Hello C.S.J. Since you are the resident Dr.Web expert, I have a question for you. I finally decided to give Dr.Web a try. I installed the 30 day trial version today. I checked out the SpIDer Guard at Eicar.com. When I clicked on the eicar.com test, the SpIDer Guard box opens with options. I chose Delete. When I clicked on eicarcom.zip and eicarcom2.zip, the SpIDer Guard box opens, but there is no Delete option. I chose Move. Where does SpIDer Guard move these two files to? Should I have chose the option Ignore?


EDIT.........Never mind. I figured it out. :) They were moved to the C>Programs>Dr.Web>Infected. I wish I would have found that before I posted. :)

lol yep, they go to the quarentine folder.

i aint no expert, just a faithfull user ;)

you could have just sent me a PM anyway.

{QUOTE-> lol yep, they go to the quarentine folder.

i aint no expert, just a faithfull user ;)

you could have just sent me a PM anyway. <-QUOTE}


Thanks C.S.J. You just might get a PM from me in the future. ;) :) Seems to be a very nice AV software so far. It's a little hard to get used to the multiple icons in the task bar though. :)

you can remove them, you dont even have to have any icon if you dont want.

to remove the schedular one, right click it and untick the 'show icon in tray'
to remove the spidermail one, right click it > LOG > untick 'enable tray icon'

to remove the spiderguard one, right click it, control (vista anyway) > OPTIONS > untick 'show spiderguard icon in system tray'

{QUOTE-> you can remove them, you dont even have to have any icon if you dont want.

to remove the schedular one, right click it and untick the 'show icon in tray'
to remove the spidermail one, right click it > LOG > untick 'enable tray icon'

to remove the spiderguard one, right click it, control (vista anyway) > OPTIONS > untick 'show spiderguard icon in system tray' <-QUOTE}


Thanks again. I removed the scheduler one only for now. I like the little spider icons, so I'm going to keep them. I like that I can hover my mouse over them and get instant information on what was scanned.

ok no problem, its your choice which you wish to keep, was just letting you know that you CAN remove them all if you like, i just keep the main spider one ;)

good luck with your trialing

Graystoke............a resident DrWeb expert would be someone like Technodrome (http://www.wilderssecurity.com/member.php?u=732). :)

{QUOTE-> When I clicked on eicarcom.zip and eicarcom2.zip, the SpIDer Guard box opens, but there is no Delete option. I chose Move. Where does SpIDer Guard move these two files to? Should I have chose the option Ignore?
<-QUOTE}

You can edit drweb.ini (found in ‘C:\Program Files\DrWeb” directory) file to delete archived files.

Change:
EnableDeleteArchiveAction = No
To:
EnableDeleteArchiveAction = Yes

;)


tD

{QUOTE-> Graystoke............a resident DrWeb expert would be someone like Technodrome (http://www.wilderssecurity.com/member.php?u=732). :) <-QUOTE}

Nah, Don. I only play (occasionally) with DrWeb…..:) ;)



tD

{QUOTE-> Graystoke............a resident DrWeb expert would be someone like Technodrome (http://www.wilderssecurity.com/member.php?u=732). :) <-QUOTE}


Thanks Don. No offense meant towards Technodrome. It's just that I see C.S.J. post here about Dr.Web a lot. I figured he was the guy. :)


{QUOTE-> You can edit drweb.ini (found in ‘C:\Program Files\DrWeb” directory) file to delete archived files.

Change:
EnableDeleteArchiveAction = No
To:
EnableDeleteArchiveAction = Yes <-QUOTE}


Hello Technodrome. I went to C:\Program Files\DrWeb. I couldn't find the drweb.ini file.

Uh oh. I just checked the DrWebUpW log, and it doesn't look good. Not one update was perform successfully since Dr.Web was installed. All I see is a bunch of "Not Installed, Skipped", and "The server name or address could not be resolved". "Disconnected". I tried running the updates manually, that didn't work either.


EDIT........Looks like I screwed up again. I checked the DrWebScd log. Seems like all updates have been performed at scheduled time.

Finding it hard to get used to Dr.Web. Time for some sleep.

{QUOTE-> I went to C:\Program Files\DrWeb. I couldn't find the drweb.ini file. <-QUOTE}
Try and look for drweb32.ini ;)

i think its hidden go to folder options and click on show hidden folders and files and click ok.
lodore

{QUOTE-> Uh oh. I just checked the DrWebUpW log, and it doesn't look good. Not one update was perform successfully since Dr.Web was installed. All I see is a bunch of "Not Installed, Skipped", and "The server name or address could not be resolved". "Disconnected". I tried running the updates manually, that didn't work either.


EDIT........Looks like I screwed up again. I checked the DrWebScd log. Seems like all updates have been performed at scheduled time.

Finding it hard to get used to Dr.Web. Time for some sleep. <-QUOTE}

Just go to this site and you can see if their Virus records records match yours: http://live.drweb.com/queued.html...8)

{QUOTE-> i think its hidden go to folder options and click on show hidden folders and files and click ok.
lodore <-QUOTE}
You should be able to see the drweb32.ini file without selecting "show hidden files and folders".

{QUOTE-> You should be able to see the drweb32.ini file without selecting "show hidden files and folders". <-QUOTE}
Yes, drweb32.ini is not a hidden file. It is located in the installation folder of Dr.Web, and is actually quite easy to find.

I don't know what to tell you. I don't see any drweb.ini, or drweb32.ini file. I have "show hidden files" enabled. I don't even see the drweb32.key file. The only one I see is the drweb32w.exe file. I don't drweb.ini or drweb32.ini is not there.???

its the highlighted one.

http://img89.imageshack.us/img89/829/untitledzt8.th.jpg (http://img89.imageshack.us/my.php?image=untitledzt8.jpg)

Try doing a search for drweb32.ini, that should find it in its location...:)

Ok, I finally found it. :P Now after all of that, following Technodrome's instructions of changing EnableDeleteArchiveAction from NO to Yes didn't change anything. The delete option in the pop up warning for eicarcom.zip is still grayed out. But that is no big deal. I can live with it the way it is.

{QUOTE-> Ok, I finally found it. :P Now after all of that, following Technodrome's instructions of changing EnableDeleteArchiveAction from NO to Yes didn't change anything. The delete option in the pop up warning for eicarcom.zip is still grayed out. But that is no big deal. I can live with it the way it is. <-QUOTE}

Did you save it before you hit close ?
When you open DrWeb32.ini file make sure you edit changes in [SpIDerGuardNT] section. Something like this:

[SpIDerGuardNT]
DisableEnhancedProtection = Yes
LngFileName = ""
FilesTypes = EXE,COM,DLL,SYS,VXD,OV?,BAT,BIN,DRV,PRG,BOO,SCR,CMD,386,FON,DO?
FilesTypes = XL?,WIZ,RTF,CL*,HT*,VB*,JS*,INF,PP?,OBJ,LIB,PIF,HLP,MD?,INI,MBR
FilesTypes = IMG,CSC,CPL,MBP,SH,SHB,SHS,SHT*,CHM,REG,XML,PRC,ASP,LSP,MSO,OBD
FilesTypes = THE*,NWS,SWF,MPP,OCX,VS*,DVB,CPY,BMP,AR?,ZIP,R??,GZ,Z,TGZ,TAR,TAZ
FilesTypes = CAB,LHA,LZH,BZ2,MSG,EML,TBB
UserMasks = "*.EXE","*.COM","*.DLL","*.SYS","*.VXD","*.OV?","*.BAT","*.BIN"
UserMasks = "*.DRV","*.PRG","*.BOO","*.SCR","*.CMD","*.386","*.FON","*.DO?"
UserMasks = "*.XL?","*.WIZ","*.RTF","*.CL*","*.HT*","*.VB*","*.JS*","*.INF"
UserMasks = "*.PP?","*.OBJ","*.LIB","*.PIF","*.HLP","*.MD?","*.INI","*.MBR"
UserMasks = "*.IMG","*.CSC","*.CPL","*.MBP","*.SH","*.SHB","*.SHS","*.SHT*"
UserMasks = "*.CHM","*.REG","*.XML","*.PRC","*.ASP","*.LSP","*.MSO","*.OBD"
UserMasks = "*.THE*","*.NWS","*.SWF","*.MPP","*.OCX","*.VS*","*.DVB","*.CPY"
UserMasks = "*.BMP","*.AR?","*.ZIP","*.R??","*.GZ","*.Z","*.TGZ","*.TAR"
UserMasks = "*.TAZ","*.CAB","*.LHA","*.LZH","*.BZ2","*.MSG","*.EML","*.TBB"
ScanFiles = ByFormat
HeuristicAnalysis = Yes
CheckPackedFiles = No
CheckArchives = No
CheckEMailFiles = No
InfectedFiles = Report
SuspiciousFiles = Report
IncurableFiles = Report
ActionAdware = Report
ActionDialers = Report
ActionJokes = Ignore
ActionRiskware = Ignore
ActionHacktools = Ignore
ActionInfectedArchive = Report
ActionInfectedMail = Report
ActionInfectedContainer = Report
ActionIfRenameFailed = Delete
ActionIfMoveFailed = Rename
ActionIfDeleteFailed = Lock
ActionIfReportFailed = Lock
RenameFilesTo = #??
MoveFilesTo = "infected.!!!"
ExcludePaths =
ExcludeFiles =
VirusBase = "*.vdb"
LogToFile = Yes
OverwriteLog = No
LogScanned = No
LogPacked = Yes
LogArchived = Yes
LogFormat = ANSI
TestMemory = Yes
TestStartup = Yes
PromptOnAction = Yes
PlaySounds = Yes
UseDiskForSwap = Yes
LimitLog = Yes
MaxLogSize = 512
RestoreAccessDate = No
UpdateFlags = "drwtoday.vdb"
UpdatePeriod = 1m
GuardMode = Smart
ScanBootOnShutDown = Yes
LogStatistics = Yes
Acknowledge = Yes
AllowWildcards = No
AllowRelativeFileNames = No
EnableDeleteArchiveAction = Yes
DisableHotReconfigure = No



tD

{QUOTE-> Did you save it before you hit close ?
When you open DrWeb32.ini file make sure you edit changes in [SpIDerGuardNT] section. Something like this:

[SpIDerGuardNT]
DisableEnhancedProtection = Yes
LngFileName = ""
FilesTypes = EXE,COM,DLL,SYS,VXD,OV?,BAT,BIN,DRV,PRG,BOO,SCR,CMD,386,FON,DO?
FilesTypes = XL?,WIZ,RTF,CL*,HT*,VB*,JS*,INF,PP?,OBJ,LIB,PIF,HLP,MD?,INI,MBR
FilesTypes = IMG,CSC,CPL,MBP,SH,SHB,SHS,SHT*,CHM,REG,XML,PRC,ASP,LSP,MSO,OBD
FilesTypes = THE*,NWS,SWF,MPP,OCX,VS*,DVB,CPY,BMP,AR?,ZIP,R??,GZ,Z,TGZ,TAR,TAZ
FilesTypes = CAB,LHA,LZH,BZ2,MSG,EML,TBB
UserMasks = "*.EXE","*.COM","*.DLL","*.SYS","*.VXD","*.OV?","*.BAT","*.BIN"
UserMasks = "*.DRV","*.PRG","*.BOO","*.SCR","*.CMD","*.386","*.FON","*.DO?"
UserMasks = "*.XL?","*.WIZ","*.RTF","*.CL*","*.HT*","*.VB*","*.JS*","*.INF"
UserMasks = "*.PP?","*.OBJ","*.LIB","*.PIF","*.HLP","*.MD?","*.INI","*.MBR"
UserMasks = "*.IMG","*.CSC","*.CPL","*.MBP","*.SH","*.SHB","*.SHS","*.SHT*"
UserMasks = "*.CHM","*.REG","*.XML","*.PRC","*.ASP","*.LSP","*.MSO","*.OBD"
UserMasks = "*.THE*","*.NWS","*.SWF","*.MPP","*.OCX","*.VS*","*.DVB","*.CPY"
UserMasks = "*.BMP","*.AR?","*.ZIP","*.R??","*.GZ","*.Z","*.TGZ","*.TAR"
UserMasks = "*.TAZ","*.CAB","*.LHA","*.LZH","*.BZ2","*.MSG","*.EML","*.TBB"
ScanFiles = ByFormat
HeuristicAnalysis = Yes
CheckPackedFiles = No
CheckArchives = No
CheckEMailFiles = No
InfectedFiles = Report
SuspiciousFiles = Report
IncurableFiles = Report
ActionAdware = Report
ActionDialers = Report
ActionJokes = Ignore
ActionRiskware = Ignore
ActionHacktools = Ignore
ActionInfectedArchive = Report
ActionInfectedMail = Report
ActionInfectedContainer = Report
ActionIfRenameFailed = Delete
ActionIfMoveFailed = Rename
ActionIfDeleteFailed = Lock
ActionIfReportFailed = Lock
RenameFilesTo = #??
MoveFilesTo = "infected.!!!"
ExcludePaths =
ExcludeFiles =
VirusBase = "*.vdb"
LogToFile = Yes
OverwriteLog = No
LogScanned = No
LogPacked = Yes
LogArchived = Yes
LogFormat = ANSI
TestMemory = Yes
TestStartup = Yes
PromptOnAction = Yes
PlaySounds = Yes
UseDiskForSwap = Yes
LimitLog = Yes
MaxLogSize = 512
RestoreAccessDate = No
UpdateFlags = "drwtoday.vdb"
UpdatePeriod = 1m
GuardMode = Smart
ScanBootOnShutDown = Yes
LogStatistics = Yes
Acknowledge = Yes
AllowWildcards = No
AllowRelativeFileNames = No
EnableDeleteArchiveAction = Yes
DisableHotReconfigure = No



tD <-QUOTE}


Yep. I just now double checked, and mine looks just like your example. I'm beginning to think that Dr.Web is not meant for me.

If Mongol can handle it you should do just fine...;D

People like CSJ and me, are referred to as, "Cheerleaders."::) ;)

{QUOTE-> People like CSJ and me, are referred to as, "Cheerleaders."::) ;) <-QUOTE}
Or fanboys :D

As for me, I no longer find Dr.Web to be as good as it used to be in detection rates. Its still good for general users, but for me, who deals with malware samples multiple times per week, Dr.Web does not cut it. I hope they improve for the better. I wouldn't be so unhappy with Dr.Web if their Virus Monitoring Service was more responsive than it is now, but as it stands, my samples hardly get added by them. And don't give me that "executable malware" crap, my samples are not crap.

i have all the faith in dr.web improving, well... i know they are gonna improve, big time :D and am happy with its performance as it stands right now anyway.

Well aside from the little problems I had yesterday, and some little things I'm not crazy about, so far I'm pretty happy with it. I turned my PC on about a half hour ago, and already Dr.Web has updated twice. I like the fact that it runs very light on my PC. I'm planning on running a full system scan in a few minutes, so I'll see how that goes.

I see that there is a Dr.Web forum. Maybe I'll go over there and bug them if I have any more problems or dumb questions. ;) :P

Just a little update. I went to the eicar test site a few minutes ago. I thought I would give the eicar.zip and eicar.zip2 tests another try with the settings for EnableDeleteArchiveAction set to Yes, that Technodrome suggested. The Delete option is now enabled in the Dr.Web pop up warning. :) Maybe my PC had to rest over night for the new setting to take effect. ;) ;D

I think the spiderguard must be restared for the new settings to kick in