Hey, you! If you use Spybot Search and Destroy to protect your computer against spyware, it is time to run your manual updates. New definitions and false positive fixes are usually released every Wednesday. Today's updates were released on schedule and are listed below.
In case you are new to Spybot S&D, there are two ways to update the program and malware definitions. The preferred method (For Windows PCs) is to go to Start > (All) Programs > Spybot - Search & Destroy > Update Spybot - S&D. The independent update box will open. Leave the default options as is, unless you need all languages or want beta definitions, and click on "Search." Another box will open with "mirror" locations around the world where you can download updates. Select a location nearest to you from the list and click on "Continue." Make sure all updates are checked, then click on "Download." If all definitions are verified as being correct the check marks will disappear from the check boxes and be replaced with green arrow graphics. However, sometimes one or more mirror locations have not updated all of the definitions and you will get a red X for those definitions. Click on Go Back, select a different mirror, and try again. I have consistent success using Giganet or the Safer-Networking servers.
When all updates have succeeded, click on "Exit." With the program updated it is time to open the main program interface, using either the Start Menu link, or a desktop icon, to launch Spybot Search and Destroy. The next item to take care of is to apply Immunization. Click on the Immunize button in the left sidebar, select everything you want, or uncheck things like cookies, or Hosts, or Domains, as you see fit, then click on Immunize button over the right panel, that has a green cross. After immunizing against unwanted items you should click on the Search &Destroy icon, on the left, then click "Check for problems," on the right side.
It will take several minutes, or longer to scan all your files for known threats, and possible threats, using heuristics, unless you disable heuristics in the program's main Advanced Mode > Settings. When the scan completes anything listed in the definition databases will be listed in the results window, with check boxes in front of each main item group. If you find the program has listed some cookies or other programs you use and trust, uncheck them, click on the item name and the right click and select "Exclude this product from further searches." Finally, click on "Fix (selected) Problems."
Spybot Search and Destroy 1.6.2 was released on January 26, 2009. This is probably going to be the last "maintenance release" before version 2.0 is released. It scans for threats about 4 times faster than previous versions and has an redesigned spyware removal engine. Upgrade now to Spybot S&D 1.6.2. The newest Virtumonde and Zlob threats require the anti malware engine in Spybot 1.6+ to effectively remove them.
Additions made on February 25, 2009:
Malware (Includes rogue or fake anti-virus and anti-spyware programs and fake registry cleaners and fake security alerts, plus other nasty programs)
PUPS (Possibly UnPopular Software or Potentially Unwanted Program)
Trojans (Trojans come to you disguised as something useful, or as a missing codec required to view a spammed video, but, like the Trojan Horse of antiquity, they hold dangerous contents that cause great harm! Many of these Trojans are Botnet infections, backdoors and Rootkits.)
Total: 1406313 fingerprints in 444173 rules for 4561 products.
False positive detections reported or fixed this week:
Confirmed false positive detection of "Brontok.Ab" in a user's desktop ini file. This was fixed with today's updates.
A confirmed wrong detection of Virtumonde detected in C:\windows\system32\zipfdr.dll is due to users having older versions of Spybot S&D. Please upgrade to the current version, 1.6.2, download the newest definitions and F/F updates, then scan your system. These false positives should be gone (unless you really are infected!).
Oh boy! Here we go; get on your hard hats!
Spybot S&D is now flagging installations of McAfee and Trend Micro security software as "PUPs, or Potentially Unwanted Programs (see this forum thread). This was done in retaliation against those companies for requiring their customers to uninstall Spybot while installing their products. Team Spybot has tested its program with both of these security suites, and others, and finds no evidence of any incompatibilities or struggles between them.
If you have purchased McAfee or Trend Micro security suites (which are very good products) and they ask you to uninstall Spybot, or do so without your option to refuse, simply reinstall Spybot afterward. But, I recommend not activating the Tea Timer module in Spybot S&D, as this will cause a struggle over which program monitors the system for realtime changes.
Read my extended comments for more details about using Spybot S&D and for program development announcements.
If you arrived here by searching for the name of some malware that may be on your computer and you are not currently using Spybot Search and Destroy, you can download the latest version from the Spybot Search and Destroy Multi-Lingual Landing Page. Choose your language, then use the link in the left sidebar to go to the downloads page. Download the program from your closest mirror server, install it, update it (Updates button), then follow the instructions below to detect and remove any malware that is on your PC. If Spybot is unable to remove an active threat it will ask for permission to run before Windows starts during the next reboot. Spybot will then run a complete scan before your Windows desktop loads, removing malware that has not yet loaded into memory.
If you see a program listed in the new detections, by its name, you should assume that is is malware (with the possible exception of the PUP group, which is up to user discretion). All of the programs listed with a single + sign are updated detections, while a double ++ in front of it's name indicates a brand new detection. A number in parenthesis, following a malware name, indicates the number of variants included in that detection. These programs are dangerous to your computer, and/or personal security or privacy.
The domain "Spywareinfo.com" and TrafficZ was recently added to the HOSTS file updates (for redirection to 127.0.0.1), because the domain name expired and was purchased by spammers or malware distributers, in December 2008. It is now advertising a fake Spybot Search & Destroy, fake security scans and various malware downloads. The new Spywareinfo malware removal forum is located at: http://www.spywareinfoforum.com/
Note for Firefox users who saved links to the old spywareinfo website:
It has recently (Feb/09) been reported that in some versions of Spybot S&D, on some operating systems, if you have a link to the old spywareinfo website, now owned by purveyors of fake anti spyware products and scanners, "fixing" it will erase your entire Bookmarks.html file. This is being looked into right now and hopefully will be fixed real soon. In the meantime, if you use Firefox as your browser (which stores Favorite places as "Bookmarks") and after running a scan Spybot lists an infected bookmark with Spywareinfo as the culprit, uncheck that entry before fixing any other problems. You can manually edit your Firefox Bookmarks to remove the link to that website, or any similar compromised website.
Malware Removal Guides
The good folks at Spybot S&D have started a new segment of their official forums, titled "Malware Removal Guides." Each week they intend to write a short self-help article to help you remove various common malware threats manually, or in conjunction with Spybot S&D. This should prove to be a very useful addition to the Spybot forums.
If you are still using Spybot S&D 1.3, or 1.4, update support is about to end and your computer will be at greater risk because of having out-dated definitions. Furthermore, older versions of Spybot are known to report lots of false positives, due to the advanced heuristic rules now found in the newer definition files.
If you are using any version older than 1.6 please upgrade to the current version of Spybot S&D, which is now 1.6.2, as soon as possible. New definitions for malware like the Virtumonde family of Trojans need the newer processing technologies introduced in version 1.6.0. Also, the number of malware definitions has more than doubled between July and December, 2008.
Work is progressing at a steady pace on Spybot S&D version 2.0, thanks to an army of volunteer beta testers. The upcoming version will be modularized, with separate executables carrying out different detection and immunization tasks now performed by the main program file. This is expected to speed up the scanning times, which is becoming more strenuous with the rapid increase in the number of detections being developed by Team Spybot.
To benefit from these improvements, I recommend that you update to Spybot Search & Destroy 1.6.2, which is available through the update function integrated into the application as well as from the Spybot S&D download page. When version 2.0 is finally released you should follow the to-be-posted instructions and upgrade to that version.
If your computer gets stuck in a logon/logoff loop, after updating and scanning with the older versions of Spybot, visit this forum page for a solution, from Team Spybot.
Of continued concern to people who operate as Limited or Power Users for their daily browsing and email, Spybot Search and Destroy is still corrupting your less privileged accounts after you update it, immunize and scan from an Administrator level account. If, after doing these things, you log off the Administrator account and try to log into your Limited/Power User account, it may be corrupted and a generic desktop and start menu may appear. Don't panic! Your account and desktop can be restored by simply rebooting the computer. When you login after the reboot your previous settings will reappear. I don't know why this happens, but, stuff happens! It may be related to the relatively new rootkit detection added last year.
If you want to get direct assistance from Team Spybot, or their talented volunteers, visit the Spybot support forums, sign up for a user account and post your request for assistance. Be sure to read the rules before posting a question or reply.
If your computer is infected and you need help removing the threats, go to the Malware Removal Forums, at Safer Networking/Spybot.info. Again, read the rules before posting your request or logs! Do NOT inject your problem into somebody else's thread! Start a new topic.
Some people are confused by detections of Wild Tangent on their computers. Wild Tangent is detected as a PUP, meaning Potentially Unwanted Program, because it does send home some identifiable information about you and your computer. It ships with various games and screen savers and is a means of funding those programs. If you knowingly installed Wild Tangent and aren't worried about it, and don't wish to have Spybot repeatedly display it in scan results, do the following: Right click the WildTangent Product in the Scan result and select to "Ignore the product from further searches."
If Spybot flags a file on your computer that you believe is a false positive detection, use caution and check with the Spybot False Positives Forum before allowing it to be deleted. You can submit a report to the Spybot False Positives forum, after signing up for an account and reading about how to report false positives before submitting your report and request for analysis.
Get Norton 360 Version 6.0 - All-In-One Security.
Comprehensive, easy to use, all around protection for your computer, your browsers, your identity and your files! Read about the key features of Norton 360 Version 6.0.
back to top ^