The following languages are currently available in Spybot 2:
a) English
b) German
c) Italian
d) Russian
But Spybot 2 is also being translated in other languages, which will take some time. Other languages will be added later on, probably in a later version of Spybot 2.
FAQ Category: 2.0 only, General Questions, Spybot 2
You can edit the ignore list in the “Settings“ module to exclude a product from further searches. In order to do so you have to run the Start Center, switch to advance mode and start Settings. Now browse to the “Ignore List“ tab. Via the “Add“ button you will get a list of products to be excluded. Just select the product you want to exclude and hit “OK“.
Settings can also be launched via SDTray (the small Spybot – Search & Destroy icon beside your systems clock in the taskbar).
FAQ Category: 2.0 only, General Questions, How to, Spybot 2
Sometimes Spybot – Search & Destroy can not delete all files. Some files used by Windows are running in the background. If you would delete these files before the application they are involved in ends, your system might become instable. That is the reason why you sometimes have to restart your system to complete the cleaning process.
In this case the SDCleaner/SDDelfile destroys the found items, before they are activated. If you do not want this option you can easily disable it in the SDCleaner itself. Go to the Spybot 2 folder, by default:
Windows XP: C:\Program Files\Spybot – Search & Destroy 2
Windows Vista or Windows 7 or Windows 8: C:\Programs (x86)\Spybot – Search & Destroy 2
and open the SDCleaner.exe.
Here you can uncheck the checkbox in front of “Run cleaner on system startup”.
FAQ Category: 2.0 only, General Questions, Spybot 2
Once your licence has expired Spybot – Search & Destroy will show you a dialog offering three choices. If you want to continue using Spybot 2 without renewing your licence just choose “Switch to Free Edition“.
FAQ Category: 2.0 only, General Questions, How to, Spybot 2
Windows 8 is not completely tested yet (but no issues are known).
It was an operating system in development when Spybot 2.0 was being created,
as such there are no guarantees as to what will hold true at this point.
FAQ Category: 2.0 only, General Questions, Spybot 2
1. Please disable all other security programs that you run and close all other programs during the work with Spybot 2.
2. Also run a scan in safe mode.
3. It should also help to deactivate the scanning for usage tracks and Cookies.
In order to do so you have to run the Start Center, switch to advance mode and start Settings.
Now browse to the “Categories“ tab. Here untick the checkboxes in front of “Malware detection - Cookies.sbi“ and “Usage Tracks – Tracks.uti“.
Afterwards hit “Apply“ and “OK“. Settings can also be launched via SDTray
(the small Spybot 2 icon beside your systems clock in the taskbar).
4. If this does not help, please delete the contents of your Windows temp folder and try it again.
5. Also, you might want to disable the “Create system restore point“ when fixing spyware/usage tracks option.
Therefore run the Start Center, switch to advance mode and start Settings.
Now browse to the “Dialogs“ tab. Disable the checkboxes in front of Cleaner:
“Offer to create a system restore point.“ and “Create restore point if dialog not shown.“.
Afterwards hit “Apply“ and “OK“.
FAQ Category: 2.0 only, General Questions, Spybot 2
Spybot – Search & Destroy offers the Immunization – a feature to allow you to immunize your computer against certain pieces of spyware.
It also allows you to use native browser settings to block cookies, malware installations,
bad websites and other threats via ActiveX.
SDHelper is an Internet Explorer plugin that adds a second layer for blocking threats.
While the Permanent Immunity blocks installers by their ActiveX ID,
this one blocks anything that should come through by different aspects.
FAQ Category: 2.0 only, General Questions, Immunization, Spybot 2
Spybot – Search & Destroy has dedicated support for most browsers.
It can, for example immunize these browsers, or create restricted access shortcuts for your safety.
Where we list product versions, these are the ones that have been tested;
other versions are likely to be supported depending what changes have been made to them.
Unlisted browsers that are clones of listed browsers are also likely to be supported
(e.g. most IE based browsers and many Google Chrome variants use the same cache location and formats).
Internet Explorer & clones
Mozilla based browsers
Opera browsers
Opera (4, 6.x, 7.x, 8.x, 9.x, 10.x)
Webkit based browsers
Other browsers
FAQ Category: 2.0 only, General Questions, Spybot 2
In order to revert to a registry backup, run Windows in Safe Mode.
Be sure that hidden files are shown.
Now execute the two files (or maybe it is just one of them) regusers.reg and reglocal.reg in the following folder:
Windows XP: C:\Documents and Settings\All Users\Application Data\Spybot – Search & Destroy\Backups\
Windows Vista or Windows 7 or Windows 8: C:\ProgramData\Spybot – Search & Destroy\Backups\
Answer Yes when prompted to add its contents to the Registry.
Subsequent please reboot.
FAQ Category: 2.0 only, General Questions, How to, Spybot 2
The script editor allows you to create complex malware detection patterns using our OpenSBI syntax and the Pascal language. A most simple script that you also implement using a simple .sbi file as well would be this:
begin sbiFile(‘<$FILE_DATA>’,’\Malware.txt’,’filesize=182,md5=83C36C493D7A254F9DE2ED63B3F92548′); end.
Now imagine you want some user input or custom calculation, because malware is individual to your system.
var sName, sFilename: String;
begin
InputQuery(‘Username’, ‘Please enter’, sName);
sFilename := ‘C:\Users\’ + sName + ‘\test.txt’;
sbiFile(‘test’, sFilename, ‘filesize=10′);
ShowMessage(‘Did look for ‘ + sFilename);
end.
This demonstrates interaction with the user. In reality, you could of course just use the proper path template for scanning all users directories (see the OpenSBI Wiki). Also, the use of scripting will be more in complex calculations and conditions than user interaction.
FAQ Category: 2.0 only, Detections, General Questions, How to, Spybot 2
Just right-click on the module’s icon you are about to run and select “Run as administrator”
.
FAQ Category: 2.0 only, General Questions, Spybot 2, Start Center
Once your licence is about to expire there are different ways to easily get a renewal. You can either use our order form or run the Start Center and select “Renew licence” in the “Your licence is expiring soon” dialog.
FAQ Category: 2.0 only, General Questions, How to, Spybot 2, Start Center
Resident SDHelper is a second layer of protection for Internet Explorer. The immunize function blocks installers by their ActiveX ID, whereas SDHelper blocks badware that tries to enter using a different method. Thus Internet Explorer cannot download bad files. You start SDHelper by clicking on Tools → Resident on the left navigation bar (therefore Spybot-S&D has to run in Advanced Mode). There you can tick the checkboxes next to Resident “SDHelper” (Internet Explorer bad download blocker) active in order to activate SDHelper.
FAQ Category: 1.6 only, General Questions
As you may have read, we are working full-time on this free project, but we have got to pay hosting bills and develop software. So we would be glad if you could donate a small amount to our cause. Thank you 
FAQ Category: 1.6 only, General Questions
If you have a fresh installation of Spybot-S&D, you may not see functions like the Tools or Settings section.
Spybot-S&D has two different modes. From the menu bar item Mode you can choose between Default Mode with the basic functions and Advanced Mode where you will find the Tools and the Settings section.
FAQ Category: 1.6 only, General Questions
Some of you may have noticed a new file blindman.exe inside the Spybot-S&D folder, and have asked yourself what it is for. In short words: it does nothing.
I guess an explanation is needed why a file that does exactly nothing comes with Spybot-S&D. Spybot-S&D offers a tool to control the System startup in its Tools section. This includes the ability to disable or enable startup entries from the Autostart group (found in your Start menu under Programs). This group contains links to the actual files. Windows stores those links as files with the extension .lnk. When Windows encounters a *.lnk file in that folder upon startup, it will start the linked application. Now the easiest way to disable those entries is to change the extension. The System startup tool of Spybot-S&D does simply change the extension .lnk to .disabled. This easily prevents the linked application from being started. But as Windows does not know this extension, this could slow the startup down. So Spybot-S&D does link that extension to blindman.exe. Windows now tries to run the .disabled file with blindman.exe – and as blindman.exe does exactly nothing, there is no slow-down in booting.
Some people have suspected it could even be spyware itself. For those I will print the Delphi source code (blindman.dpr) here (the included resource file is blindman.res and contains just the icon):
program blindman;
{$R *.res}
begin
end.
Anyone knowing a very small bit of programming should see that this program is totally harmless (actually, the version shipped since Spybot-S&D 1.5 is a bit larger than the above, because one of Microsofts certification requirements is that every executable file need to call GetVersionEx at least once, and needs to crash on inserted code injections, even if just a 1 millisecond empty dummy).
FAQ Category: 1.6 only, General Questions
Before you read this FAQ or other support documents, we would recommend that you use the updater and see if you have the most current updates for Spybot-S&D (we removed some FAQ entries for older versions to keep this FAQ up to date and clearly arranged).
If you already have the recent updates, we hope to be able to help you either here, on the support forum or by email.
FAQ Category: 1.6 only, General Questions
Yes, if you have Windows 2000, XP, 2003 or Vista, Spybot-S&D does allow you to scan inactive Windows versions as well, including the registry of other installations!
To scan your system including installations on other partitions, right-click the link/icon you use to start Spybot-S&D, click on Properties, then on the tab shortcut and insert /allhives (separated by a space from the rest) in the box target. If you start Spybot-S&D through this link, it will automatically detect other installations, and scan their registries and files as well. From now on, that will happen every scan, so please delete the command /allhives if you do not want to scan several hives any longer.
FAQ Category: 1.6 only, General Questions
On Windows Vista and Windows 7, Spybot-S&D might tell you that you are not authorized to perform some actions, since they require Administrator rights. You can solve this problem as follows:
Running Spybot-S&D with administrator rights from Vista’s start menu
FAQ Category: 1.6 only, General Questions
Yes, Spybot-S&D offers full support for PE in general and PEBuilder.
You can download the necessary plugin here, or just run Spybot-S&D from your harddisk after booting a PE disk.
Once run from your bootable PE CD, Spybot-S&D will automatically scan all registry and drives it can find (if you want that feature without PE, check our FAQ entry).
Furthermore we have our own bootable edition: Spybot-S&D Personal Edition.
FAQ Category: 1.6 only, General Questions
Spybot-S&D does support many common browsers.
As for resident protection, Spybot-S&D contains the Resident ‘ TeaTimer’ which is completely browser independent. It is a Spybot-S&D tool perpetually monitoring the processes called/initiated. In addition, TeaTimer detects changes to some critical registry values.
Spybot-S&D supports detection in cookies, history, start & search pages and bookmarks of these browsers (plus cache for Internet Explorer and Opera):
Beonex Communicator
Firefox pre-0.9, 0.9, 1.x, 2.0, 3.x and old Firebird variants
Flock
Google Chrome
K-Meleon
Microsoft Internet Explorer 5.0, 5.5, 6.0, 7.0, 8.0
Mozilla Suite
Netscape Communicator 4.x, 6, 7
Opera 4.x, 5.x, 6.x, 7.x, 8.x, 9.x
Safari 4
Seamonkey 1.0.x, 1.1.x
Thunderbird 1.x, 2.x (where applicable)
FAQ Category: 1.6 only, General Questions
Using more than one anti-spyware program with a resident protection tool might cause conflicts. However, Spybot – Search & Destroy’s Resident protection is designed such that there should not be any compatibility issues.
In rare cases there could appear a problem because another security program detects our ‘TeaTimer’ and flags it as bad. This could be because TeaTimer is able to change registry settings because it is a realtime protection tool. (for more information about Resident TeaTimer see this FAQ entry).
Another issue could be that the Keylogger detection files Keyloggers.sbi and Keyloggers.*.nfo of Spybot-S&D are detected as an Activity Monitor Keylogger. These detected keyloggers are just the Spybot-S&D detection rules, which obviously need to contain the names of the threats. Please ignore these false positives. There is a related article on our website.
For more information there is compatibility overview, listing some software for which there have been questions on compatibility.
Items that have been removed and are now stored in the recovery area as zip files might be detected and flagged as bad. The zip files are needed for recovery in case something does not work after fixing a problem with Spybot-S&D.
FAQ Category: 1.6 only, General Questions
From version 1.2, Spybot-S&D has had a feature to allow you to immunize your computer against certain pieces of spyware. It also allows you to use native browser settings to block cookies, malware installations, bad websites and other threats.
SDHelper is an Internet Explorer plugin that adds a second layer for blocking threats.
For more information please check the TeaTimer FAQ entry.
FAQ Category: 1.6 only, General Questions
Here is a list of command line parameters that the Spybot-S&D main executable (SpybotSD.exe) supports:
/taskbarhide
Runs Spybot-S&D completely hidden (no window, no taskbar icon), so make absolutely sure you use it only in combination with /autoclose (otherwise it would remain in memory sitting idle). Useful only in combination with /autocheck, /autoupdate or /autoimmunize, as it cannot be controlled when completely invisible.
/minimized
Starts the window minimized.
/uninstall
Uninstalls Spybot-S&D. This command line parameter is very outdated – unins000.exe should be used instead!
/blinduser
Starts with support for blind users (special menus).
/allhives
Scans all Windows installations on your system, even inactive ones (for an alternative solution see this FAQ entry).
/autoupdate
Does an update after starting the program.
/autocheck
Starts scanning immediately.
/autofix
Fixes problems after scan.
/autoclose
Closes program after it has scanned or updated.
/autoimmunize
Runs the immunization at program start.
/onlyspyware
Fixes only spyware (red) entries with /autofix, leaving all usage tracks as they are.
/easymode
Starts with easier interface for beginners.
/createenglish
Updates the English.sbl language file with the newest texts; useful only for translators.
And here is a list of command line parameters that the Spybot-S&D installer (spybotsd16.exe) supports:
/sp-
Will skip the first page of the installation wizard (Do you wish to continue? …)
/silent
Will display the progress during installation, but not the wizard.
/verysilent
Even the progress will not be shown. Errors etc. would still be shown.
/suppressmsgboxes
Will use standard actions for message boxes (no overwriting of files, cancelling where the alternative would be retrying…)
/log (or /log=”filename”)
Creates a log file in the temp folder that contains detailed information about actions taking place during the installation.
/nocancel
Disables the Cancel and Close button. Useful with /silent.
/norestart
Suppress reboots even if they were necessary at the end of the installation.
/restartexitcode=N
If a restart is needed, the setup would return the specified exit code.
/loadinf=”filename” (and /saveinf=”filename”)
Can be used to use a saved setup configuration (or save one).
/lang=language
Overrides the language dialog with a predefined language. Use ISO 2 letter language describers here.
/dir=”x:\dirname”
Installs into that directory instead of the default one.
/group=”folder name”
Installs into a program group of that name instead of the default one.
/noicons
Avoids creation of any icons for the installed software.
/type=typename
Starts installation with a give type. Supported types are
full,
blind and
compact.
/components=”comma separated list of component names”
Installs the given components instead of the default ones. Supported components are:
º main
º blind (icons for blind users)
º language (all language files)
º skins
º updatedl (for downloading updates as part of the installation)
º updatew95 (to download prerequisites on Windows 95)
º SDWinSec (to install the Security Center integration on Vista)
º SDShredder (to install the stand-alone shredder)
º SDDelFile (to install the file removal helper).
/tasks=”comma separated list of tasks”
Specifies a list of tasks that should be executed. Tasks currently supported are:
desktopicon
quicklaunchicon
launchsdhelper
launchteatimer
/mergetasks=”comma separated list of tasks”
Same as /tasks, just with the exception that standard tasks are not disabled by default.
Note: Please be aware that the Spybot-S&D path has to be in quotation marks and multiple parameters have to be separated by a space.
Example: “C:\Program Files\Spybot – Search & Destroy\SpybotSD.exe” /taskbarhide /autoclose /autocheck /autofix /onlyspyware
FAQ Category: 1.6 only, General Questions
A rootkit is a type of malware that can hide the existence of certain processes or programs.
These processes or programs can evade normal methods of detection. If your computer is infected with a rootkit it will reload itself each time your computer is restarted.
If an attacker can gain root or Administrator access they can install a rootkit. This can be done by exploiting a known vulnerability, acquiring a password or by social engineering. Emails with attachments are one of the most common attacks. A seemingly innocent attachment can carry a dangerous payload. Once the malware is installed it becomes possible to hide the intrusion as well as to maintain privileged access. Most root kits disable software that might otherwise be used to detect or circumvent it.
A ‘clean boot’ and scan or re-installation of the operating system may sometimes be the only available solution to this type of infection.
The Spybot S&D liveCD can often fix this type of problem as it will allow you to do a clean boot of Windows. Doing a clean boot using Linux and running a scan is not as effective as it will not scan all the registry hives.
FAQ Category: 1.6 only, General Questions
