Spybot question

Discussion in 'other anti-malware software' started by bigben, May 14, 2004.

Thread Status:
Not open for further replies.
  1. bigben

    bigben Guest

    Hi. Can someone tell me (in spybot1.3) what the message "1161 processes blacklisted" means when i hover my mouse pointer over the spybot icon in the systray? Thank you.
     
  2. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    What's it doing in your systray? I thought it was an on demand scanner. That is how I have always used it. I wouldn't want it in my systray. It has never in all the time I have used found anything so it would just waste resources in my systray. When I used Ad-Aware it never found anything either.
     
  3. bigben

    bigben Guest

    I have spybot's teatimer turned on (only available in the new 1.3). So it puts an icon in the systray when activated.
     
  4. Pretender

    Pretender Registered Member

    Joined:
    Apr 23, 2002
    Posts:
    670
    Location:
    Virtual Paradise
    There seems to be a lot of confusion over Teatimer and SD Helper. I chose not to install Teatimer, but did install SD Helper. Spybot SD is an on demand program, but with SD Helper running then a user is able to block or get notified that a page contains the spyware that has been updated in Spybot SD. If user has 1161 processes blacklisted then SD Helper runs resident to block or notify user that a page that they are visiting has one or more of the 1161 processes contained in it. Kind of like Spybot SD running resident, but only recognizing what has been placed in Spybot SD on demand. Teatimer is another bear and from what I've read....I sort of gather that it looks for suspicious pages that may contain a nasty, but has not been added to the blacklisted processes. I wouldn't swear to any of this and am very open to any corrections or other ideas from anyone.
     
  5. bigben

    bigben Guest

    Thanks for the info Pretender. I guess we'll have to wait for the updated help file to be released for further info.
     
  6. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    Ahh..thanks Pretender. I understand better now. I uninstalled Spybot and doubt that I will use it in the future. I hate bloated applications. I loved Spbot 1.1 and 1.2. I don't like all the stuff added to 1.3.
     
  7. Robyn

    Robyn Registered Member

    Joined:
    Feb 1, 2004
    Posts:
    1,189
    I didn't install the TeaTimer as I had read so mnay reports about it and the conflict aspects with other software now I am not sure if I should have or not o_O to install I would have to uninstall completely and then re-install as there is no option to install on demand!

    I only used SB as a scanner previously so maybe I should keep this to a scanner as I already have SpywareGuard/Blaster and IE Spyad - would having the TeaTimer be adding bloat I don't need and maybe even conflicts? I have being trying to find out more about it but do not seem to be able to locate a definitve answer on the use and if it would be much better to go through the install again just to get this little bit I chose not to install o_O

    I have the SD helper resident but it has not alerted me to anything as yet.
     
  8. jwcca

    jwcca Registered Member

    Joined:
    Dec 6, 2003
    Posts:
    716
    Location:
    Toronto
    To put some perspective on this, I looked at TaskManager and found the following:
    System idle: 4:29:23
    tds-3 2:29
    System 1:19
    IE Explorer 1:14
    Port Explorer 0:49
    MBM5 0:29
    Teatimer 0:16 (that's seconds only) and Peak Mem usage is 12MB, normal 5.2MB
    explorer 0:12
    So I don't consider Teatimer to be a resource hog.

    Everything that I have plays nicely together, TDS-3 with Execution Protection running, ProcGuard, WormGuard, PCcillan, SpyBot, Spyware Blaster, Spyware Guard, Zone Alarm, AdAware and AdWatch...... I run W2K SP4, have an AMD XP2700 and 512MB memory, so I do have lots of resources, but most of the time my CPU usage is 0 to 1%. So consider upgrading memory or cpu, there are lots of bargains available.
    Jim
     
  9. Punisher

    Punisher Registered Member

    Joined:
    May 12, 2004
    Posts:
    3
  10. Robyn

    Robyn Registered Member

    Joined:
    Feb 1, 2004
    Posts:
    1,189
    Thanks to both of you for the information but I have a further question will I have to uninstall and re-install to get the TeaTimer now as I did not select it when I installed the other night? I do see the advantage and I have no worries about my resources as I have a 2.8Ghz hyper threaded P4 1GB RAM computer but just wondered about other posts I saw about CPU usage :oops: I think I could install this and bearly notice it is there if only I knew how to now o_O

    If I have to unistall then I will but just by some tiny chance is there a way to install within the one I am running?
     
  11. Punisher

    Punisher Registered Member

    Joined:
    May 12, 2004
    Posts:
    3
    No there's no need to re-install it to activate TeaTimer.

    Just switch to advanced-mode, and go to Tools > Resident and install the TeaTimer from there :)
     
  12. Robyn

    Robyn Registered Member

    Joined:
    Feb 1, 2004
    Posts:
    1,189
    I didn't realise that was it as I did this earlier but thought it was the SD helper :oops: is it the little page with the lock icon in the taskbar? one other thing I haven't had any alerts with it is this normal? Thanks for you help so far :)

    Just checked my task manager and see Teatimer.exe :oops: :cool:
     
  13. Punisher

    Punisher Registered Member

    Joined:
    May 12, 2004
    Posts:
    3
    Yep, that's the icon.
    You can test it if it's working by changing your home page in your browser, if it is working then it should notify you of the change and ask if you want to allow the change.
     
  14. subratam

    subratam Registered Member

    Joined:
    Nov 14, 2003
    Posts:
    1,310
    Location:
    Issaquah, WA
    Thought I may say something that may help. Spybot 1.3 is good and is ofcourse in many ways better than the previous editions. I have been seeing too many reports now that it is causing troubles here and there, but it is well made and launched after lots of beta Release Candidates. There were 5 in total if I am not wrong, RC5 being last. Tea Timer is a resident monitor that is a new feature added but it was being already put for testings in beta editions. Tea Timer helps you in many ways and its like checking in real time what is happening in your machine. For example, there is an attempt to change in Registry or BHO in your machine, Tea Timer will alert you and give the option for you if you want to allow the change or discard. It also is IE resident giving you options to block or prompt when you are visiting a suspicious site.
    There has been misconceptions regarding this new release and those are making people believe 1.3 is not good and 1.2 or previous versions were better. 1.3 is better and ofcourse is more powerful. We have been discussing this at N-I and also have got views from other Team Spybot members, me being one. Just I repeat, whether you install clean or upgrade, please Reboot after installation or you may get some errors.

    Regards
     
  15. Robyn

    Robyn Registered Member

    Joined:
    Feb 1, 2004
    Posts:
    1,189
    Well I had fun there :rolleyes: tried to change my home page and out came SpywareGuard followed by TeaTimer :) at least I know I will be warned twice now! Many thanks for solving my missing TeaTimer. I have to agree it was due to the beta report I was afraid to install it when I installed 1.3.

    I followed the advice for a completely fresh install and reboot - worked perfectly on my laptop and my friend's laptop but when it came to my desktop I ran into the framedyn.dll error :'( I eventually found the reason for this and modified the Path as advised by Microsoft and the next install went pefectly. I was alarmed to find the first scan reported web search things until I realised they were my bookmarks and nothing nasty at all (panic as this would have been totally out of order for me to find!) Hopefully I will be able to use many of the hidden tools in Spybot for security.

    Thanks again I am glad I asked before uninstalling all over again :rolleyes:
     
  16. Pretender

    Pretender Registered Member

    Joined:
    Apr 23, 2002
    Posts:
    670
    Location:
    Virtual Paradise

    Hey friend, How are you? For clarification if you could please..........if user chooses SD Helper and not Tea Timer then what takes place? What does SD Helper do? Thanks for the above information!

    bob
     
  17. Riverwind

    Riverwind Guest

    Could someone be kind enough to list the registry keys that teatimer monitors?

    I'm using SSM which also monitors registry keys (you know the typical ones -run keys) and I would like to avoid a double popup with teatimer.

    The nice thing about SSM (rather it's plugin) is that you can choose which registry keys to monitor unlike alternatives such as registryprot, Mikelin's startup monitor etc. But I don't know which to stop monitoring since it's unclear which keys teatimer checks! I could experiment, but much better if someone knew the answer.
     
  18. hojtsy

    hojtsy Registered Member

    Joined:
    Dec 28, 2003
    Posts:
    351
    I am also interested in the list of monitored registry keys. If anybody have this please post.
    -hojtsy-
     
  19. subratam

    subratam Registered Member

    Joined:
    Nov 14, 2003
    Posts:
    1,310
    Location:
    Issaquah, WA
    Hey Pretender :)

    SD Helper is a BHO or Browser Helper Object, it's for the various protections in the Immunization part of SpybotSnD. And as I said Tea Timer does a bit more but they can be both kept as they in a way complement each other. Some questions may arise as whether these two features can conflict with any other anti-spyware products like Ad-Aware - SpywareBlaster - SpywareGuard - Spy Sweeper - Norton AV - Tauscan etc.

    - buster2004 is in Team Spybot , -> http://forums.net-integration.net/index.php?showtopic=15329

    Regards
     
  20. badboy

    badboy Guest

    I can't understand what all the fuss is about. Spybot 1.3 is the absolute best version EVER! I love the new teatimer! Just another fantastic feature in an already Fabulous product!!!!!!! Spybot just keeps getting better and better and better!!! I just hope none of the features are ever removed (like teatimer)- unless to make them better. I am glad to say that Spybot gets the award of the year from me for BEST anti-spyware product ever, anywhere on the net!!!!!!!
     
  21. Sean

    Sean Guest

    After spending some time searching, I finally found out what TeaTimer does. I am quite surprised there is no mention about it in the Spybot help file (I'm using Spybot 1.3 from Download.com)

    Two new issues I have encountered with Spybot 1.3 is the time it takes for it to backup up the registry and for it to create a restore point on XP:

    1. For the registry backup, I would recommend showing a percentage or top-level key such as HKEY_LOCAL_MACHINE\SOFTWARE\Ahead... for example. I know a lot of people who end-task software if they do not see any visual changes within 10 seconds!

    2. A similar story can be said for the creation of a Restore Point just after the user clicks 'Fix selected problems'. While this box was shown for a few minutes, the CPU usage remained at 0-3% and I did not see any disk activity. I was just about to end-task Spybot when the next box finally appeared.

    Other than these few issues, I recogn Spybot to be one of the best anti-spy software available. I took Spybot 1.2 to an Internet café at one time during a clean-up job and it is unbelievable how many diallers, malware, hijacker's and other ad/spyware it has found and removed from each PC.
     
  22. Riverwind

    Riverwind Guest

    Are you sure friend? From what I gather it's the other way around, the 1161 processes are blocked only with Teatimer. When one of those processes attempt to start on your computer, Teatimer will block them.

    SD helper is a more limited blocker of some baddies (usually fairly harmless third party tracking cookies) when downloading them via IE . From what I gather SD helper is more site specific blocking, while Tea timer is process specific.
     
  23. Riverwind

    Riverwind Guest

    Don't hold your breathe, I've seen this request posted a dozen times in various security forums from NI, Wilders, SPywareinfo, Tomcoyote etc etc. so far with no answer.

    It's strange really. I wonder why not even one of the "Team Spybot" people will answer, could it be that they don't know?
     
  24. hojtsy

    hojtsy Registered Member

    Joined:
    Dec 28, 2003
    Posts:
    351
    I agree it is strange. Could it be that they think that posting the list would make the open gaps obvious? Also it seems that the list (regwatch.sbs?, procwatch.sbs?) could be updated through the normal update feature, so the posted list should be updated each time. So the best would be to not only post in the forums or help file but display on the gui itself from the current database.

    As far as I know mostly Patric is the "Team Spybot". I read about a rumor going around that he is creating a webpage about teatimer. I can only hope he also includes more specific info for SDHelper appart from "blocks bad downloads and freshens your breath" and "somehow blocks certain unspecified BHOs doing something" which is all I can gather from multiple forums.

    And then how does blocking of those famous 1161 processes happen? They can not load OR are terminated? If terminated how and after what time period? Are they filtered based on filename OR file signatures OR in-memory sigantures OR actions OR loading method? I guess at least the beta testers should also know these things. If Patrick don't have time to share these infos with us maybe they can tell. Ok, ok this was just a last attempt.

    best regards,
    -hojtsy-
     
    Last edited: May 19, 2004
  25. Riverwind

    Riverwind Guest

    I don't think that's a good excuse. More knowledge is better, there is no security via obscurity after all.

    Agreed, but perhaps they might have thought such info "too advanced".
    and left it out of the help file to avoid confusing people.


    Well if so, the many people running around with the Team spybot avatar should stop doing so, it's rather misleading.


    Interesting to know yes, but again, I suspect pointless for most people even those who use the product.


    True, except some of the betatesters might not have borthered to ask such questions or dont care, though that sounds very unlikely.



    best regards,
    -hojtsy-[/QUOTE]
     
Thread Status:
Not open for further replies.