_CLASSES_ROOT\CLSID\{3A7FE611-1994-4ef1-A09F-99456752289D}

 

WildTangent: [sBI $C18D3C81] Interface (Registry key, nothing done)

HKEY_CLASSES_ROOT\Interface\{1DE680D4-84B7-4239-A887-9482A29DBE14}

 

WildTangent: [sBI $3C05ACD0] Interface (Registry key, nothing done)

HKEY_CLASSES_ROOT\Interface\{25F53F41-0C37-40FA-AE9F-A260DB2D64CF}

 

WildTangent: [sBI $1896A912] Type library (Registry key, nothing done)

HKEY_CLASSES_ROOT\TypeLib\{4A165BD0-165F-474F-AF66-40CD5AC4613E}

 

WildTangent: [sBI $AA4B3C71] Root class (Registry key, nothing done)

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WildTangent.ActiveLauncher

 

WildTangent: [sBI $AA4B3C71] Root class (Registry key, nothing done)

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WildTangent.ActiveLauncher.2

 

WildTangent: [sBI $AA4B3C71] Class ID (Registry key, nothing done)

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3A7FE611-1994-4ef1-A09F-99456752289D}

 

WildTangent: [sBI $42B533B6] Root class (Registry key, nothing done)

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WildTangent.ActiveLauncher.1

 

WildTangent: [sBI $9922D208] Uninstall settings (Registry key, nothing done)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WildTangent CDA

 

WildTangent: [sBI $C1EB7028] Root class (Registry key, nothing done)

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Logger.LogSession

 

WildTangent: [sBI $C1EB7028] Root class (Registry key, nothing done)

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Logger.LogSession.1

 

WildTangent: [sBI $C1EB7028] Class ID (Registry key, nothing done)

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A62FA99E-922E-4ECA-A1D9-B54EF294A3CC}

 

WildTangent: [sBI $DFEDBBEE] Library (File, nothing done)

C:\WINDOWS\wt\webdriver.dll

 

WildTangent: [sBI $76830867] Program directory (Directory, nothing done)

C:\WINDOWS\wt\wtupdates\

 

WildTangent: [sBI $E30EC8B1] Program directory (Directory, nothing done)

C:\WINDOWS\wt\updater\

 

WildTangent: [sBI $7E3A8D37] Program directory (Directory, nothing done)

C:\WINDOWS\wt\webdriver\

 

StarWare: [sBI $5FC391BB] Settings (Registry key, nothing done)

HKEY_USERS\S-1-5-21-1807770034-1093948361-3653218535-1008\Software\Starware337

 

StarWare: [sBI $843330B5] Uninstall settings (Registry key, nothing done)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Starware337

 

SystemDoctor2006: [sBI $4CDCC3D5] Tracking cookie (Internet Explorer: HP_Administrator) (Cookie, nothing done)

 

 

SystemDoctor2006: [sBI $4CDCC3D5] Tracking cookie (Internet Explorer: HP_Administrator) (Cookie, nothing done)

 

 

MalwareAlarm: [sBI $4CDCC3D5] Tracking cookie (Internet Explorer: HP_Administrator) (Cookie, nothing done)

 

 

SystemDoctor2006: [sBI $4CDCC3D5] Tracking cookie (Internet Explorer: HP_Administrator) (Cookie, nothing done)

 

 

SystemDoctor2006: [sBI $4CDCC3D5] Tracking cookie (Internet Explorer: HP_Administrator) (Cookie, nothing done)

 

 

 

--- Spybot - Search & Destroy version: 1.5 (build: 20070830) ---

 

2007-08-31 blindman.exe (1.0.0.6)

2007-08-31 SDMain.exe (1.0.0.4)

2007-08-31 SDUpdate.exe (1.0.6.4)

2007-08-31 SDWinSec.exe (1.0.0.8)

2007-08-31 SpybotSD.exe (1.5.1.15)

2007-08-31 TeaTimer.exe (1.5.0.9)

2007-09-06 unins000.exe (51.46.0.0)

2007-08-31 Update.exe (1.4.0.5)

2007-08-31 advcheck.dll (1.5.3.0)

2007-04-02 aports.dll (2.1.0.0)

2007-04-02 DelZip179.dll (1.79.5.3)

2007-08-31 SDHelper.dll (1.5.0.8)

2007-08-31 Tools.dll (2.1.2.0)

2007-09-05 Includes\Cookies.sbi (*)

2007-07-25 Includes\Dialer.sbi (*)

2007-09-05 Includes\DialerC.sbi (*)

2007-08-29 Includes\Hijackers.sbi (*)

2007-09-05 Includes\HijackersC.sbi (*)

2007-07-25 Includes\Keyloggers.sbi (*)

2007-09-05 Includes\KeyloggersC.sbi (*)

2007-09-05 Includes\Malware.sbi (*)

2007-09-05 Includes\MalwareC.sbi (*)

2007-09-05 Includes\PUPS.sbi (*)

2007-09-05 Includes\PUPSC.sbi (*)

2007-09-05 Includes\Revision.sbi (*)

2007-05-30 Includes\Security.sbi (*)

2007-09-05 Includes\SecurityC.sbi (*)

2007-09-05 Includes\Spybots.sbi (*)

2007-09-05 Includes\SpybotsC.sbi (*)

2007-08-21 Includes\Tracks.uti

2007-09-05 Includes\Trojans.sbi (*)

2007-09-05 Includes\TrojansC.sbi (*)

2008-12-24 Plugins\TCPIPAddress.dll

[Anthony A]

Oops I double posted.

[JDPower]

Wild Tangent does tend to get picked up as spyware, its usually installed with some game (and if still installed should be listed in Add/Remove and removable from there). And starware is, AFAIA, spyware. So not false positives IMO.

[JDPower]

And a quick Google shows SystemDoctor and malware alarm to be malware also

 

Seems like an improvement if 1.5 is picking these up where 1.4 wasn't.

[Anthony A]

And a quick Google shows SystemDoctor and malware alarm to be malware also

 

Seems like an improvement if 1.5 is picking these up where 1.4 wasn't.

 

 

Yeah the tracking cookies are no big deal I deleted them.

[Anthony A]

Wild Tangent does tend to get picked up as spyware, its usually installed with some game (and if still installed should be listed in Add/Remove and removable from there). And starware is, AFAIA, spyware. So not false positives IMO.

So Wild tangent is a game? It's not my machine so I don't know exactly whats in there. I don't want to delete it if it's a game they are using? Starware I should just delete than?

 

Looks like S&D has got better detection ability than AVG AS. AVG AS missed that stuff completely.

[hazelnut]

Have a read here Anthony

 

http://www.pchell.com/support/wildtangent.shtml

[rridgely]

I haven't used spybot in a while but this is an ok update.

The updates are broken or something right now so I'm not going to bother trying to scan anything with it.(bad checksum error. I'll try again later)

[JDPower]

So Wild tangent is a game?

Its installed with some online games, one of these 'must download such and such to play this game'. Even if you remove it he/she will just be asked to reinstall it next time they try to play the game and given that they've already downloaded it once they'll probably just download it again anyway. All you can do is inform them its a bit dodgy then its up to them.

[Andavari]

WildTangent have been considered adware/spyware for many years now.

[Anthony A]

Have a read here Anthony

 

http://www.pchell.com/support/wildtangent.shtml

 

 

Great thanks for that.

[Anthony A]

WildTangent have been considered adware/spyware for many years now.

None of the other malware programs I used detected it on the machine. Surprised AVG AS missed it because it's usually very good.

[Andavari]

None of the other malware programs I used detected it on the machine. Surprised AVG AS missed it because it's usually very good.

It's probably what they consider the definition of adware/spyware is by classification, which goes back to the reason of using multiple programs for detection and never relying upon one.

[Anthony A]

Wild Tangent removed very easily. It was listed in Add/Remove Programs and I just uninstalled it with that. Than ran S&D 1.5 again and this time it was clean. So it looks like it uninstalled cleanly. Probably will run Hijack This and see whats there.

[BrownSugar]

One thing to look out for is after immunization is all the HOSTS files that will be created as .backup which will start eating up space if one uses a big HOSTS file.

 

And finally TeaTimer has been officially fixed, no need to use Resource Hacker on it anymore to fix it.

 

 

Can you please elaborate on the HOSTS file back up problem? My HOSTS file is 614kb, which is not that big, but obviously adds alot of strings to the registry.

 

As far as Teatimer goes, I used it for several months a while back, and thought it was a decent blocker, but sometimes it blocked legit strings.

It definitely protects the registry and recognizes a change immediately. Do you use it yourself, and if so, how does it interact with your other security programs?

[Andavari]

Can you please elaborate on the HOSTS file back up problem? My HOSTS file is 614kb, which is not that big, but obviously adds alot of strings to the registry.

 

As far as Teatimer goes, I used it for several months a while back, and thought it was a decent blocker, but sometimes it blocked legit strings.

It definitely protects the registry and recognizes a change immediately. Do you use it yourself, and if so, how does it interact with your other security programs?

The HOSTS file backup isn't a problem per say. I was just letting everyone know that uses the Immunization feature and has a large HOSTS file that Spybot-S&D will create a backup version of the HOSTS file each and everytime you run Immunization - over time those backup HOSTS files will start using up some hdd space.

 

I don't use TeaTimer or any other resident anti-spyware, sure I've dabbled a bit with TeaTimer but it just isn't for me. I just don't get infected with nasties so I see no use for any resident anti-spyware on my system unless of course if it were merged and combined within an anti-virus application. Plus I don't want to be bothered with that type of resident anti-spyware which constantly asks is this and that is alright to add into the registry because in my views it should be smart enough to know if it needs to block a nasty and only then notify me of it doing so.