spybot finds some that microsoft doesn't

[trevor]

i haven't had any problems at all on 2 xp machines i've
installed in on (at least no problems i know of). it found
loads more that spybot didn't. but spybot does find some
that microsoft doesn't... hotbar, commonname, dso exploit.
tried reporting through the spyware tool but it tells me it
had a problem and to check my proxy. which unfortunately
i'm not sure what to check. are these likely false
postives or did spyware miss them?

 

[trevor]

i spoke too soon. one of the machines said it needed to
reboot to complete. instead it just shutoff. when i turned
it back on on booting it complains it canfind newdot~2.dll
which is related to newdotnet that antispyware removed. any
ideas how to fix this?

 

[Guest]

go into msconfig and uncheck to program, or go into
regedit (the run selection) and remove it manually.

 

[Bill Sanderson]

You need to find which startup item is attempting to load newdot~2.dll.

This will be an entry in the registry, and you can remove it by hand if
necessary, but this is somewhat hazardous.

One safe way to go at it is to run MSCONFIG (start, run, msconfig <enter>)

and see if you can find this item on the startup tab. You can then simply
uncheck it, and tell MSCONFIG not to alert you at each startup that you have
things blocked in this manner. MSCONFIG tracks these changes and they can
be reversed by just re-checking the box.

The error message is harmless, but it is annoying to need to respond to it
as the machine starts, I'm sure.

 

[Guest]

The DSO exploit is a false positive. As long as your
system is fully patched, then there is nothing to worry
about. I don't know why it wouldn't detect the others
though...were hotbar and commonname removed and maybe
just left entries in your registry or system restore?

And not to ask a stupid question, did you run Spybot
first?

 

[Guest]

yes i did and spybot reported it couldn't remove them.
thought it always says it removes the dso exploit but then
fineds it again later. sounds like maybe they are false
postives as well.

 

[Guest]

thanks very much. the spyware was still showing checked. i
unchecked and everything worked fine.

 

[Bill Sanderson]

This is what is happening: You had spyware on your machine. Microsoft
Anti-spyware succeeded in removing the files, but missed cleaning up the
entry in the startup items which attempted to re-start the spyware process.

So--when the machine started, Windows looked for that file to load, and
didn't find it (which is a Good Thing.)

The error is harmless but annoying.

You might see if you are able to go to Tools, suspected spyware report and
send a description of what happend to Microsoft so that they can improve the
removal process to not miss that entry.

 

[Guest]

-----Original Message-----
i haven't had any problems at all on 2 xp machines i've
installed in on (at least no problems i know of). it found
loads more that spybot didn't. but spybot does find some
that microsoft doesn't... hotbar, commonname, dso exploit.
tried reporting through the spyware tool but it tells me it
had a problem and to check my proxy. which unfortunately
i'm not sure what to check. are these likely false
postives or did spyware miss them?
.

It's been reported that the DSO SpyBot is finding is false
and will be corrected in the next update, but that was a
month ago!!

 

[Bill Sanderson]

I can attest that that is true. There are links to a beta version of Spybot
Search & Destroy which have been posted in these groups which eliminates
that false positive.

By next update, they didn't mean update to the definitions, but update to
the program code itself--i.e. a new version of Spybot Search & Destroy.
These take longer to test and release.

 

[trevor]

thanks. i have a problem when i try and report as you
suggest i'm told there is an error and check my proxy
settings but i'm not sure what to check.

 

[Bill Sanderson]

I'm sorry you are getting that error. I don't believe that the problem is
really with settings in your computer.

The problem is either with the server that the reports are going to, or
connectivity to that server, or with the beta software.

I haven't figured out whether this problem is intermittent for those who see
it, or constant--so you might try submitting a report at some early morning
or late evening time, just to see whether the time of day makes a
difference. I've done two tests from my own machine, and they went through
without any problem, so I don't have any experience with actually FIXING
this one.