Spybot 1.4 bug?

[Terry Pinnell]

This is best explained with a screenshot. I just installed 1.4, and
chose for the first time to try its resident protection facility
called 'Tea Timer'. On running 1.4 I then changed a setting for
TeaTimer. (I removed the IE option; I use Firefox, which doesn't
appear to get mentioned in Spybot, but that's another subject). After
that, I then got into a sort of loop! The larger window is plainly
flawed. Clicking any of the options, including 'X' to close it, I keep
getting the smaller window briefly.
http://www.terrypin.dial.pipex.com/Images/SpybotFlaw1.gif

I had to force closure via WinXP TM.

Anyone else getting similar behaviour please?

 

[dmcg]

I get a similar screen - no label for button on the right and no action
to be taken. Noticed this after installing WinPatrol 9.7. Wondering
if I should uninstall then reinstall Spybot minus the Tea Timer
feature. Does seem like a bug.

 

[dmcg]

I get a similar screen - no label for button on the right and no action
to be taken. Noticed this after installing WinPatrol 9.7. Wondering
if I should uninstall then reinstall Spybot minus the Tea Timer
feature. Does seem like a bug.

 

[Shel]

This is best explained with a screenshot. I just installed 1.4, and
chose for the first time to try its resident protection facility
called 'Tea Timer'. On running 1.4 I then changed a setting for
TeaTimer. (I removed the IE option; I use Firefox, which doesn't
appear to get mentioned in Spybot, but that's another subject). After
that, I then got into a sort of loop! The larger window is plainly
flawed. Clicking any of the options, including 'X' to close it, I keep
getting the smaller window briefly.
http://www.terrypin.dial.pipex.com/Images/SpybotFlaw1.gif

I had to force closure via WinXP TM.

Anyone else getting similar behaviour please?

I had the same problem. Uninstalled Spybot and replaced it with
Spyware Doctor.

 

[Adam Piggott]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This is best explained with a screenshot. I just installed 1.4, and
chose for the first time to try its resident protection facility
called 'Tea Timer'. On running 1.4 I then changed a setting for
TeaTimer. (I removed the IE option; I use Firefox, which doesn't
appear to get mentioned in Spybot, but that's another subject). After
that, I then got into a sort of loop! The larger window is plainly
flawed. Clicking any of the options, including 'X' to close it, I keep
getting the smaller window briefly.
http://www.terrypin.dial.pipex.com/Images/SpybotFlaw1.gif

If your problem is related to not being able to see or press the correct
button, hence getting into this loop, have a look at this article:

"Small bugs in TeaTimer"
http://www.safer-networking.de/en/news/2005-06-22.html

Stay tuned to http://www.safer-networking.de/en/news/index.html for when
this problem is fixed. I couldn't advise if going back to the previous
version will help, as it may not necessarily be compatible with later
"definition file" updates.

Cheers
- --
Adam Piggott, Proprietor, Proactive Services (Computing).
http://www.proactiveservices.co.uk/

Please replace dot invalid with dot uk to email me.
Apply personally for PGP public key.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (MingW32)

iD8DBQFDAnFq7uRVdtPsXDkRAuXNAKCRlblA3ktg/oobZb7f/ZkKjVHP/wCfW/X2
ZItqv+yc5pdyzzx01pCm7nM=
=rFfk
-----END PGP SIGNATURE-----

 

[jmatt]

No need to reinstall.
Choose your Mode ( at the top of screen )
Mode > Advanced ( if you want to have more options )

From Advanced you can untick Tea Timer.

What the Heck is Teatimer?
http://www.voiceofthepublic.com/SSD/SI/teatimer.swf.html

Here is another BHO scanner to confirm SpyBot's report.
BhoScanner
http://www.nsauditor.com/freeware/index.html
It is known that the browser helper objects are loaded each time the
browser is started up. Such objects run in the same memory context as
the browser and can perform any action on the available windows and
modules. For ex., a browser helper object can install hooks to monitor
messages and actions, etc .Some BHOs are helpful, like the Adobe
Acrobat or Google Toolbar Browser Helper Objects, but there could be
malicious ones among them that will harm your computer, especially
those planted by viruses or spyware. BhoScanner allows you to discover
browser helper objects of your computer including parasites and
trojans. BhoScanner gives you a quick look at the BHOs installed on
Local or Remote PC, tells you by coloured icons ( green icon - safe,
yellow icon - unknown, red icon - harmful ) whether specific BHO is
known to be safe or harmful. The program determines browser helper
objects accessing remote computer registry information, so you need to
have remote computer registry access rights and provide appropriate
administrator ( or user ) username and password, or use your current
credentials or null session if it allows you to access local or remote
computer registry information.

 

[Mark Warner]

This is best explained with a screenshot. I just installed 1.4, and
chose for the first time to try its resident protection facility
called 'Tea Timer'. On running 1.4 I then changed a setting for
TeaTimer. (I removed the IE option; I use Firefox, which doesn't
appear to get mentioned in Spybot, but that's another subject). After
that, I then got into a sort of loop! The larger window is plainly
flawed. Clicking any of the options, including 'X' to close it, I keep
getting the smaller window briefly.
http://www.terrypin.dial.pipex.com/Images/SpybotFlaw1.gif

I had to force closure via WinXP TM.

Anyone else getting similar behaviour please?

Known bug in the interface. Until it's fixed, the workaround is to use
the D key for Deny and the A key for Allow.

 

[Terry Pinnell]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



If your problem is related to not being able to see or press the correct
button, hence getting into this loop, have a look at this article:

"Small bugs in TeaTimer"
http://www.safer-networking.de/en/news/2005-06-22.html

Stay tuned to http://www.safer-networking.de/en/news/index.html for when
this problem is fixed. I couldn't advise if going back to the previous
version will help, as it may not necessarily be compatible with later
"definition file" updates.

Cheers

Many thanks for those prompt and helpful replies.

I used Startup Cop to disable the automatic startup of TeaTimer.exe,
then rebooted and ran Spybot, then ensured that both the TeaTimer
options were unchecked. Apart from the display issue, I've no real
understanding of what Tea Timer does, and how it interacts with other
stuff (e.g. Firefox), so I'll steer clear for a while. Can't say I
found the Help too useful. But I will follow up those links.

Just did first scan and seems OK. After a clean bill of health earlier
today with 1.3, 1.4 found 70 entries:
DoubleClick 3 entries
HitBox 67 entries

The first is familiar, but don't recall ever seeing HitBox before.

 

[tgilb]

This is best explained with a screenshot. I just installed 1.4, and
chose for the first time to try its resident protection facility
called 'Tea Timer'. On running 1.4 I then changed a setting for
TeaTimer. (I removed the IE option; I use Firefox, which doesn't
appear to get mentioned in Spybot, but that's another subject). After
that, I then got into a sort of loop! The larger window is plainly
flawed. Clicking any of the options, including 'X' to close it, I keep
getting the smaller window briefly.
http://www.terrypin.dial.pipex.com/Images/SpybotFlaw1.gif

I had to force closure via WinXP TM.

Anyone else getting similar behaviour please?

This has forced me to quit using Tea Timer some time ago.

 

[PuppyKatt]

I get a similar screen - no label for button on the right and no action
to be taken. Noticed this after installing WinPatrol 9.7. Wondering
if I should uninstall then reinstall Spybot minus the Tea Timer
feature. Does seem like a bug.






---
avast! Antivirus: Inbound message clean.
Virus Database (VPS): 0533-1, 16/08/2005
Tested on: 17/08/2005 12:39:28 AM
avast! - copyright (c) 1988-2004 ALWIL Software.
http://www.avast.com

Dad's computer ran into all kinds of problems when I upgraded all three
computers to 1.4RC2. The only reason why my and my daughter's computers
continued to behave is because I did not use TeaTimer on ours. I had to
uninstall the whole kit and kabang from Dad's, then reinstall without TT,
and his computeris now back in reasonable shape. I never did like TT; it
has always caused some problems. I stick with the "tried and true" Spybot
S&D.

 

[PuppyKatt]

No need to reinstall.
Choose your Mode ( at the top of screen )
Mode > Advanced ( if you want to have more options )
What the Heck is Teatimer?
http://www.voiceofthepublic.com/SSD/SI/teatimer.swf.html

Here is another BHO scanner to confirm SpyBot's report.
BhoScanner
http://www.nsauditor.com/freeware/index.html
It is known that the browser helper objects are loaded each time the
browser is started up. Such objects run in the same memory context as
the browser and can perform any action on the available windows and
modules. For ex., a browser helper object can install hooks to monitor
messages and actions, etc .Some BHOs are helpful, like the Adobe
Acrobat or Google Toolbar Browser Helper Objects, but there could be
malicious ones among them that will harm your computer, especially
those planted by viruses or spyware. BhoScanner allows you to discover
browser helper objects of your computer including parasites and
trojans. BhoScanner gives you a quick look at the BHOs installed on
Local or Remote PC, tells you by coloured icons ( green icon - safe,
yellow icon - unknown, red icon - harmful ) whether specific BHO is
known to be safe or harmful. The program determines browser helper
objects accessing remote computer registry information, so you need to
have remote computer registry access rights and provide appropriate
administrator ( or user ) username and password, or use your current
credentials or null session if it allows you to access local or remote
computer registry information.

Thank you for this link. I just used it to scan my computer. It is
extremely fast, and found 2 BHO's:

Adobe, which is no big deal, and Spybot Search and Destroy, which is
curious.

 

[jmatt]

That's Ok PuppyKatt

"Adobe, which is no big deal, and Spybot Search and Destroy, which is
curious"
Yes you still have to know your Safe programs, both of those are Ok.

 

[Adam Piggott]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Terry Pinnell wrote:

Many thanks for those prompt and helpful replies.

Always welcome

I used Startup Cop to disable the automatic startup of TeaTimer.exe,
then rebooted and ran Spybot, then ensured that both the TeaTimer
options were unchecked. Apart from the display issue, I've no real
understanding of what Tea Timer does, and how it interacts with other
stuff (e.g. Firefox), so I'll steer clear for a while.

TeaTimer is a "resident" program, i.e. one that stays running, that looks
out for changes to parts of the system that could be spyware installation,
for example a program setting itself to run when Windows starts, or tries
to set itself as a Browser Helper Object so that it runs when I.E. starts.

TeaTimer prompts you when it notices a change of this nature to give you a
chance to allow or deny the change, and so that you know something may be
trying to do something nasty.

Can't say I found the Help too useful. But I will follow up those links.

Did you see this part of the help, under Resident->Tea Timer:

The Resident TeaTimer is a new tool of Spybot-S&D which perpetually
monitors the processes called/initiated. It immediately detects known
malicious processes wanting to start and terminates them giving you some
options how to deal with this process in the future: You can set TeaTimer to:

- - be informed, when the process tries to start again
- - automatically kill the process
- - or generally allow the process to run There is also an option to delete
the file associated with this process.

In addition, TeaTimer detects, when something wants to change some critical
registry keys. TeaTimer can protect you against such changes again giving
you an option: You can either "Allow" or "Deny" the change. As TeaTimer is
always running in the background, it takes some resources of about 5 MB.

Just did first scan and seems OK. After a clean bill of health earlier
today with 1.3, 1.4 found 70 entries:
DoubleClick 3 entries
HitBox 67 entries
The first is familiar, but don't recall ever seeing HitBox before.

Looks like tracking cookies - HitBox are pretty common. You can use S&D's
Immunize feature, along with SpywareBlaster from
http://www.javacoolsoftware.com to stop these (and "proper" spyware) from
getting on the system in the first place.

Cheers
- --
Adam Piggott, Proprietor, Proactive Services (Computing).
http://www.proactiveservices.co.uk/

Please replace dot invalid with dot uk to email me.
Apply personally for PGP public key.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (MingW32)

iD8DBQFDAx637uRVdtPsXDkRAj05AJ4mtYwVx9C5LIcX0VPtOWNqcPNAvACcCPlM
ILKgLU0LJ6xRDr4ClIf1A8k=
=41QQ
-----END PGP SIGNATURE-----

 

[ellis_jay]

Dad's computer ran into all kinds of problems when I upgraded all
three computers to 1.4RC2. The only reason why my and my daughter's
computers continued to behave is because I did not use TeaTimer on
ours. I had to uninstall the whole kit and kabang from Dad's, then
reinstall without TT, and his computeris now back in reasonable
shape. I never did like TT; it has always caused some problems. I
stick with the "tried and true" Spybot S&D.

Tea Timer is a very valuable tool. I recommend it. If it has issues with
winpatrol (new), I would try to solve them and keep both tools/programs.

--

Their ethics are a short summary of police ordinances: for them the
most important thing is to be a useful member of the state, and to air
their opinions in the club of an evening; they have never felt the
homesickness for something unknown and far away, nor the depths which
consists in being nothing at all. ___________Soren Kierkegaard

Ellis_jay

 

[ellis_jay]

Thank you for this link. I just used it to scan my computer. It is
extremely fast, and found 2 BHO's:

Adobe, which is no big deal, and Spybot Search and Destroy, which is
curious.

Puppykatt:

here is another one:

http://www.majorgeeks.com/download3550.html

--

Their ethics are a short summary of police ordinances: for them the
most important thing is to be a useful member of the state, and to air
their opinions in the club of an evening; they have never felt the
homesickness for something unknown and far away, nor the depths which
consists in being nothing at all. ___________Soren Kierkegaard

Ellis_jay

 

[Terry Pinnell]

Tea Timer is a very valuable tool. I recommend it. If it has issues with
winpatrol (new), I would try to solve them and keep both tools/programs.

Thanks for all the follow-ups. Following Adam's recommendation to try
SpywareBlaster, I've duly installed and ran it. I'll give TeaTimer
another try shortly.

 

[Terry Pinnell]

No need to reinstall.
Choose your Mode ( at the top of screen )
Mode > Advanced ( if you want to have more options )
What the Heck is Teatimer?
http://www.voiceofthepublic.com/SSD/SI/teatimer.swf.html

Here is another BHO scanner to confirm SpyBot's report.
BhoScanner
http://www.nsauditor.com/freeware/index.html

Thanks. Just installed that. Looks too technically daunting for me!
Although introduction says
"Nsauditor Network Security Auditor is a tool that allows network
administrators and users quickly and easily perform a network security
audit," I suspect the 'users' would need to be very advanced.

 

[PuppyKatt]

Puppykatt:

here is another one:

http://www.majorgeeks.com/download3550.html

--

Their ethics are a short summary of police ordinances: for them the
most important thing is to be a useful member of the state, and to air
their opinions in the club of an evening; they have never felt the
homesickness for something unknown and far away, nor the depths which
consists in being nothing at all. ___________Soren Kierkegaard

Ellis_jay

Thank you; I will keep this link and take a look at it.