Conflict SpywareBlaster and Spybot S&D.

Discussion in 'SpywareBlaster & Other Forum' started by Bill Capp, May 15, 2005.

Thread Status:
Not open for further replies.
  1. Bill Capp

    Bill Capp Registered Member

    Joined:
    May 15, 2005
    Posts:
    1
    CoolWebSearch (1249) – myexexex.com
    CoolWebSearch (427) - greg-search.com
    CoolWebSearch 1242 - cashsearch.biz
    CoolWebSearch (2) - 008i.com

    1.SpywareBlaster (v.3.4) has all items with protection enabled. The above 4 items are shown as having protection enabled in the Block List in Restricted Sites.
    2. Run Spybot S&D.(v1 3 1 which finds problem StartPage-EH, which contains the above 4 items. Run fix selected problem.
    3. Return to SpywareBlaster to find the above 4 items are now shown as having protection disabled. Again enabling protection for the 4 items results in Spybot S&D finding the same StartPage EH problem.

    The StartPage –EH problem is not found in Spybot S&D if the 4 items have protection disabled in Spyware Blaster.

    Can anyone suggest why the conflict between the two programs?
     
  2. Stephanos G.

    Stephanos G. Registered Member

    Joined:
    Mar 29, 2005
    Posts:
    720
    Location:
    Cyprus
    No problem here
     
  3. patermann

    patermann Registered Member

    Joined:
    Apr 4, 2005
    Posts:
    49
    Location:
    UK
    I have both SpywareBlaster and SpyBot but I am not seeing this problem - are your SpyBot detections up-to-date? (Latest version was 2005-05-13, 3 days ago as I am writing this).

    SpyBot v1.3.1 was a testing version and is not supported. I very much doubt that this is the cause of the problem but I thought that I had better mention it. I know that v1.3.1 cured some problems in v1.3 but I believe most of those have been solved by changes to the detection rules. Version 1.4 will be coming out soon and I have heard that the beta/release candidates are reasonably stable - maybe worth a try?

    If you already know how SpywareBlaster works, please feel free to ignore the following paragraph!

    SpywareBlaster puts entries in the registry that are almost the same as the spyware itself would add but SpywareBlaster versions have the "kill" bit set and this prevents the real spyware from installing. New spyware is appearing all of the time and so the various anti-spyware programs often get out of step. Because the registry entries are very like the real spyware ones, other anti-spyware programs sometimes detect them as infections, even though they are not. That is what I believe is happening in this case: the four entries that you mention are incorrect detections (usually called "false positives") and, when you tell SpyBot to fix them, it deletes the registry entries and so they appear as having protection disabled in SpywareBlaster. Usually these false positives are reported to the authors of the anti-spyware programs and an update is issued that removes the incorrect detection.

    HTH

    patermann
     
  4. sayaah

    sayaah Registered Member

    Joined:
    May 11, 2005
    Posts:
    2
    Just installed Spyblaster 3.4 and I hoped it would solve a problem from 3.3 - it has not. I use 2005 Norton Sec & Antiv. Also Spybot, Adaware and Spyware Xterminator (SpyX) - yest, I am paranoid. I bought a Sony desktop last year and am running Win XP. SpyX is the only program ti “see” this problem - It has been pointing out a pest which I continue to delete but it kept re-appearing. Then I noticed that 3.3 and now 3.4 had 1 item unprotected - essentially the same pest. Each time I re-enabled the protection it appears via SpyX then when deleted it reappears as an unprotected item on 3.3 and now 3.4.
    Spy X calls it WEBSEARCH TOOLBAR HIJACKER released 5/5/05 locate: HKEY_LOCAL_MCAHINE\software\micorsoft\internetexplorer\activex xcompatability\{8952a998-1e7e-4716-b23dbe-3910972}.
    3.4 labels it : HUNTBAR VARIANT {{8952A998-1E7E-4716-B23DBE-3910972}
    What is this program? How/why does this program disable 3.4's protection when it is deleted by another program ? How does it reappear? More important - how can I get rid of it? Or should I set SpyX to ignore it when it scans if I can? PLEASE HELP

    Do you think this may be a "false positive" too? How do you get the authro top make the correction? I called SpyX people and they had no clue.....Help Thanks
     
  5. patermann

    patermann Registered Member

    Joined:
    Apr 4, 2005
    Posts:
    49
    Location:
    UK
    This is not a problem with SpywareBlaster so the update would make no difference. This does sound like a false positive and it is the fault of SpyX. I have to say that I do not think I would trust an anti-spyware program whose author does not know what a false positive is or how to correct it!

    You should certainly not let SpyX fix it as, by doing so, it is actually opening the door to the real pest. If the authors are unwilling or unable to fix the false positive then, yes, you should tell SpyX to ignore it altogether. You are actually safer doing that than letting SpyX delete the protection that SpywareBlaster has put in place.

    HTH

    patermann

    By the way, I have just found that LowWaterMark replied to your similar post in the thread: SpywareBlaster 3.4 Released! - see post #23.
     
  6. Hard Rocker

    Hard Rocker Registered Member

    Joined:
    Jan 27, 2005
    Posts:
    258
    Location:
    Quebec, CANADA
    Hi, :)

    Just wanted to say that when using any ..... 3rd party antispyware programs to be VERY careful with what you delete.

    They can definitely ...... do more harm than good !!
    My personal choices are SpySweeper & CounterSpy. :D

    HR :cool:
     
  7. cheater87

    cheater87 Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    3,122
    Location:
    Pennsylvania.
    no problems here with me
     
  8. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    As patermann so correctly said....it's a SpyX False positive.

    For future reference....LWM's post #23 remark:
     
Loading...
Thread Status:
Not open for further replies.