Edit: This isn't meant to slam SpyBot in any way, of course. It's a great program and I'm thankful for the time the creator(s) put into it for us to use!

Hi,

I downloaded and installed SpyBot 1.4 on the two computers at work, an XP machine and a Windows 2000 machine. Both machines also have Microsoft Anti-Virus on them. Now, on both machines, when I clicked "Immunize" for the first time, all of a sudden it flagged the MS Anti-Virus and it asked me if I wanted to allow the website www.139mm.com (don't click on the link, for all I know, the site itself has spyware on it) to be added to my "safe list". I blocked it and then looked at it in the listing in the MS Anti-Virus and it showed it as a registry value that wanted to be added, I believe. What's up with that? The website looks like a foreign site with a bunch of links on it -- why would SpyBot want to add a registry value for it and allow it as "safe" as part of Immunizing?

(I googled the site and only one entry came up in a foreign language -- I went to the chached version and it just looked like a junk site, but I'm also worried that by going to that, I allowed other crap to download or something...)

I am also concerned about my home machine, as it's a Windows 98SE machine (so I don't have MS Anti-Virus on it), so for all I know, that registry value for that site has been added without my knowing.

Any thoughts or help would be greatly appreciated! This has got me concerned. Thanks!

-- bloomcounty

This post has been edited by bloomcounty: Jun 6 2005, 06:54 PM

Have installed a few versions of Spybot and I do not recall it setting MS AntiSpyware off, could be worth removing Spybot then downloading it from somewhere else, see what happens when you install it.

http://www.filehippo.com/download_spybot_search_destroy.html

I'll try that on my work computers -- but I'm not sure what to do about my one at home that doesn't have MS Anti-Virus. I think I downloaded it from cnet or something like that here at home... I guess I can uninstall and reinstall it from the link you provided.

Has anyone else seen this or have any thoughts as to why it did this?

Thanks!

-- bloomcounty

Right after you re-install, run ad-aware se which will pick up registry changes

Edited duplicate

This post has been edited by Keith: Jun 6 2005, 07:35 PM

I'm doing that now -- thanks.

I'm also wondering if I need to have on that SDHelper thing in SpyBot since I don't use IE at all (except when an email has imbedded images in Outlook Express, I guess it automatically loads those in IE since they end up in IE's temp internet files file). If I recall correclty, Microsoft Anti-Virus, every once in awhile on the computers at work, would show that an SDHelper thing was being installed or something like that and did you want to allow it (which I think we always did, as it said it was safe). Why would it keep installing something for that on its own?

Also, here's a start-up log, in case that helps... does it look okay?

StartupList report, 06/06/05, 6:20:42 PM
StartupList version: 1.52
Started from : C:\MY DOCUMENTS\STARTUPLIST\STARTUPLIST.EXE
Detected: Windows 98 SE (Win9x 4.10.2222A)
Detected: Internet Explorer v5.51 SP2 (5.51.4807.2300)
* Using default options
==================================================

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\MY DOCUMENTS\STARTUPLIST\STARTUPLIST.EXE

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

ScanRegistry = C:\WINDOWS\scanregw.exe /autorun
TaskMonitor = C:\WINDOWS\taskmon.exe
SystemTray = SysTray.Exe
LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=Explorer.exe
SCRNSAVE.EXE=
drivers=mmsystem.dll power.drv

--------------------------------------------------

C:\WINDOWS\WININIT.BAK listing:
(Created 4/6/2005, 14:0:14)

[rename]
NUL=C:\WINDOWS\TEMP\GLB1A2B.EXE

--------------------------------------------------

C:\AUTOEXEC.BAT listing:

SET BLASTER=A220 I7 D1 H5 P330 T6
SET CTSYN=C:\WINDOWS
C:\PROGRA~1\CREATIVE\SBLIVE\DOSDRV\SBEINIT.COM

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL - {53707962-6F74-2D53-2644-206D7942484F}

--------------------------------------------------

Enumerating Download Program Files:

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
CODEBASE = http://download.macromedia.com/pub/shockwa...ash/swflash.cab

[Update Class]
InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL
CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/...7882.9541087963

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL

--------------------------------------------------
End of report, 3,240 bytes
Report generated in 0.151 seconds

Thanks for your help! It's most appreciated! I'll post back after I reinstall at work tomorrow (and/or if I come across a problem with reinstalling on my home Windows 98SE machine).

-- bloomcounty

Not had a problem with the IE one, MS does ask to OK it, but that's it, I do not recall ad-aware having anything to say about it

The one to avoid is T Timer as it gets you clicking things lots

As for the log, I'm not up on them so will not comment, sorry

This post has been edited by Keith: Jun 6 2005, 07:59 PM

But what's the advantage of using the SDHelper if you're not using IE? Is it possible it'll allow some sites somehow that I don't want (i.e. like the 139mm.com I was asking about above)?

I saw on another forum that someone else had the same 139mm.com problem with the new SpyBot that I came across, so it's not an isolated incident. Anyone else have that problem or know what it was trying to allow that website (and add a registry thing for it)?

Thanks again!

-- bloomcounty

IE has to be used for Windows Update so I suppose SD has an use when you are downloading big updates, also some financial institutions will only allow logging on with IE

When you have a moment, well lots of them, you could open Spybot then press mode, set it to advanced to look through the file types etc to see what it is allowing

I already went through all the allowed products, and unchecked the ones that came checked that everyone else has noticed, CDilla, New.net, and SideStep. The stuff listed under Ignore Systern Internals are:

%JavaDir%\QTJava.zip Missing shared DLL
install.exe Wrong app path
MsoHtmEd.exe Wrong app path
winnt32.exe Wrong app path

...should these be there?

-- bloomcounty

I would e-mail Patrick M Kolla

http://www.safer-networking.org/en/contact/index.html

probably a bug report

I did a couple days ago, but no response yet. I'll try again...

I still have the old installer .exe for Spybot 1.3 -- should I just use that instead...?

-- bloomcounty

This post has been edited by bloomcounty: Jun 7 2005, 10:32 AM

Probably best until you get a response from them

I installed 1.4 to a machine and it kept displaying a box to say Spybot had changed, it does not change itself, scan now, which you clicked before it would load, so I have taken it off

This post has been edited by Keith: Jun 7 2005, 10:35 AM

UPDATE: Ad-Aware did not catch any registry change by SpyBot, but SOMETHING was changed! Please help!

I have Windows 98SE, IE 5.5 (Service Pack 2) -- but I do not actively use IE at all. I use Firefox instead. This is my home computer.

Since my work XP machine has MS antispyware, it caught that SpyBot was trying to add www.139mm.com to my list of "trusted sites". But my machine at home doesn't have the MS anitspyware, so I was concerned about it.

Therefore, I tried adding www.139mm.com to my Restricted Sites list in IE just to be safe... AND IT WON'T LET ME! It says "The site you specified currently exists in another zone. Please remove it from that zone first."

However, when I go the list of "Trusted Sites" in IE, there are NONE listed!

So SpyBot has somehow made my computer consider the site www.139mm.com "safe" and I have no way of undoing that (I guess on some hidden registry entry or something? -- I don't know how those things work).

I have uninstalled SpyBot, but it's still the same scenario - no change. Please help! Where on my computer is this website listed as safe? And how can I remove it?

Any help would be greatly apprecaited! Thanks so much!

-- bloomcounty

I have Spybot 1.4 on a 98SE and it did not show this during installation

Have you looked at IE6 for 98SE

Spywareblaster is worth a look

http://www.filehippo.com/download_spywareblaster.html