spysweeper and PG3.100

Discussion in 'ProcessGuard' started by ipje, Dec 13, 2004.

Thread Status:
Not open for further replies.
  1. ipje

    ipje Registered Member

    Joined:
    Mar 18, 2002
    Posts:
    50
    Location:
    the netherlands
    I think they are not great friends :rolleyes: what do you recommand to do, allow spysweeper to perform this actions or not?
    Mon 13 - 19:44:50 [MODIFY] c:\program files\webroot\spy sweeper\spysweeper.exe [260] was blocked from modifying c:\windows\system32\smss.exe [712]
    Mon 13 - 19:44:50 [MODIFY] c:\program files\webroot\spy sweeper\spysweeper.exe [260] was blocked from modifying c:\windows\system32\csrss.exe [760]
    Mon 13 - 19:44:50 [MODIFY] c:\program files\webroot\spy sweeper\spysweeper.exe [260] was blocked from modifying c:\windows\system32\winlogon.exe [784]
    Mon 13 - 19:44:50 [MODIFY] c:\program files\webroot\spy sweeper\spysweeper.exe [260] was blocked from modifying c:\windows\system32\services.exe [828]
    Mon 13 - 19:44:50 [MODIFY] c:\program files\webroot\spy sweeper\spysweeper.exe [260] was blocked from modifying c:\windows\system32\lsass.exe [840]
    Mon 13 - 19:44:50 [MODIFY] c:\program files\webroot\spy sweeper\spysweeper.exe [260] was blocked from modifying c:\windows\system32\svchost.exe [992]
    Mon 13 - 19:44:50 [MODIFY] c:\program files\webroot\spy sweeper\spysweeper.exe [260] was blocked from modifying c:\windows\system32\svchost.exe [1072]
    Mon 13 - 19:44:50 [MODIFY] c:\program files\webroot\spy sweeper\spysweeper.exe [260] was blocked from modifying c:\windows\system32\svchost.exe [1172]
    Mon 13 - 19:44:50 [MODIFY] c:\program files\webroot\spy sweeper\spysweeper.exe [260] was blocked from modifying c:\windows\system32\svchost.exe [1228]
    Mon 13 - 19:44:50 [MODIFY] c:\program files\webroot\spy sweeper\spysweeper.exe [260] was blocked from modifying c:\windows\system32\svchost.exe [1356]
    Mon 13 - 19:44:50 [MODIFY] c:\program files\webroot\spy sweeper\spysweeper.exe [260] was blocked from modifying c:\windows\system32\spoolsv.exe [1632]
    Mon 13 - 19:44:50 [MODIFY] c:\program files\webroot\spy sweeper\spysweeper.exe [260] was blocked from modifying c:\windows\explorer.exe [1744]
    Mon 13 - 19:44:50 [MODIFY] c:\program files\webroot\spy sweeper\spysweeper.exe [260] was blocked from modifying c:\program files\eset\nod32kui.exe [1864]
    Mon 13 - 19:44:50 [MODIFY] c:\program files\webroot\spy sweeper\spysweeper.exe [260] was blocked from modifying c:\program files\netlimiter\netlimiter.exe [1888]
    Mon 13 - 19:44:50 [MODIFY] c:\program files\webroot\spy sweeper\spysweeper.exe [260] was blocked from modifying c:\program files\logitech\itouch\itouch.exe [1984]
    Mon 13 - 19:44:50 [MODIFY] c:\program files\webroot\spy sweeper\spysweeper.exe [260] was blocked from modifying c:\program files\cfosspeed\cfosspeed.exe [2012]
    Mon 13 - 19:44:50 [MODIFY] c:\program files\webroot\spy sweeper\spysweeper.exe [260] was blocked from modifying c:\program files\java\jre1.5.0\bin\jusched.exe [2020]
    Mon 13 - 19:44:50 [MODIFY] c:\program files\webroot\spy sweeper\spysweeper.exe [260] was blocked from modifying c:\program files\tds3\tds-3.exe [196]
    Mon 13 - 19:44:50 [MODIFY] c:\program files\webroot\spy sweeper\spysweeper.exe [260] was blocked from modifying c:\program files\processguard\pgaccount.exe [220]
    Mon 13 - 19:44:50 [MODIFY] c:\program files\webroot\spy sweeper\spysweeper.exe [260] was blocked from modifying c:\windows\system32\ctfmon.exe [240]
    Mon 13 - 19:44:50 [MODIFY] c:\program files\webroot\spy sweeper\spysweeper.exe [260] was blocked from modifying c:\program files\msn messenger\msnmsgr.exe [256]
    Mon 13 - 19:44:50 [MODIFY] c:\program files\webroot\spy sweeper\spysweeper.exe [260] was blocked from modifying c:\program files\logitech\desktop messenger\8876480\program\backweb-8876480.exe [280]
    Mon 13 - 19:44:50 [MODIFY] c:\program files\webroot\spy sweeper\spysweeper.exe [260] was blocked from modifying c:\program files\processguard\procguard.exe [312]
    Mon 13 - 19:44:50 [MODIFY] c:\program files\webroot\spy sweeper\spysweeper.exe [260] was blocked from modifying c:\program files\logitech\mouseware\system\em_exec.exe [368]
    Mon 13 - 19:44:50 [MODIFY] c:\program files\webroot\spy sweeper\spysweeper.exe [260] was blocked from modifying c:\windows\msagent\agentsvr.exe [616]
    Mon 13 - 19:44:50 [MODIFY] c:\program files\webroot\spy sweeper\spysweeper.exe [260] was blocked from modifying c:\program files\processguard\dcsuserprot.exe [700]
    Mon 13 - 19:44:50 [MODIFY] c:\program files\webroot\spy sweeper\spysweeper.exe [260] was blocked from modifying c:\program files\eset\nod32krn.exe [1156]
    Mon 13 - 19:44:51 [MODIFY] c:\program files\webroot\spy sweeper\spysweeper.exe [260] was blocked from modifying c:\windows\system32\nvsvc32.exe [1240]
    Mon 13 - 19:44:51 [MODIFY] c:\program files\webroot\spy sweeper\spysweeper.exe [260] was blocked from modifying c:\windows\system32\wdfmgr.exe [176]
    Mon 13 - 19:44:51 [MODIFY] c:\program files\webroot\spy sweeper\spysweeper.exe [260] was blocked from modifying c:\windows\system32\alg.exe [2368]
    Mon 13 - 19:44:51 [MODIFY] c:\program files\webroot\spy sweeper\spysweeper.exe [260] was blocked from modifying c:\program files\mozilla firefox\firefox.exe [3720]
    Mon 13 - 19:44:51 [MODIFY] c:\program files\webroot\spy sweeper\spysweeper.exe [260] was blocked from modifying c:\program files\bittornado\btdownloadgui.exe [308]
    Mon 13 - 19:44:51 [MODIFY] c:\program files\webroot\spy sweeper\spysweeper.exe [260] was blocked from modifying c:\program files\mozilla thunderbird\thunderbird.exe [2752]

    I think is not a good idea, but maybe I'm wrong.......

    Spysweeper also wanted to terminate windows\system32\smss.exe (and that is not a very good idea) think I gonna sent a e-mail to WEBR**T
     
  2. kwesi

    kwesi Registered Member

    Joined:
    May 18, 2004
    Posts:
    82
    Location:
    London
    Hi, ipje. I also have PG and Spysweeper on one of my two PCs (I use Giant & PG on the other, &, frankly, all I want for Xmas is another Giant!! lol).

    I have always blocked Spysweeper from terminating protected programs, just because of the behaviour that you describe. I find it very irritating that Spysweeper always tries to terminate smss.exe, when it boots up, and if I close it down.

    In my humble opinion, I think that you should block Spysweeper from terminating or modifying protected programs, as my thinking is that if my firewall, AV and two ATs can get by without routinely terminating Windows system processes, then Spysweeper ought to be able to. Also, blocking it from gunning down smss.exe hasn't done it any harm, as far as I can see.

    Please post here if you get a reply from Webroot.

    Thanks and Good Luck.
     
  3. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    I too have SS on one PC and the only extra allow I give it is Install drivers & sevices otherwise it sometimes sulks. The other alerts I disallow.
    I can see no reason for SS to want to terminate or modify windows services and believe that it does not actually want to terminate or modify them but is checking to see if it can for whatever reason. It just maybe lazy programming. :eek:
    Giant, on the other hand, behaves in a much more friendly way.

    HTH Pilli :)
     
  4. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    You should allow it, the way PG interprets its actions might be presumptious. It is definitely trying to MODIFY those programs, possibly not TERMINATE. Simply allow it, and watch - they wont terminate. If they did, your system would indicate it needs to hard reboot because of it. This isn't going to happen so I see no reason not to allow terminate :)
     
  5. ipje

    ipje Registered Member

    Joined:
    Mar 18, 2002
    Posts:
    50
    Location:
    the netherlands
    Thanks for the infomation, no reply from webroot, so this gives me times to checkout GIANT :D .
    I have allow spysweepers actions and nothing is going wrong. But now spysweeper is 15 days on a hold......
     
  6. siliconman01

    siliconman01 Registered Member

    Joined:
    Mar 6, 2003
    Posts:
    780
    Location:
    West Virginia (USA)
    Another "problem" between Spy Sweeper and ProcessGuard is that with ProcessGuard protection enabled, Spy Sweeper spikes the CPU utilization to 100% every time it scans memory for spyware (every 20-30 seconds). With PG disabled, these memory scan spikes are only 25-30%. This indicates to me that SS is modifying or trying to modify programs. This occurs even with the latest Build 189 of SS.
     
  7. controler

    controler Guest

    siliconman01 ?

    Do you have a Beta of SS? mine shows version 3.2.0 build (148 )

    I don't have PG yet but do own PE,WG and TDS-3

    Then there is the thing with SS that always shows a possiably hijacked
    browser in it's host file shield info.

    www.dcsresearch.com IP address in host file 64.91.255.87 and is trying to say the correct addess is 12.170.116.68

    That is too wierd :D

    Bruce
     
  8. siliconman01

    siliconman01 Registered Member

    Joined:
    Mar 6, 2003
    Posts:
    780
    Location:
    West Virginia (USA)
  9. controler

    controler Guest

    I will give it a shot and see what happens. I just got it a month ago and use the update button. It then brings me to a web page that tells me I have the latest version LOL

    Also they were running a special fo 29 bucks but see my credit card was charged the full amount :(

    I am not able to access the site you posted. :(
    can not find server.

    Thanks

    Bruce
     
  10. siliconman01

    siliconman01 Registered Member

    Joined:
    Mar 6, 2003
    Posts:
    780
    Location:
    West Virginia (USA)
    Uh oh. But know what you mean. I just forked over $29.95 for Giant Antispyware Wednesday afternoon and now MS is going to give it away! :p
     
  11. controler

    controler Guest

    Yes I see the new version is 3.5. I wonder what gives on my update?

    I registered too. Maybe I was sold an old version? LOL
     
  12. controler

    controler Guest

    I am not sure if both problems were related but I set my router to a lower setting and was able to get the update.
    I am guessing for some reason the update feature was thinking I had the newest version with router set too high.

    Glad I read this post or I would have been using the old version for the whole year LOL

    Thanks again

    Bruce
     
  13. Don Pelotas

    Don Pelotas Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2,257
    Siliconman01

    Is it worth downloading the latest Build 189 (running 186 here), or are the improvements too minor? :)
     
  14. siliconman01

    siliconman01 Registered Member

    Joined:
    Mar 6, 2003
    Posts:
    780
    Location:
    West Virginia (USA)
    It appears that there are some improvements in the memory scanner itself. I've seen a post or two on other forums that indicate this as well. Unfortunately Webroot doesn't post what changes have been made from Build to Build...at least, not that I have found anyhow. There are no new features added that I have observed.
     
  15. Don Pelotas

    Don Pelotas Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2,257
    Thank you, Siliconman. I agree, they should have a page on their site where you can get info on the changes from build to build.
    As it is now you have to lucky enough to read about it in places like this, which is a pity because it's actually IMO a good product. :)
     
  16. ipje

    ipje Registered Member

    Joined:
    Mar 18, 2002
    Posts:
    50
    Location:
    the netherlands
    Here is the reply from webroot for my problem :
    n order to correct this problem, please start your computer in safe mode. Before you do this, please make sure that you are running the most current Spy Sweeper program available. In order to update your program to the most current program available, Version 3.5 (Build 186) Definitions 433, click the 'Update Program' and 'Update Definitions' buttons in the Program Options tab of the 'Options' menu at left of the program.

    In order to start your computer in safe mode push F8 continuously when starting your computer from the off position. A menu will appear on how you want to start your computer. Select Safe Mode. Once Windows has started, run a sweep. After the sweep has been completed, restart your computer in the normal mode and run another sweep.

    If after you do this the problem persists, please respond to this ticket so that we can take the next step in solving this issue.
    -----------------
    Must make time to perform this action :p
     
  17. kwesi

    kwesi Registered Member

    Joined:
    May 18, 2004
    Posts:
    82
    Location:
    London
    Hello again, ipje.

    I've discovered that disabling the 'Spy Installation Shield' means that Spysweeper doesn't always try to terminate smss.exe, upon launching and closedown. Maybe you can try that 'solution', if you're still looking for answers on the original problem. I'll keep removing various 'shields' to see if that fixes it more comprehensively.

    One good thing about this thread is that I've upgraded my version of Spysweeper (although just doing that didn't clear the smss.exe behaviour).

    Like an earlier poster in this thread, I really hope that M$ doesn't mess up Giant, now that I've recently purchased a copy....
     
  18. ipje

    ipje Registered Member

    Joined:
    Mar 18, 2002
    Posts:
    50
    Location:
    the netherlands
    The "solution" of webroot is a lot of air, my solution is, disable all shields and run a sweep every week :p
    PG and TDS together with NOD32, are now only running and that works a lot better without spysweeper.
     
Thread Status:
Not open for further replies.