Solved

Spybot and Ad-Aware being defeated?

Posted on 2009-07-08
13
826 Views
Last Modified: 2012-05-07
I've been having some weird freezing/locking issues with a work computer, so I've tried installing Spybot (and Ad-Aware as well).  But Spybot doesn't work the way it always has on other computers, and Ad-Aware install appears to succeed but then the program disappears.

Spybot: I can get updates and immunize, no problem, but I'm unable to check for problems. When I click the button to do so, it gives me a message about counting and cleaning temporary files; then, regardless of what I answer, it doesn't do anything else. The "Check for Problems" button is replaced by "Stop Check", and there's a tool tip that says "Please wait, scan in progress...", but nothing else. No progress bar at the bottom, none of the stuff I'm used to seeing. I've tried it dozens of times, uninstalled, reinstalled, etc. I tried leaving it for hours with no change, but the moment I click "Stop Check," it freezes up and sometimes locks up the entire computer just like the freezing issue that I first installed Spybot in hopes of diagnosing. Behavior is the same even in Safe Mode.

Ad-Aware: Whenever I install, the installation program requires a reboot... but when the reboot is completed, all the program files have been deleted. Shortcuts have appeared on the taskbar and in the Start menu, and the program still shows up in Add and Remove Programs, but the actual files are gone.

So maybe there's a specific threat that's fighting against anti-spyware software? Can anyone give me any ideas about what's going on here?  OS is XP Pro, SP 2.  Thanks!
0
Comment
Question by:Bobaran98
13 Comments
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 500 total points
ID: 24808627
Try Malwarebytes - www.malwarebytes.org - great tool - free and much better than Spybot in my opinion.
Other tools are combofix -
http://www.bleepingcomputer.com/combofix/how-to-use-combofix  
Try those and come back if you don't get anywhere.
0
 
LVL 1

Expert Comment

by:Joffer
ID: 24808715
I also use Malwarebytes. It's great. And I'm a fan of spybot like yourself.

I also run Spywareblaster just after I have installed a system, and tend to run and update it monthly or so (using the free version) - www.javacoolsoftware.com.
0
 

Expert Comment

by:MrMichaelBrownell
ID: 24808876
Some of the newer bugs will prevent MalwareBytes & ComboFix from running. You can try renaming the combofix executable. If that still won't work try: http://www.gmer.net/ and click the "Download.exe" button to get a randomly named exe of the gmer rootkit detector & remover.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 24808975
@younghv - you have removed my initial posting which mentioned using malwarebytes and combofix but made no reference to running combofix in safe mode - please can you restore the posting as I think you have deleted this by mistake.
0
 
LVL 16

Expert Comment

by:warturtle
ID: 24808987
I don't suggest running 2 anti-spyware programs with an active background shield - SpyBot and Ad-aware. Choose one of them and uninstall the other one. Two programs of the same type might have compatibility problems and eventual conflicts.

Running free MalwareBytes (MBAM) or free SuperAntiSpyware (SAS) with Spybot or AdAware is ok, because free MBAM and SAS don't have a background shield, so they are unlikely to conflict with the other active anti-spyware protection programs.

Try uninstalling one of them and then run the scanner to see if it can actually run normally or not. Its not always a malware that causes such problems (it could be but we need to be sure).

Hope it helps.
0
Complete Microsoft Windows PC® & Mac Backup

Backup and recovery solutions to protect all your PCs & Mac– on-premises or in remote locations. Acronis backs up entire PC or Mac with patented reliable disk imaging technology and you will be able to restore workstations to a new, dissimilar hardware in minutes.

 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 24809366
Sorry - thought it would have been you as you were moderating the question.
Thanks for puting it back.
Alan
0
 
LVL 91

Expert Comment

by:nobus
ID: 24811211
if your ANTI-anything programs don't run as they should, i recommend hooking the disk as slave to a working PC, and scan it from there.
then connect the disk back to yours, and continue the scanning you wish
0
 
LVL 4

Expert Comment

by:samsixty
ID: 24811312
My guess is that you have already spent hours trying to solve this problem, you mention it is at work too.

Isolate the machine from the network and format it, reinstall the OS and forget about it. Takes me about 40mins to restore a machine from a clean image.

If you want to do some forensics to find out what went on you can grab an image of the disk and look at it offline, safely.



0
 
LVL 8

Author Closing Comment

by:Bobaran98
ID: 31602164
Malwarebytes didn't do much; found some cookies, I think.  But after running ComboFix, I had no problem running either Spybot or Ad-Aware.  I have no idea why this is so.  I don't entirely understand what ComboFix was doing, because I just ran it default and didn't read any of the notes...  I was, in fact, preparing myself for wiping the machine as Samsixty later suggested, and so I didn't mind the risk of running an unknown piece of software.  Thanks, Alan, you saved me a lot of hassle!
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 24825348
Glad you are sorted and didn't have to resort to wiping and re-installing - a great waste of time, but at least you know you are clean.
Thanks for the points.
Alan
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
[ZA Edit - I inserted the proper URL in the 'Accepted' Comment up above. younghv]
 
0
 
LVL 8

Author Comment

by:Bobaran98
ID: 24825394
@warturtle - Good thought about conflicting anti-malware programs, but not an issue in this case.  I was trying to run each of these programs completely separately and having problems.
@everyone - Thanks for the great comments, and sorry for not responding before now.  I wish I knew exactly what ComboFix did that allowed Spybot and Ad-Aware to run properly, but I haven't a clue.
ComboFix solved the problem stated in this thread, but I should point out that my base issue-- the fact that this machine was freezing at odd intervals-- turned out to be unrelated to any malware (at least as far as I can tell); I realize in retrospect that my comments following the accepted solution may be misleading in that regard.  The freezing issue had gotten such that simply clicking "Start" and choosing to "Shut Down" was enough to immediately freeze the computer, before even showing the shutdown type dialog box (you know:  Shut down, Restart, Stand by, Hibernate, etc.).  The fact that I couldn't get even Spybot or Ad-Aware to run properly was so discouraging I was ready to wipe and be done with it, despite the many hours it would take to reinstall and configure the specialized software we run on this machine.  Once I got the anti-malware programs working properly, I was less discouraged and decided to try a few more things.  I ended up uninstalling a few programs, one at a time, until I no longer experienced the Start > Shut Down bug... and as it happens, it was one of those specialized programs!  But I didn't have to uninstall all of them, and now I'll know the culprit if this issue arises again (at which point I can always contact the developer).
Sorry, waxing eloquent there.  I just know that if you're like me, you want to know all the details of the resolution.  So there you go.  Thanks again, everyone!
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Suggested Solutions

SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
Article by: btan
Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now