Spybot being bad?
Page 1 of 3 123 LastLast
Results 1 to 10 of 27

Thread: Spybot being bad?

  1. #1
    Senior Member gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177

    Spybot being bad?

    A few days ago I installed Spybot. Some of you may remember my last thread about dating ads popping up all the time, and I found out the culprit was in fact Spybot's little toolbar. Well, it may not belong to them, but it comes with it.

    I hear all the time on here to install both Spybot, and Ad Aware, so I did. I looked through Spybot and decided to add it to my system along with Ad Aware 6.

    I looked through some of the options and, seeing that it had a Toolbar for pop ups and other bad site blocking features, I clicked on install in Spybot's panel. This is where the fun begins:

    I started getting odd pop ups that would seem to be a part of the webpage I was currently at, and thought it was a bit strange. After undoing the changes Spybot made to my setting, I got rid of the tool bar, and the dating service pop ups.

    Well, at least I thought I did. I decided to undo all changes Spybot made, and then uninstalled the tool bar. This seemed to work for about a day.

    It came back, and I could not figure out why. I ran Ad Aware, and it found the tool bar and had a little description on how it stops you from being able to do pretty much anything with your IE tool bars.

    I let Ad Aware take the tool bar out, and tried again. It was gone...For about a day. A few minutes ago I loaded an IE window, and guess what was there again? The damn tool bar. Now, considering that at least Yahoo! has an uninstall feature, this was getting annoying.

    I went to update the Ad Aware software, and it said "Web update complete". No new reference file? Hmmm... It gets even better.

    Figuring that Spybot, and the **** it comes with had something to do with it, I uninstalled Spybot, and tried to get to http://www.lavasoft.de/

    I got an error, "The page cannot be displayed". Well that's funny, but maybe that's why it wouldn't update right?

    Well, I popped up a DOS prompt, and tried pinging it. I got great responce times, considering that the web page for Lavasoft had been set to :

    127.0.0.76

    Hmm, so it edited my hosts file?

    I'm in the process of cleaning up the mess now. and if you see some spelling errors, please disregaurd them. I'm not feeling good with my allergies, some type of cold, and being pumped full of drugs. I'm somewhat out of it. But this pissed me off.

    I think it's time we all stopped telling people to use Spybot. When ti comes packaged with the same **** it is supposed to be removing, I think that is a sign.

    I did a search on my computer for "hosts" and found both the hosts files... The regular one in C:\Windows\I386 looked normal.

    But another one was in C:\Windows\System32\drivers\etc, and this one had:


    127.0.0.0 localhost
    127.0.0.1 and.doxdesk.com
    127.0.0.2 auditmypc.com
    127.0.0.3 boards.cexx.org
    127.0.0.4 bulletproofsoft.net
    127.0.0.5 camtech2000.net
    127.0.0.6 cexx.org
    127.0.0.7 computercops.us
    127.0.0.8 ct7support.com
    127.0.0.9 doxdesk.com
    127.0.0.10 eblocs.com
    127.0.0.11 enigmasoftwaregroup.com
    127.0.0.12 forum.aumha.org
    127.0.0.13 free-spyware-scan.com
    127.0.0.14 free-web-browsers.com
    127.0.0.15 grc.com
    127.0.0.16 grisoft.com
    127.0.0.17 hackfaq.org
    127.0.0.18 hazeleger.net
    127.0.0.19 javacoolsoftware.com
    127.0.0.20 kellys-korner-xp.com
    127.0.0.21 kephyr.com
    127.0.0.22 lavasoft.de
    127.0.0.23 lavasoftusa.com
    127.0.0.24 lurkhere.com
    127.0.0.25 majorgeeks.com
    127.0.0.26 merijn.org
    127.0.0.27 mjc1.com
    127.0.0.28 moosoft.com
    127.0.0.29 mvps.org
    127.0.0.30 net-integration.net
    127.0.0.31 noadware.net
    127.0.0.32 no-spybot.com
    127.0.0.33 onlinepcfix.com
    127.0.0.34 pchell.com
    127.0.0.35 pestpatrol.com
    127.0.0.36 safer-networking.org
    127.0.0.37 secure.spykiller.com
    127.0.0.38 secureie.com
    127.0.0.39 security.kolla.de
    127.0.0.40 spybot.info
    127.0.0.41 spychecker.com
    127.0.0.42 spychecker.com
    127.0.0.43 spycop.com
    127.0.0.44 spyguard.com
    127.0.0.45 spykiller.com
    127.0.0.46 spyware.co.uk
    127.0.0.47 spyware-cop.com
    127.0.0.48 spywareinfo.com
    127.0.0.49 spywarenuker.com
    127.0.0.50 spywareremove.com
    127.0.0.51 spywareremove.com
    127.0.0.52 stopzillapro.com
    127.0.0.53 sunbelt-software.com
    127.0.0.54 thiefware.com
    127.0.0.55 tomcoyote.org
    127.0.0.56 unwantedlinks.com
    127.0.0.57 webattack.com
    127.0.0.58 wilders.org
    127.0.0.59 www.auditmypc.com
    127.0.0.60 www.bulletproofsoft.net
    127.0.0.61 www.cexx.org
    127.0.0.62 www.computercops.us
    127.0.0.63 www.ct7support.com
    127.0.0.64 www.doxdesk.com
    127.0.0.65 www.eblocs.com
    127.0.0.66 www.enigmasoftwaregroup.com
    127.0.0.67 www.free-spyware-scan.com
    127.0.0.68 www.free-web-browsers.com
    127.0.0.69 www.grc.com
    127.0.0.70 www.grisoft.com
    127.0.0.71 www.hackfaq.org
    127.0.0.72 www.hazeleger.net
    127.0.0.73 www.javacoolsoftware.com
    127.0.0.74 www.kellys-korner-xp.com
    127.0.0.75 www.kephyr.com
    127.0.0.76 www.lavasoft.de
    127.0.0.77 www.lavasoftusa.com
    127.0.0.78 www.lurkhere.com
    127.0.0.79 www.majorgeeks.com
    127.0.0.80 www.merijn.org
    127.0.0.81 www.mjc1.com
    127.0.0.82 www.moosoft.com
    127.0.0.83 www.mvps.org
    127.0.0.84 www.net-integration.net
    127.0.0.85 www.noadware.net
    127.0.0.86 www.no-spybot.com
    127.0.0.87 www.onlinepcfix.com
    127.0.0.88 www.pchell.com
    127.0.0.89 www.pestpatrol.com
    127.0.0.90 www.safer-networking.org
    127.0.0.91 www.secureie.com
    127.0.0.92 www.security.kolla.de
    127.0.0.93 www.spybot.info
    127.0.0.94 www.spychecker.com
    127.0.0.95 www.spychecker.com
    127.0.0.96 www.spycop.com
    127.0.0.97 www.spyguard.com
    127.0.0.98 www.spykiller.com
    127.0.0.99 www.spyware.co.uk
    127.0.0.100 www.spyware-cop.com
    127.0.0.101 www.spywareinfo.com
    127.0.0.102 www.spywarenuker.com
    127.0.0.103 www.spywareremove.com
    127.0.0.104 www.spywareremove.com
    127.0.0.105 www.stopzillapro.com
    127.0.0.106 www.sunbelt-software.com
    127.0.0.107 www.thiefware.com
    127.0.0.108 www.tomcoyote.org
    127.0.0.109 www.unwantedlinks.com
    127.0.0.110 www.webattack.com
    127.0.0.111 www.wilders.org


    You can't go to those site's in any normal way of course. I'm just wondering, all of you who tell people to download Spybot, update it, and run it, and then download Ad Aware, update it, and run it, do you yourself ever do this?

    That was what I did, and this was the result.

    System information:

    Windows XP, anti virii is AVG, Ad Aware is installed, and helping me clean up the mess Spybot left.

    Your thoughts on this?





    EDIT:

    I opened the hosts file in the \etc directory and completly deleted every line of text, hit save, and then closed it. Now I can connect to Lavasoft.

    Don't bother trying to actually uninstall the Tool bar, it doesn't work. Well, it will, for a few days, but it comes back. I just uninstall Spybot, I'll see if it comes back or not now.

  2. #2
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    You have been hit by some scumware. As you can see it is blocking you from security and support sites. I am guessing that it probably attacked SpyBot as well. I have been running SpyBot on a number of machines now for several years, and have not encountered the same problems.

    You might like to try downloading and running CWShredder...................I am not certain but it sure looks sneaky enough to be a Cool Web Search variant. I suspect it might already have been there and attacked spybot when you installed it?

    Cheers

    EDIT: No, I don't think so, the SpyBot site is on the list of blocked sites.............that seems pretty conclusive that it was an external attack?

    I would be inclined to run Trend Micro's "Housecall" as well

  3. #3
    Macht Nicht Aus moxnix's Avatar
    Join Date
    May 2002
    Location
    Huson Mt.
    Posts
    1,752
    gore, I hate to tell you this, but you have been hit with a coolwebsearch variant. I don't think it is being caused by Spybot at all.
    CoolWebSearch and its variants are the only ones I know that block you from loading security sites.

    I just (with in the last month) reinstalled my system, and downloaded a fresh copy of both Spybot S&D and AdAware. I am not having any problem with either. In fact, just 2 weeks ago, I downloaded both for a friend of mine that I installed XP home on. They are having no problems either.

    127.0.0.90 www.safer-networking.org is the Spybot S&D site and it is listed also.
    \"Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, Champagne in one hand - strawberries in the other, body thoroughly used up, totally worn out and screaming WOO HOO - What a Ride!\"
    Author Unknown

  4. #4
    Don't forget to do your searches in safe mode... Today at work, I wasn't able to access some of those sites listed. I know from a lot of experience recently that current spyware is blocking access to the sites that fix the problem, I think CWS is one of them.

    Anyone willing to test this Spybot theory on a dummy machine? I doubt it would be able to act like this and not be called out for very long. Maybe you were redirected to a infected download by some malware? I dunno... if I had my test machine I would test it myself.

  5. #5
    Senior Member gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    Originally posted here by nihil
    You have been hit by some scumware. As you can see it is blocking you from security and support sites. I am guessing that it probably attacked SpyBot as well. I have been running SpyBot on a number of machines now for several years, and have not encountered the same problems.

    You might like to try downloading and running CWShredder...................I am not certain but it sure looks sneaky enough to be a Cool Web Search variant. I suspect it might already have been there and attacked spybot when you installed it?

    Cheers
    Heh, that may also be the reason. I just never had any of this happen untill I told Spybot to go ahead and use the toolbar and to secure my browser settings.

    I had it installed for about 2 days, and then I decided to try the Tool bar thing, and that was when it all started happening.

    I've been checking things out more on here, and making sure of what has been installed, and so far the only thing that seemed to happen was me installing Spybot. Other than that, I have the fallowing installed on this machine:

    I reformatted this machine to install XP again, as I needed to do a few things this week that required it. Like logging into school stuff which needs IE.

    The first thing I did was install Macfee Firewall, and then update it.

    Then:

    I updated Windows

    Installed AVG, updated it

    Scanned with AVG

    Installed Ad Aware, updated it

    Scanned with Ad Aware

    Pretty much whenever I install anything anymore, I scan before and after.

    So I'm really not sure how something would have gotten into my system, as I do take precautions, and I don't open email on here. Unless it's from my teacher's or a friend, and then it's only text.

    The E-mail lists I belong to, I use Linux boxes to read.

    I'm also behind a router, and I have my firewalls all set up to alert if anything tries to contact anything not predefined as OK with me.

    Anything that tries to access the internet, or anything that the internet tries to access, has to ask if it is OK.

    I like Ad Aware a lot, but is there any other software that can search for things like Spyware and Malware?

    Hmm, this may turn into a good thread. What other types of software can be installed that are a little less than noble?

    Mal ware, Spyware, all kinds of stuff, but what else is there, and what software picks it up?

    I'm thinking of buying a real copy of Ad Aware, so even if you have to pay for it, what other software can be useful?

    I know Macfee and Norton make suites for this type of thing, but are there ones you would all recommend as much better?

    What about Linux spyware?

    Heh, a lot of questions, but this could turn into a very helpful thread.

  6. #6
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Soda,

    I downloaded and installed SpyBot v1.3 on this machine only 2 days ago...................I have had no problems.



    EDIT: Moosoft's "The Cleaner" is pretty good or "Pest Patrol", although I haven't used it in a while...............actually, check out the banned sites list from your fake hosts file.................I don't suppose you could get a better recommmendation than that

    Can you remember the mirror site you downloaded SpyBot from? I was wondering if it might have been compromised?

  7. #7
    Senior Member
    Join Date
    May 2002
    Posts
    143
    gore -
    Where did you find an option for a tool bar? I just checked the settings and extra IE ActiveX/download options . . . but found nothing for a tool bar. I know SpyBot creates a host file if you utilize the IE options which BLOCKS hazardous sites and lists them using 127.0.0.xxx - but I've never had any problems from any of the computers where I've installed the program. (There was no host file installed under System32/drivers either.) I believe nihil (as usual) has the inside track on the root of your problem. I'm sorry you've had so many difficulties with SpyBot. I use it and believe it is a very good product.

    V.
    All truths are easy to understand once they are discovered; the point is to discover them. What lies behind us and what lies before us are tiny matters compared to what lies within us.

  8. #8
    Senior Member gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    Originally posted here by vvirtho
    gore -
    Where did you find an option for a tool bar? I just checked the settings and extra IE ActiveX/download options . . . but found nothing for a tool bar. I know SpyBot creates a host file if you utilize the IE options which BLOCKS hazardous sites and lists them using 127.0.0.xxx - but I've never had any problems from any of the computers where I've installed the program. (There was no host file installed under System32/drivers either.) I believe nihil (as usual) has the inside track on the root of your problem. I'm sorry you've had so many difficulties with SpyBot. I use it and believe it is a very good product.

    V.
    Click on Immunize...I can't remember where it is exactly, but in Spybot, there is an option to immunize or something like that, and it gives you a few options to block pages and so on. I think the CWS thing may be something here. As much as I change OSs, it's not much of a worry for me, but for someone who may have something like this happen, I'd really like to have had it brought up so they can see how it worked out for me.

    I will be doing back ups probably in a few days, and after all that, I'll probably being formatting this box again. After that I'm going to try a few more things out. This is odd for me, I remember like a while back telling a friend it would be funny to set up a web page that auto downloaded prank software for jokes, and they all thought it was impossible.

    Heh, I'm a trend setter

    When I am feeling better I'll see what else I can find out about this stuff. Thanks for the replies so far.

  9. #9
    Macht Nicht Aus moxnix's Avatar
    Join Date
    May 2002
    Location
    Huson Mt.
    Posts
    1,752
    I can't find any reference to any kind of toolbar either. (see image)
    \"Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, Champagne in one hand - strawberries in the other, body thoroughly used up, totally worn out and screaming WOO HOO - What a Ride!\"
    Author Unknown

  10. #10
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Gore old chap,

    It sounds as if you are running V1.2.......................three boxes down the bottom left? on the "immunization" page?.

    v1.3 is the latest. You can't get updates for v1.2 any more. Where did you get it from?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •