Found interesting anomaly with Spybot

Hi guys/gals.

I've spent last 2 days installing security/scanning software on 2 friends computers after me telling them for months they should get better security.

1 does not even run a firewall, would not let me install one either ["I can't be bothered clicking all those stupid alerts they throw up, had one before" syndrome. Oh dear, wham goes the worms, lol]

OK, to my findings.

1st PC: I installed AdAware and Spybot on his system [this is the one without a Firewall], and updated both.

I was then going thru Spybot, in Advanced Mode before doing a scan, each of the Settings/Tools, etc. etc. showing him all the things/options you can do.

I came to the "Ignore Products" under Settings and was showing him the things it scanned for.

Going thru all the tabs showing him what it looks for and when I came to 'Revision' TAB I was surprised to see 'SideStep' checked, as in "Do not Scan for this item" meaning.

Huh?... anyhow, I unchecked it, scanned and sure enough, it found this entry in his files + some others. Overall it was not too bad.

I tweaked and played for around 3 hours on it, scanning with SB and AAW, installing MailWasher, other programs, etc, some Temp file cleaners.

In end, I had his system running faster than when he got it cleaned "just 2 weeks ago of 12 trojans + viruses, how do they get in" scenario. [Still would not listen re Firewall]. Only runs AVG FREE and when I checked his defs, last update over 2 weeks ago, lol.

I had the thought about that item being checked after a clean install of SB when I went to friend #2.

2nd PC: First thing on agenda, installed Spybot S&D, updated, and checked the Settings/Ignore Products. Sure enough he had 3 items checked off. [including the SideStep in PC #1]

See pic.

UNchecked them, scanned, and yes, found all 3.

These little buggers are somehow checking off SB's lists and then would become "ignored" during a scan?

Obviously I also had SB fix those 3 [took 2 reboots allowing SB to scan during bootup].

First thing I did when I went home, I checked right thru my lists thoroughly making sure nothing checked. None.

Too much of a coincidence with 2 PC's and both having 1 entry the same, other having extra 2 entries checked off and SB finding those said entries.

Just thought I'd post and get users in here to check their system.

You will need to go to Advance Mode [View/Advance Mode] then Settings/Ignore Products side TAB, go thru each of the available tabs as in my screenie [although the first one shows ALL]

Cheers, TAS

 

Just to add, does this mean when we tell people to download, install and run SB, to check first if any products have been checked off? [As in ignore when scanning]

If this was the case [in 4 instances of items being checked and 4 entries found] then a lot of people *just may* be under the illusion of being "clean".

Any suggestions/hints?

Cheers, TAS

 

Not a bug, due to new.net's change of approach they are thinking about removing it from detection altogether:

http://forums.net-integration.net/index.php?showtopic=21287&hl=new\.net

Cheers

 

Thanks for replies guys.

Blackspear, thanks for that forum link... I've been busy on phone since posting, as I was going to do a post at the forum regarding it.

Sounds a bit funny though, that they have now decided to leave those entries alone. I will tell him to recheck them, as that new.net one has reappeared he informs me, lol.

Cheers, TAS

 

Oh... just remembered also... BOTH PC's had crap on them in the form of proggies, Kazza, iMesh, Limewire I think... never used any, only know Kazza is not a good choice, so maybe the detected entries come from them... lol...

And I see in that link that SideStep and new.net are checked by default along with 2 others.

Yet, when I checked my SB, nothing was checked.

Apparently the "jury" is still out on a couple of the items from PMK.

Cheers, TAS

 

Hi Ron, [thanks for reply] not after seeing Blackspears link. Maybe?

But, the funny thing is, [to me anyway] if you go to the link, scroll down a bit and you will find FOUR items checked by default so it says.

Now, on these 2 PC's, 1 only had 1 item checked which was SideStep and which WAS on his system.

The other PC only had 3 Items checked, including eAcceleration which is not mentioned at all in that link, and those same 3 items only were found on his PC..

That is the funny part.

Seems to much of a coincidence to me, unless someone has a better explanation.

Plus, mine had none checked. I've never really scrolled through all of those before in detail. Guess I will now after each update.

Cheers, TAS

 

The same things were also checked on mine, strange. I unchecked them, rescanned, and found nothing. I also did a clean install about a week or two ago

 

LOL.. and why not throw it in....

Yep. Oh well. Be interesting to see what other users have "checked by default"...

If these items are being checked by default, how come those 2 PCs + mine and now Notok's PC have varying "checked by default" items, and not all 4 as stated in that forum link?

TAS

 

I find the 4 listed in that link, are also checked in mine, so nothing unusual going on here.

 

Hey guys. I checked mine and it has all four of the defaults checked marked that Spybot says on the forum board are checked marked by default. Just thought I would throw that in.

 

LOL, well said

 

im probably way-off-the-mark, but i thought i read that the items that are checked depend on where you DLed spybot. i dont know if thats true, i just vaguely remember reading something like that.

 

Hi guys

I just stumbled upon this thread and realized that the same thing happened to me. I downloaded the beta version of Spybot and checked through everything and noticed that a few things were checked by default. Is your suggestion to uncheck everything?

Thanx

 

That could be so, but dunno. Seems strange as I said some are finding various things checked but in my case nothing was checked.

@ mismis29: That's hard to say at the moment. I would go thru, see what's checked, if any, take note of what they are, uncheck and scan, see what happens. [If you are in doubt you can always recheck them and close without fixing those].

Don't fix anything, especially new.net, as that can cause trouble if not removed the right way. It buries into your Winsock TCP/IP protocol and could cause internet connectivity loss.

If you do find a new.net entry, go to your Add/Remove program and see if it's listed in there, probably will be.

Only fix anything that was not checked in the first place. Probably post a finding at NetIntegration forum in Blackspear's link above, ask for advice there.

Cheers, TAS

 

hi Tas
i found new.net and side step checked.should i uncheck them?
rita

 

Howdy All,

Not that I was aware of this (only simple scanned once since dwnld), but it seems this news has been around for a while. Take a quick look at this May 18th post by Donna at Gladiator. These are the same four ticked on my copy.

Thanks Tas , various reports confirm your advise. This topic is all over the place, all the major forums. If any of these become a problem, I'll go with alternatives...

GF

 

@Rita - I would uncheck all entries

@All - just to add to "Apparently the "jury" is still out on a couple of the items from PMK." & the link above:

The four entries unchecked by default - LSP New.net, MySearch, New.net, & SideStep ... are a result of not only because of the changes of tactics my the aforementioned, but also due to a result of legal challenges/issues ... resulting in those mention, being left off by default, while still providing the ability to scan for those enteries at the descretion of the user. That's from memory ... the thread is locked -

AS for New.net issues - one can always try and remove New.net with SB 1.3 and if problems occur ... simply use the recovery function to restore it ... and search for optional plan B

dog -

 

Morning ,dog
i will uncheck them--thanks
rita

 

thanks for info Dog...

I think I now understand why the differences in being checked or not.

I reckon it has to do with the times people downloaded the new version. I dl'd it almost instantly it was released and probably the legal issues you mentioned Dog, were not an issue at that particular point in time. Maybe, just guessing here.

Anyway, Rita, as Dog says, you can uncheck and scan, but if found, still be careful with new.net. Up to you. At least with them unchecked it will scan for them and you will know if something has installed them or not.

Cheers, TAS

 

The items that are already checked in a Default install of Spybot version 1.3 and\or the ßMain update 1.3.1....are found in the Bots.sbe file and can be viewed via notepad. As a user checks items or unchecks items....this file is modified.

While that file may become corrupted(highly unlikely in my opinion)....the differences are likely due to a user checking\unchecking items and the Bots.sbe file being modified accordingly.

 

Hi, I found the same in my PC. When I checked each one via a google search, one of 'em offers removal advise which "may not be copied or linked without written approval". Seems they don't want people to know.
/ H

 

wow sidestep and some new.net were checked but when i scanned they found nothing

 

I sure am glad you started this thread. I just noticed that every other catagory had everything checked! I was running at default.

I thought they were going to fix the Xabot errror

I just ran it again and the same problems are there as if spybot did not even remove them! Anyone know what I need to do?
.