Restricted Sites Randomly Not Enabled in SB and Spybot

Discussion in 'SpywareBlaster & Other Forum' started by BillR, Mar 23, 2005.

Thread Status:
Not open for further replies.
  1. BillR

    BillR Guest

    SpywareBlaster 2.2 / 2.3
    Restricted sites are not / do not stay enabled. If run consecutive times, the number of not enabled entries varies from ~3 to ~30 (e.g., 8, 10, 9, 15,13, 8, 8, 14, 27, 28, 26, 7, 9, 7, 26, 14, 7). This cycle applies whether I use the Enable All button or go to the individual restricted sites list and check the items that are not checked.

    The list of not enabled entries varies somewhat but includes
    Addictive Technologies (always?)
    Blazefind (often)
    CoolWebSearch(2) (almost always?) and (always?) some other CoolWebSearch but which one(s) varies


    Spybot S&D behaves similarly. If run consecutively all entries are reported enabled but when immediately checked again, some entries are reported as not enabled.

    ENHANCEMENT - Allow SB window to be resized so that one can see more than 5 items at a time.
     
  2. BillR

    BillR Guest

    Ooops. SpywareBlaster 3.2 / 3.3
     
  3. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Speaking of SB only....which items or how many items do not stay enabled ?
     
  4. BillR

    BillR Guest

    Bubba,

    On the 3rd run today, only 2 items are reported as not enabled -- Addictive Technologies and Blazefind. I did not see any other unchecked items in the detail list while quickly scanning through it, however I have frequently missed an item or two in the past.

    In SpywareBlaster, from ~3 to ~30 items are not enabled. The last ~18 times I ran SB 3.3, from 7 to 28 items were not enabled (per OP).

    I did not look at which items were not enabled every time. Addictive Technologies was always not enabled when I looked, both the day of the OP and a few days earlier (IIRC). CoolWebSearch(2) was always not enabled when I looked the day of the OP, however I thought it had been enabled some of the time earlier and it is enabled now. I think all other CoolWebSearch items were enabled at least once but I did not keep careful track.

    Compiling a list is not easy since I can only see 5 lines at a time of well over 1000 lines in the standard SB interface and the list does not scroll flawlessly. Is there an easier way to see only those that are not enabled or to sort them by their status? The number of not enabled items I reported is based on the count provided on the main status page of SB. This appeared to closely match the number of unchecked items in the detail listing the several times I counted.

    I have run scans within the last week using multiple antispyware and antivirus programs. I also ran a few others in early March. Ad-zilla and a few cookies were all that they found recently aside from a ClamWin false positive, two keyloggers that are part of other programs that should capture keystrokes, and an adware toolbar not currently installed. Spyware Interrogator for Windows recently identified two false positives but those were fine in the last pass.
     
  5. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    After those scans do you recall if any of them are finding items in the below reg key....and are you letting the program fix those items ? Also....which Antispy cleaning programs are you speaking of....Spysubtract, Pest Patrol, AOL spy cleaner ?

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains
     
  6. BillR

    BillR Guest

    I'm not sure if a past scan identified "HKCU\...\Domains" nor whether I modified it.


    Recent scan results:

    * SpywareBlaster -- After a few passes, 3 items are disabled:
    Addictive Tehnologies,
    CoolWebSearch(1300), and
    SearchBarCash.

    * Ad-aware -- Hung twice while checking temp files. Found 1 cookie. After disk cleanup and reboot hung again. Several reboots, etc., later, hung again.

    Earlier Ad-aware appeared to hang on a temp directory containing an Aladin InternetCleanup .DLL and a clock sync .DLL. Last two time Ad-aware appeared to hang on ZIP files in my download directory. Both .DLL files passed multiple engines at VirusTotal. Everything (almost everything?) in the download directory was checked using either VirusTotal or VirusScan.Jotti. Both ZIP files passed both. I'm poking around to see if I can identify the problem with Ad-aware.

    * CWShredder -- Found nothing.

    * McAfee AntiSpyware -- Found nothing.

    * MS AntiSpyware -- Found nothing.

    * Spybot S&D -- Hosts file can't be read.

    * System Spyware Interrogator -- only unknowns plus Viewpoint Media Player and Free Download Manager.

    * Webroot Spy Sweeper -- Found FreshDevices (8 files).

    * Yahoo Anti-Spy -- Found nothing. (IIRC, this conflicts with PestScan as both are based on PestPatrol.)


    I've also run McAfee VirusScan and AVG within the last week and several other security tools in the last few weeks (including avast!, AntiVir, ewido, ClamWin, a-squared, TrojanScan).
     
  7. Tim Brug

    Tim Brug Guest

    Having a very similar problem with the following continuing to show up unprotected even after I enable protection.

    Blazefind, cool web search 916, cool web search 1295, media tickets, ms cache,
    searchbar cash, xxxtoolbar.

    I run adware filter, spybot s&d, and ad-aware s&e.

    Of the three, adware filter continues to pick up integrated hijackers. All seven coincide with the above restricted sights. Unfortunately after each removal they have been reappearing two or three scans later.
    The other two do not find any spyware.

    Suggestions

    Tim
     
  8. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    Seems u have multiple hijackers so may want to post a HijackThis this log at one of the sites listed at this link,

    https://www.wilderssecurity.com/showthread.php?t=42148

    Make sure u read the rules of the forum u choose and do not fix anything until advised to by an expert.


    snowbound
     
  9. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Hey Tim,
    Hopefully the below will show that adware filter IMHO is simply reporting False postives against valid Spywareblaster registry entries concerning it's Restricted Sites protection.

    I downloaded adware filter since I had not heard of it and wanted to verify it's legitimacy. After the scan....I received the below False positives against valid Spywareblaster Restricted Sites entries.

    Also Tim....if you do not concur and\or seek additional assistance....Please start a thread so we can best assist you with your individual problem.

    Regards,
    Bubba
     

    Attached Files:

  10. Tim Brug

    Tim Brug Guest

    Thanks, I was beginning to think that was the case. My machine appears to be working fiine with no problems. And my results are exactly the same as yours.

    Tim
     
  11. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Your Welcome....and don't hesitate to question some of these lesser known scanners....better safe than sorry ;)
     
  12. BillR

    BillR Guest

    snowbound -- Were you referring to BillR or Tim Brug?
    ____

    After several tries, SpywareBlaster now reports only 1 not enabled item -- Addictive Technologies. Attempting to enable that resulted in 26(?) not enabled items. Several tries later I'm back to 2 items -- Addictive Technologies and Blazefind.

    I've checked three spyware removal sites and followed their directions for finding/removing Addictive Technologies. I did not find any traces.

    Spybot S&D reports a false positive only when STOPzilla HOSTS protection is ON.

    SpywareBlaster behaves oddly whether STOPzilla HOSTS protection is ON or OFF or STOPzilla is completely disabled.

    STOPzilla HOSTS protection may -- or may not -- interfere with Ad-aware.

    1. Ad-aware HOSTS ON, ZIP ON and STOPzilla HOSTS ON -- FAILS (hangs). Tested during prior boot sessions.
    2. Ad-aware HOSTS OFF, ZIP OFF and STOPzilla HOSTS ON -- OK
    3. Ad-aware HOSTS ON, ZIP ON and STOPzilla HOSTS OFF -- OK
    4. Ad-aware HOSTS OFF, ZIP ON and STOPzilla HOSTS ON -- OK
    5. Ad-aware HOSTS ON, ZIP ON and STOPzilla HOSTS ON -- FAILS (hangs)
    6. Ad-aware HOSTS ON, ZIP ON and STOPzilla HOSTS ON -- FAILS (hangs)
    7. Ad-aware HOSTS OFF, ZIP ON and STOPzilla HOSTS ON -- OK

    When #5 processed roughly twice as many items as before, I ran Spybot to verify that I still received a false positive and SpywareBlaster to verify that problem (both while Spybot was still running) and some other things. On the off chance this caused Ad-aware to hang, I closed Ad-aware and ran it again.

    I included #7 just to help exclude any other changes during this session.

    I included the ZIP option because Ad-aware initially appeared to hang on ZIP files.
     
  13. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    I was referring to Tim Brug, but i neglected to notice his download of adware filter with it's false positives.


    snowbound
     
  14. BillR

    BillR Guest

    Has anyone else encountered this problem with SpywareBlaster?
    Does anyone else have any insight?
    I have run more than a dozen antimalware programs (some after a safe boot) to no avail.
     
  15. BillR

    BillR Guest

    Bubba asked:
    STOPzilla appears to be cleaning a few dozen registry keys. Are these keys added by SpywareBlaster and/or Spybot Innoculate?

    Block/Extraction Registry enforcer 2005-04-15 08:28:50 Deleted registry key:

    HKUS\S-1-5-21-3363945555-289399695-4188592433-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1

    HKUS\S-1-5-21-3363945555-289399695-4188592433-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range10

    ...

    HKUS\S-1-5-21-3363945555-289399695-4188592433-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\008i.com

    HKUS\S-1-5-21-3363945555-289399695-4188592433-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\171203.com

    ...
     
  16. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    In reference to Spywareblaster and Spybot's latest database:
    Ranges
    • Spybot adds 18 Range keys(IP's) and Range 10(66.250.107.101) is one of them
    • Spywareblaster adds none

    008i.com
    Spybot =YES
    Spywareblaster-CoolWebSearch (2) =YES

    171203.com
    Spybot=YES
    Spywareblaster=NO

    The likely cause of what you are attempting to figure out is what I attempted to allude to in post # 3 a few weeks back when you started this thread....in that a number of cleaning programs have False positives concerning valid Restricted Site entries that programs such as Spywareblaster, Spybot, IE-Spyad....etc....place in the Restricted Sites zone of IE.

    Regards,
    Bubba
     
  17. BillR

    BillR Guest

    Bubba said,
    Without Post #5, I may not have recognized the problem when I finally examined STOPzilla logs (with the correct option set). Thanks for the very specific response regarding the 4 example keys.


    Conclusion
    * STOPzilla is clearing items from the RESTRICTED site list in IE even though that list exists for the specific purpose of listing problem sites.

    Opinion
    * Poor -- or at least problematic and inadequate -- program design. STOPzilla should distinguish between Restricted Site and other entries and provide clear warnings, instructions, and options for resolving the "problem" entries.
     
  18. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Your more than Welcome Bill....and I meant post # 5 when I said...."what I attempted to allude to in post # 3". Sorry for that slip up :doubt:

    Totally agree....and in no programs defense....ALL the anti-cleaning\scanning programs periodically give False Positives concerning the Domains key....Restricted Sites in particular.

    Glad you got it figured out to your satisfaction.
     
  19. nonbay4ever

    nonbay4ever Registered Member

    Joined:
    Apr 12, 2005
    Posts:
    8
    Hi :) ..

    I am also having problems with spywareblaster .. IE is NOT enabled and do NOT know when it began .. it blocks about 209 . .but there are 201 (if count correct) YUCKY sites .. I have removed them in registry . the reappear .. JavaCool suggested I uninstall/reinstall . but that did NOT work .. I have AdAware . all is fine there . spybotS&D does NOT catch all until I immunize 2nd time .. keeps finding MySoft (understand that is false pos.) .. but really am soooo frustrated .. they are telling me to REFORMAT . I do NOT want to do that ..
    I have SpySweeper .. finds nothing .. MS Beta1 . nothing .. all seems fine . .except for the RED sites with boxes on SWB that will NOT stay checked! ..

    I would like to get this solved..but ready to totally give up computing ... at this point .. OR go back to OLD computer that is NOT as up to date with AV as this (though do have AVG on it) and a few other things . but dunno what is going on .. told JavaCool that I am NOT the only one as I saw that many were having same type of problems here ..

    Thank you:) ..


    NB
     
  20. nonbay4ever

    nonbay4ever Registered Member

    Joined:
    Apr 12, 2005
    Posts:
    8
    Re:ADWARE

    Bubba ..

    I have heard from soooooo many that Adware is BDA=BAD .. scumware .. spyware .. adAware is the only one to use . .I hate that these companies TRY to use a similar name to get people to try or buy :mad:


    NB
     
  21. elenaluz

    elenaluz Guest

    I am having the same problem. The last 2 times I opened SpywareBlaster, there were a number of items that refused to remain checked. They are all Active X, and all for IE. The first time, there were maybe 25. After the latest update (5/2/05), I now have 65 items disabled for IE. Any idea what's going on?
     
  22. Flatulist

    Flatulist Guest

    I started having the same problem in v3.3 IE showed 209 items protection disabled. It is always 209 items and always the last on the list. I can enable them and they stay enabled until I reboot.

    I run XP, ZoneAlarm, MS antispy, Sypbot Tea-Timer, Ad-Aware in addition to SpywareBlaster.

    The problem continues in v 3.4
     
  23. JeanW

    JeanW Registered Member

    Joined:
    May 19, 2005
    Posts:
    1
    Seems to be same problem here after install 3.4.

    My whole list in IE is empty, nothing.

    3 items doesn't stay checked in the IE list:

    Hitslink
    AdOrigin.com
    AdServer

    Any idea what to do ?

    Checked several sites, run several programs before posting.

    TIA
     
  24. patermann

    patermann Registered Member

    Joined:
    Apr 4, 2005
    Posts:
    49
    Location:
    UK
    Adware Filter is actually on the Rogue list. According to the list, Adware Filter, Adware Safe, AdwareX and SpyAssassin are all essentially the same application and, although Adware Filter now has a new GUI, it still appears to be substantially the same underneath. The comment on the Family Resemblances page says: "the scan logs produced by these apps are almost worthless information-wise".

    Given this, I think that false positives by Adware Filter is probably a fair assessment!
     
Thread Status:
Not open for further replies.