Its very important you begin by providing some brief information on the problem such as error messages, strange computer behavior, steps taken to fix, etc. Please try to be specific if you can.

1. Operating System and if there are multiple user accounts on the computer.

2. Browser and version

3. Nature of the error or problems including content of any error messages

4. List of security software installed, i.e., firewall, anti-virus, spam blockers, popup blockers, script protection, etc.

5. Spybot S&D log report for latest scan included as an ATTACHMENT.

6. What steps have been taken so far to address the problems. Examples: virus scan, SpybotS&D, Ad-aware, manual removal uninstalled such and such progam, etc.

7. List of file sharing programs installed (if any) such as Kazaa, Limewire, Bearshare, Imesh, Morpheus, Grokster, Xolox, eDonkey, etc.

The number 6. item is very important because some removal procedures are sequence specific depending on the type of malware infections. Any steps already taken may adversly affect the situation if helpers are not made aware of them.

Please take NOTE!! If you come to Net-Integration looking for assistance on fixing a comp that is broken, and repairs were attempted without supervision we cannot be held responsible for the end result. Our volunteers will try to assist on steps that might help but thats it. No guarantees and you assume full responsibility. For that matter all advice here is at user risk.

Please note only Net-Integration volunteers are permitted to provide malware removal support. (Site Administrator, Administrators, Developers, Team Spybot, Global Moderators, Technical Experts, Technical Guides and Technical Assistants). This only applies to malware removal!

The first thing to be done is run a scan with Spybot S&D. Spybot S&D Tutorial Please be sure you have not disabled any programs before doing this scan. If you have please re-enable and then run the scan. Once the scan is complete go ahead and fix all malware it finds (items highlighted in red) . If it requests to run on restart click yes and restart when finished. Once the scan is complete fix what it finds and finish the restart.

Please post the above requested details in a new topic in the Malware Removal forum. Please do not post anywhere else unless specifically requested to do so by a volunteer helper. If you already have a topic started somewhere and have been asked to review and follow these procedures please post the requested information in the same topic.

Please do not post a HijackThis log! There are many situations where assistance can be provided without the need for HijackThis, or it may not be needed until later in the assessment or removal process. Someone will inform you when it is needed. This is a courtesy we request from everyone. Please be considerate.

You are requested to attach a copy of the log report from Spybot S&D to the topic that has the above requested information. Please see Saving Advanced Log Reports Please do not edit the report in anyway. Its important that we see the entire thing.

If you are not already registered at the forums please do so. Registration is required to start and reply in topics. E-mail validation is required to register. Please turn off all e-mail/spam filters or add net-integration.net to the accepted list before starting the registration process. Please don’t subject us to automated requests to authenticate email. They will not be responded to.

If you have been requested to provide a HijackThis log please refer to HijackThis Download & Tutorial

No No’s

Please do not post a HijackThis log until requested to do so.

Please do not post in someone else’s malware removal topic. No matter how similar it may appear it is not safe to provide guidance to multiple users in same topic. If you post a support request in anothers topic it will be deleted without comment!

Please do not make the same request in more than one forum. This will not get you faster assistance. In fact it confuses and slows the process down and may result in the deletion of your request and support may not be provided. This is really pretty rude and inconsiderate of the other members and volunteers.

Please do not send any logs or support requests via e-mail or PM to any volunteer or the website webmaster under any circumstances unless specifically requested to do so by the intended recipient.

Please do not seek assistance at Net-Integration and another website at the same time. If done topics will be closed at Net-Integration and posters will be referred to the other website for assistance.

Volunteers

Volunteers are just that. Volunteers. Folks who give of their time freely without recompense or expectation of any kind. In most cases it’s the desire to assist and help that drives them. In some cases it’s ego. But in either case it’s the force behind the success of Net-Integration support.

Please do not flame or verbally abuse the volunteers. Please do not PM or email the volunteers with logs and support questions. Please have respect for the fact they are volunteers trying to help. They are human and don’t live inside the board like some computer chip to be called upon at the push of a button. I’m really disappointed in the attitudes staff have to endure when everything is free from the software to the support.

Recent times have really stretched the limits of many volunteers and caused them to burn out. Most who stick it out have figured ways to keep a real life and continue giving online help as they can. But bad attitudes and folks not following procedures makes it difficult to expect volunteers will stick around forever. How long would you do something for free if your procedures/conditions for providing the free services were always ignored.

Follow Ups

Sometimes it will be noted that you may not receive a quick response. This is not intentional and is not desired. Because of the large number of requests and limited number of support folks to assist sometimes topics get lost. This is especially true in the Malware Removal and SpybotS&D support forums.

Folks need to realize there is a never ending flow of new messages posted daily and sometimes the new posts will get lost on the second page of the forum index and volunteers may inadvertently miss it. There is little which can be done about this. However, we have implemented a procedure for unanswered topics. Please review the pinned topics in each forum for the best method of getting attention to your missed request.

Please do not send PM or e-mail messages to volunteers. They will not be responded to. Please have patience and follow the procedures. We are doing everything we can to make sure each person’s request is responded to.

Please note assistance is coming from volunteers. They are giving of their own time and effort to assist you. They don’t have to. They choose to. So please have respect for what they do.

Recently Lavasoft announced the reason for no Ad-aware updates in the past 3-4 months is because they are working on a completely new Ad-aware. Well what else is new! How many Ad-aware updates in the past has been a new application? Too many to count. As of this writing no release date has been provided although indications are sometime in December. I hope they mean 2002. But seriously. Why no updates? In my opinion updates and building an entirely new application could be accomplished simultaneously. They have done it before. But whatever their reasons it doesn’t seem to stop the loyalty of users although recently it does appear to be waning.

But at the same time I have to make the point that doing what Lavasoft has done to date is quite a feat and deserves the proper respect and recognition. From my own past personal experiences with them I know the tremendous amount of time and energy it takes to support and distribute Ad-aware. So I take that into consideration when I say I think they failed their clients badly. Mainly because they don’t speak to them. They don’t even speak to their support staff most of the time. In my opinion they need to open up alot more, stop censoring subjects they don’t want to deal with in their support forums, and keep folks fully informed good or bad.

Then we have PestPatrol, a commercial privacy operation, that decided to target part of a freeware application, Spybot Search & Destroy, using methods that make a false positive virtually impossible. Pest Patrol gave it’s reasons for the “unintended” targetting but still continues to target even with their completely new updated version. They toned down the definition for the target file some but that doesn’t change the fact they are knowingly targeting a part of Spybot. What is the motivation behind this? How does this help the privacy battle against spyware/adware? And let me not forget they also censor their detractors and regularly edit their support forum by removing all negative posts and topics. I guess they need to keep up the good appearances if nothing else. For me there is no more benefit of the doubt with these folks. Their tactics are questionable as are their true motives. I know many, if not most, will disagree with me when I say this…..but….I think PestPatrol is hurting the industry and users more than helping.

Then lest we not forget the attempt several times of many developers and security/privacy website owners to get together and develop a common naming database of known spyware/adware, etc. The idea being to create continuity in naming and defining of spyware/adware primarily for the benefit of users. For obvious reasons some components of this database would have to remain non-public although accessible to members of the developer group. This became the biggest point of contention. Who would maintain and have access. Several developers decided to back out of the idea and still others began to question others motivations.

Needless to say nothing has come of it and I seriously doubt it will in the current environment. Many developers and vendors of commercial, shareware, and freeware privacy applications are locked into a battle of “market share” and some of the tactics being utilized are disgusting. How about a popup ad for a ‘pop up ad killer’ or spam for a ‘spam killer’, or misleading users with allusions their computer is exposed to the world to sell some useless application, or target the competition so they appear bad, or the folks who steal a developers work, change the package a little and sell it as their own.

Internet Privacy appears to have become a battlefield where it is becoming harder to know who the enemy is. But there is a bright spot in all of this. There are some folks who really do care about users and not how much market share they have. They are not too difficult to find and many stand out amongst the crowd. A few that quickly come to mind include Mike Healan of SpywareInfo, Bill Webb of Counterexploitation, Patrick Kolla of PepiMK Software, Steve Gibson of GRC, Andrew Clover of doxdesk, Mark Thompson of Analog-X , Paul Wilders of Wilders Security Advisory. Unfortunately there are too many to name them all here. These are the ones who don’t shy away from criticism but instead embrace it and correct what they can. They are ones who are not afraid of going an extra step to assure user needs are met. And they come from all segments of the market, ie, commercial, shareware, freeware.

If all providers in the privacy industry would just get together in a concerted effort things might improve for all. But assume the worst and use caution when looking at information or tools to protect privacy. Don’t fall for emotional tricks, or use well known brand names or market share as an indicator of value. It takes a little bit of time, some research, website and forum visiting, lots of reading and asking a few questions. But in my opinion this is time well spent and may save users time, money and aggravation in the future.

Just five days prior a new build 5.8 was released. Lavasoft’s official position on the new build was that it was necessary to change builds to improve performance and avoid the need for frequent updates. See Lavasoft Forums

quote from forum: “Update notice for Ad-aware 5.8
Ad-aware 5.8 uses a new referencefile format.
This change was necessary to handle more tasks through the referencefile, and avoid too frequent updates of the Ad-aware binary. The new referencefiles are named “reffile.awr”.

The manual installation is performed like with the old “reflist.sig” files. A new Refupdate application is in progress, and will be available shortly.

Ad-aware 5.8 features the same user interface like the previous 5x versions. It has been further improved to perform additional checks, and to handle the new reference files.

The reference file included in this distribution (005-29-04-2002) targets DownloadWare, NetworkEssentials, IEPlugin, OpenMe.exe, GoHip and several additional browser hijackers.”

5.81 has allegedly been released to improve the scanner performance and stability. What gives here? I thought 5.8 improved things and avoided the need for more build updates? Is there any prerelease beta testing going on or are users the beta testers? It appears the latter is the case if the online help forums are any indication. Many a help forum today is replete with folks seeking assistance because of ad-aware problems. This is not new. However, in the past the help questions were 90% related to spyware removal problems and 10% application bugs. Today, this is reversed. Most of the help being sought today is related to the Ad-aware application itself.

Let’s do some quick background on the last 6 weeks with Lavasoft.

In March Ad-aware 5.6 (not sure on build number anymore) was the current version. It appears that during the transition process from version 5.6 to 5.7 the spyware/adware signature (reflist) files from v 5.6 were not made compatible with previous versions. Then it appears certain v5.7 builds are only compatible with certain v5.7 reflist files and if the wrong reflist files are used system errors occur. Confused yet? If not keep reading.

A few weeks ago Ad-aware decided to add the DAP (download Accelerator Plus) after months and months of promises to their users to do so. Hence out came new release 5.7 build 5598. Lavasoft Forums This was also to allegedly fix compatibility problems and added DAP.

Then without any notice 5.7 build 5599 was released which removed the DAP target. After days of users wondering what was up Lavasoft finally released a formal statement that DAP was not being targeted anymore. Lavasoft Forums The subsequent responses by Lavasoft on DAP are even more confusing. They decided to build a separate application to remove DAP rather than leave it in Ad-aware itself. Huh? Why would they do that? Legal pressure from DAP? Maybe? But by creating a separate application Lavasoft kept users that wanted DAP targeted happy. Why do that and not keep it in Ad-aware? Any smart person would know that eventually interest in the new app would dwindle. Especially if it is not marketed well and kept on separate sites! This lets Lavasoft off the proverbial legal hook with DAP and keeps the currently noisy DAP haters quite for awhile.

Then comes along Radlight. Radlight is an application “developed to offer you fast and high quality playback of DivX content and other multimedia files”. Radlight optionally comes bundled with SaveNow which is alleged to be spyware. Radlight was not an Ad-aware target although SaveNow was. The removal of SaveNow apparently had no impact on Radlight’s application or it’s function. Radlight decided to release a version that automatically removed Ad-aware upon Radlight installation. See The Response The fallout was terrible and probably hurt the fight against spyware/adware (and other advertising tricks) more than it helped. Many “Lavasoft Supporters” went on a verbal tirade that would make most people cringe. Lavasoft responded by making Radlight itself a target. Within days Radlight’s support forum and pages were down, Radlight was formally apologizing, and they removed the Ad-aware removal routine from their install process. However, Lavasoft refused to respond in kind. Instead they have decided to keep Radlight a target for some unknown reason. Revenge? I’m concerned! Also, Lavasoft supporters have also been less than kind. Radlight and Radlight download locations have since continued to be the target of “Lavasoft Supporter” wrath and personal attacks. But that is another story for another time after my study of the whole situation is formalized.

So now we have Ad-aware version 5.8 that utilizes a new type signature file. (reffile.awr) This new build and new signature file allegedly avoided the need for frequent build changes, improved scanning and improved stability. Five days after it’s release another 5.8 build is out with a new signature file (5.81 with ref 009-05-05-02). The new signature file is not compatible with any older versions. If new signature files are used with older versions errors of all types seem to appear. So the new improved 5.8 is not so improved afterall. I’m not surprised. There appears to be no beta testing going on. At least no official one. Instead, Ad-aware users have become the beta testers and with no warnings.

Since the beginning of March Lavasoft users have been subjected to several 5.6 builds, several 5.7 builds and now two new 5.8 builds. That along with the several reference file updates that have occurred between builds. But these reference files are not all compatible with each other. Then lets throw in the RefUpdate utility. This tool is a separate add-on to Ad-aware that is supposed to keep Ad-aware updated. Except RefUpdate has rarely been compatible with the new builds or the ever changing download locations of Ad-aware and the reference files.

It doesn’t get any better either. Build updates are not upward compatible. Meaning each previous version of Ad-aware must be removed before the new installation can occur successfully without errors. During the course of the build updates development errors occurred that left out important uninstall routines in one version of 5.7. See Lavasoft Forum This means users must edit the registry to remove Ad-aware. Although a couple other methods have been created by users nothing has been officially done by Lavasoft to fix the problem for users uncomfortable in the registry. Why?

There will be some out there who read this that will decide I’m bashing Lavasoft for no good reason. Or that I have it in for Lavasoft. Nothing could be further from the truth. I did not spend nearly 15 hours a day supporting Lavasoft throughout most of 2001 for no reason. I did so because up until 6 months ago I truly believed Lavasoft was making a positive difference. I’m not so sure today. Not because Lavasoft doesn’t perform a needed function. But because Lavasoft appears to have lost touch with its’ direction. They appear to react to situations rather than act. The developer seems to have lost touch with which direction to take the application. Or at the very least has continued to build upon a application that needs to be changed from the ground up in my opinion.

I believe Lavasoft is becoming a victim of its own success. Lavasoft appears to feel compelled to respond quickly to users whims or new threats without proper preparation or testing. This is unquestionably allot of pressure to deal with. But Lavasoft must not fall prey to it. Lavasoft needs to truly take some time and fine tune it’s operation and development process.

To begin with a serious beta program needs to be put in place. Secondly, the help forums need major improvement. Most of the questions asked of users go for hours and days without answers. And many of the answers don’t come from the developer but from other supports who usually have no clue what the problems is or why. The usual response is that they are checking on it. When they finally hear from the developer it is usually though a support person announcing another update. At least that has been the case for the past few months. I have nearly 40MG of updates archived from the past 5 months.

It’s no wonder they use up mirror sites like they do or have their own Website problems. With the number of updates they are doing these days they are probably easily using up 600G of monthly bandwidth including mirrors. (Educated guess based on my previous first hand knowledge of Lavasoft usage) Thirdly, they need to integrate the update process into the program itself and make build updates upward compatible. This may mean a little larger application. But a larger application is better than a nonfunctional one. Ad-aware is designed to rid users of resource hogs or privacy violators. But right now I also see Ad-aware as a resource hog. With the number of updates (in my opinion unnecessary) that keep occurring bandwidth is being wasted.

Another disturbing trend with Lavasoft is the lack of information. They keep adding targets but with no explanation or details. In fact, nowhere in their application or on their site is an explanation of the targets alleged crimes. This is a key element in my opinion. Users have a right to know information on targets including references and support documents where applicable. I take issue with blindly following another persons decision as to what is bad or good. I want to see reasons why a particular bot is being targeted. Let me read the privacy statements and user agreements. Let me know what changes the bot made to my system and what changes Ad-aware is going to make. Will all the components of bot be removed or will it just be made useless? Users should be given this information. In my opinion anything less is being just like the spyware/adware developers. Both sides are saying “Trust me, I’m good they’re bad”. That is not good enough.

If Lavasoft is not careful people are going to get really tired of the constant compatibility issues and lack of information. In my opinion Lavasoft will lose even more user trust and faith because of it. The negative repercussions are already being heard and Lavasoft is quite aware of them. Instead of reacting it’s time they stepped back, evaluated and put in place a new game plan that includes their users and competitors.

These opinions expressed are my own and simply my assessment of the situation as I see it. They are meant to provide a perspective from one consumer who believes in his heart there are many others that feel the same way. I believe Lavasoft can improve and I look forward to seeing it happen. I hope they can pull it back together soon.

For most of yesterday and early today there were discussions on web boards and forums around the world. In my opinion most of the diatribe was a bunch of emotional trash spewing from peoples minds to their keyboards. Very little constructive discussion. The few folks who attempted to rationally discuss the matter, or expressed opinions that didn’t completely trash advertisers, were lambasted, or flamed, as it is commonly refered to when one person is personally attacked by another for their expressions or beliefs.

I am personally quite disappointed in the response so far. Earlier today Radlight backed off their position realizing what they were up against and retracted any further release of the Ad-aware killing version of their sofware. Radlight, while not appearing totally sincere in their presentation, did apologize and attempted to explain their rational for taking the steps they did. Instead of folks taking the opportunity for very constructive discussions, and opening the doors to a wider audience of advertisers, shareware developers and distributors, absolute mayhem broke loose. I’ve not seen anything so disgusting as the trash and language being displayed at the Radlight Forum as well as other forums. (I am not linking them because the language is dangerously close to pornographic in nature) Any good discussion that may have occurred has been buried in four, eight and ten letter words that should disgust most individuals. And the worse part is that much of this has come from the supporters of Lavasoft and privacy/security/freedom of speech advocates. In my opinion this is a major set back. The long term affects of this presentation is not good in my opinion. I do however applaud Lavasoft for expressing their own disgust in such language and activity.

While I don’t agree with Radlight’s position or their justification for doing what they did that certainly does not give me the right to unjustly attack the sincerity of an apology. And that is what happened today. Many screamed for Radlight to change it’s ways, change their policy and back off Ad-aware. When Radlight did so “Lavasoft supporters” jumped up an their mighty horse and trampled upon a downed adversary. Not very honorable at all. The noblest of victors’ forgive an apologetic transgressor for their actions especially if the apology accompanies action. In this case not only did Radlight apologize but they removed the offending install segment at the same time and vowed not to do it again. What more could be asked for? They already know it was a huge mistake that will take much time to recover from. They seemed quite sincere in that aspect of it. So why the continued attacks and the absolutely filthy language?

Immediately discussions should have begun in earnest to help both sides understand the difficult situation facing all internet business…ie…privacy, security and advertising. Not flame throwing on Radlight for attempting to make right. What a grand opportunity this could have been. The opportunity to draw in lots of advertisers and privacy/security advocates from around the world and openly discuss the situation, consumer concerns, advertiser needs, and what commonalities there may be. And there are commonalities if folks are willing to look for them. But unfortunately what happened was childish and has likely hurt any chance for real open discussions for quite some time to come. I hope I am wrong. But what I have watched transpire in the last 12 hours has shaken any common ground between the 2 sides. I surely hope this is not the conclusion.

Our testing was primarily designed to review ease of use, features, options, and find potential bugs. I did some minor detection tests. But in no way was it a thorough benchmark test. That would really be required to determine SpybotS&Ds’ effectiveness in detecting and safely removing bots and applications. I received a copy of this application with PepiMK Software expecting to publicly release it within 24-48 hours. This is not enough time to conduct the type of testing necessary to provide scientifically accurate detection and removal results. However, I do anticipate being able to do much more testing in the very near future. I also suspect that once this is released to the public there will be others who give this application the once over and will report and rate accordingly.

Having said that I did install WebHancer (spyware), AllCyberSearch (hijacker) and Desktop Detective 2000 (keylogger) and I placed copies each of these in archived files (zip) in various locations on the computer. The scans produced results identifying each application that was installed but did not report the archived files. The fact it did not report the archived files is perfectly acceptable. The point was to determine if Spybot would search for targets based on names possibly causing false positives or problems with removal. It did not and they were completely ignored.

I removed each target separately and tested system functionality including Internet and e-mail access after each was removed and found no problems. I also checked for any remnants left behind and did not find any in these particular cases. I used the recovery function to restore them and then removed all of them at the same time. I again checked the system and found no problems.

Conclusion

I find Spybot Search & Destroy to be an excellent tool and one that should be on every computer. I will not go so far as to say it should replace any other similar tools such as Ad-Aware. But I do think it is currently a compliment to the others. I believe with some time tested public use and some serious benchmark testing this application may very well become the best choice in this segment of the market. Because I have found no benchmark test results anywhere on Ad-aware after years of public use I suspect that only its’ popularity will keep it number one on many folks machines.

But now that a strong alternative is available I believe it is time for serious benchmark testing to be conducted and then let the applications speak for themselves. In the interim I suggest everyone download and install Spybot and check it out for yourself. I believe everyone will find it an effective, professionally designed application with the average and the experienced user in mind. Unlike other applications in this market segment everything one could possibly need from information to easy updates can be found with the click of a mouse. I give this application my top rating and look forward to only more good things.

Again, I’d like to take the opportunity to thank everyone who has contributed to the development and distribution of this application. You all deserve major kudos for your effort and commitment.

The next area is the Online section. It is here that updates can be downloaded and installed, current Spybot information and news is obtained, bug reporting is done and the Opt out section is located. It is also where files can be verified authentic using PGP (Pretty Good Privacy). If you have no idea what PGP is then this section will be of no use to you. I would note that I tested this section and it worked just fine.

The Update section is one of the most important in my opinion. It is here that Spybot searches for the most up-to-date files available including any updates to the application itself. It is very important that Spybot stay updated and in my opinion users should set the update to automatically check everytime the program is opened. Short of that at least the reminder setting should be set. When the ‘Search for updates’ button is clicked Spybot searches the online database for all available files, matches them against those already installed based on the dates and then shows those available in the screen. Checking those desired updates and clicking ‘Download updates’ installs them. It doesn’t get any easier. If there is any update that requires the program to close a window will pop up indicating Spybot needs to be closed and when the download is complete Spybot will close automatically. Then the user simply opens the program back up and updating is complete. I found no bugs or errors in this section. I even tested upgrading from a previous beta to 1.0 and it worked flawlessly. The only issue I could find here was if a user chooses not to download and install a particular file, such as a language file, there is no way to prevent seeing that same file everytime the search is conducted. While it is really not any problem with respect to functionality it could be confusing or even annoying for some folks.

Update: The developer informs me that any updates users do not want such as a language file can be ignored in subsequent update checks. Right click the updates that are not wanted and there is an option to exclude it. This method is currently undocumented. The help file will be updated to indicate this option.

The News section is self explanatory. When this section is highlighted the user is taken online to the Spybot News page where all current information from the developer is provided. Nice feature.

The Bug reporting section is also self explanatory. If you discover a bug or receive an error message then it is easily reported through this feature. Simply follow the prompts and any bugs are sent to the developer who will contact the user in a very quick fashion. An alternative is to click the Net-Integration link and the user is taken to the support forum where a search can be conducted to find similar reports or to post the problem or bug.

The OptOut section is where users can find links to either e-mail or website locations for opting out of advertisers services. Simply double-click the particular choice and the user is taken to the website optout page or an e-mail can be sent to the correct address.

Info & License

This section includes general information, complete bot target information, credits, licensing information, info on the developer and donation section.

This first section is pretty self explanatory. Remember it is important to understand that this tool should not be used as a means to violate any application user agreements.

The Bot info section is by far one of the most impressive sections of this application. All targets are listed and can be accessed through a drop down box. Clicking any target will provide details on function with a product description and provides links to any appropriate website pages. This is one section that sets this application apart from any other in this field. Information and lots of it. Users can make very informed decisions about whether to delete, exclude or further research the targets.

This section is a simple request for support. Because the developer has chosen to provide this application free of charge with no hitches of any kind I personally feel a small donation is the least users should consider. Designing, building, updating and supporting an application like this is very expensive. It can only be done with user support. Some folks provide mirror sites for downloads, others conduct research and testing, others still provide tools. But this does not even come close to covering costs. And many are unable to do any of those things so a simple one time donation in any amount will go a long way to making a difference. Please consider such a kind gesture.

Scanning

The Scanning section is where the meat of this application is. Scanning with Spybot is pretty amazing when comparing it to a couple other similar tools in the market. In fact, it is extremely fast considering the number of targets it seeks out. I asked the developer how he was able to achieve this and found the answer could not get any simpler. The easiest way to explain is to quote the developer;

“When I wrote the first versions of Spybot-S&D, the few targets had only a handful of files and registry entries at fixed positions. But while Spybot-S&D was growing, I had to make a decision – should I search every file on the harddisk and the whole registry (which would result in a dramatic speed decrease), or should I find some other way that would still be reliable?

I decided to take the challenge, and I soon found out that the threats I am targetting have something in common: they try to be invisible – and the more an app tries to be invisible, the more it needs to anchor itself in the system. For example it needs to run at system startup, or it needs to create a link to Internet Explorer; and ad/spyware most often installs into a default directory as it wouldn’t do any good to ask the user where to install.

These and a lot more of fixed points are good to start a search without scanning the whole harddisk.”

When opening the scanning section or each time the application is opened users are presented with this screen. Simply click the ‘Check all’ button and the scanning begins.

As can be seen from this screenshot information is displayed showing what files are being checked, how far along the scan is in percentage points and the time left in the scan. In this particular scan ( First time scan after install) the time was not being displayed. Small bug. Every subsequent scan showed the timer clicking downward as the scan continued.

Note: For this report I did not check the system internals that would search for registry inconsistencies. I know they exist because this testing was done on a completely new W2K install. I felt that because most users don’t have the experience to deal with the registry I didn’t want to confuse anyone or make it look easier than it is. I also have concerns because any deletions done in this section are not backed up in the recovery section. So I left it out of this report. But I do intend to provide a separate report on this feature in the near future. Maybe I and other users can present this to the developer for future consideration.

Update: The developer has posted comments in the Support forum indicating a future update will move the Registry checks to the tool section and will have a recovery option available. Another example of the developer listening to the users concerns and acting on them quickly.

Once the scan is complete all problems are presented. You will note that no spybots were found in this scan. Basically because there were none installed yet. I did later conduct a couple small tests for spyware/adware detection which is discussed further below. Upon completion of the scan ticking any box and clicking the ‘Fix selected problems’ will do just as stated. In the case of cookies, temporary Internet files, history, dialog files, etc. it simply empties the appropriate files. In the case of spyware/adware it removes, uninstalls, and restores the system to the way it was before the bot installs. It also establishes a recovery file to restore the bots in the event of errors or should the user decide they want it back to keep any associated application it was bundled with functioning.

Highlighting and right clicking any file will provide options to exclude from subsequent scans or copy it to the clipboard which can be reviewed later or sent off with a bug report. Double-clicking a bot will bring the user to the bot information section with the target information presented. This is quite a nice feature too. No need to search through the database manually thus saving time and any potential confusion on which file to review.

The Exclude section is where any target can be excluded from searches on an individual basis. There are tabs for Product, Cookie, Extension and Single Excludes.

The first tab is Product excludes. This section has separate areas for Dialers, Hijackers, Keyloggers, Security, Spybots, Trojans, and usage Tracks. (A screenshot of any of those sections can be seen by clicking on the thumbnail pictures in the right hand column.) Here is another example of the developer giving users choices. Simply tick the box next to any of the excludes and they will not be scanned in any subsequent scans. Very nice feature. During my testing of bot targets I excluded targets in random fashion and this function worked perfectly. I was able to exclude any one of them in any combination and found no errors.

The Cookie section is pretty easy. Cookies are used in many different ways by different sites and companies. Unfortunately, there are some companies (especially advertisers) that use these to track web surfing habits by recording each users visit to sites that have their advertisements and they record this information in their databases. But there are also sites that use cookies so visitors can log into services such as Net-Integration does for the support forums. Checking the boxes next to the cookies that a users wishes to exclude from scans will prevent it from being scanned or deleted. Our first test of this feature turned up an interesting bug I cannot reproduce. I excluded the cookie from this site, conducted a scan, deleted the cookies found, and discovered I could not log out of my forums. I tried and tried but could not log out. I removed the Net-Integration forum cookie from the exclude file, conducted another scan, deleted cookies, and went back to the forum to find I was logged out. I then repeated the process several times and could not reproduce the event again. It has worked perfectly since. I brought this to the attention of the developer who also found the same thing. I would suggest that if a user discovers this occurring simply do as I did. Uncheck the boxes, scan and remove all cookies, clear out all cache files, go back to your favorite sites where you use cookies and get another new cookie, run another Spybot scan, exclude the cookies and there should be no more problem. This is something I will be watching closely for anymore errors but does not seem to be of any serious consequence or repeatable.

The Extension exclude section allows users to exclude files with specific extensions such .doc or .zip for example used by the common Windows file open dialog. Basically, windows saves lists of opened (and saved) files categorized into extensions. If you are like me and find all the logging and caching Windows does annoying you will like this feature. Why Windows would keep information on every file it opens basically forever (although they claim it doesn’t) is beyond me. But I don’t worry about it anymore with this feature.

The Tools section is where you find the configurations for the Secure Shredder. The DumpTrash tool will be found here too if it is checked in the Settings section discussed above. I’m amazed at the developers’ thinking while building and improving this product. At first thought one might ask themselves why would this be in a spyware/adware removal tool. The answer in my opinion is for the same reason system tracking and registry inconsistencies are. Because it assures a complete job is done. Why remove spyware/adware and not usage tracking or fix registry errors that could be exploited. The Secure Shredder…that sounds so cool. “The Secure Shredder” allows users to choose how files are deleted after scanning. By default it passes over files 5 times during the deleting process. This number can be changed to any number from 1 to 99 times. I found 5 a good default choice. Because shredding takes some time and resources too many passes can slow things down to a crawl. Too few passes and one may as well use the normal method. I tested this up to 13 passes on a .doc file and found it took quite some time to delete at that setting.

Which brings me to the next cool thing about this feature. Users can delete any file they want to on their computer. Simply right click in the empty section under filename, click ‘add file(s) to the list…’, and a window will open that allows users to navigate through their computer searching out the target to be annihilated. Highlight the file in that window, click open and it is placed in the Secure Shredder. I tested this several times using a number of different pass settings with a .doc file and it is a sweet feature. It does an an excellent job of putting any file to permanent unrecoverable rest. This by itself is a reason to have Spybot S&D.

As stated once the installation was complete the application opened and the user is presented with the settings page.

I find this to be an exceptionally great concept. So many applications require searching for the the location to make changes. Not with SpybotS&D. It is the first thing seen on completion of initial installation. It is here that all the major settings are established for automation, scan settings, log files and bug reporting as well as advanced registry scan settings. Users should spend a few minutes here before going anywhere else to make sure they have everything set in a manner they are most comfortable with.

By default the application does not automatically update, scan or fix any found problems. If automation is preferred just tick the appropriate boxes and automation is set and will happen the next time you start the program. I tested each of these features separately and combined in various configurations and found they functioned as designed. The log files settings are an important feature. This is key information to the developer and experienced users in the event there are any problems or to just maintain records for future use. Personally I feel these should be checked by default as many new users will not normally look for log files or even think they are needed.

The Bug report feature is something that is key to reporting any bugs or error messages you may receive. It is set by default in the manner the developer would like to initially receive reports. If asked for more details or screen shots then there are boxes to be ticked to produce those additional pieces of information. But only if asked!

The expert section includes 2 features. DumpTrash is specifically for removing all registry remnants from Spybot-S&D beta 0.9 to 0.94. If you never used these early beta versions it is unnecessary to use this feature. I had tested those early versions and this tool cleaned everything completely.

By default the shredder is enabled. Basically it deletes all files found in scans by passing over the file 5 times. The number of passes can be changed from 1 to 99 depending on preference. If this is unchecked all files are deleted in the normal fashion. I’ll cover more on the shredder further into this review.

The next section I checked was the Filesets. The Spybot Search & Destroy settings search for spyware, adware and keylogger related modules and applications installed on the computer. By default they are all checked and should be in our opinion. Whether the user chooses to delete them if found is another matter. Knowing they are there is important. The user can then look at the information available in the bot section of the application to learn exactly what the target does or doesn’t do and make an informed decision about what steps to take next.

The Systems internals box is unchecked by default. This area is is for the more experienced user as it checks for several different inconsistencies and errors. It specifically checks for missing help files, missing shared DLLs, missing or incorrect application paths, wrong uninstall information, and broken desktop links. The help files provide more details on just what each search does and a small amount of information on how to correct the problems found . Because the correction information is sparse I would recommend only experienced users check this box. Once the user is comfortable with the application I would recommend come back and check this box. If problems are confusing or the user is unable to figure out how to correct them I would recommend going to the support forum and seek assistance there. I found this section quite useful though a little confusing at first. But I was able to fix problems with Microsoft Office that had plagued me for months. However, I did note that anything deleted from this section is not backed up in the recovery section. This is a concern as this may later come back to haunt a user who later discovers they needed the file. I would like to see this section improved with more detailed information for users and a good back up/recovery.

The Usage tracking area is another great include in this application. This searches the windows system for basically all logged usage history such as website addresses users visited, any files opened or documents used and any log files. This is a nice feature as it will free up resources and disk space and prevents spyware and adware from gathering the information these files maintain. By default this section is checked. I find this section to be a great back up to the methods I use to keep this type windows logging to a minimum. Let me note that even if you have Internet Explorer set to remove all temporary Internet files and the history files set to the minimum it will still not remove everything. But Spybot will. In the Exclude section, which I cover further below, all the applications searched for in usage tracking are listed and any of them can be excluded from searches.

The language section is for setting the users preferred language. Currently several languages are available and more are being generated by supporters around the world which PepiMK Software will include in updates. By default the language is set to English. I must assume this is because English is so prevalent around the world and often the second language of many folks from all countries. Simply highlighting the preferred language and right clicking the mouse will allow the user to install and set the language. If any language files are not wanted simply right click the language, click uninstall and it will be removed.

The Skins section is for those folks that like to customize everything on their computer. It is a simple process to make new skin colors and include them in the program. To set a particular skin, highlight it, then click apply. I have not tried this section yet although I do want to make a skin in the traditional Net-Integration color scheme. I’ll amend this section once I find the time to play with it myself. Looks like it could be fun.

Spybot Search & Destroy 1.0 is a tool every computer user should have and use daily. SpybotS&D 1.0 is the long awaited first final release after a very lengthy and thorough beta testing and development process. SpybotS&D was written and developed by PepiMK Software, a German software developer originally for the purposes of eliminating Aureate/Radiate and Conducent TimeSink from the founders computer after discovering them attempting to make unauthorized Internet connections. You can read the developers own words as to how and why this application reached it’s current state.

“A few years ago, while my studies of applied computer sciences still took most of my time, I came across my first adware. As flatrates were not available in germany at that time (at least not for any normal user), I was on dial-up using a router that made a connection whenever necessary. Obtrusive as ad/spyware is, it most often installs a part that is running all the time, and it also tries to connect all the time. Of course I dumped the adware I was using soon, but I decided to find some counter-measures first. In the german computer magazine c’t (Magazin für Computer-Technik) I found an article about the adware most common back then: Aureate/Radiate and Conducent TimeSink. The article mentioned only one software to remove it, but there were rumors that that one was going to be shareware soon, with only a few targets in the unregistered version. As I couldn’t understand why anyone should pay to remove something from his computer he didn’t invite himself, I wrote my own little remover, and after writing c’t some questions about their article, they published a few lines about my utility in their next issue. But until early this year, when I learned that it was recommended as a cross-check to AA, and when Ahmad offered me the forum, it was just a small project of me, with small improvements on occasion and bugfixes whenever necessary. With a lot of people providing information, feedback, testing & more, I really got challenged to do more.”

Note: The developer asked me to grammar and spell check if I quoted him. I did not because I wanted it in his words and I feel his words and message are very clear.

I’d like to begin this review by doing something somewhat differently than is found in most application reviews today. I’d like to give credit to the developer and supporters in the beginning of this review instead of at the conclusion which is traditional. My reason for doing this is I believe these folks deserve to be placed where they get the proper recognition. So many times credits are lost in small print or buried between advertisements at the end of articles and reviews and most folks never see them. I want users to see who is responsible for making this incredible application available. The names and credits were provided by the developer (except the first one) with apologies if he missed anyone. If anyone was missed I will be sure to amend as needed. I won’t miss anyone if I can avoid it.

Developer:

Patrick M. Kolla – he has to be one of the nicest people I’ve ever dealt with that I never met. I hope I get the opportunity to shake his hand someday. And talk about committed to seeking perfection. If only every developer felt the way he does. Major kudos and may he be blessed abundantly in life.

Installation:

Now that the appropriate recognition is given let me get down to business. SpybotS&D is available in 2 formats. You can download a zip file or you can download an exe file which will do all the installing automatically without need for extracting. The developer has chose both formats to give users a choice based on experience and desire. And let me point out that one of the things I find very appealing about this application is that it is filled with user choice which we’ll reference throughout this review.

For the purposes of this review I’ll use the zip file and detail the procedure taken during the install process. This report was based on an installation on freshly installed and updated Windows 2000 pro system with MS Office 2000, Winzip and Adobe Reader installed as well.. I also tested this on Windows 98SE and Windows XP and found everything worked just fine. I monitored the install process using InCtrl5 and that report can be found here.

I first began by extracting all the files to C:/Program Files using WinZip. (Your location will depend on your personal choice) Please be sure to set whatever unzipping tool is used so that folders are created during the extraction. I began the installation itself by navigating to the Spybot folder that is created and double-clicking the exe file. The first window asked whether I wanted to install a desktop icon. I clicked yes.

The next window to appear asked if I wished to install a shortcut on the start menu. I clicked yes.

The next window I found to be very important. This window provides a legal disclaimer and a notice about the legal ramifications to using this product as a means to violate application user agreements. Very important to understand and should be carefully considered.

Once the installation was complete the application opened and the user is presented with the settings page. I find this to be an exceptionally great concept. It is here that all the major settings are established for automation, scan settings, log files and bug reporting as well as advanced registry scan settings. Users should spend a few minutes here before going anywhere else to make sure they have everything set in a manner they are most comfortable with.

Once installed this application immediately improves system performance and begins protecting against unwanted changes. RegRun 3 allows the user to control start up programs, protect files, edit the registry, protect against certain trojan activities, and much more depending on the version purchased.

The support has to be one of the best we’ve seen in the software industry. There is an incredible information database available online at the Greatis Software site, a very thorough helpfile included, and a support forum with excellent response time. Enough to turn anyone into an expert within a short time!

There is not much more we can say. Absolutely a must have application!! We recommend RegRun 3 to every single Net-Integration client, friend and visitor. RegRun Security Suite gets our top rating!

Key features:

Start Control, Startup Optimizer, Secure Start, Clean Boot, Watch Dog, System Files Protection, Infection Detector, Application Database, Antivirus Coordinator, Process Manager, System Files Editor, Launch Soon, Used Files, File Extension Manager, Registry Assistant, Registry Tracer, Run Job, Rescue, Port Monitor, Script Checker, Trojan Analyser, Macro Checker, WinCleaner, Bootlog Analyser, Startup Analyser.

Supported Platforms:

Windows 98, Windows Me, Windows 2000, Windows NT, Windows XP

3 Versions

The Standard version is suitable for typical users. It contains all of the core features that provide easy management and safety.

The Professional version will be very useful to power users. Advanced registry features allow you to quickly access and optimize system parameters, and provide increased security functions.

The Gold version is designed to meet the needs of computer specialists. Yesterday you used several products to do your work; today you need only RegRun Gold.

Availabilty/License

Full price for one-user license:

Standard = $19.95 USD

Pro = $29.95 USD

Gold = $49.95 USD

Muti-user licenses and Education Discounts available.

A trial version is available and we always recommend trying any application before purchasing if possible for checking system and user compatibilty.