Spybot being bad?

[gore]

Well, that's odd. Your Spybot looks a bit different than mine did. When I selected the block pages thing, there was another function saying it could do something with the browser, and when I selected one fo them, the "IToolBar" came on there, set my home page to "I-Search" or something like that, and then all of this started up.

I have to get to bed right now, as I'm still not feeling well, I started an AntiBiotic after going to the Dr. and I'll check this when I wake up. After I start feeling better I'll look into this a bit more, as I will actually be able to concentrate, but thanks again for the replies.

I'm thinking something did somehow get installed on here.

Thank you again.

[vvirtho]

gore -
That is what I thought you were referring to but wanted to make sure.

nihil - When did version 1.3 come out? I check for updates every time I'm online and would have thought a newer version would show up during the check (silly me!). Guess it's time to do some downloading and updating. Thanks for the heads up on the latest version.

V.

[nihil]

V.

The final v1.3 came out about three days ago. If you try to update v1.2 it just says no updates available, NOT that there is a new version!

I think that Gore's problem is some scumware called "Isearch"

http://forums.tomcoyote.com/index.php?showtopic=6611

Detailed instructions on removal.................

Gore, please check right at the end, you have to delete that toolbar thingy



EDIT: a bit more about it

http://www.pestpatrol.com/PestInfo/i...ch_toolbar.asp

[Soda_Popinsky]

Wouldn't hurt to post a Hijack This! log to us, If you can't get it from merjin or any other site because they are blocked, PM me and I'll ship one over.
Check this out

Also, there is no restriction on what a BHO can do your system; it can do anything any other program can do: read or write (or delete) anything on your system. Usually, software is installed on your system explicitly by you; when you do so, you are, in effect, saying that you trust the vendor. BHOs, however, have a history of being installed without the users knowledge (fine print notwithstanding)

from http://www.definitivesolutions.com/bhodemon.htm

(not recommending the software at the page, just referring the BHO info)

Maybe a BHO in the HJT log will find us a culprit. It would run whenever IE is run.

[vvirtho]

nihil -
Thanks for the info on when the latest version arrived. I guess it was too much to expect SpyBot to advise of a newer version during their update like AdAware does. Hmm . . . maybe they should think of including that in their next version . . . just a thought. Thanks again.

gore -
Hope those antibiotics do the trick for you! Hope you let us know how the SpyBot saga turns out. Take care.

V.

[Und3ertak3r]

There was a scumware Spybot S&D.. it was either under the name of Spybot or Spybot S&D can't find the link in my libary, nor can I find the other info on it..

While I don't suspect that this is the case for Gore.. It is a warning for others..BE CAREFUL where you d/l these progs from..don't d/l Spybot s&d from any warez sites .. for that matter any progs from Warez sites are a lottery ticket to disaster..

I am interested in haveing a look at the Installer file you used Gore, that is if you can make it available..

Cheers

[sumdumguy]

omg.. you got the isearch toolbar from a "bastardized" spybot download ?

yeah that host file entry does point to a CWS variant.. so that and isearch, ist_toolbar.

frankly, I'm surprised.. shocked really.. gore.. how could this happen ? where did you get this file ? damn.. even after all your scanning with adaware and a "good" version of spybot (1.3), I'd run pestpatrol and then post a hijackthis log.. I'm betting that there will be components left over even after the scans. and chaulk all this up to experiences/lessons learned..

crikey.. (in my best steve erwin voice)

edit : clean your hosts file.. and here's the downloads.. run the shredder first.

HijackThis direct download: http://209.133.47.200/~merijn/files/HijackThis.exe

CWShredder direct download: http://209.133.47.200/~merijn/files/CWShredder.exe

[bluthund]

Hey guys,
here's another little theory that might be of some concern.
I read the post about Spybot ver 1.3 a few days ago and decided
to d/l it after uninstalling ver 1.2.
I've been thru several clean installs with my boxes and always had to get a fresh
copy of the executable from one of the mirror sites linked by security.kolla.de.
Well, every time I d/l ed a copy, I went thru the program and configured it to my liking.
With the latest version I took a closer look, since there are some new features.

Once I got to "Settings / Ignore products", I scrolled thru all the products that are listed
under the "All Products" tab. To my surprise, two boxes were checked. Unfortunately I didn't
write down the names of the items. If you don't scroll thru the list and assume that all products are unchecked,
you might be in for a surprise, since the first visible items are unchecked! People should check all the tabs
and make sure that none of the boxes are checked!

Maybe someone that reads this and has a fresh download of Spybot Search & Destroy
will see what I mean, but then it depends on which mirror site was used as well.

Could be that I'm barking up the wrong tree, but it doesn't hurt to scrutinize "trusted"
software.

Cheers and prost,

[moxnix]

Once I got to "Settings / Ignore products", I scrolled thru all the products that are listed
under the "All Products" tab. To my surprise, two boxes were checked.

Very interesting......I found 4 items that were checked to be ignored.....hhmmmm.
They were:
1) LSP.New.net
2) MySearch
3) New.net
4) SideStep (caught on 2nd pass....missed on first pass)

I don't know if this is a bug, or a random thing or what. I have dropped them a note about this.

[bluthund]

Hi moxnix,
thanx for verifying. It must have been 4 items after all,
since all of them have jarred my memory. Isn't it odd?