If you decide to create detection rules on your own, you should visit our Wiki, which offers an overview and descriptions to the available rules and file parameters. You should also visit our OpenSBI forum .
If you want to create a new whitelist, just run “Create Whitelist“ and click “Create whitelist“ to create a new whitelist replacing the old one.
Please remember if your system is older than 30 days the “Create Whitelist“ link has disappeared from your Start Center as it is not recommended to create a Whitelist on older systems.
You can delete the whitelist file in the Includes sub-folder of the Spybot – Search & Destroy install folder, which is by default:
C:\Program Files\Spybot – Search & Destroy 2\Includes\PosSystem.sbs
You have different options to create logs with Spybot – Search & Destroy.
1. The easiest would be after a scan. After performing a System Scan with Spybot 2 you can choose “Save scan log…” from the navigation bar on the left. You can now choose where to save the log.
2. You can also start from the Start Center to create a more detailed report. After choosing the “Advanced User Mode” by ticking the checkbox to activate it you can click on “Create Report”. Make sure the lastest logs are available and are activated. Now click on “Create log archive”. The log file archive is now on your Desktop.
3. If you also want to create a HijackThis log please open the Spybot 2 Start-Center.
Choose the “Advanced User Mode” by ticking the checkbox to activate it. Now click on “Startup Tools”. If being asked what you want to do choose “Save a log file”. Go the tab “Logs”. Make sure all 10 checkboxes are ticked on top. Now click on “Create SBSD log” and “Create HJT log”. Afterwards click on the “Save” button. You can now choose where to save the log.
You can manage the available plugins in the Settings module. You can either access the “Settings“ module via the Spybot’s Start Center (you have to switch to advanced mode previously) or via SDTray (the small Spybot – Search & Destroy icon beside your systems clock in the taskbar) → “Advanced Tools“ → “Settings“. Once “Settings“ has been opened switch to the “System Integration“ tab. Via the buttons to the right you can install or uninstall those plugins.
You can manage Spybot – Search & Destroy’s services in the Settings module. You can either access the “Settings“ module via the Spybot’s Start Center (you have to switch to advanced mode previously) or via SDTray (the small Spybot 2 icon beside your systems clock in the taskbar) → “Advanced Tools“ → “Settings“.
Once “Settings“ has been opened switch to the “System Services“ tab. Depending on your operating system you can change the status via a drop down menu (Windows Vista and higher).
If you are running Windows XP you can “Start“ or “Stop“ the services via the button to the right.
If you want to un-/install a service, just right click and select “Un-/Install“. With the checkbox “Active after every reboot“ you can change the service’s behavior on system start. Beside the configuration options in the Settings module, you can also edit the Services via the Windows service management console.
Spybot – Search & Destroy can show you plenty of assistant dialogs.
If you disabled those dialogs by mistake, you can re-enable these dialogs easily via “Settings“. You can either access the “Settings“ module via the Spybot’s Start Center (you have to switch to advanced mode previously) or via “SDTray“ (the small Spybot 2 icon beside your systems clock in the taskbar) → “Advanced Tools“ → “Settings“. Once Settings has been opened switch to the “Dialogs“ tab and make sure the checkbox “Show various non-critical dialogs“ has been marked.
You can edit the ignore list in the “Settings“ module to exclude a product from further searches. In order to do so you have to run the Start Center, switch to advance mode and start Settings. Now browse to the “Ignore List“ tab. Via the “Add“ button you will get a list of products to be excluded. Just select the product you want to exclude and hit “OK“.
Settings can also be launched via SDTray (the small Spybot – Search & Destroy icon beside your systems clock in the taskbar).
FAQ Category: 2.0 only, General Questions, How to, Spybot 2
Spybot – Search & Destroy supports different languages. You can easily switch to your favorite available language.
You can either access the settings module via the Spybot’s Start Center (you have to switch to advanced mode previously) or via “SDTray“ (the small Spybot 2 icon beside your systems clock in the taskbar) → “Advanced Tools“ → “Settings“.
Once “Settings“ has been opened switch to the “Language“ tab and click on the desired language.
You can access this setting by choosing “Configure Proxy“ in the “Updater“ menu on the left. Or you open the Spybot – Search & Destroy “Start Center“ and click on “Settings“. Choose the tab “Internet Connection“.
Here you can switch to “Do not use any proxy trying to access the Internet“.
Now click “Apply“ and “OK“.
Using a Home or higher Edition updates are automated. Spybot – Search & Destroy will create Windows task scheduler entries to keep your Spybot 2 up to date automatically. Regardless if you are logged in as an administrator or not, thanks to our Update Service Spybot 2 will be able to update every file without any further interaction from you. Of course manually updates like in the Free Edition are possible, too.
To perform the updates manually:
Please open the “Spybot 2 Start Center” by double clicking. Now activate the “Advanced User Mode” at the bottom by ticking the check-box. Under “Advanced Tools” you will find “Update” which you can simply tick.
Here you have two options:
You can use the “Update” button on the lower right or choose “Update” through the menu on the left. You also have the possibility to start the Updates through the Spybot 2 tray icon (on the lower right of your Desktop beneath your clock). Just rightclick the Spybot 2 tray icon and choose “Update”.
Once your licence has expired Spybot – Search & Destroy will show you a dialog offering three choices. If you want to continue using Spybot 2 without renewing your licence just choose “Switch to Free Edition“.
FAQ Category: 2.0 only, General Questions, How to, Spybot 2
In order to revert to a registry backup, run Windows in Safe Mode.
Be sure that hidden files are shown.
Now execute the two files (or maybe it is just one of them) regusers.reg and reglocal.reg in the following folder:
Windows XP: C:\Documents and Settings\All Users\Application Data\Spybot – Search & Destroy\Backups\
Windows Vista or Windows 7 or Windows 8: C:\ProgramData\Spybot – Search & Destroy\Backups\
Answer Yes when prompted to add its contents to the Registry.
Subsequent please reboot.
FAQ Category: 2.0 only, General Questions, How to, Spybot 2
There are two options to download Spybot 2:
Please search for new updates after installing Spybot 2.
Spybot – Search & Destroy will uninstall from the Windows Add/Remove Software control panel without problems. The following directories will not be removed during the uninstall procedure, if you want those folder to be deleted, you will have to remove them by hand:
Windows XP: C:\Documents and Settings\All Users\Application Data\Spybot – Search & Destroy\
Windows Vista or Windows 7 or Windows 8: C:\ProgramData\Spybot – Search & Destroy (Please note that the Application Data Folder is hidden. So if you cannot find this folder please check your folder properties.)
Explanation: this folder contains the backup (the quarantined files) that Spybot 2 creates. If the Uninstall would remove this folder as well, this would mean that those backups would be gone. We saw it a few times that new users uninstalled Spybot 2 in panic after they have experienced a small problem, thus removing the backup that would have undone any changes.
The script editor allows you to create complex malware detection patterns using our OpenSBI syntax and the Pascal language. A most simple script that you also implement using a simple .sbi file as well would be this:
begin sbiFile(‘<$FILE_DATA>’,’\Malware.txt’,’filesize=182,md5=83C36C493D7A254F9DE2ED63B3F92548′); end.
Now imagine you want some user input or custom calculation, because malware is individual to your system.
var sName, sFilename: String;
begin
InputQuery(‘Username’, ‘Please enter’, sName);
sFilename := ‘C:\Users\’ + sName + ‘\test.txt’;
sbiFile(‘test’, sFilename, ‘filesize=10′);
ShowMessage(‘Did look for ‘ + sFilename);
end.
This demonstrates interaction with the user. In reality, you could of course just use the proper path template for scanning all users directories (see the OpenSBI Wiki). Also, the use of scripting will be more in complex calculations and conditions than user interaction.
FAQ Category: 2.0 only, Detections, General Questions, How to, Spybot 2
Once your licence is about to expire there are different ways to easily get a renewal. You can either use our order form or run the Start Center and select “Renew licence” in the “Your licence is expiring soon” dialog.
FAQ Category: 2.0 only, General Questions, How to, Spybot 2, Start Center
In order to revert to a registry backup, run Windows in Safe Mode.
Be sure that hidden files are shown.
Now execute the two files (or maybe it is just one of them) regusers.reg and reglocal.reg in the following folder:
Windows 95 or 98: C:\Windows\Aplication Data\Spybot – Search&Destroy\Backups\
Windows ME: C:\Windows\All Users\Application Data\Spybot – Search&Destroy\Backups\
Windows NT, 2000 or XP: C:\Documents and Settings\All Users\Application Data\Spybot – Search&Destroy\Backups\
Windows Vista: C:\ProgramData\Spybot – Search &Destroy\Backups\
Answer Yes when prompted to add its contents to the Registry. Then reboot.
You only need to disable the resident feature of Spybot-S&D. And that is the way to deactivate it: Run Spybot-S&D, switch to the Advanced mode via the menu bar item Mode → hit Yes → select Tools in the navigation bar on the left → Resident and there you can untick the checkboxes in front of the two tools.
But warning! Then you will not have resident protection!
There are two options to download Spybot-S&D:
You choose a download location on our website. The displayed mirrors are partners who provide places to host Spybot-S&D for us. You can download from them, it is secure and they all contain the same data.
You choose the direct installation file.
Please search for new updates after installing Spybot-S&D.
Click on a problem in order to highlight it.
Then right-click on it to see how to exclude it from further searches.
Open the Settings section and go to the Settings page. Locate the Use proxy entry in the Automation – Web update category, and disable it.
Please make sure you have all updates installed.
Restore the files you deleted with Spybot – Search & Destroy: Run Spybot-S&D, select Spybot-S&D → Recovery from the left bar and restore all the files and entries which are in association with the item that should be restored.
After following these steps please try again. Be sure that all the Explorer windows are closed. You might to have to restart your computer for the changes to take effect.
Go to Settings → Settings → Expert settings. Enable both options (3) to get the Select all buttons.
Click the Tools section
Select the System startup tool
Click your right mouse button somewhere on the list
Choose Export… from the context menu that will appear. A dialog will pop up where you can select the name of the text file you want to save the report to.
Spybot-S&D will uninstall from the Windows Add/Remove Software control panel without problems.
If you want to completely get rid of Spybot-S&D and the Add/Remove does not help, you can delete the installation folder (usually C:\Program Files\Spybot – Search & Destroy\).
If you just want to upgrade to a newer version, please follow the same instructions like above and then install the new version.
After following these instructions please restart your system so that the changes can take place.
Also, neither the automated uninstall nor the manual uninstall like described above will remove the following directories, which you will have to remove by hand:
Windows 95 or 98: C:\Windows\Aplication Data\Spybot – Search & Destroy\
Windows ME: C:\Windows\All Users\Application Data\Spybot – Search & Destroy\
Windows NT, 2000 or XP: C:\Documents and Settings\All Users\Application Data\Spybot – Search & Destroy\
Windows Vista: C:\ProgramData\Spybot – Search & Destroy\
(Please note that the Application Data Folder is hidden. So if you cannot find this folder please check your folder properties.)
Explanation: this folder contains the backup (the quarantined files) that Spybot-S&D creates. If the Uninstall would remove this folder as well, this would mean that those backups would be gone. We saw it a few times that new users uninstalled Spybot-S&D in panic after they have experienced a small problem, thus removing the backup that would have undone any changes.
Since version 1.5 Spybot-S&D is kept up to date by the Updater, a separate tool. To start it, please click on Update in the navigation bar. If you want to, you can also click on the button Search for Updates – then the window showing additional update types (2.) is skipped and you start immediately with the server list (3.).
If you have clicked on Update a new window opens. There you can select two additional update types: beta and language updates. To go on, please click on Search.
Select a download location (the nearer to you the better) and click on Continue.
Select all available updates who are relevant for you (detection updates are already preselected). By clicking on Download you download them. Updates will be installed without any further action needed.
