Dr.Web Question For C.S.J

Discussion in 'other anti-virus software' started by Graystoke, Mar 31, 2007.

Thread Status:
Not open for further replies.
  1. Graystoke

    Graystoke Registered Member

    Joined:
    Aug 15, 2003
    Posts:
    1,502
    Location:
    The San Joaquin Valley, California
    Hello C.S.J. Since you are the resident Dr.Web expert, I have a question for you. I finally decided to give Dr.Web a try. I installed the 30 day trial version today. I checked out the SpIDer Guard at Eicar.com. When I clicked on the eicar.com test, the SpIDer Guard box opens with options. I chose Delete. When I clicked on eicarcom.zip and eicarcom2.zip, the SpIDer Guard box opens, but there is no Delete option. I chose Move. Where does SpIDer Guard move these two files to? Should I have chose the option Ignore?


    EDIT.........Never mind. I figured it out. :) They were moved to the C>Programs>Dr.Web>Infected. I wish I would have found that before I posted. :)
     
  2. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    lol yep, they go to the quarentine folder.

    i aint no expert, just a faithfull user ;)

    you could have just sent me a PM anyway.
     
  3. Graystoke

    Graystoke Registered Member

    Joined:
    Aug 15, 2003
    Posts:
    1,502
    Location:
    The San Joaquin Valley, California

    Thanks C.S.J. You just might get a PM from me in the future. ;) :) Seems to be a very nice AV software so far. It's a little hard to get used to the multiple icons in the task bar though. :)
     
  4. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    you can remove them, you dont even have to have any icon if you dont want.

    to remove the schedular one, right click it and untick the 'show icon in tray'
    to remove the spidermail one, right click it > LOG > untick 'enable tray icon'

    to remove the spiderguard one, right click it, control (vista anyway) > OPTIONS > untick 'show spiderguard icon in system tray'
     
  5. Graystoke

    Graystoke Registered Member

    Joined:
    Aug 15, 2003
    Posts:
    1,502
    Location:
    The San Joaquin Valley, California

    Thanks again. I removed the scheduler one only for now. I like the little spider icons, so I'm going to keep them. I like that I can hover my mouse over them and get instant information on what was scanned.
     
  6. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    ok no problem, its your choice which you wish to keep, was just letting you know that you CAN remove them all if you like, i just keep the main spider one ;)

    good luck with your trialing
     
  7. Don Pelotas

    Don Pelotas Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2,257
    Graystoke............a resident DrWeb expert would be someone like Technodrome. :)
     
  8. Technodrome

    Technodrome Security Expert

    Joined:
    Feb 13, 2002
    Posts:
    2,140
    Location:
    New York
    You can edit drweb.ini (found in ‘C:\Program Files\DrWeb” directory) file to delete archived files.

    Change:
    EnableDeleteArchiveAction = No
    To:
    EnableDeleteArchiveAction = Yes

    ;)


    tD
     
  9. Technodrome

    Technodrome Security Expert

    Joined:
    Feb 13, 2002
    Posts:
    2,140
    Location:
    New York
    Nah, Don. I only play (occasionally) with DrWeb…..:) ;)



    tD
     
  10. Graystoke

    Graystoke Registered Member

    Joined:
    Aug 15, 2003
    Posts:
    1,502
    Location:
    The San Joaquin Valley, California

    Thanks Don. No offense meant towards Technodrome. It's just that I see C.S.J. post here about Dr.Web a lot. I figured he was the guy. :)



    Hello Technodrome. I went to C:\Program Files\DrWeb. I couldn't find the drweb.ini file.
     
  11. Graystoke

    Graystoke Registered Member

    Joined:
    Aug 15, 2003
    Posts:
    1,502
    Location:
    The San Joaquin Valley, California
    Uh oh. I just checked the DrWebUpW log, and it doesn't look good. Not one update was perform successfully since Dr.Web was installed. All I see is a bunch of "Not Installed, Skipped", and "The server name or address could not be resolved". "Disconnected". I tried running the updates manually, that didn't work either.


    EDIT........Looks like I screwed up again. I checked the DrWebScd log. Seems like all updates have been performed at scheduled time.

    Finding it hard to get used to Dr.Web. Time for some sleep.
     
    Last edited: Apr 1, 2007
  12. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,010
    Location:
    Christchurch, UK
    Try and look for drweb32.ini ;)
     

    Attached Files:

  13. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    i think its hidden go to folder options and click on show hidden folders and files and click ok.
    lodore
     
  14. Mongol

    Mongol Registered Member

    Joined:
    Jul 24, 2004
    Posts:
    1,581
    Location:
    Houston, TX
    Just go to this site and you can see if their Virus records records match yours: http://live.drweb.com/queued.html...:cool:
     
  15. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,010
    Location:
    Christchurch, UK
    You should be able to see the drweb32.ini file without selecting "show hidden files and folders".
     
  16. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    Yes, drweb32.ini is not a hidden file. It is located in the installation folder of Dr.Web, and is actually quite easy to find.
     
  17. Graystoke

    Graystoke Registered Member

    Joined:
    Aug 15, 2003
    Posts:
    1,502
    Location:
    The San Joaquin Valley, California
    I don't know what to tell you. I don't see any drweb.ini, or drweb32.ini file. I have "show hidden files" enabled. I don't even see the drweb32.key file. The only one I see is the drweb32w.exe file. I don't drweb.ini or drweb32.ini is not there.o_O
     
  18. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
  19. Mongol

    Mongol Registered Member

    Joined:
    Jul 24, 2004
    Posts:
    1,581
    Location:
    Houston, TX
    Try doing a search for drweb32.ini, that should find it in its location...:)
     
  20. Graystoke

    Graystoke Registered Member

    Joined:
    Aug 15, 2003
    Posts:
    1,502
    Location:
    The San Joaquin Valley, California
    Ok, I finally found it. :p Now after all of that, following Technodrome's instructions of changing EnableDeleteArchiveAction from NO to Yes didn't change anything. The delete option in the pop up warning for eicarcom.zip is still grayed out. But that is no big deal. I can live with it the way it is.
     
  21. Technodrome

    Technodrome Security Expert

    Joined:
    Feb 13, 2002
    Posts:
    2,140
    Location:
    New York
    Did you save it before you hit close ?
    When you open DrWeb32.ini file make sure you edit changes in [SpIDerGuardNT] section. Something like this:

    [SpIDerGuardNT]
    DisableEnhancedProtection = Yes
    LngFileName = ""
    FilesTypes = EXE,COM,DLL,SYS,VXD,OV?,BAT,BIN,DRV,PRG,BOO,SCR,CMD,386,FON,DO?
    FilesTypes = XL?,WIZ,RTF,CL*,HT*,VB*,JS*,INF,PP?,OBJ,LIB,PIF,HLP,MD?,INI,MBR
    FilesTypes = IMG,CSC,CPL,MBP,SH,SHB,SHS,SHT*,CHM,REG,XML,PRC,ASP,LSP,MSO,OBD
    FilesTypes = THE*,NWS,SWF,MPP,OCX,VS*,DVB,CPY,BMP,AR?,ZIP,R??,GZ,Z,TGZ,TAR,TAZ
    FilesTypes = CAB,LHA,LZH,BZ2,MSG,EML,TBB
    UserMasks = "*.EXE","*.COM","*.DLL","*.SYS","*.VXD","*.OV?","*.BAT","*.BIN"
    UserMasks = "*.DRV","*.PRG","*.BOO","*.SCR","*.CMD","*.386","*.FON","*.DO?"
    UserMasks = "*.XL?","*.WIZ","*.RTF","*.CL*","*.HT*","*.VB*","*.JS*","*.INF"
    UserMasks = "*.PP?","*.OBJ","*.LIB","*.PIF","*.HLP","*.MD?","*.INI","*.MBR"
    UserMasks = "*.IMG","*.CSC","*.CPL","*.MBP","*.SH","*.SHB","*.SHS","*.SHT*"
    UserMasks = "*.CHM","*.REG","*.XML","*.PRC","*.ASP","*.LSP","*.MSO","*.OBD"
    UserMasks = "*.THE*","*.NWS","*.SWF","*.MPP","*.OCX","*.VS*","*.DVB","*.CPY"
    UserMasks = "*.BMP","*.AR?","*.ZIP","*.R??","*.GZ","*.Z","*.TGZ","*.TAR"
    UserMasks = "*.TAZ","*.CAB","*.LHA","*.LZH","*.BZ2","*.MSG","*.EML","*.TBB"
    ScanFiles = ByFormat
    HeuristicAnalysis = Yes
    CheckPackedFiles = No
    CheckArchives = No
    CheckEMailFiles = No
    InfectedFiles = Report
    SuspiciousFiles = Report
    IncurableFiles = Report
    ActionAdware = Report
    ActionDialers = Report
    ActionJokes = Ignore
    ActionRiskware = Ignore
    ActionHacktools = Ignore
    ActionInfectedArchive = Report
    ActionInfectedMail = Report
    ActionInfectedContainer = Report
    ActionIfRenameFailed = Delete
    ActionIfMoveFailed = Rename
    ActionIfDeleteFailed = Lock
    ActionIfReportFailed = Lock
    RenameFilesTo = #??
    MoveFilesTo = "infected.!!!"
    ExcludePaths =
    ExcludeFiles =
    VirusBase = "*.vdb"
    LogToFile = Yes
    OverwriteLog = No
    LogScanned = No
    LogPacked = Yes
    LogArchived = Yes
    LogFormat = ANSI
    TestMemory = Yes
    TestStartup = Yes
    PromptOnAction = Yes
    PlaySounds = Yes
    UseDiskForSwap = Yes
    LimitLog = Yes
    MaxLogSize = 512
    RestoreAccessDate = No
    UpdateFlags = "drwtoday.vdb"
    UpdatePeriod = 1m
    GuardMode = Smart
    ScanBootOnShutDown = Yes
    LogStatistics = Yes
    Acknowledge = Yes
    AllowWildcards = No
    AllowRelativeFileNames = No
    EnableDeleteArchiveAction = Yes
    DisableHotReconfigure = No



    tD
     
    Last edited: Apr 1, 2007
  22. Graystoke

    Graystoke Registered Member

    Joined:
    Aug 15, 2003
    Posts:
    1,502
    Location:
    The San Joaquin Valley, California

    Yep. I just now double checked, and mine looks just like your example. I'm beginning to think that Dr.Web is not meant for me.
     
  23. Mongol

    Mongol Registered Member

    Joined:
    Jul 24, 2004
    Posts:
    1,581
    Location:
    Houston, TX
    If Mongol can handle it you should do just fine...:D
     
  24. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    People like CSJ and me, are referred to as, "Cheerleaders.":rolleyes: ;)
     
  25. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    Or fanboys :D

    As for me, I no longer find Dr.Web to be as good as it used to be in detection rates. Its still good for general users, but for me, who deals with malware samples multiple times per week, Dr.Web does not cut it. I hope they improve for the better. I wouldn't be so unhappy with Dr.Web if their Virus Monitoring Service was more responsive than it is now, but as it stands, my samples hardly get added by them. And don't give me that "executable malware" crap, my samples are not crap.
     
Loading...
Thread Status:
Not open for further replies.