Running Spybot and Windows Defender – Windows 10

User of Windows 10 may have noticed that Windows Defender will stop running in Windows 10 when Spybot is installed. Windows will disable this program if it detects another antivirus program on your PC in order to prevent conflict between the multiple antivirus programs installed. The Free Edition of Spybot also falls into this category, because it contains antivirus components from the paid editions.

You can avoid this issue with Spybot by following the instructions below.

Please go to:
Start Center > Settings (tick “Advanced User Mode” if you do not see “Settings”) > System Services

Here, click “Stop” beside “Security Center Service”. Untick “Active after every reboot” for this service.

Click “Apply” and “OK”, and reboot your PC.

When it restarts, you should be able to run Defender with Spybot.

However, the antivirus programs can conflict now and cause issues. To avoid this with Spybot, please also disable Live Protection / Real-Time Protection in either Spybot or Windows Defender.

Instructions for disabling Spybot’s Live Protection can be found here.


FAQ Category: Download & Installation, Error Messages, Internet Protection, Known Issues, Live Protection, Spybot 2, System Services

Spybot 2.5 Prompt – Post Windows 10 Spybot-install

If you have installed Spybot recently, you may have noticed the appearance of a “Post Windows 10 Spybot-install” file on your Desktop after installation.

What is it?

This file was included in our updates for users upgrading to Windows 10.

During the upgrade process, Spybot is likely to be uninstalled. It can be reinstalled by running this file, which will survive the upgrade process.

What do I do with it?

If you do not plan to upgrade to Windows 10, this file can be deleted. You can get this file back if you need to by reinstalling Spybot.

You can also delete the folder:
C:\Program Files\Common Files\AV\Spybot – Search and Destroy

If you do plan to upgrade to Windows 10, or already have, you can run this file to install Spybot 2.5. Changes have been made to this version of Spybot to improve compatibility.

If this does not work, please see here for instructions to reinstall Spybot.


FAQ Category: Download & Installation, Error Messages, Known Issues, Spybot 2, Updates

Spybot Search & Destroy Update Failed

If your issue has begun since upgrading to Windows 10, or installing a new update for Windows 10, see here.

 

If this is not the case, please try running Spybot as an administrator.

You can do this by right-clicking the Spybot icon and choosing the option to “run as administrator”. This must be done to give Spybot the permissions it needs on your PC to function correctly.

 

If this does not work, this could be a proxy issue.

Please go to:
Start Center > Settings (tick “Advanced User Mode” if you do not see “Settings”) > Internet Protection

In Internet Protection, please untick “Use Spybot Proxy” and “Use own proxy to download updates” if either of these is ticked.

Click “Apply” and “OK” and restart Spybot.

 

If this does not work, please go again to:
Start Center > Settings > Internet Protection

In Internet Protection, please tick “Use own proxy to download updates” and choose the option to “Import proxy settings from Internet Explorer”.

Click “Apply” and “OK” and restart Spybot.

If this also does not work, please contact our support team.


FAQ Category: Error Messages, Spybot 2, Updates

Windows 10 Installation/Upgrade/Update Removed Spybot

If your copy of Spybot was not reinstalled correctly during the upgrade/update process to Windows 10, you can uninstall and reinstall Spybot using the instructions below to see if this solves your issue.

Please open our uninstall tool page.

Here, download all 3 files; “unins000.exe”, “unins000.msg” and “unins000.dat”.

(A simple way to check if your PC is 32 or 64-bit is to check if your “C:” folder contains a folder called “Program Files (x86)”. If it does, it is 64-bit.)

These will download to your Downloads folder or other default location.

Copy these files to your Spybot program folder at:
C:\Program Files (x86)\Spybot – Search & Destroy 2

or for 32-bit PCs:
C:\Program Files\Spybot – Search & Destroy 2

Once these have been copied, run “unins000.exe” (the one in your Spybot program folder) as an administrator to remove any traces of Spybot from your PC.

You can then download Spybot 2.4 from the link below:
http://spybot-mirror.com/files/spybot-2.4.exe

This can be upgraded to version 2.5 by running the “Post Windows 10 Spybot-install” file on your Desktop. This file can then be deleted.


FAQ Category: Download & Installation, Error Messages, Known Issues, Spybot 2

What is the Start Center?

The Start Center is the home of all of Spybot’s tools and features.

This is the main window you see when you open Spybot.

Here, the options are categorized as Basic, Advanced and Extra tools (such as System Scan or Startup Tools).

You can also view Live Protection, Internet Protection and the Update Status from the Start Center as well as a helpful “Tip of the day”.

To view all of Spybot’s tools and features, tick the checkbox next to Advanced User Mode.


FAQ Category: Spybot 2, Start Center

What is Advanced User Mode?

Advanced User Mode allows you to view all of Spybot’s tools and features from within the Start Center.

When you open the Spybot Start Center, by default, only the Basic tools are shown.

This is designed for simple users who do not want to worry about some of the more advanced features that Spybot has to offer.

If you would like to use Spybot’s Advanced and Extra tools, tick the checkbox beside Advanced User Mode, located at the bottom left of the Start Center.


FAQ Category: General, Spybot 2, Start Center

How do I open Spybot with Administrator privileges?

Windows may sometimes tell you that you are not allowed to operate at the administrator level when you try to run a program.

You can solve this problem as follows:

– Open Spybot by right-clicking on the Spybot icon and choosing the option to “Run as administrator”.

This applies to the following versions of Windows:

– Windows Vista
– Windows 7
– Windows 8 / 8.1
– Windows 10


FAQ Category: General, Spybot 2, Start Center

How do I check my Spybot version?

To check your Spybot version, open the Spybot Start Center.

Under the Spybot logo on the top left corner of the Start Center, you should see the Spybot Edition written in blue writing.

If you are a licensed user you should also have “+AV” written in red writing.

For more information on your Edition and License, you can click the blue writing which will open the “License Overview” window.


FAQ Category: Spybot 2, Spybot License, Start Center

How do I view Spybot Help?

To view Spybot Help, open Spybot’s Start Center and click on “Help” in the top left corner of the Start Center.

This will open the Spybot Help file.


FAQ Category: General, Spybot 2, Start Center

How do I view the Spybot License Agreement?

To view the Spybot License Agreement with Spybot installed, you can go to:
Start Center > Help (top left corner of the Start Center) > About Start Center > License

Two versions of this can also be found on our website:
For Home Users
For Business Users


FAQ Category: Spybot 2, Spybot License, Start Center

It constantly says “This software is being updated” in the Start Center.

It states in the Start Center “This software is being updated” because in the Licensed Editions Updates are performed automatically through a scheduled task.

Even though Spybot may not be currently updating, it is set to update automatically.

We are going to improve this in the next version to make it less confusing to our users.

We apologise for the inconvenience.


FAQ Category: Known Issues, Spybot 2, Start Center, Updates

The update service has stopped. How do I start it again?

If you receive a message telling you that the Update Service has stopped, you must re-enable the service.

To enable the Update Service:

– Open Spybot by right-clicking on the Spybot icon, and choosing the option to “Run as Administrator”.

– Go to Settings (tick “Advanced User Mode” if you do not see “Settings”).

– In Settings, choose “System Services”.

– Here you can start the “Update Service”.

– Make sure you tick the check box that says “Active after every reboot”.

– Click “Apply” and “OK”, and restart Spybot.


FAQ Category: Spybot 2, Updates

How do I schedule updates in Spybot 2?

To schedule Updates:

– Open Spybot’s “Start Center” by right-clicking on the Spybot icon and choosing the option to “Run as administrator”.

– Go to “Settings” (tick “Advanced User Mode” if you do not see “Settings”).

– Go to “Schedule”.

OR

– Open Spybot’s “Start Center” by right-clicking on the Spybot icon and choosing the option to “Run as administrator”.

– Go to “Update” (tick “Advanced User Mode” if you do not see “Update”).

– Click on “configure Schedules”.

This will open the Schedule tab with Settings.
– Click on “Add” for the Update task, if it has not already been added.

– Click “Edit”. (This will open up the Windows Task Scheduler).

– In the top left of the Task Scheduler, click on the small black arrow beside “Task Scheduler Library”.

– This will then show you subfolders of the Task Scheduler.

– Click on “Safer Networking”.

– Click on Spybot – Search & Destroy”.

– Right-click on the “Check for updates” task and then click properties.

– Go to the “Triggers” tab and then click “Edit”.

– Here, you can set the parameters for when and how you want the scan to run.


FAQ Category: Spybot 2, Task Scheduling, Updates

How do I view the update log in Spybot 2?

To view the Update Log:

– Open Spybot by right-clicking on the Spybot icon and click “Run as Administrator”.

– Click “Advanced User Mode”.

– Click on “Update”.

– Click on “Show Update Log”.

This open the Update.log file.


FAQ Category: Spybot 2, Updates

Can I manually download Updates for Spybot 2?

It is possible to manually download the antispyware definitions.

You can download the manual update file from here:

https://www.safer-networking.org/updates/files/spybotsd_includes.exe

When you run the file it will ask you to select a folder.

Please select the Spybot program folder:
C:\Program Files (x86)\Spybot – Search & Destroy 2

The files will be added to the “Includes” folder within the Spybot program folder.

Unfortunately it is not possible to download the Antivirus definitions manually.


FAQ Category: Spybot 2, Updates

How do I update Spybot 2?

To Update Spybot:

– Open Spybot by right-clicking on the Spybot icon and click “Run as Administrator”.

– Click “Advanced User Mode”.

– Click on “Update”.

This will open a separate Update Window, which will search for new updates.

If new updates are found, clicking “Update” in the Update window will download and install them.

If the Updates fail on their 1st attempt, please click the update button again.

The update should then test your Update Status to see when you last updated.

You can also click on Show Details to view more information about the files and definitions that were downloaded.


FAQ Category: Spybot 2, Updates

Why do I need to Update Spybot 2?

It is important to update Spybot regularly to ensure that you have all of the latest definition updates installed on your PC.

By having the latest defitition updates installed, it means you are better protected and more likely to detect and eliminate the most recent forms of malware.

Our analysts work full-time developing new detection rules and techniques to deal with this ever increasing number of threats.

You can view the latest definition updates in the following link:

https://www.safer-networking.org/about/updates/


FAQ Category: General, Spybot 2, Updates

What is a System Scan?

The System Scan is an on demand scanner which allows you to run a complete check of your System to see if there are any  malicious threats installed on your computer.

The System Scan will search for spyware, trojans and other forms of malware.

If you are using a licensed edition, the System Scan will also search for viruses.

You can also schedule the System Scan to run automatically in the licensed editions.


FAQ Category: Spybot 2, System Scan

How do I perform a System Scan?

To perform a System Scan please do the following:

– Open Spybot by right-clicking on the Spybot Start Center icon and click “Run as Administrator”

– Click on System Scan.

This will open a new System Scan window and the scan will begin automatically.

If you have not downloaded and installed any signature updates, the System Scan will not begin automatically and you will be required to install the latest definition updates.

Once the updates have been installed, you can Start the System Scan.


FAQ Category: Spybot 2, System Scan

How do I remove the detected threats?

Once the scan has completed, click on “Show Scan Results”.

This will then show all the detected threats on your machine.

To remove these threats, press the “Fix Selected” button.

When the items have been fixed, a green tick appears beside each entry.


FAQ Category: Spybot 2, System Scan

How do I scan other hard drives with Spybot?

To scan other drives with Spybot, please do the following:

– Open Spybot by right-clicking on the Spybot icon and choosing the option to “Run as administrator”.
– Click on “System Scan”.
– A System Scan window will open and a scan will begin automatically.
– Click on “Stop Scan”.
– Click on the dropdown arrow beside “Show scan results”, and click “Scan with different options”.
– Here, you can select/deselect drives to be included in the System Scan.


FAQ Category: Spybot 2, System Scan

The detected items were not removed during the scan. How do I remove these items?

If the detected items were not removed by a scan, you can try to remove them again by running SDCleaner manually.

– Navigate to the Spybot program folder:
C:\Program Files (x86)\Spybot – Search & Destroy 2

– Right-click the file “SDCleaner(.exe)”, file and choose the option to “Run as Administrator”.

– Click on “Rescan Detected”. This will open up the System Scan Window and scan for all the items that were previously detected in a scan.

– When the scan is finished you can select “Fix Selected” in the SDCleaner window.

Alternatively, you can try a scan in Safe Mode as the malware could be affecting the removal process.

To do this, reboot your PC. As it is restarting, hold “F8” until a boot menu appears.

In the boot menu, choose “Safe Mode with Networking”.

You can then open Spybot as an administrator in this mode and perform another scan.

– Open Spybot by right-clicking on the Spybot icon and choosing the option to “Run as administrator”.

– Go to System Scan.

Once you have scanned using Spybot, restart your machine through the Shutdown options.

Please see the following links for more information on entering Safe Mode.

Windows 10
Windows 8
Windows 7
Windows Vista
Windows XP


FAQ Category: Known Issues, Spybot 2, System Scan

The System Scan did not detect any threats on my machine. What can I do?

If the System Scan did not detect any items on your machine, it is possible that you have not installed all of the latest updates.

Please download and install Spybot’s latest definition updates:

– Open Spybot by right-clicking on the Spybot icon and choosing the option to “Run as administrator”.

– Go to Update (tick “Advanced User Mode” if you do not see “Update”)

Once the update is complete, perform another scan with Spybot.

If you experience any issues downloading updates, please see here.

If Spybot still does not detect any threats on your PC, you can try performing a scan in Safe Mode:

To do this, reboot your PC. As it is restarting, hold “F8” until a boot menu appears.

In the boot menu, choose “Safe Mode with Networking”.

You can then open Spybot as an administrator in this mode and perform another scan.

– Open Spybot by right-clicking on the Spybot icon and choosing the option to “Run as administrator”.

– Go to System Scan.

Once you have scanned using Spybot, restart your machine through the Shutdown options.

Please see the following links for more information on entering Safe Mode.

Windows 10
Windows 8
Windows 7
Windows Vista
Windows XP

If Spybot still cannot detect or remove this threat, it is likely that you have a new threat or a new variation of a known threat.

We recommend consulting the malware removal section of our forum.


FAQ Category: Known Issues, Spybot 2, System Scan

How do I view previous scan results?

You can view previous scan results by opening SDCleaner.exe:

– Navigate to the Spybot program directory then run SDCleaner.exe:
C:\Program Files (x86)\Spybot – Search & Destroy 2

Or for 32-bit PCs:
C:\Program Files\Spybot – Search & Destroy 2

– Right-click the file “SDCleaner.exe” and choose the option to “Run as Administrator”.

This will then display the results of your last System Scan.


FAQ Category: Spybot 2, System Scan

How do I scan different drives on my PC?

There are two ways to scan different drives, such as external drives or networked PCs:

If you wish to include the entire drive in your scan, go to:
Start Center > System Scan

In the “System Scan” window, click “Stop Scan” if the scan has started automatically. This message will then change to “Show Scan Results”.

Click the dropdown arrow beside “Show Scan Results” and select “Scan with different options”.

Here, you can choose to select/deselect any drives connected to your PC to include in the System Scan.

If you wish to scan a specific folder:
– Navigate to the File/Folder/Drive, right-click on it, click “Spybot – Search & Destroy” in this menu, and then click “Scan Folder”.

To use this option, System Integration must be enabled.


FAQ Category: Spybot 2, System Scan

How do I schedule a System Scan?

Note: *  Task Scheduling is only available in the licensed editions of Spybot

By default, the System Scan is set to run on (Default Setting).

To schedule a System Scan:

– Open Spybot’s “Start Center” by right-clicking on the Spybot icon and choosing the option to “Run as administrator”.

– Tick “Advanced User Mode”.

– Go to “Settings”.

– Go to “Schedule”, and click on “Add” beside the System Scan task.

– Click “Edit” (This will open up the Windows Task Scheduler).

– In the top left of the Task Scheduler, click on the small black arrow beside “Task Scheduler Library”.

– This will then show you subfolders of the Task Scheduler.

– Click on “Safer Networking”.

– Click on Spybot – Search & Destroy”.

– Right click on the “Scan the system” task, and then click properties.

– Go to the “Triggers” tab, and then click “Edit”.

– Here, you can set the parameters for when and how you want the scan to run.


FAQ Category: Settings, Spybot 2, System Scan, Task Scheduling

How do I scan all user accounts on my PC?

To scan all user accounts on your machine:

– Open Spybot’s “Start Center” by right-clicking on the icon  and choosing “Run as administrator”.

– Click “Advanced User Mode”.

– Go to “Settings”.

– Go to the “Scope” tab and select “Scan the running system and all of its users, including those not logged in”.

– This should scan all profiles and files that are selected in which permission is given for, independent of the current user.


FAQ Category: Spybot 2, System Scan

How do I use the Temporary File Cleaner?

The “Clean Up Temporary Files” option appears in the system scan when there are 100 or more temporary files present. If there are less than 100 files present, the option is not visible in the System Scan window.
If you clicked to hide the Temp file cleaner, it should reappear the next time there is 100 files or more are present as the files should have been removed before being able to hide the temp file cleaner.


FAQ Category: Spybot 2, System Scan

How to enable/disable System Services?

You can enable or disable Spybot System Services from within Spybot – S&D’s Settings: 
– Open Spybot by right-clicking on the Spybot icon, and choosing the option to “Run as Administrator”.
– Tick “Advanced User Mode” in the Start Center.
– Go to “Settings”, then choose the “System Services” tab.
– Here, you will see the Security Center Service, the Scanner Service and the Update Service.

These services should be enabled by default. To disable a service, click the Stop button beside the service you would like to disable. If you want to disable it permanently, you must also untick the checkbox beside “Active after every reboot”.
If you would like to enable a service, you can click “Start” beside the service you would like to enable. You must also tick the checkbox beside “Active after every reboot”.
– Click “Apply” and “OK”, and restart Spybot.


FAQ Category: Settings, Spybot 2, System Services

What is Live Protection?

Live Protection is Spybot’s Real-Time Protection.

This scans all programs before they start to prevent any infections or threats from entering your system.

This helps to keep to your PC clean from malware and is the 1st line of defense against malicious programs.

Live Protection is the updated version of Spybot’s TeaTimer.

Live Protection is available in all licensed editions of Spybot.


FAQ Category: Live Protection, Settings, Spybot 2

How do I disable Live Protection?

To disable Live Protection:

– Open Spybot by right-clicking on the Spybot icon and clicking “Run as administrator”.

– Click on the Live Protection status in the Start Center.

– This will open the Live Protection Settings window.

– Untick the checkbox beside “Scan all programs before they start”.

– Click on “Show Live Protection Advanced Controls”.

– Click on “Uninstall Live Protection”.

You may receive an error saying that “The Live Protection System Driver could not be deactivated/uninstalled. A reboot might be needed to completely deactivate Live Protection.”

You must restart your PC for the changes to take effect.

After your PC has restarted, Live Protection should now be disabled.


FAQ Category: Live Protection, Settings, Spybot 2

How do I enable Live Protection?

To enable Live Protection:

– Open Spybot by right-clicking on the Spybot icon and clicking “Run as administrator”.

– Click on the Live Protection status in the Start Center.

– This will open the Live Protection Settings window.

– Tick the checkbox beside “Scan all programs before they start”.

– Click on “Show Live Protection Advanced Controls”.

– Click “Install Live Protection”.

You may receive an error saying that “Live Protection System Driver could not be installed”, you will have to restart your PC and try to install after the reboot.

– You must restart your PC to enable Live Protection.

– After your PC has restarted, go to the Live Protection tab in Spybot’s Settings.

– Click “Install Live Protection”.

– You can then click “Activate Live Protection”.

Live Protection should now be enabled and actively protecting your PC.


FAQ Category: Live Protection, Settings, Spybot 2

What is Live Protection : Partial?

Live Protection : Partial means that Spybot will no longer “Scan all programs before they start”.

This means that Spybot will no longer scan all new process when they begin on your PC.

It will still continue scan any active processes that are open, just not any new processes that begin.

You can set Live Protection to Partial by unticking the checkbox beside “Scan all program before they start” in the Live Protection Settings window.

To get to Live Protection Settings window:

– Open Spybot by right clicking on the Spybot icon and clicking “Run as administrator”.

– Click on the Live Protection status in the Start Center.


FAQ Category: Live Protection, Settings, Spybot 2

What is SDONACCESS.exe?

SDONACCESS.exe is the file that is related to Spybot’s Live Protection.

This is the process that scans all programs before they start.


FAQ Category: Live Protection, Settings, Spybot 2

How do I enable Live Protection?

To enable Live Protection:

– Open Spybot by right-clicking on the Spybot icon and choosing the option to “Run as administrator”.

– Click on the Live Protection status in the Start Center.

This will open up the Live Protection Settings.

– If you see “Live Protection is not installed”, click on “Show Live Protection advanced controls”.

– Click on “Install Live Protection”.

If you receive an error message saying “Live Protection System Driver could not be installed”, you will have to restart your PC in order to re-attempt the installation.

Once you have restarted your machine, please open Spybot.

You should see a dialog asking you whether or not to install Live Protection.

Click Yes.

Live Protection should now be enabled.

If you do not see this dialog, you will have to reinstall Spybot.

Before reinstalling Spybot, you must uninstall the old installation.

Please see here for instructions on how to uninstall Spybot.

Alternatively, you can run the Spybot installer, which will detect the current installation and offer to uninstall it.

Once you have uninstalled Spybot and restarted your machine the installation should begin automatically.

Spybot 2.4 can be downloaded from here.

If you are a licensed user, you can download your license installer from the original email that was sent to at the time of purchase.

If you do not have your license installer, you can request that your license be resent to you by filling in the form here.

During the installation process you should see a dialog prompting you to “Install Live Protection”.

Click “Yes”.

If Live Protection is still not enabled, please go to the Live Protection settings in Spybot, and then click “Install Live Protection”.

When Live Protection has been successfully installed, you can then click “Activate Live Protection”.

Live Protection will then be enabled and actively protecting your PC.


FAQ Category: Live Protection, Settings, Spybot 2

After installing Spybot 2 +AV my PC is running extremely slow.

This could possibly be caused by Spybot’s Live Protection.

This scans all programs before they start to prevent any infections or threats from entering your system.

The benefit of this is that it keeps your system free from malware and other harmful threats.

The downside is that Live Protection must scan all processes to keep your PC clean.

This can cause a huge slow down of your PC.

To disable Live Protection:

– Open Spybot by right clicking on the Spybot icon and clicking “Run as administrator”.

– Click on the Live Protection status in the Start Center.

– This will open the Live Protection Settings window.

– Untick the checkbox beside “Scan all programs before they start”.

– Click on “Show Live Protection Advanced Controls”.

– Click on “Uninstall Live Protection”.

You must restart your PC for the changes to take effect.

After your PC has restarted, Live Protection should now be disabled.

If you have another AV program with real time protection, you should disable it or Spybots Live Protection as 2 active AV programs can cause severe damage to your PC.

Please see the following link which gives information running more than one AV program:
http://www.pcworld.com/article/2034141/one-antivirus-program-is-better-than-two.html


FAQ Category: Known Issues, Live Protection, Settings, Spybot 2

After installing Spybot 2 +AV certain programs wont open and my internet is slow.

This could possibly be caused by Spybot’s Live Protection.

This scans all programs before they start to prevent any infections or threats from entering your system.

The benefit of this is that it keeps your system free from malware and other harmful threats.

The downside is that Live Protection must scan all processes to keep your PC clean.

This can cause a huge slow down of your PC.

To disable Live Protection:

– Open Spybot by right clicking on the Spybot icon and clicking “Run as administrator”.

– Click on the Live Protection status in the Start Center.

– This will open the Live Protection Settings window.

– Untick the checkbox beside “Scan all programs before they start”.

– Click on “Show Live Protection Advanced Controls”.

– Click on “Uninstall Live Protection”.

You must restart your PC for the changes to take effect.

After your PC has restarted, Live Protection should now be disabled.

If you have another AV program with real time protection, you should disable it or Spybots Live Protection as 2 active AV programs can cause severe damage to your PC.

Please see the following link which gives information running more than one AV program:
http://www.pcworld.com/article/2034141/one-antivirus-program-is-better-than-two.html


FAQ Category: Known Issues, Live Protection, Settings, Spybot 2

Live Protection is conflicting with my other AV Program.

If you are using another antivirus program that contains Live Protection, Real-time Protection or some equivalent, this could be conflicting with Spybot’s Live Protection and causing your issue.

You can avoid this by disabling Live Protection on either Spybot or your other antivirus program.

To disable “Live Protection” on Spybot, please do the following:

– Open Spybot by right clicking on the Spybot icon and click “Run as Administrator”.

– Click “Advanced User Mode”

– Go to “Settings” then click on the “Live Protection“ tab.

– Untick the checkbox for “Scan programs before they start”.

– Click “Apply“ and then “OK“.

There is also a button for “Show Live Protection advanced controls” on this page.

If you click this button you will see two options:

“Uninstall Live Protection (might need reboot)”

or

“Deactivate Live Protection”.

You can choose either of these.


FAQ Category: Known Issues, Live Protection, Settings, Spybot 2

I am trying to disable Live Protection but I receive the following error: “The Live Protection System Driver could not be deactivated/uninstalled. A reboot might be needed to completely deactivate Live Protection.”

In the Live Protection Settings, if you click on “Uninstall Live Protection”, you may receive an error saying that “The Live Protection System Driver could not be deactivated/uninstalled. A reboot might be needed to completely deactivate Live Protection.”

You must restart your PC for the changes to take effect, even though you may still receive the error message.

When you restart your PC, Live Protection should now be disabled.


FAQ Category: Error Messages, Known Issues, Live Protection, Settings, Spybot 2

How do I restore previously removed items?

If you want to restore previously removed items for whatever reason you can do this using Spybot’s “Quarantine“.

– Open Spybot by right clicking on the Spybot icon and choosing the option to “Run as Administrator”.

– Go to Quarantine.

– Once “Quarantine“ has been started feel free to select the product you want to restore and hit “Restore selected“.


FAQ Category: Quarantine, Spybot 2, System Scan

What is the Quarantine?

The Quarantine feature allows you to view all of the previously detected items that were removed during a System Scan. These files have been moved to a quarantined location on your PC which prevents them from posing a security threat to your system.

If you would like to make more room on your PC’s hard drive, the Quarantine gives you the option to fully remove threats from your PC.

You can also use the Quarantine to restore items that were mistakenly removed during the System Scan.

To view the Quarantine:

– Open Spybot’s “Start Center” by right-clicking on the Spybot icon and choosing the option to “Run as administrator”.

– Go to “Quarantine”.


FAQ Category: Quarantine, Spybot 2

What does Purge Old do?

Purge Old allows you to completely remove items from your system.

When you click on “Purge Old” a window will open allowing you to select a date.

The date you select determines which files will be deleted.

– Open Spybot “Start Center” by right clicking on the icon  and choosing  “Run as administrator”.

– Go to “Quarantine”.

– Click on Purge Old then enter the desired date.


FAQ Category: Quarantine, Spybot 2

What does Purge Selected do?

You can remove items completely from your system by Purging the selected items:

– Open Spybot’s “Start Center” by right clicking on the icon  and choosing  “Run as administrator”.

– Go to “Quarantine”.

– Select the items you wish to remove and then click “Purge Selected”.

– Once these items have been “Purged”, they cannot be restored.

Purge Selected allows you to select which files you want to permanently remove from your PC.

Once you have selected all the desired items, you can click Purge selected to permanently remove the files from your PC.


FAQ Category: Quarantine, Spybot 2

How do I view the Quarantine log?

To view the Quarantine log:

– Open Spybot’s “Start Center” by right-clicking on the icon and choosing the option to “Run as administrator”.

– Go to “Quarantine”.

– Click on “Show repair logs”.


FAQ Category: Quarantine, Spybot 2

How do I restore previously removed files that are in Quarantine?

If you want to restore previously removed files for whatever reason you can do this using Spybot’s “Quarantine“.

Quarantine can be either launched via the Start Center.

– Open Spybot by right clicking on the Spybot icon and click “Run as Administrator”

– Go to Quarantine.

They can also be found in SDTray’s program list.

– Right click on the Spybot – Search & Destroy icon in your system tray beside the Windows clock and navigate to “Basic Tools“ then “Quarantine“.

– Once “Quarantine“ has been started feel free to select the product you want to restore and hit “Restore selected“.


FAQ Category: Quarantine, Spybot 2

What is the File Scan?

The File Scan is an on demand tool that allows you to scan single files and folders on your PC.

The File Scan uses the same detection signatures to search for malware, including viruses in licensed editions, as the System Scan does.

The File Scan is available in all editions of Spybot 2.

You can Open the File Scan from the Start Center or under the Basic Tools section in the System Tray.

You can also start the File Scan by opening SDFiles.exe in the Spybot directory.

C:\Program Files (x86)\Spybot – Search & Destroy 2


FAQ Category: File Scan, Spybot 2

How do I scan a file using File Scan?

To scan a file using the File Scan, please open File Scan window.

– Open Spybot by right clicking on the Spybot icon and choosing “Run as Administrator”.

– Got to File Scan.

This will open the File Scan in a separate window.
File Scan 1

– Click on Add File(s) to allow you to pick which files to scan.

– You can then navigate to the desired file(s) then click “Open”.

If you want to add more than one file from the same directory, you can hold the “AltGr” key on your keyboard then select each File then press “Open”.

You can also scan a single file by right clicking on the file, clicking on “Spybot – Search & Destroy” then clicking on Scan File.
Note: Windows Explorer Integration must be enabled to use this option.
File Scan 3

If the File is clean, a green tick should appear beside the file in the results list.

File Scan 2

If the File is infected you can click “Remove Malware”.


FAQ Category: File Scan, Spybot 2

How do I scan a folder using the File Scan?

To scan a folder using the File Scan, please open then “File Scan” window from the Start Center.

– Open Spybot by right-clicking on the Spybot icon and choosing “Run as Administrator”.

– Go to File Scan.

This will open the File Scan in a separate window.

File Scan 1

– Click on the “Add Folder(s)” option in the left hand menu.

This will allow you to navigate to the desired folder and then select it to be scanned.

You can also scan a single folder by right clicking on the file, clicking on “Spybot-Search & Destroy” then clicking on Scan Folder.

Note: Windows Explorer Integration must be enabled to use this option.

File Scan 4

The scanner will then scan all the files contained within the selected folder(s).

Each file will be listed in the results list.

If a File is clean, a green tick should appear beside it in the results list.

File Scan 2

If a File contained within the folder is infected you can click “Remove Malware”.


FAQ Category: File Scan, Spybot 2

What is Immunization?

The Immunization feature provides Internet Protection by preventing users from entering malicious, untrusted or potentially dangerous websites.

This is done by adding malicious entries to the Windows hosts file.

It also prevents tracking cookies from entering your system and blocks known spyware installers (and similar baddies) already included in Spybot’s database.


FAQ Category: Immunization, Spybot 2

How do I perform Immunization?

To perform Immunization:

– Open Spybot’s “Start Center” by right clicking on the icon  and choosing  “Run as administrator”.

– Go to “Immunization”

– Click “Check System”, then click “Apply Immunization”.


FAQ Category: Immunization, Spybot 2

When I run Immunization it says items are still unprotected. How do I fix this?

You need to run the immunization with elevated privileges, otherwise all global immunizations will fail.

To ensure that Immunization is applied correctly, Please disable all other security programs that you run and close all browsers and any other programs during the work with Spybot – Search & Destroy.

To Immunize your browser:

– Open Spybot “Start Center” by right clicking on the icon  and choosing  “Run as Administrator”.

– Go to “Immunization”

– Click “Check System”, then click “Apply Immunization”.

The main reasons why Immunization would fail are:

– A path is not detected.

– The object is blocked by something; e.g. a security program.

– The user does not have appropriate rights for Immunizing an object.


FAQ Category: Immunization, Spybot 2

How do I view the Immunization log?

To view the Immunization log:

– Open the Spybot Start Center by right-clicking the Spybot icon and choosing the option to “Run as Administrator”.

– Open “Immunization”.

– Click “Show previous Logs”.

If you cannot access this folder, you may need to change your folder properties:

– Open Windows Explorer (or any folder).

– Press the “Alt” button, then go to “Tools”, then “Folder Options”.

– Click on “View”, then select “Show Hidden Files, Folders and Drives”.


FAQ Category: Immunization, Spybot 2

How do I undo Immunization?

You can undo Immunization if you wish, to see if it causing any issues with access to certain websites.

To undo Immunization:

– Open the Spybot – Search & Destroy “Start Center“.

– Go to Immunization and select “Undo Immunization”.


FAQ Category: Immunization, Spybot 2

How do I reset the hosts file?

You can reset the hosts file to its original configuration.

To do this, please first undo your immunization by going to:
Start Center > Immunization

In Immunization:
Click “Undo Immunization”.

You can then navigate to the hosts file location:
C:\Windows\system32\drivers\etc\

This folder contains your “hosts” file, along with many regularly-created backups of the hosts file.

You can then delete the hosts file and the backup host files and restore a default hosts file.

TO do this, please see the following link on how to restore the hosts file:
https://support.microsoft.com/kb/972034

Please do not delete other files located in this folder.


FAQ Category: Immunization, Spybot 2

How do I download Spybot 2 – Search & Destroy?

To download Spybot 2:

Please go to our Downloads page, where you can download Spybot 2 from one of our trusted mirror sites.

These mirrors allow you to securely download Spybot 2 from one our partners.

https://www.safer-networking.org/mirrors/

Alternatively, you can download Spybot 2 directly from the link below:

http://spybot-mirror.com/files/spybot-2.4.exe

You will then be prompted by your browser to download Spybot-2.4.exe.

1

This will be downloaded to your default download location.


FAQ Category: Download & Installation, General, Spybot 2

How do I install Spybot 2 – Search & Destroy?

To begin the installation of Spybot, double click on the “spybot-2.4.exe” file.

You will then be asked to select your desired language for the installation.

Once you have selected the desired language, the installation wizard will begin.

Please follow the prompts in the wizard to complete the Installation.

By selecting “I want to be protected without having to attend to it myself”, the wizard will install Spybot with its default settings.

By selecting “I want more control, more feedback and responsibility”, the installer will allow you to customize some of the installation settings.

1-Install 1

It is recommended to restart your PC after installing Spybot.

After your PC has restarted you can open Spybot by double clicking on the Start Center icon on the Desktop.

Please update your Spybot database before performing a scan.


FAQ Category: Download & Installation, Spybot 2

How do I install my Spybot license?

Please download the “spybot2-license.exe” file which you should have received in an email, shortly after purchasing Spybot.

If you did not receive your Spybot license please go to the link below:
https://www.safer-networking.org/contact/resend-license/

Please run the file to begin the installation.

The installer will install your license files.

If this is your 1st time installing Spybot, the installer will detect that Spybot has not been installed and download the latest version.

If you already have the Free Edition installed, the installer will detect the installation and add your license files to the program, activating all of the features of your Paid Edition.

If you are replacing an existing license, the installer will detect the old license and will as you if you would like to “Install New License” or “Keep Existing License”.

When you re-open Spybot, you should now have a fully licensed version.


FAQ Category: Download & Installation, Spybot 2, Spybot License

How do I uninstall Spybot 2 – Search & Destroy?

To uninstall Spybot 2, go to the “Programs & Features” section of the Windows Control Panel.

– Open the Start Menu.

– Type “Control Panel” into the search box.

– Click on “Small Icons” in the “View by” dropdown menu.

– Click on “Programs & Features”.

You can then scroll down to “Spybot – Search & Destroy” then click on it then press “Uninstall”.

This will open the uninstallation wizard.

1-Uninstall 2

Before uninstalling Spybot, it is recommended to undo Immunization to avoid issues with the uninstallation process.

It is also recommended to view Spybot’s Quarantine unless there are any items that you would like to restore which were accidentally removed by Spybot.

Once you uninstall Spybot 2 you cannot restore these files.

After Spybot has been uninstalled it is recommended to delete the following folders:

C:\Program Files\Spybot – Search & Destroy2
C:\ProgramData\Spybot – Search & Destroy2

Please note that the Application Data Folder is hidden.

So if you can’t find this folder please check your folder properties.

– Open Windows Explorer (or any folder).
– Click on “Organise”, then go to “Folder and search options”.
– Click on “View”, then select “Show Hidden Files, Folders and Drives”

You should then restart your PC for the changes to take affect on your PC.


FAQ Category: Download & Installation, Spybot 2

How do I upgrade to the latest version of Spybot 2?

To upgrade to the latest version of Spybot, please download the Spybot installer from here:

http://spybot-mirror.com/files/spybot-2.4.exe

1-Uninstall

When you run the installer it will detect the older installation of Spybot and ask you to uninstall it.

This will run the uninstall wizard.

Once you have uninstalled the older version of Spybot, please restart your PC.

When your PC has restarted, the installation wizard should begin automatically.

Follow the steps in the installation wizard to complete the upgrade to the latest version.


FAQ Category: Download & Installation, Spybot 2

How do I reinstall Spybot 2?

To reinstall Spybot, please download the Spybot installer from here:

http://spybot-mirror.com/files/spybot-2.4.exe

When you run the installer it will detect the older installation of Spybot and ask you to uninstall it.

1-Uninstall

This will run the uninstall wizard.

Once you have uninstalled the older version of Spybot, please restart your PC.

When your PC has restarted, the installation wizard should begin automatically.

Follow the steps in the Installation wizard to complete the reinstallation of Spybot.

If you are using a licensed edition, you will need to redownload and run your license installer from the email you were sent at the time of purchase.

If you do not have access to your installer, you can request it from here:

https://www.safer-networking.org/contact/resend-license/


FAQ Category: Download & Installation, Spybot 2

When I try to uninstall Spybot it says that the unins000.msg / unins000.exe file(s) is missing. How do I replace it?

It is possible that the unins000.msg/unins000.exe file(s) was mistakenly deleted by another security program or the file(s) has become corrupted.

Missing unins000

To replace the file(s), you can download them for our Download Missing Files page:

Missing Files

Once you have downloaded the file(s), please copy them to the Spybot directory:
C:\Program Files (x86)\Spybot – Search & Destroy 2


FAQ Category: Download & Installation, Error Messages, Known Issues, Spybot 2

I installed the program in English but it opens in a foreign language. How do I set it back to English?

If you have installed Spybot in a foreign language, you can change the language back to English  from within Spybot’s Settings.

This may be difficult as the program is in a different language so the instructions are slightly misleading.

To change the language please do the following:

– Open the Spybot “Start Center”.

Start Center 2.4- Settings

– Click “Advanced User Mode”.

– Go to “Settings”.

– Then click on the “Language” tab.

You can then select your desired language.

Settings - Languages

Alternatively you could reinstall Spybot.

The 1st window of the installer allows you to select what language you would like to install Spybot in.

Please see the link below for instructions on how to reinstall Spybot:

https://www.safer-networking.org/faq/how-do-i-reinstall-spybot/


FAQ Category: Download & Installation, Known Issues, Languages, Spybot 2

Why choose Spybot Anti-Beacon?

  • It’s sincere – Spybot Anti-Beacon is transparent and open in what it does, listing details of the changes it makes to your system for those interested.
  • It’s affordable – Actually, it’s free! And it’s created by a passionate, privacy-concerned team. There are a lot of anti-telemetry instructions, scripts and tools on the Internet, but we’re careful to include only the real things.
  • We are comprehensive – Spybot Anti-Beacon lists optional features to block on a separate page. Our team uses cutting-edge technology and has extensive experience working with malware and spyware.
  • It’s flexible – if you’re the family tech guy, you can simply pick up the Portable Edition and carry it on your thumb drive.
  • It’s user friendly – press one button and you’re done!

FAQ Category: Spybot Anti-Beacon

Why do I need Spybot Anti-Beacon?

We at Safer-Networking Ltd respect Microsoft’s wish to get feedback from users to improve their operating system, but we firmly believe it is the user’s right to choose how much of their data they wish to share.

While Microsoft have included the ability to disable certain telemetry options in Windows 10, it can be quite difficult to disable all of these manually. For this reason, we have created a tool that will do this with the click of a button, and can be updated to include telemetry additions which are added by Microsoft in the future.


FAQ Category: Spybot Anti-Beacon

What is Spybot Anti-Beacon?

Spybot Anti-Beacon is a small utility designed to block and stop the various tracking (aka telemetry) issues that come with Windows.

Seeing the bunch of incomplete or broken scripts to disable tracking in Windows 10, and the tools that install adware or worse in exchange for their function, we wrapped disabling tracking up in a small tool that’s free and clean. With the upcoming news about telemetry in Windows 7 and 8.1, Spybot Anti-Beacon has added support for those as well.

See our forum thread about Spybot Anti-Beacon for download details.


FAQ Category: Spybot Anti-Beacon

Hijacker

A Hijacker is a type of malware which causes modifications to be made to a users’ system without adequate notice, consent, or control to the user. Hijackers can modify browser settings, redirect webpages or network requests to unintended destinations, or replace web content. Hijackers can be frustrating to remove, as they can be built to restore hijacked settings each time the system is restarted.


FAQ Category: Glossary

Distributed Denial-of-Service (DDoS) Attack

A Denial-of-Service (DoS) attack is an attempt to make a machine or network resource unavailable to its intended users, such as to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet. A distributed denial-of-service (DDoS) is where the attack source is more than one–and often thousands–of unique IP addresses.

Criminal perpetrators of DoS attacks often target sites or services hosted on high-profile web servers such as banks, credit card payment gateways; but motives of revenge, blackmail or activism can be behind other attacks. DDoS attacks are often the intended use of a Botnet.


FAQ Category: Glossary

Cookies

A cookie is a piece of data that a website, or a third party that was commissioned or approved by the website, saves to users’ computers and is retrieved when the user revisits the website.

Usually cookies save information which is specific to the user of the PC, such as a unique identifier that links to information such as login or registration data, online “shopping cart” selections, user preferences, other sites a user has visited, etc.


FAQ Category: Glossary

Bundling

The practice of distributing multiple pieces of software together, so that when the software “bundle” is installed, multiple components may be installed. In many cases, bundling is a convenient way to distribute related pieces of software together. However, in some cases, unwanted software components, such as PUPs or harmful malware, can be bundled with programs users want and can be downloaded and installed onto their computers without notice or consent.


FAQ Category: Glossary

Browser Plugin

A Browser Plugin is a software component that interacts with a web browser to provide capabilities or perform functions not otherwise included in the browser. Typical examples are plugins to display specific graphic formats, play multimedia files, block ads or add toolbars which include search or anti-phishing services.

Plugins can also perform potentially unwanted behaviours such as redirecting search results or monitoring user browsing behaviour, connections history, or installing other unwanted software such as PUPs or harmful adware.

Types of browser plugins include:

  • ActiveX Controls: A type of Browser Plugin that is downloaded and executed by the Microsoft Internet Explorer Web browser.
  • Browser Helper Objects (BHOs)
  • Mozilla Firefox Extensions: A browser plugin specific to Mozilla Firefox and other Firefox-based browsers.

FAQ Category: Glossary

Botnet

A Botnet is a term used to describe a collection of PCs which are being controlled by a form of Remote Control Software, specifically a collection of zombie machines running malware under a common command. A botnet’s originator can control the group remotely.

Botnets can compromise computers whose security defenses have been breached and control conceded to a third party. Each such compromised device, known as a “bot”, is created when a computer is penetrated by software from a malware (malicious software) distribution.

The botnet is usually a collection of zombie machines running programs under a common command and control infrastructure on public or private networks. Botnets have been used for conducting large-scale attacks on networks, sending spam remotely, installing more spyware without consent, and many other illicit purposes.


FAQ Category: Glossary

Start Center

Start Center 1

The Spybot Start Center is the first screen that is shown when the Spybot program is launched.

By default, the Start Center will just display the basic tools of Spybot, but will allow you to access all of the advanced tools and features associated with the edition of Spybot you installed, such as the Secure File Shredder or Phone Scan features, make changes to Spybot’s Settings or automate tasks.

Start Center 2

Ticking “Advanced User Mode” in the bottom-left corner of the Start Center will allow you to see the advanced tools and features available for your edition.


FAQ Category: Glossary

Immunization

Immunization 1

Immunization pro-actively prevents malware from attacking your system by blocking access to sites known to contain malicious or unwanted software, blocking cookies that have just tracking purposes, and blocking browser plugins that are malware or similar.

Immunization 2

Immunization supports, next to the Windows hosts file, many major and even more niche browsers including Internet Explorer, Opera and Firefox, and many of the less common browsers based on Firefox.

Paid editions can automatically update immunization after Spybot updates using a scheduled task, created upon installation and customizable using Settings.


FAQ Category: Glossary

SbNet

sbNet (short for ‘Spybot Network’) is a business user edition of Spybot for enviroments where computers have a permanent connection to the network. This allows for the easy management of updates and scans from one central control point.

See our sbNet information page to learn more about the features of sbNet.


FAQ Category: Glossary

Pro Edition

Spybot 2 ‘Professional Edition’ adds even more features to the already feature-laden ‘Home Edition’ by including some more powerful tools, such as our well-known Secure File Shredder.

The Protected Repair Environment allows you to scan and fix machines already infected with very aggressive malware that stops security software from working. Finally the Boot CD Creator completes the Pro Edition. It will guide you through creating a Spybot 2 liveCD, a useful tool which allows you to do a ‘clean boot’ of your system and then scan in ‘offline’ mode.


FAQ Category: Glossary

Home Edition

The Home Edition of Spybot is what you need if you want to add anti-virus protection to the features of the Free Edition of Spybot. Spybot 2 ‘Home Edition’ also allows you to automate scanning, fixing, immunization and of course updating. This makes the product more convenient to use and improves your protection.

The supported ‘command line parameters’ will help you to tailor the level of automation you require. Users of the ‘Home Edition’ also get Priority email support.


FAQ Category: Glossary

Free Edition

If all you require is to be able to scan and remove malware and rootkits from your system. Or if you want to protect your PC by immunizing your browser and hosts file, the ‘Free Edition’ is the choice for you.

If you are a more experienced user you can also check various ‘autostart’ locations using the ‘Startup Tools’. Spybot 2 can scan single files or specific folders and unlike other software it doesn’t matter if the file is located on your local drives or on a network share.

Spybot 2 comes with its own whitelist which helps to identify if files are legitimate or not. This useful addition helps to speed up the scan. Even though this fully functioning product is free of charge you can still get free support by emailing our support team.


FAQ Category: Glossary

Safe Mode

Safe mode is a diagnostic mode of a computer operating system (OS). It can also refer to a mode of operation by application software. Safe mode is intended to help fix most, if not all problems within an operating system. It is also widely used for removing rogue security software.

An operating system in safe mode will have reduced functionality, but the task of isolating problems is easier because many non-core components are disabled. An installation that will only boot into its safe mode typically has a major problem, such as disk corruption or the installation of poorly configured software that prevents the operating system from successfully booting into its normal operating mode.

Though it varies by operating system, typically safe mode loads as few executable modules as possible and usually disables devices, except for the minimum necessary to display information and accept input. Safe mode can also take the form of a parallel “miniature” operating system that has no configuration information shared with the normal operating system. For example, on Microsoft Windows, the user can also choose to boot to the Recovery Console, a small text-based troubleshooting mode kept separate from the main operating system (and can also be accessed by booting the install CD), or to various “safe mode” options that run the dysfunctional OS, but with features such as video drivers, audio and networking disabled.

Safe mode typically provides access to utility and diagnostic programs so a user can troubleshoot what is preventing the operating system from working normally. Safe mode is intended for maintenance, not functionality, and provides minimal access to features.


FAQ Category: Glossary

Quarantine

A quarantine refers to a state of enforced isolation to prevent the spread of negative effects. In computer and network security, “quarantining” describes putting files infected by computer viruses into a special directory, so as to eliminate the threat they pose, without irreversibly deleting them.

The reason that malicious files are quarantined rather than deleted is so that they can be kept and studied, or can be removed from the quarantine again without any adverse effects if it is found that these files are safe and were falsely detected as malware.


FAQ Category: Glossary

Logs / Log Files

In computing, a logfile is a file that records either events that occur in an operating system or other software runs, or messages between different users of a communication software. Logging is the act of keeping a log. In the simplest case, messages are written to a single logfile.

Many operating systems, software frameworks, and programs include a logging system. A widely used logging standard is syslog, defined in Internet Engineering Task Force ((IETF) RFC 5424). The syslog standard enables a dedicated, standardized subsystem to generate, filter, record, and analyze log messages. This relieves software developers of having to design and code their own ad hoc logging systems.

You can create a Spybot Event Log by going to:
Start Center > Report Creator (If you do not see “Report Creator”, please tick “Advanced User Mode”)


FAQ Category: Glossary

Protected Repair Environment

When the user chooses the Protected Repair Environment, a new Windows Desktop is opened and the Start Center runs in such a way that other software cannot interact with it. This prevents keyloggers and other malware taking over control of Spybot, using the same security desktop separation technology that the Windows Login screen and the User Account Control dialogs use.

A practical use of the Repair Environment would be where Spybot itself cannot be started any more, where it repeatedly closes unexpectedly, acts erratically, or where it is known that malware is present on the system but it is not detected.


FAQ Category: Glossary

Proxy Server

A proxy server is a server which acts as an intermediary for requests from clients seeking resources from other servers.

A client connects to the proxy server requesting some service, such as a file, connection, web page, or other resource available from a different server and the proxy server evaluates the request as a way to simplify and control its complexity.


FAQ Category: Glossary

Renewal

Renewal is the action of extending the period of validity of a licence, subscription, or contract. With Regards to Spybot, this refers to the repurchasing of a License.

If you purchase a paid edition of Spybot, a license is sent out to you. Running this license file will upgrade the Free Edition of Spybot to the edition that was purchased, or will install the latest edition of Spybot and apply the license to this.

These licenses are valid for a fixed period of time, usually 1 year. If a Spybot license expires, that copy of Spybot will lose access to the features which were included in the paid edition of Spybot that was purchased, and it will be reverted back to the Free Edition.

Spybot license renewals must be done manually, and will never happen automatically. This ensures that you are never charged by Safer-Networking Ltd for a purchase you did not intend to make.


FAQ Category: Glossary

ProcAlyzer

ProcAlyzer is the name of Spybot’s process analyzer, which is used to analyze and show in-depth details about running processes on your PC.

Apart from the standard list of processes you can look into using the processes tab of the Task Manager, this will allow you to read living process memory, dump them onto your hard drive for studying, or even manipulate them in memory, changing the behavior of running applications. This tool can be useful in the fight against rootkits.

ProcAlyzer can be downloaded from our forum as a standalone tool, and is included in Spybot as one of it’s Startup Tools.


FAQ Category: Glossary

Phone Scan

Mobile devices are a rich target for tracking and advertising companies. Most free and some paid mobile apps are either displaying ads or using various tracking mechanisms.

While not available for modern mobile platforms directly yet, if Spybot is installed on a machine that gets synchronized with an iOS device like an iPhone, iPad, or iPod Touch, it is able to scan iTunes’ local copy of the synchronized apps for illegitimate and sometimes illegal tracking software that is included.

Due to the nature of iTunes and iCloud synchronization, the Spybot Phone Scan is unable to completely remove this software, but it can inform the user of the malware’s existence so that they have the choice of removing it directly on their device.


FAQ Category: Glossary

Malware

Malware, short for malicious software, is any software used to disrupt computer operation, gather sensitive information, or gain access to private computer systems. Malware is defined by its malicious intent, acting against the requirements of the computer user, and does not include software that causes unintentional harm due to some deficiency. The term ‘badware’ is sometimes used, and applied to both true (malicious) malware and unintentionally harmful software.

Malware may be stealthy, intended to steal information or spy on computer users for an extended period without their knowledge (e.g., Regin), or it may be designed to cause harm, often as sabotage (Stuxnet), or to extort payment (CryptoLocker). ‘Malware’ is an umbrella term used to refer to a variety of forms of hostile or intrusive software, including computer viruses, worms, trojan horses, ransomware, spyware, adware, scareware, and other malicious programs. It can take the form of executable code, scripts, active content, and other software. Malware is often disguised as, or embedded in, non-malicious files. As of 2011 the majority of active malware threats were worms or trojans rather than viruses.

Spyware or other malware is sometimes found embedded in programs supplied officially by companies, e.g., downloadable from websites, that appear useful or attractive, but may have, for example, additional hidden tracking functionality that gathers marketing statistics. An example of such software, which was described as illegitimate, is the Sony rootkit, a Trojan embedded into CDs sold by Sony, which silently installed and concealed itself on purchasers’ computers with the intention of preventing illicit copying; it also reported on users’ listening habits, and unintentionally created vulnerabilities that were exploited by unrelated malware.

Software such as anti-virus, anti-malware, and firewalls are used to protect against activity identified as malicious, and to recover from attacks.


FAQ Category: Glossary

License

The Spybot license is an executable file (.exe) which is sent to customers who have purchased Spybot.

When this file is run, it will check to see if a version of Spybot is installed. If a version is installed, the license will be applied to this version of Spybot, upgrading it from the Free Edition to the paid edition that was purchased. If a version is not installed, it will install the latest version of Spybot and apply the license to this.

If a customer loses their license, they can have it resent to them by filling out the Resend License Form.


FAQ Category: Glossary

Firewall

In computing, a firewall is a network security system that monitors and controls the incoming and outgoing network traffic based on predetermined security rules. A firewall typically establishes a barrier between a trusted, secure internal network and another outside network, such as the Internet, that is assumed to not be secure or trusted.

Firewalls are often categorized as either network firewalls or host-based firewalls. Network firewalls are a software appliance running on general purpose hardware or hardware-based firewall computer appliances that filter traffic between two or more networks. Host-based firewalls provide a layer of software on one host that controls network traffic in and out of that single machine.

Routers that pass data between networks contain firewall components and can often perform basic routing functions as well, Firewall appliances may also offer other functionality to the internal network they protect such as acting as a DHCP or VPN server for that network.


FAQ Category: Glossary

False Positive

False positive detections are common in the antivirus industry. They occur when a benign program is wrongfully flagged as malicious due to an overly broad detection signature or algorithm used in an antivirus product.

If you suspect Spybot has identified a legitimate program as malware, please fill in our False Positives form. This file/program will then be sent to our Detections Team for review. If it is found to be a genuine false positive, this information will be included in Spybot’s updates to prevent the program from being detected as malware in future.


FAQ Category: Glossary

Secure Shredder

Spybot’s Secure File Shredder is a tool used for destroying sensitive files on your PC in a way that ensures no data or information about these files can be retrieved at a later date.

The Spybot Secure File Shredder is included for home users in the Professional Edition of Spybot, and in all business user editions.


FAQ Category: Glossary

SDONACCESS.exe

This is a Spybot file associated with Live Protection. When Live Protection is enabled, it will scan processes which attempt to run on your PC before they are allowed to execute. The “SDONACCESS.exe” file is responsible for this.

When a file or program is run on a PC with Live Protection, SDONACCESS.exe will scan this file, and will allow the program to run if it does not detect a threat or malware.


FAQ Category: Glossary

Real-time Protection

See Live Protection for details.


FAQ Category: Glossary

RegAlyzer

RegAlyzer is a tool created by Safer-Networking Ltd which is used for browsing and changing the registry. It was created because there were a few features missing in the default regedit tool which we thought would be useful to users hoping to browse the registry in more detail, from support for exotic value types over background and regular expression search to better bookmarks, displaying .reg files in the accustomed style and a history view.

See here for detailed information on this tool including download and update information.


FAQ Category: Glossary

FileAlyzer

FileAlyzer is a tool used for analyzing files and displaying detailed information about them. This information includes file properties and contents in hex dump form, common file contents like resources structures (text, graphics, HTML, media, etc), encryption hashes and more.

See here for detailed information on this tool including download and update information.


FAQ Category: Glossary

Active After Every Reboot

If Spybot is installed on your PC, it should start automatically each time the computer is booted up. This ensures features like Live Protection are not inactive and your PC is protected. This feature can be enabled/disabled in MSConfig.

To access MSConfig, please open the Start Menu, type “msconfig” into the search bar, and open the “msconfig.exe” file that appears.

In MSConfig, go to the “Startup” tab.

Here, there should be either one or two entries for Spybot, depending on your edition. Please select/deselect these to enable/disable features of Spybot running when the computer starts up.


FAQ Category: Glossary

Live Protection

Live Protection is a Spybot feature which monitors all processes created or running on your system and scans them. Malicious processes are blocked even before they start.

If you have another antivirus engine running which also includes Live Protection, Real-Time Protection or some other equivalent, this should be disabled in either Spybot or your other antivirus as running more than one can cause issues.


FAQ Category: Glossary

Administrator

A PC Administrator (sometimes shortened to “Admin”) is a user who has permission to add, edit and remove any files or system settings on a PC. When a program is run as an administrator by right-clicking it and choosing the option to “Run as Administrator”, this program also has these permissions.

Many features of Spybot and other antivirus programs must be run as an Administrator to search through all files of your PC for malware and viruses, and to have the ability to remove malware when it is found regardless of the location of the file.


FAQ Category: Glossary

Adware

Adware, or advertising-supported software, is any software package that automatically renders advertisements in order to generate revenue for its author. The advertisements may be in the user interface of the software or on a screen presented to the user during the installation process.

The functions may be designed to analyze which Internet sites the user visits and to present advertising pertinent to the types of goods or services featured there. It can also refer to software that displays unwanted advertisements.


FAQ Category: Glossary

What malware does Spybot +AV protect against?

You will find the up to date list of detections by clicking here.

This list is constantly being updated as we detect new malware or find new varients of existing malware.


FAQ Category:

How to create a bootable CD

Creating a bootable CD involves a handful of steps that are explained in detail here.

Requirements

Windows Automated Installation Kit

The first thing you need is the Windows Automated Installation Kit, also called WAIK. This software includes all the Windows files that need to be put onto the CD, and tools to create that CD, which we cannot use, for legal reasons, from your current installation.

Trac3595-SDBootCD-WAIK-missing

If the WAIK is not installed, Boot CD Creator will offer you to download it. The download will happen in the form of a file ending with the extension .iso. To install the AIK, there are multiple ways, depending on your preferences:

  • use your favorite DVD burning software to burn this image to a real DVD; for example, with Windows Explorer itself, right-click the downloaded file, and press ”Burn” after having inserted a blank DVD.Trac3595-Explorer-on-WAIK-ISOTrac3595-Explorer-burn-WAIK-ISO
  • use a packer to extract the .iso to a subfolder; for example using 7-Zip,
    or WinRAR.
    Trac3595-SDBootCD-iso-extract
  • use an image mounting software like Daemon Tools to mount the image.

Once you’ve got there, you need to start installation from the place where you’ve burned or extracted or mounted the image.

Sometimes, the installation of the WAIK needs other software to be installed first. If it asks you to install DotNET, look for the exact version of DotNET requested, and install just that. Newer versions are not downwards compatible, but can co-exist. The WAIK install CD menu should offer installation of the correct DotNET.

Trac3595-SDBootCD-WAIK-found

Once the WAIK is installed, the Prerequisite panel within the Boot CD Creator will be shown with a green bar, and all other panels can be used now.

Configuration

Applications

Trac3595-SDBootCD-application-list

In Applications to include, you can select other applications that should appear on the CD. To do that, click the arrow button at the right to expand it. For standard malware cleaning, the standard setup to include Spybot 2 is sufficient.

Settings

Trac3595-SDBootCD-settings

All Settings can be skipped as well if you want to, they just provide you an option to customize the CD. The Shell selection allows you to let the CD start up like old Spybot CDs would do, but the new Safer-Networking Shell, which is default starting with Spybot 2.3, is recommended.

You can also select whether your computer will boot from the CD right away, or only if you press a key within a short amount of time. This is useful if you’ve got your boot order set to always boot from CD first and forget the CD within the drive.

Finally, by setting a language and country, you can control that the CD will for example accept your keyboard input instead of having a foreign mapping. This should default to your current systems language.

CD creation

Once you’re done checking the list of Applications and Settings, or right away if you just want to go ahead and skip them, the CD image creation panel is the one where you’ll get your CD. You can just accept the default location and press the Create CD image button. It might take a few minutes for Boot CD Creator to combine all the necessary files and create an .iso image of your bootable CD.

Trac3595-SDBootCD-creation

Again, burn this to a CD using your favorite application, or even use Windows Explorer, see above instructions on how to burn the WAIK ISO image, just do it on the file just created, usually stored at C:\SpybotBootCD\SpybotBootCD.iso.

CD usage

Make hardware boot the CD

To use your CD as a startup medium for your computer, you might need to tell it to look for bootable media in your CD-ROM drive. Most computers offer a key you can press right after powering it on.
Trac3595-BIOS-BootKey-hl

Once that key is pressed, you’ll get a menu representing all drives that could be used for booting, including the CD or DVD one.

Trac3595-BIOS-BootKeyMenu-hl

By selecting this drive, your computer will start the Windows version included on the CD.
Trac3595-SDBootCD-cd-booting

Using the CD

In contrast to your regular system, the CD will show a toolbar representing all actions that might be of help when it comes to using Spybot to clean or repair your computer.

Trac3595-SDBootCD-CD-showing-shell

Adding up to date signatures

If you want to use the CD regularly without having to recreate it with up to date signatures every time, you can update them by running updates from an attached USB stick.

Since Spybot is completely in memory when running from the CD, you should recreate an up to date CD from time to time to avoid updates to signatures getting too big and taking up too much memory.

Antimalware

Antimalware signature updates can be added using the manual 1.6 updater. This updater can be found on our Download page at the bottom.

Antivirus

To update antivirus signatures, you can download the full signature installer.

Scanning and cleaning

At the bottom in the ”Spybot 2 Basic” menu, you can initiate a ”System Scan”. From this point, you can follow the instructions in another “how to”.


FAQ Category: Boot CD Creator, Spybot 2, Spybot Tools

How to configure Notifications

Notifications Configuration

Notifications can be configured from the ”Notifications” tab in Spybot’s Settings. Pressing ”Edit” will open a details window where you can add, change or remove different notifications.

For the home user, the easiest and yet most powerful notifications are probably Pushover and Boxcar. Depending on the delivery methods you choose, you might need to provide some details for new notifications.

The Settings tab includes a ”Test” button you can use to check whether notifications are delivered as expected.

Boxcar

To set up delivery via Boxcar (e.g. to your iPhone, iPod or iPad), install Boxcar from the iTunes Store, then enter the e-mail address you use to set it up in Spybot.

Email via SimpleMAPI

If you’ve got a mail program installed and don’t just use e-mail through a webmail interface, your computer most likely supports SimpleMAPI. You need to set up the e-mail address that should be used as the sender, and the one to receive the notification.

One disadvantage (and advantage from another point of view) of this method is that the computer might first ask the user if the message should be sent, so it won’t notify right away on unattended computers.

Email via SMTP

The second e-mail method avoids the user confirmation, but needs more details. Next to the sender and receiver e-mail addresses, you need to specify the SMTP server information, including host name and, if necessary, username and password. You can find these details if your search your email providers documentation for the keyword ”SMTP”.

Growl

Growl is a desktop computer notification system well known on Macintosh computers, but also available for Windows. If you want a local Growl installation to notify you, you don’t need to enter any details. You can also set up remote computers running Growl to receive notifications, but in this case, they still need to be without password (we’ll be updating this feature to support password protected Growl installations in the future).

HTTP

HTTP notifications might be of interest to network administrators, since they allow easy communication with other existing services. To set up a HTTP notification, you just need to enter an URL to be contacted, and specify how details are transmitted. For example

http://localhost:22280/tell?title=<$TITLE>&text=<$TEXT>&url=<$URL>&urltitle=<$URLTITLE>

The templates that can be used as part of the URL are:

  • <$TITLE>: will be replaced with title of notification.
  • <$TEXT>:will be replaced with text of notification.
  • <$URL>: will be replaced with URL of notification, if specified.
  • <$URLTITLE>: will be replaced with title of URL of notification, if specified.

Jabber/XMPP

XMPP is the protocol used by Google Talk (if you haven’t started using Hangout) or Facebook Messenger, as well as many independent providers. To set it up, you need the same details you would need to set it up in any other Chat application (like for example Pidgin).

  • host (required): specify Jabber server hostname.
  • port (optional): specify Jabber server port, defaults to 5222.
  • username (required): specify username to log into server.
  • password (required): specify password of user to log into server.
  • to (required): comma-separated lists of receivers.

Logfile

You can have all notifications written to a file as well, to be able to check what you should have received, for example. You’ll need to specify the name of the file notifications should be appended to, and can optionally adjust how each notification should look like using the following templates:

  • <$TITLE>: will be replaced with title of notification.
  • <$TEXT>: will be replaced with text of notification.
  • <$URL>: will be replaced with URL of notification, if specified.
  • <$URLTITLE>: will be replaced with title of URL of notification, if specified.
  • <$CRLF>: a line break

Pushover

To set up delivery via Pushover (e.g. to your Android smartphone or tablet, iPhone, iPod or iPad), install Pushover Notifications from the iTunes Store or Google Play Store, then enter your Pushover key. You can find this key by starting Pushover and looking for it on its Settings page.

SNPP

The Simple Network Paging Protocol is for the tech savvy administrator and can be used to communicate with existing network paging. There also are SNPP to SMS services on the Internet that could be used to set up SNPP to inform you via Short Message Service. Setup needs the host name and pager ID, with optionally a port if it’s not the default. These settings are provided by the SNPP provider.

Spybot Tray

This is the default notification – Spybot’s tray icon will show text in the lower right corner of your screen whenever new notifications are distributed.

Syslog

Syslog is another service for network communication of system messages, in use only by tech savvy administrators. Host and optionally port can be provided here.

Windows Alert message

This notification method will simply have a Windows message be shown on your desktop. If the computer in question is running Terminal Services, the session ID can be specified as well. Unless you are looking for special Terminal Services solutions, you probably should simply be using the Spybot Tray notification if you want a message on your desktop.

Windows Event Log

This notification method needs no configuration – when added, it will write entries to the Windows’ event log. This can help administrators to get a better understanding of relations of malware appearance to other system events.


FAQ Category: Notifications, Settings, Spybot 2

How to start your system using Spybot’s Boot CD?

The Boot CD Creator allows you to create a bootable CD to repair or clean your computer.

Some computers are set up to prefer booting from bootable removable media if inserted, others do have this feature disabled to protect the computer from infections coming from untested media.

Most computers allow you to press a special key while booting to select the device to boot up from:

Press key during boot

Press key during boot

If you manage to identify which key it is and press it in time, you’ll get a choice of bootable devices; pick the CD-ROM there:

Pick CD-ROM from boot menu

Pick CD-ROM from boot menu

If you are unable to enter a boot menu, which allows you to boot from something else than the hard disk in that single instance, you can change the general boot order. Enter the BIOS first by pressing the BIOS key, then locate the boot order setting and move the CD-ROM to the top:

BIOS boot order

BIOS boot order


FAQ Category:

Why do I see “Internet protection: basic” in Spybot’s Start Center?

SDDisableProxyResultIf your Internet protection is set to ‘Basic’ the most likely reasons are that when the software was installed the default setting was ‘Disabled’ or when updates were installed the setting was changed automatically. This setting can also be changed by the user.

The ‘Proxy’ feature filters all Internet traffic thus it can reduce your browsing performance. While this provides maximum protection it can sometimes be annoying. We therefore issued an update to 2.1 and released a new Software installer (Spybot 2.1.20 SR 1). This update turns off the Proxy and so the Start Center to display “Internet protection: basic” instead of “full”.

If speed is not an issue and you want all data coming from the internet to be filtered, you can enable the proxy by opening the Start Centre selecting ‘Settings’ clicking the “Internet Protection” tab and ticking the box ‘Use Spybot proxy’.


FAQ Category: Internet Protection, Known Issues, Settings, Spybot 2

How to write my own detection rules?

If you decide to create detection rules on your own, you should visit our Wiki,                          which offers an overview and descriptions to the available rules and file parameters.                    You should also visit our OpenSBI forum .


FAQ Category: Open SBI, Spybot 2, Spybot Tools

How to refresh the system whitelist?

When you first install Spybot +AV you will have the option to create a whitelist. This is a list of programs that are known to be safe. This will speed up the scanning process as these files will not be scanned in the future unless they have been altered in some way.

30 days after the time Spybot +AV was installed this option will no longer appear in the ‘Start Center’. The reason for this happening is that it is recommended not to create a whitelist on systems that have been in use for some time as you may ‘whitelist’ files that have become infected.

If you want to refresh your whitelist and the option is no longer available in the ‘Start Center’ it can still be done manually. To do this navigate to the folder where Spybot is installed, locate the executable file ‘SDPrepPos.exe’ and run it. You will now be prompted to create a whitelist.


FAQ Category: Spybot 2, Start Center, Whitelist

How to remove the system whitelist?

 

You can delete the whitelist file in the Includes sub-folder of the Spybot – Search & Destroy install folder, which is by default:

Windows XP:

C:\Program Files\Spybot – Search & Destroy 2\Includes\PosSystem.sbs

Windows Vista or higher:

C:\Program Files (x86)\Spybot – Search & Destroy 2\Includes\PosSystem.sbs

 


FAQ Category: Spybot 2, Start Center, Whitelist

How to create a report?

You have different options to create logs with Spybot – Search & Destroy.

1. The easiest would be after a scan. After performing a System Scan with Spybot 2 you can choose “Save scan log…” from the navigation bar on the left. You can now choose where to save the log.

2. You can also start from the Start Center to create a more detailed report. After choosing the “Advanced User Mode” by ticking the checkbox to activate it you can click on “Create Report”. Make sure the lastest logs are available and are activated. Now click on “Create log archive”. The log file archive is now on your Desktop.

3. If you also want to create a HijackThis log please open the Spybot 2 Start-Center.
Choose the “Advanced User Mode” by ticking the checkbox to activate it. Now click on “Startup Tools”. If being asked what you want to do choose “Save a log file”. Go the tab “Logs”. Make sure all 10 checkboxes are ticked on top. Now click on “Create SBSD log” and “Create HJT log”. Afterwards click on the “Save” button. You can now choose where to save the log.


FAQ Category: Report Creator, Spybot 2, Spybot Tools

How do I use the quarantine feature?

If you want to restore previously removed files for whatever reason you can do this via the Quarantine module. Quarantine can be either launched via the Start Center or can also be found in SDTray’s program list.
Just right click on the Spybot – Search & Destroy icon in your system tray beside the Windows clock and navigate to “Basic Tools“ → “Quarantine“. Once “Quarantine“ has been started feel free to select the product you want to restore and hit “Restore selected“.
If you want to get rid of fixed entries permanently just hit the purge selected button.


FAQ Category: Quarantine, Spybot 2

In which languages is Spybot – Search & Destroy available?

Spybot 2.4 is currently available in the following languages:

  • English
  • Croatian
  • French
  • German
  • Hungarian
  • Italian
  • Polish
  • Russian
  • Spanish
  • Ukrainian

Spybot 2 is also being translated into other languages by volunteers, which will take some time. Other languages will be added in later versions of Spybot 2.


FAQ Category: General, Languages, Settings, Spybot 2

How to enable/disable plugins?

Available plugins can be managed by accessing the Spybot’s Settings using the Start Center or the Spybot taskbar tray icon.

To do this using the Settings, go to:
Start Center > Settings (tick “Advanced User Mode” if you do not see “Settings”) > System Integration

To do this using the taskbar tray icon, right-click the Spybot tray icon and go to:
Advanced Tools > Settings
In Settings, choose “System Integration”.

Available plugins can be installed or uninstalled using the right-hand side of the System Integration window.


FAQ Category: Settings, Spybot 2

How to enable/disable services?

You can manage Spybot – Search & Destroy’s services in the Settings module. You can either access the “Settings“ module via the Spybot’s Start Center (you have to switch to advanced mode previously) or via SDTray (the small Spybot 2 icon beside your systems clock in the taskbar) → “Advanced Tools“ → “Settings“.
Once “Settings“ has been opened switch to the “System Services“ tab. Depending on your operating system you can change the status via a drop down menu (Windows Vista and higher).
If you are running Windows XP you can “Start“ or “Stop“ the services via the button to the right.
If you want to un-/install a service, just right click and select “Un-/Install“. With the checkbox “Active after every reboot“ you can change the service’s behavior on system start. Beside the configuration options in the Settings module, you can also edit the Services via the Windows service management console.


FAQ Category: Settings, Spybot 2

How to enable/disable non critical dialogs?

Spybot – Search & Destroy can show you plenty of assistant dialogs.
If you disabled those dialogs by mistake, you can re-enable these dialogs easily via “Settings“. You can either access the “Settings“ module via the Spybot’s Start Center (you have to switch to advanced mode previously) or via “SDTray“ (the small Spybot 2 icon beside your systems clock in the taskbar) → “Advanced Tools“ → “Settings“. Once Settings has been opened switch to the “Dialogs“ tab and make sure the checkbox “Show various non-critical dialogs“ has been marked.


FAQ Category: Settings, Spybot 2

How to exclude products from the search?

You can edit the ignore list in the “Settings“ module to exclude a product from further searches. In order to do so you have to run the Start Center, switch to “Advanced User Mode” and then open “Settings”. Now browse to the “Ignore List“ tab. Via the “Add“ button you will get a list of products to be excluded. Just select the product you want to exclude and hit “OK“.
Settings can also be launched via SDTray (the small Spybot – Search & Destroy icon beside your systems clock in the taskbar).


FAQ Category: General, Spybot 2, System Scan

How to switch to another language?

Spybot – Search & Destroy supports different languages. You can easily switch to your favorite available language.
You can either access the settings module via the Spybot’s Start Center (you have to switch to advanced mode previously) or via “SDTray“ (the small Spybot 2 icon beside your systems clock in the taskbar) → “Advanced Tools“ → “Settings“.
Once “Settings“ has been opened switch to the “Language“ tab and click on the desired language.


FAQ Category: Languages, Settings, Spybot 2

How to disable the proxy?

Here is how to disable the proxy:

  • Open the Spybot – Search & Destroy “Start Center“.
  • Click on “Advanced User Mode” at the bottom left of the “Start Center”.
  • Rightclick on “Settings“ and choose “Run as administrator”.
  • Choose the tab “Internet Protection”.
  • Here you can untick the checkbox in front of “Use Spybot proxy”.

You can also access this setting by choosing “Configure Proxy“ in the “Updater“ menu on the left.


FAQ Category: Settings, Spybot 2, Spybot Proxy

How does the new update service work?

Updates are installed automatically when using a paid Edition.
Spybot – Search & Destroy will create a task to keep your Spybot 2 up to date automatically.
Regardless if you are logged in as an administrator or not, thanks to the Update Service Spybot 2 will be able to update every file without any further interaction.
To have a look or change the scheduler entries, please open the Updater and select “Configure schedules” from the navigation bar on the left.
You can also access this setting by opening the Start Center,clicking on Settings and choosing the tab Schedule.
Here you can Add, Edit or Remove Scheduler entries. It is recommended to use the default entries here that have been created by Spybot 2.


FAQ Category: Spybot 2, Updates

Why do I get a bad checksum error?

If you search for updates and a ‘bad checksum’ error is displayed, this has a simple reason – millions of people trying to download from the same server. Please try again later.
Or download the updates manually.
Please use the Spybot – Search & Destroy program folder as Destination Folder to store the update:
(by default)
Windows XP: C:\Program Files\Spybot – Search & Destroy 2
Windows Vista or Windows 7 or Windows 8: C:\Programs (x86)\Spybot – Search & Destroy 2


FAQ Category: Spybot 2, Updates

Why does Spybot – Search & Destroy freeze when doing an update?

SDUpdate can freeze up if the servers are reacting very slowly. This can happen the day new updates are released (usually on Wednesdays), when too many people try to download them at the same time. But Spybot 2 isn’t really freezed up, it’s just delayed. There are a few solutions for this problem:
1. Wait a minute, it should be active again.
2. You can still use the manual updater.
Download the current one and install it, and you’ll be up-to-date. Here is the direct-update-link where you can reach the latest update everytime.
Please use the Spybot 2 program folder as Destination Folder to store the update, by default:
Windows XP: C:\Program Files\Spybot – Search & Destroy 2
Windows Vista or Windows 7 or Windows 8: C:\Programs (x86)\Spybot – Search & Destroy 2


FAQ Category: Spybot 2, Updates

What files do I need to update?

A general recommendation is that you download all updates presented when you do a “Search for updates”. Updates usually can be divided into the following categories:

Essentials
The files listed here are Spybot program files that are needed by Spybot to run properly. It is highly recommended to download files suggested for download in this section.

Support
These files are also important to be kept up to date. They are used e.g. for the Whitelisting.

Detection updates :
Responsible for the detection rate are these files. That is why it is highly recommended to download them whenever there are updates available.
These are usually named:
Detection rules, Advanced detection library, Detection support library or Some plugin.

Help updates:
As the name already indicates, these are for those who like to read up some information on Spybot 2.


FAQ Category: Spybot 2, Updates

Why do I receive “Error retrieving update info file“?

1. The error message “Error retrieving update info file” usually appears when Spybot – Search & Destroy has accidently imported bad Internet Explorer proxy settings. In this case, it helps just to disable the proxy option in Spybot 2. You can access this setting by choosing “Configure Proxy“ in the Updater menu on the left. Or you open the Spybot 2 “Start Center“ and click on “Settings“. Choose the tab “Internet Protection“. Here you can deselect “Use Spybot Proxy“. Now click “Apply“ and “OK“.

2. Please check your firewall.
Most people who do not have problem #1 do have Spybot 2 accidentally blocked in their firewall.

3. If nothing else works, you can still use the manual updater, which is available on the website:  Detection Updates


FAQ Category: Spybot 2, Updates

How to update?

Using a Home or higher Edition updates are automated. Spybot – Search & Destroy will create Windows task scheduler entries to keep your Spybot 2 up to date automatically. Regardless if you are logged in as an administrator or not, thanks to our Update Service Spybot 2 will be able to update every file without any further interaction from you. Of course manually updates like in the Free Edition are possible, too.
To perform the updates manually:
Please open the “Spybot 2 Start Center” by double clicking. Now activate the “Advanced User Mode” at the bottom by ticking the check-box. Under “Advanced Tools” you will find “Update” which you can simply tick.
Here you have two options:
You can use the “Update” button on the lower right or choose “Update” through the menu on the left. You also have the possibility to start the Updates through the Spybot 2 tray icon (on the lower right of your Desktop beneath your clock). Just rightclick the Spybot 2 tray icon and choose “Update”.


FAQ Category: Spybot 2, Updates

Are there any known compatibility issues?

There should be no problems with the compatibility.
If there are issues concerning realtime components, you can disable Live Protection or services that could cause this conflict in Spybot’s Settings.


FAQ Category: General, Spybot 2

Why does SDCleaner/SDDelfile run on every startup?

Sometimes Spybot – Search & Destroy can not delete all files. Some files used by Windows are running in the background. If you would delete these files before the application they are involved in ends, your system might become instable. That is the reason why you sometimes have to restart your system to complete the cleaning process.
In this case the SDCleaner/SDDelfile destroys the found items, before they are activated. If you do not want this option you can easily disable it in the SDCleaner itself. Go to the Spybot 2 folder, by default:
Windows XP: C:\Program Files\Spybot – Search & Destroy 2
Windows Vista or Windows 7 or Windows 8: C:\Programs (x86)\Spybot – Search & Destroy 2
and open the SDCleaner.exe.
Uncheck the checkbox in front of “Run cleaner on system startup”.


FAQ Category: General, Spybot 2, System Scan

How to switch to the free version?

Once your licence has expired Spybot – Search & Destroy will show you a dialog offering three choices. If you want to continue using Spybot 2 without renewing your licence just choose “Switch to Free Edition“.


FAQ Category: General, Spybot 2, Spybot License

Is there any replacement for TeaTimer / Resident?

With each paid Spybot 2 Edition there is the new Live Protection available. This Live Protection monitors every process created or running on your system and scans each process. Malicious processes are blocked even before they start. If you have another antivirus engine running you can choose to disable Live Protection.
Live Protection allows the user to choose to run or suppress any starting process.


FAQ Category: Live Protection, Settings, Spybot 2

Does Spybot – Search & Destroy Support Windows 8?

There should be no problems with the compatibility under Windows 8 (also 64 bit):
http://www.safer-networking.org/about/compatibility/
For all those using Windows 8.1, please use Spybot 2.2 or later. Spybot 2.2 solves any incompatibility issues and allows to run Spybot on Windows 8.1 systems.

 

 

 


FAQ Category: General, Spybot 2

Are there any command line parameters that can be used?

Depending on the installed version of Spybot – Search & Destroy you can use command line parameters to automate Spybot’s tasks.
To get a list of the available command line parameters run cmd.exe and browse to the Spybot 2 directory.
That is by default for Windows XP:
C:\Program Files\Spybot – Search & Destroy 2
and for Windows Vista, Windows 7 or Windows 8:
C:\Programs (x86)\Spybot – Search & Destroy 2

Now type “modulename.exe /help”, e.g.“SDScan.exe /help“.


FAQ Category: General, Spybot 2

Why do other spyware programs appear to find spies in Spybot – Search & Destroy’s directory?

Please have a look at the path where such a program has found the spyware.
As Spybot 2 has no spyware integrated, this must be a false alarm.
The reason for such a false alarm is simple: Spybot 2 saves quarantine files of the problems you have fixed, to make it possible to recover them in case something has stopped working after the fix.
If the file found is in the Quarantine directory which would be here:

Windows XP: C:\Documents and Settings\All Users\Application Data\Spybot-Search & Destroy\Quarantine

Windows Vista or Windows 7 or Windows 8: C:\Users\All Users\Spybot-Search & Destroy\Quarantine

it is such a quarantine file. It is no longer of any harm, as the file cannot be started anymore.
But once you are sure you do not need the backup, go to the Quarantine section inside Spybot 2 and purge those files.
Current versions compress the quarantine files into password-protected zip archives,
thus avoiding other spyware applications will give false alarms.
Some programs might notify you that they cannot access these zip archives – this can easily be ignored.

As the quarantine files are named after the threat some programs might also naively detect the backups as threats just because of the file name. This can also be ignored.


FAQ Category: General, Spybot 2

Is Spybot – Search & Destroy compatible with WinPE/BartPE bootable?

Yes, Spybot 2 offers full support for PE in general and PEBuilder.
You can download the necessary plugin here, or just run Spybot-S&D from your harddisk after booting a PE disk.
Once run from your bootable PE CD, Spybot 2 will automatically scan all registry and drives it can find. Furthermore we have our own bootable edition.
Spybot 2 Personal Edition includes the BootCD Creator which makes creating a Boot CD child’s play.


FAQ Category: Boot CD Creator, Spybot 2, Spybot Tools

Is Spybot – Search & Destroy compatible with other resident protection?

Usually there are no problems with the compatibility.

If you also plan to use the Live Protection of Spybot +AV together with your already installed antivirus software, you might experience a decrease in system speed.
In general we recommend to run only one AV solution.


FAQ Category: General, Live Protection, Settings, Spybot 2

What is the Repair Environment?

Executing the Repair Environment opens a new Windows Desktop in which the Start Center runs to allow the use of Spybot – Search & Destroy in a way where other software cannot interact and manipulate it as easily.
The Windows Login screen and the User Account Control dialogs use the same technology to prevent keyloggers and other malware to have access and control.
A practical use of the Repair Environment would be where Spybot 2 itself cannot be started any more, where it repeatedly closes out of the blue, seems to take actions on its own, or where malware that is known to exist on the system and that is known to be detectable does not appear in Spybot’s results.


FAQ Category: Repair Environment, Spybot 2, Spybot Tools

Why does Spybot – Search & Destroy flag changes in the Windows Security Center?

Spybot 2 detects registry changes associated with Microsoft Security Center;
they are listed as “Windows Security Center”. This is neither a false positive nor a bug.
It is just an information about a potential threat – Spybot 2 only wants to bring to your attention that someone or something disabled one or more notifications in the Windows Security Center, e.g. the notifications that your virus protection is not active or not up-to-date.
If you changed the settings yourself you can safely tell Spybot 2 to exclude those detections from further scans.
In order to do so you have to run the Start Center, switch to advance mode and start Settings.
Now browse to the “Ignore List“ tab. Via the “Add“ button you will get a list of products to be excluded. Just select the product you want to exclude and hit “OK“.
Settings can also be launched via SDTray (the small Spybot 2 icon beside your systems clock in the taskbar).
The same is true if you have another security solution installed (like McAfee Security Center or Norton Internet Security).
These programs disable announcements of Window Security Center in order to signal things by themselves.
The reason why the changes are flagged by Spybot 2 is that there are also malware programs that disable the notifications so the user does not take note of his security tools not being effective.
More information is available in our forum: Windows Security Center


FAQ Category: General, Spybot 2

What can I do if Spybot – Search & Destroy freezes during the scan?

1. Please disable all other security programs that you run and close all other programs during the work with Spybot 2.
2. Also run a scan in safe mode.
3. It should also help to deactivate the scanning for usage tracks and Cookies.
In order to do so you have to run the Start Center, switch to advance mode and start Settings.
Now browse to the “Categories“ tab. Here untick the checkboxes in front of “Malware detection –  Cookies.sbi“ and “Usage Tracks – Tracks.uti“.
Afterwards hit “Apply“ and “OK“. Settings can also be launched via SDTray
(the small Spybot 2 icon beside your systems clock in the taskbar).
4. If this does not help, please delete the contents of your Windows temp folder and try it again.
5. Also, you might want to disable the “Create system restore point“ when fixing spyware/usage tracks option.
Therefore run the Start Center, switch to advance mode and start Settings.
Now browse to the “Dialogs“ tab. Disable the checkboxes in front of Cleaner:
“Offer to create a system restore point.“ and “Create restore point if dialog not shown.“.
Afterwards hit “Apply“ and “OK“.


FAQ Category: Known Issues, Spybot 2, System Scan

Why does Spybot – Search & Destroy also remove IE toolbars that seem useful to me?

Nearly all add on IE toolbars make the web access easier for you.
Sadly, to tailor their information to your needs, they need to collect data about you;
and most privacy statements are unclear about how they do use this data beside sending you what they think is what you want.


FAQ Category: Spybot 2, System Scan

What is the immunization feature and what are the other permanent protection options?

Spybot – Search & Destroy offers the Immunization – a feature to allow you to immunize your computer against certain spyware.
It also allows you to use native browser settings to block cookies, malware installations,
bad websites and other threats via ActiveX.


FAQ Category: Immunization, Spybot 2

Which browsers does Spybot – Search & Destroy support?

Spybot – Search & Destroy has dedicated support for most browsers.
It can, for example immunize these browsers, or create restricted access shortcuts for your safety.
Where we list product versions, these are the ones that have been tested;
other versions are likely to be supported depending what changes have been made to them.
Unlisted browsers that are clones of listed browsers are also likely to be supported
(e.g. most IE based browsers and many Google Chrome variants use the same cache location and formats).

Internet Explorer & clones

Mozilla based browsers

Opera browsers

Opera (4, 6.x, 7.x, 8.x, 9.x, 10.x)

Webkit based browsers

Other browsers


FAQ Category: General, Spybot 2

Why did the Whitelist link disappear (from the Start Center)?

The option to create a whitelist is only being offered on systems that are not older than 30 days.
If your system has been installed more than 30 days ago, the Whitelist Creator can not be started via the Start Center. If you still want to create a whitelist you can use the ‘SDPrepPos’ in the Spybot – Search & Destroy program folder, by default:
Windows XP: C:\Program Files\Spybot – Search & Destroy 2
Windows Vista or Windows 7 or Windows 8: C:\Programs (x86)\Spybot – Search & Destroy 2

Warning:
A Whitelist should only be created on a system that is known to be uninfected.
We recommend that you only use it on a new system, after all software has been set up,
but before connecting it to the Internet.


FAQ Category: Spybot 2, Start Center, Whitelist

Why are some of my favourite internet sites blocked?

In that case the immunization has to be undone. To do so run the Start Center and click on “Immunization“. On the navigation bar on the left you can “Undo immunization“.
Please note: Now the bad downloads will not be blocked any longer! You may have to restart your computer. Then try again to open your favourite pages. Do not forget to Immunize again after visiting that page.


FAQ Category: Immunization, Internet Protection, Known Issues, Spybot 2, Spybot Proxy

Why does the immunization “not work”?

On Windows Vista / Windows 7 / Windows 8, you need to run the immunization with elevated privileges, otherwise all global immunizations will fail.
To elevate, right-click the Spybot – Search & Destroy shortcut and choose Run as Administrator.
Spybot 2 will offer you to run the Immunization elevated if you do not run it as described above.
If you have chosen to not have this dialog shown again when it was previously shown,
you can re-enable it by using the Dialogs tab of the Settings window.

If you think nothing has been immunized, please make sure you have clicked on “Check system” which can be found on the navigation bar on the left. This will check for already applied immunization.

In order to immunize correctly please close all open browsers.
Also using more than one security software with resident protection can cause conflicts.
Please take a look at this thread in our forum: Various reasons for incomplete immunization


FAQ Category: Immunization, Spybot 2

Why did the Startup Tools assistant dialog disappear?

This dialog will only be displayed for a limited period of time.
Once Startup Tools has finished loading all registry and file details,
the dialog will disappear and Startup Tools will switch to the main window.


FAQ Category: Spybot 2, Spybot Tools, Startup Tools

How to revert to a backup?

In order to revert to a registry backup, run Windows in Safe Mode.

Be sure that hidden files are shown.
Now execute the two files (or maybe it is just one of them) regusers.reg and reglocal.reg in the following folder:

Windows XP: C:\Documents and Settings\All Users\Application Data\Spybot – Search & Destroy\Backups\

Windows Vista or Windows 7 or Windows 8: C:\ProgramData\Spybot – Search & Destroy\Backups\

Answer Yes when prompted to add its contents to the Registry.
Subsequent please reboot.


FAQ Category: General, Spybot 2

How to download Spybot – Search & Destroy?

There are two options to download Spybot 2:

  1. You can choose a download location on our website. The displayed mirrors are either partners who provide servers to host Spybot, or our own servers. You can download from any of these, they are secure and all provide the latest version of Spybot.
  2. You can also choose the direct installation file.

Please always run Spybot as an Administrator to ensure it can function correctly, and download all updates before performing a scan.


FAQ Category: Download & Installation, Spybot 2

Are the found items really Rootkits?

Malware sometimes uses rootkit technology to hide itself at system level.
This makes it undetectable for standard tools. Our plugins help Spybot – Search & Destroy to detect this form of malware.
Our Rootkit Scan tool shows anything that uses certain rootkit technologies. But items with rootkit properties detected here are not necessarily malware. Sometimes, legit software uses rootkit technologies to hide registration data or other information it does not want the user to see in any case. So please keep in mind that a Rootkit Scan only flags suspicious stuff, not identifying just bad stuff. If you get ‘No admin in ACL’ this thread in our forum should help explaining. If you are not sure about the found items, please ask for ‘help’ in our RootAlyzer Forum before you delete anything. The deletion is final and can not be recovered through the Quarantine. If you still want to remove the found items it is strongly recommended to create a system restore point before doing that.


FAQ Category: RootAlyzer, Rootkit Scan, Spybot 2, Spybot Tools

How to Uninstall Spybot 2

Spybot – Search & Destroy will uninstall from the Windows Add/Remove Software control panel without problems. The following directories will not be removed during the uninstall procedure, if you want those folder to be deleted, you will have to remove them by hand:

Windows XP: C:\Documents and Settings\All Users\Application Data\Spybot – Search & Destroy\
Windows Vista or Windows 7 or Windows 8: C:\ProgramData\Spybot – Search & Destroy (Please note that the Application Data Folder is hidden. So if you cannot find this folder please check your folder properties.)

Explanation: this folder contains the backup (the quarantined files) that Spybot 2 creates. If the Uninstall would remove this folder as well, this would mean that those backups would be gone. We saw it a few times that new users uninstalled Spybot 2 in panic after they have experienced a small problem, thus removing the backup that would have undone any changes.


FAQ Category: Download & Installation, Spybot 2

How to use Scripting?

The script editor allows you to create complex malware detection patterns using our OpenSBI syntax and the Pascal language. A most simple script that you also implement using a simple .sbi file as well would be this:

begin sbiFile(‘<$FILE_DATA>’,’\Malware.txt’,’filesize=182,md5=83C36C493D7A254F9DE2ED63B3F92548′); end.

Now imagine you want some user input or custom calculation, because malware is individual to your system.

var sName, sFilename: String;
begin
    InputQuery(‘Username’, ‘Please enter’, sName);
    sFilename := ‘C:\Users\’ + sName + ‘\test.txt’;
    sbiFile(‘test’, sFilename, ‘filesize=10’);
    ShowMessage(‘Did look for ‘ + sFilename);
end.

This demonstrates interaction with the user. In reality, you could of course just use the proper path template for scanning all users directories (see the OpenSBI Wiki). Also, the use of scripting will be more in complex calculations and conditions than user interaction.


FAQ Category: Open SBI, Spybot 2

How can I get administrator rights under Windows Vista / Windows 7 / Windows 8?

To open Spybot as administrator, simply right click on the Spybot desktop icon or the start menu icon and click “Run as Administrator”:

Admin Rights

Then you can right-click on the module’s icon you are about to run and select “Run as administrator”

.


FAQ Category: General, Spybot 2, Start Center

How to renew my licence?

Once your licence is about to expire there are different ways to easily get a renewal. You can either use our order form or run the Start Center and select “Renew licence” in the “Your licence is expiring soon” dialog.


FAQ Category: General, Spybot 2, Spybot License

Where will I find documentation for the Spybot-S&D Update and Configuration Server?

The manual for the Spybot S&D Update and Configuration server is copied to your disk when when you install the product. If you want to you can also download a copy from this location: Spybot S&D UCS manual

 


FAQ Category: Spybot 1.6, sbNet

What is SDHelper?

Resident SDHelper is a second layer of protection for Internet Explorer. The immunize function blocks installers by their ActiveX ID, whereas SDHelper blocks badware that tries to enter using a different method. Thus Internet Explorer cannot download bad files. You start SDHelper by clicking on ToolsResident on the left navigation bar (therefore Spybot-S&D has to run in Advanced Mode). There you can tick the checkboxes next to Resident “SDHelper” (Internet Explorer bad download blocker) active in order to activate SDHelper.


FAQ Category: General, Spybot 1.6

Why do I get a “HTTP Error 403” or “bad checksum” error?

If you search for updates and a “HTTP Error 403” or “bad checksum” is displayed, this has a simple reason – millions of people trying to download from the same server.

In order to overcome the problem, please have a second look at the update menu bar after searching for new updates. Therefore choose Update from the navigation bar on the left. Now you will see the update menu bar. It has a pull-down item to select a mirror. Click the arrow beside it, and select a different location (first try the ones located nearest to you), where you will most probably have better chances to download.

You can also download the updates manually, either from our Website or by using the direct download link. Just download and run that file – it is self-installing.


FAQ Category: Spybot 1.6, Updates

ActiveX

ActiveX is a Microsoft technology that allows Internet applications that are more powerful than simple scripts. ActiveX applications do work only in Internet Explorer, so the use of ActiveX on websites is not recommended. Due to the huge amount of influence ActiveX apps can have on the system (ActiveX apps have access to the same files you have access to, meaning all files in the case of most private computers), it is recommended to be very careful if dealing with ActiveX.

There are two types of ActiveX apps – signed and unsigned. The code of unsigned ActiveX apps hasn’t been certified and should never be trusted. Signed ActiveX apps are certified, but can still contain malicious code! Signed ActiveX apps should be trusted only if coming from trusted websites and only on a prompt base (meaning that IE settings will ask every time a website wants to load an ActiveX app).

Many dialers and hijackers install themselves using ActiveX applications.


FAQ Category: Glossary

BHO, Browser Helper Object

Also called BHO. A BHO is a small program that extends Microsoft’s Internet Explorer. Examples of BHO usage include visible add-on toolbars in IE, but can also be hidden functions. Ad- and spyware as well as browser hijackers often use BHOs to display ads or follow your moves across the internet, because a BHO has access to each URL you visit and can redirect you or display other pages than you requested (ads, for example).
BHOs often use ActiveX installation programs.

 


FAQ Category: Glossary

Dialer

A dialer is a very small program, often installed using the ActiveX technology. Dialers often promise access to free porn, free games or free cracks for commercial software. Once installed, a dialer offers to use your dial-up device to call in to the service, usually calling a quite expensive toll number. Some dialers explain the costs of the connection they will be making, like it is required by local law in some countries, but many dialers just display a button offering to connect, without informing the user of what is happening behind it. In the worst case, the dialer sets up the expensive number as the default Internet connection, meaning the user will have to pay high rates for being online, without even knowing it until receiving the next bill.


FAQ Category: Glossary

Browser hijacker

A browser hijacker is a small program or registry setting that is responsible for changed IE start and search pages. If your browser starts with a different start page (one you haven’t changed yourself), you most probably got hijacked. Intelligent hijackers do not only change these pages, but also add a small file that will restore the hijacked settings upon each system start. Hijackers often use ActiveX installation programs and/or security holes.


FAQ Category: Glossary

Hosts file

The hosts file is a plain text file on your computer that is used by the operating system to map hostnames to IP addresses. The hosts file could be compared to a telephone directory; you look up a name in the directory and you find a number to call to contact that person.

When you type in a hostname in your Internet browser your system first checks its local hosts file to see if it has an IP address that corresponds to the hostname. If the entry exists you are redirected to that IP address otherwise your system checks elsewhere to try to resolve the hostname to an IP address.

So if you want to block an internet website, you could simply associate the sites hostname to a safe IP address in your hosts file. For example you could associate www.evil.com with the IP address 127.0.0.1 which is the local address of your computer.


FAQ Category: Glossary

Java applet

A Java applet is capable of doing more than just a JavaScript, but hasn’t got the full access to your machine like a full Java application.
An applet still needs the browser to be run in, while a full Java application could run stand-alone (using just the runtime engine).


FAQ Category: Glossary

Java script

A Java script is a  small program that is runs on your computer when visiting websites that have embedded such a script on the web page.
Java scripts have little access to your computer, but can modify your browser.


FAQ Category: Glossary

Keylogger

The name keylogger was defined back in old DOS times, where computers where handled just by using a keyboard. The most basic keyloggers back from that time just log the keys you press. The spy, a person with physical access to your machine, could get that log at a later point and see everything you typed.

Modern keyloggers are much improved. They do not only log the keys you press, but make also screenshots to show the spy what Windows you are working with, the capture information about your internet use, and much more. The spy doesn’t even need physical access to your machine because many current keyloggers send their logs by mail.


FAQ Category: Glossary

LSP, Layered Service Provider

A Layered Service Provider is a system driver linked deep into the networking services of Windows. It has access to every data entering and leaving the computer, as was as the ability to modify this data. A few such LSPs are necessary to allow Windows to connect you to other computers, including the Internet. But Spyware may also install itself as an LSP, thus having access to all the data you transmit. LSP are currently used by CommonName, New.Net, NewtonKnows and webHancer.


FAQ Category: Glossary

Mirror

On the Internet, a mirror site hosts copys of files of another Internet site. Mirrors are most commonly used to provide multiple sources for the same download, and are a way to distribute large amounts of data traffic among multiple Internet hosts.


FAQ Category: Glossary

Passwords

To protect the privacy of data on a system passwords or pass phrases along with a username. This allows you to identify yourself to the system and to verify that you are who you say you are.

There are some very important things to remember about passwords:-

1. Do not tell your passwords anyone. If you are asked by someone for your password, and you are in doubt about their identity the best reaction is to say ‘no’. if they tell are a system administrator they are more than likely not telling the truth as they should already have access to this information.

2. When choosing your password, don’t choose something that others could simply guess. Don’t use the name of your spouse or cat, or the company name printed on your computer or monitor. While the best thing would be a random string of characters and numbers and even special characters, if you really need something that is easy to remember, take parts of words and combine them into something that you can still speak, but that gives no sense. Attach a few numbers to it to be on the safer side.

3. Don’t write your password down on a ‘post-it’ attached to your screen, or anywhere on your workspace. If you need to write it down, put the paper with it into your wallet, but never anywhere visible.

4. Don’t save a file with all your passwords on your computer. If you can’t remember them all, write them down. If you really want to save them in a file, encrypt that file. There are many good free utilities that will allow you to safely store your passwords. One such program is available from this site: http://keepass.info/.


FAQ Category: Glossary

PUPS

The acronym PUPS stands for Possibly Unpopular Software and defines software that shows dubious behavior and is likely to be unwanted. In many cases it is hard to find sufficient factual proof for malware status even though its malevolence is rather obvious by intuition.


FAQ Category: Glossary

Registry

The registry could be described as  a database, located on your computer, that stores most configuration data (beginning from low-level configurations like which drivers for which graphics card are to be loaded up to program-specific configurations like which start page Internet Explorer should display).
The registry is hierarchically structured, meaning it is built like a tree.

If you want to have a look at your registry, you can do so by typing regedit at a command prompt. But be warned: do not change anything until you feel very comfortable with the registry contents!

 


FAQ Category: Glossary

Scripts

Scripts are programs written to automate tasks that would normally require human intervention. For example a script could contain a series of commands that are part of a command interpreter.

Scripts can also contain commands specific to the application you want to control, for example to tell a spreadsheet application to take the values from every third row, sum them up and create a graphic.


FAQ Category: Glossary

Skins

Skins are files that allow you to change the appearance of Spybot-S&D. These appearance changes are mostly color changes, so you could also call them Color Schemes instead of Skins.


FAQ Category: Glossary

Spyware

Spyware is software that transmits personally identifiable information from your computer to a location on the internet without your knowledge.

Spyware is typically not the product you install itself, but small add-ons, that you may or may not disable during install. In some cases a EULA may refer to these add-ons. Typically most users don’t read the complete EULA and might not know they have spyware on their system.

Adware is a less threatening sort of program. Adware is similar to spyware, but does not transmit personally identifiable information, or at least the collector promises not to sell it. Instead, aggregated usage information is collected, and sent somewhere on the internet.

Adware is also often a side-effect of spyware, as both monitor you for a sole purpose – delivering you advertisements that are especially tailored to your habits.

Another kind that is detected under the spyware category is tracking cookies. Cookies are used all over the internet in useful and less useful places. Advertising companies often set cookies whenever your browser loads a banner from them. In that case and if that cookie contains a GUID, the company gets a notice about every site you visit that contains their ads.


FAQ Category: Glossary

Trojan horse

A ‘Trojan Horse’ or Trojan is named after the Greek myth. It is a program that has been installed on you computer without your knowledge.

It usually carries a payload of malicious code, that could for example allow surreptitious external connections to your computer. Some trojans leave ports open so as anyone can connect to your computer, others restrict access to certain users.

Once access is gained the intruder can do anything from monitor your behaviour to taking complete control.

There are many ways Trojans can infect your computer. A person with physical access to your machine can place it there, but you can also accidentally install it yourself by opening an infected email attachment.


FAQ Category: Glossary

Usage tracks

Usage tracks are the history of websites you visited, web pages pages you have opened, documents you have read or edited, programs you have run and other information recording your activities that is stored on your computer.
This information is useful as it can speed up access to data. It is stored on your system in locations where users would not normally see it (for example the registry).

One of the downsides to storing your usage tracks is that attackers may use this information to steal your identity and compromise your system. The advanced features in Spybot S&D can remove some of the most important and common tracks on your system.


FAQ Category: Glossary

DDoS (Distributed Denial of Service) attack

A DDOS attack is an attempt to make a computer or network resource unavailable.
A network of compromised systems (which are usually infected by a Trojan virus) is used to target a single system. The targeted system is flooded with traffic and thus becomes unavailable.’


FAQ Category: Glossary

Rootkits

A rootkit is a type of malware that can hide the existence of certain processes or programs.

These processes or programs can evade normal methods of detection. If your computer is infected with a rootkit it will reload itself each time your computer is restarted.

If an attacker can gain root or Administrator access they can install a rootkit. This can be done by exploiting a known vulnerability, aquiring a password or by social engineering. Emails with attachments are one of the most common attacks. A seemingly innocent attachement can carry a dangerous payload. Once the malware is installed it becomes possible to hide the intrusion as well as to maintain privileged access. Most rootkits disable or circumvent software that might otherwise be used to detect it.

A ‘clean boot’ and scan or reinstallation of the operating system may sometimes be the only available solution to this type of infection.


FAQ Category: Glossary

ISO

An ISO or disk image is a file that contains a complete copy of a CD. ISO images are often provided so you can burn your own bootable CD.
Once you download an ISO image to your hard drive, you can burn your own copy of the CD providing you follow the correct instructions for burning an ISO, it is not sufficient to just copy the file to a CD.


FAQ Category: Glossary

How to make a backup

In order to revert to a registry backup, run Windows in Safe Mode.
Be sure that hidden files are shown.

Now execute the two files (or maybe it is just one of them) regusers.reg and reglocal.reg in the following folder:

Windows 95 or 98: C:\Windows\Aplication Data\Spybot – Search&Destroy\Backups\
Windows ME: C:\Windows\All Users\Application Data\Spybot – Search&Destroy\Backups\
Windows NT, 2000 or XP: C:\Documents and Settings\All Users\Application Data\Spybot – Search&Destroy\Backups\
Windows Vista: C:\ProgramData\Spybot – Search &Destroy\Backups\
Answer Yes when prompted to add its contents to the Registry. Then reboot.


FAQ Category: General, Spybot 1.6

How to disable Spybot-S&D temporarily

You only need to disable the resident feature of Spybot-S&D. And that is the way to deactivate it: Run Spybot-S&D, switch to the Advanced mode via the menu bar item Mode → hit Yes → select Tools in the navigation bar on the left → Resident and there you can untick the checkboxes in front of the two tools.

But warning! Then you will not have resident protection!

 


FAQ Category: Spybot 1.6, TeaTimer

How to download Spybot-S&D

There are two options to download Spybot-S&D:

You choose a download location on our website. The displayed mirrors are partners who provide places to host Spybot-S&D for us. You can download from them, it is secure and they all contain the same data.
You choose the direct installation file.
Please search for new updates after installing Spybot-S&D.


FAQ Category: General, Spybot 1.6

How to exclude products from the search

Click on a problem in order to highlight it.

Then right-click on it  to see how to exclude it from further searches.


FAQ Category: Spybot 1.6

How to disable the proxy

Open the Settings section and go to the Settings page. Locate the Use proxy entry in the Automation – Web update category, and disable it.


FAQ Category: Spybot 1.6

How to make a recovery

Please make sure you have all updates installed.
Restore the files you deleted with Spybot – Search & Destroy: Run Spybot-S&D, select Spybot-S&D → Recovery from the left bar and restore all the files and entries which are in association with the item that should be restored.

After following these steps please try again. Be sure that all the Explorer windows are closed. You might to have to restart your computer for the changes to take effect.


FAQ Category: General, Spybot 1.6

How to enable the Select all button

Go to Settings → Settings → Expert settings. Enable both options (3) to get the Select all buttons.


FAQ Category: Spybot 1.6

How to export the Startup list

Click the Tools section
Select the System startup tool
Click your right mouse button somewhere on the list
Choose Export… from the context menu that will appear. A dialog will pop up where you can select the name of the text file you want to save the report to.


FAQ Category: General, Spybot 1.6

How to switch the language

The option to change languages is on the  the third menu.


FAQ Category: General, Spybot 1.6

How to Uninstall Spybot 1.6

Spybot-S&D will uninstall from the Windows Add/Remove Software control panel without problems.

If you want to completely get rid of Spybot-S&D and the Add/Remove does not help, you can delete the installation folder (usually C:\Program Files\Spybot – Search & Destroy\).

If you just want to upgrade to a newer version, please follow the same instructions like above and then install the new version.

After following these instructions please restart your system so that the changes can take place.

Also, neither the automated uninstall nor the manual uninstall like described above will remove the following directories, which you will have to remove by hand:

Windows 95 or 98: C:\Windows\Aplication Data\Spybot – Search & Destroy\
Windows ME: C:\Windows\All Users\Application Data\Spybot – Search & Destroy\
Windows NT, 2000 or XP: C:\Documents and Settings\All Users\Application Data\Spybot – Search & Destroy\
Windows Vista: C:\ProgramData\Spybot – Search & Destroy\
(Please note that the Application Data Folder is hidden. So if you cannot find this folder please check your folder properties.)

Explanation: this folder contains the backup (the quarantined files) that Spybot-S&D creates. If the Uninstall would remove this folder as well, this would mean that those backups would be gone. We saw it a few times that new users uninstalled Spybot-S&D in panic after they have experienced a small problem, thus removing the backup that would have undone any changes.

 


FAQ Category: General, Spybot 1.6

How to update

Since version 1.5 Spybot-S&D is kept up to date by the Updater, a separate tool. To start it, please click on Update in the navigation bar. If you want to, you can also click on the button Search for Updates – then the window showing additional update types (2.) is skipped and you start immediately with the server list (3.).
If you have clicked on Update a new window opens. There you can select two additional update types: beta and language updates. To go on, please click on Search.
Select a download location (the nearer to you the better) and click on Continue.
Select all available updates who are relevant for you (detection updates are already preselected). By clicking on Download you download them. Updates will be installed without any further action needed.


FAQ Category: Spybot 1.6, Updates

How can I prevent users from changing the options in Spybot S&D?

You can deny users access to Spybot S&D’s configuration by defining the Settings password.

See section Generic client settings in the web interface of Spybot S&D Update and configuration Server. After this the user is prompted for this password before he or she can change Spybot S&D’s configuration.


FAQ Category: Spybot 1.6, sbNet

Why does reconfiguring paths in the Server configuration section of Spybot S&D Update and Configuration Server not work for me?

When reconfiguring the paths in the Server configuration section, the corresponding directories must exist.
If the directories do not exist any changes you make will not be saved.


FAQ Category: Spybot 1.6, sbNet

Why can my clients not reach the Spybot S&D Update and Configuration Server?

Check the firewall settings of the computer the Spybot S&D Update and Configuration Server is running on.
Also make sure the port it is listening on (port 80 by default) is not used by another network service like a general purpose web server.


FAQ Category: Spybot 1.6, sbNet

How can I monitor the scans performed on the client PCs?

Configure your email address and your account data for the SMTP server in the web interface of the ‘Spybot S&D Update and Configuration Server’ (UCS). Logs of the scans on the clients will be emailed to the email account you selected.<br><br>

If you are running Spybot S&D as a scheduled task, you must configure it to use the SMTP protocol directly instead of the installed system default mailer. This can be done via the option Mailer application on the Client settings page of the Spybot S&D UCS.


FAQ Category: Spybot 1.6, sbNet

Why do I receive the error message that there is a problem in Hijackers.sbi and I should look into the Include errors.log file?

This error usually is the result of updates you have missed or installed only partially. To solve the problem, please install all updates checked by default at least, if not all. If you do not want to use the update function of Spybot-S&D, take a look at the download page here and download all manual updaters.

The background of this problem are extensions to the detection engine which provide new ways of detecting malware. These updates are usually labeled Plugin, contrary to the weekly Detection update, and might therefore be overlooked. Since version 1.4 Spybot-S&D allows you to hide these messages, but this is generally not recommended since missing plugins might mean missing or reduced chances to find the latest malware.


FAQ Category: Error Messages, Spybot 1.6

Why do I receive the error message “ws2_32.dll missing” (and others)?

Spybot – Search & Destroy 1.4 was incompatible with Windows 95, while version 1.3 or earlier and version 1.5 and later are compatible. However, the lack of following updates usually causes problems:

HTML Help 1.3
If you receive the message “Error message: HHCTRL.OCX is missing”, you are probably using an old version of Internet Explorer, thus the needed HTML help components are not installed.
Winsock2
If you receive the message “Error message: WS2_32.DLL is missing”, you need a Winsock update for Windows 95. More information is available in Microsoft’s knowledgebase.
Active Accessibility 1.3
Spybot-S&D tries to support solutions for disabled people, so you need to install the Active Accessibility runtime package if you receive complaints about problems in oleacc.dll.
Common Controls
Spybot-S&D might also need this update if things are not probably displayed or you receive messages about other missing functions.
Shell Folders
If you are running one of the older Windows 95 releases and do not even have Internet Explorer 4, you need this update for a newer SHFolder.dll, which is responsible for the Application Data folder used by many applications to store data.
We recommend these Windows 95 updates in any case, and we have included an option to download and install missing updates in the installer of Spybot-S&D 1.5 and later.


FAQ Category: Error Messages, Spybot 1.6

Why do I receive the error message “No Zip File specified” when I update or fix?

This happens if you have ZipMagic from Aladdin Systems (to my knowledge it came from Ontrack before) installed. ZipMagic displays all zip files as folders, and even denies other applications access to the real zip file.

To allow another application direct access to zip files, ZipMagic has a setting somewhere on its Options page. You need to add SpybotSD.exe there. Instructions from kind user follow:

Open the ZipMagic properties.
Click on the icon Applications at the left.
Check the option These applications see Zip files as files.
Press the Add… button.
Select the SpybotSD executable in the dialog appearing (usually C:\Program files\Spybot – Search & Destroy\SpybotSD.exe).
This will tell ZipMagic to allow Spybot-S&D access to zip files again.


FAQ Category: Error Messages, Spybot 1.6

Why do I receive the error message “framedyn.dll is missing”?

You will find more information on this error on Microsofts support pages or on our Forums.


FAQ Category: Error Messages, Spybot 1.6

Why do I receive the error message “User abort”?

Did you use a beta version of Spybot – Search&Destroy earlier? We recommend a fresh install of Spybot – Search&Destroy. Please uninstall your version of Spybot – Search&Destroy considering this information. It is important to use the very small fix described there.

Then, make a fresh install of Spybot – Search&Destroy. You will find links to several download locations on our download page. You will also have to update your new version using the integrated updater (or download the manual updaters as well). This should solve the problem.

More informations about this problem is available in our forum:

SB Automatically “User Aborts”
Spybot Scan aborts itself
scan aborted by user
Scan aborted ny S&D with no input, please HELP
User Abort
Scan aborts prematurely


FAQ Category: Error Messages, Spybot 1.6

Why do I receive the error message “Problems in the include file (Trojans.sbi)”?

Probably you use a dated version of Spybot-S&D. Please download our current version Spybot – Search & Destroy 1.6.2. That should fix it. You will find links to several download locations on our download page.


FAQ Category: Error Messages, Spybot 1.6

Why do I receive the error message “Server name or address could not be resolved”?

During the installation Spybot tries to download the updates. Whenever a connection attempt to the update server fails, such a message is displayed.
You can disable this function in the wizard itself.
Just untick the checkbox in front of “download updates during installation” or “Download Updates immediately”.
The updates can be downloaded later on.

There is a ‘How To’ on our website that explains in greater detail how you go about downloading updates.


FAQ Category: Error Messages, Spybot 1.6

Why do i receive the error message “No disk in the drive”?

This is a known problem which can occur in Windows. The problem is usually caused by having Drive C assigned to a device with removable media. If you have that situation then either put media in Drive C or reassign the device to another letter.

For instructions for reassigning the device to another letter please refer to Microsofts website.


FAQ Category: Error Messages, Spybot 1.6

What should I do if my Internet programs stopped working?

If a spy is removed, the application that has installed it may no longer work . Spybot-S&D is able to replace a few spies with harmless dummies, but sometimes this is not possible. In this case you should either search for a good alternative that comes without spy- or adware, or use the Recovery option in Spybot-S&D to restore the spy.

In the later case, you can do it step by step, until you find the files that are absolutely necessary for the spy. So you can keep at least some files from your system, like the data saved about you


FAQ Category: Known Issues, Spybot 1.6

Why does my network react very slowly after inserting the Hosts File?

Please refer to this faq for more information: http://accs-net.com/hosts/faq.html#19


FAQ Category: Known Issues, Spybot 1.6

Why are some of my favourite Internet sites blocked?

This problem may be caused by the Immunization or the bad download blocker in Spybot – Search & Destroy. Please open the Tools menu in your Internet Explorer and choose Spybot – Search Destroy Configuration. There you will find a drop down menu where you should select Ask for blocking confirmation. If you want to visit a blocked website choose Allow.

If this does not solve the problem, please run Spybot-S&D and select Spybot-S&D → Immunize in the navigation bar on the left. Please click Undo. Then run Spybot – Search & Destroy and switch to the Advanced mode via the menu item Mode. Now select Tools → Resident from the navigation bar on the left. Please untick the checkbox in front of the Resident “SdHelper” (Internet Explorer bad download blocker) active.

But please note: Now the bad downloads will not be blocked any longer! Maybe you have to restart your computer now. Then try again to open your favourite pages. Do not forget to Immunize again after visiting that page.


FAQ Category: Known Issues, Spybot 1.6

Why are there some items left to immunize?

Vista users

On Vista, you need to run the immunization with elevated privileges, otherwise all global immunizations will fail. To elevate, right-click the Spybot-S&D shortcut and choose Run as Administrator.

Spybot – Search & Destroy 2 will offer you to run the Immunization elevated if you do not run it as described above. If you have chosen to not have this dialog shown again when it was previously shown, you can re-enable it by using the Dialogs tab of the Settings window.

Computer Associates Yahoo! Anti-Spy blocks a few immunization entries in category Internet Explorer (32/64 bit). One of the unimmunized domains would be koolynoody.net currently. CA AntiVirus 8.4.0 might block a larger amount of entries.
More information about this can be found in threads tagged immunization vs. ca.
AVG Antivirus users

AVG Antivirus blocks immunization of about 30 to 120 entries in the Internet Explorer category.
More information about this can be found in threads tagged immunization vs. avg.
ZoneAlarm users

ZoneAlarm blocks all immunization of the area Windows: Global (Hosts) by protecting this file against changes. To overcome this protection, you could temporarily lift the lock from ZoneAlarms Firewall > Advanced tab. Don’t forget to relock it after immunization.
More information about this can be found in threads tagged immunization vs. za.
STOPzilla users

STOPzilla blocks all immunization of the area Windows: Global (Hosts) by protecting this file against changes. To overcome this protection, you could temporarily lift the lock. To do so:
Open Stopzilla
Click “Real-time Protection”
Click “Active Enforcers”
Click “Network”
Click “Hosts File” to uncheck it
Click “Apply”
Click “OK”
Do not forget to reverse this procedure after you’ve completed immunization. Thanks go to forum user michaelbmcgee for this instructions.
More information about this can be found in threads tagged immunization vs. stopz.
Firefox 2 users

Firefox profiles can be both for Firefox 2 and Firefox 3 at the same time, and just based on the profile folder, it might be a bit difficult to guess which one the user is using. Spybot-S&D 1.6.0 therefore tried to be future-compatible and assumed that a profile would be for Firefox 3 if it has not been clearly identified.

There is a trick though how you can enforce it to be identified as a Firefox 2 profile. Go to C:\Documents and Users\Username\Application Data\Mozilla\Firefox\Profiles\something.default, which is your profile folder (path might be slightly different depending on the OS).

If there is no file named hostperm.1 but one named permissions.sqlite with a filesize of 0 bytes, rename the latter hostperm.1.
If both files exist, delete the file permissions.sqlite.
If only pemissions.sqlite exists and is larger than 0 bytes, delete it and create an empty file named hostperm.1 .
More information about this can be found in threads tagged immunization vs. ff2.
Spybot-S&D 1.6.1 and 2.0 will recognize Firefox 2 vs. Firefox 3 using other criteria which should be less error-prone.


FAQ Category: Known Issues, Spybot 1.6

Why has the number of scanned items been reduced (and now searches for only a few items)?

Probably not all file sets are activated for the scan. You can solve this problem as follows:

Please run Spybot – Search & Destroy and switch to Advanced mode via the menu bar item Mode, then select Settings → File Sets in the left bar. There, please right-click somewhere into the list and choose Select all available checks.


FAQ Category: Known Issues, Spybot 1.6

Why can I no longer access my IE settings?

Internet Explorer tells you to contact your administrator when you try to access the IE settings?

This can happen if you use Spybot-S&D in advanced mode and you have used the Immunize feature without reading all the text.

Please start Spybot-S&D again in advanced mode (usually from the Start menu group Spybot – Search & Destroy, until you have already changed the desktop icon to advanced mode).
Select Tools in the left bar, then IE tweaks.
There you will see a group Recommended miscellaneous locks. Untick the checkboxes in front of both Lock IE… options.
You may need to close all Explorer windows, and maybe even restart Windows before these changes take place.
Hint: this lock function has been added mostly for multi-user environments in which you would not want other users of your computer to change your IE settings. If you are the only user of your computer, there is no real need to enable them.


FAQ Category: Known Issues, Spybot 1.6

Why does Spybot-S&D not scan network drives (shares)?

Scanning network shares sounds like a good idea at first – the scanner needs to be installed only on a single machine and one person can do the scan. To simply remove installers, this is not a bad idea at all, so Spybot-S&D allows to add network shares as well in its Download directories setting.

But scanning for and removing files on other computers can be dangerous as well. Most threats are not only files, but also linked by registry entries – removing just the files would cause the ‘cleaned’ Windows to produce a lot of errors. But while those messages may be harmless (and remote registry cleaning could at least be added for NT/2000/XP/Vista), there is an even worse case – some threats need to be removed by using API calls. Removing LSP hijackers by just deleting their file will disable the network access of the cleaned machine, and repairing LSPs by fixing the registry is not fail-safe either.

That is why an anti-spyware tool needs to be run on each machine. We are developing a client/server scanning system that will work in network environments.


FAQ Category: Known Issues, Spybot 1.6

How can I disable the notifications popping up when a download was blocked (e.g. Avenue A, Inc., DoubleClick)?

This message is created by the bad download blocker for IE, a tool of Spybot-S&D. Since version 1.5 the feature of the silent bad download blocker is in a different place than in older versions.

Please open the Tools menu in your Internet Explorer and choose Spybot-S&D – Configuration. There you will find a drop down menu (see screenshot below) where you should select Block all bad pages silently. With that option set the notifications will no longer come up, but you will still have the protection.


FAQ Category: Known Issues, Spybot 1.6

Why are some products set to be ignored by default?

CDilla and SideStep are listed in the ignore products by default. Please see the topic Why are CDilla & SideStep checked in Ignore Products? in our forum.


FAQ Category: Known Issues, Spybot 1.6

What can I do if Spybot-S&D freezes during scan?

Please disable all other security programs that you run and close all other programs during the work with Spybot – Search & Destroy.

Also run a scan in safe mode:
http://www.computerhope.com/issues/chsafe.htm
That should fix it.

It should also help to deactivate the scanning for usage tracks and Cookies.
Please run Spybot-S&D and switch to “Advanced mode” via the menu bar item “Mode”. Now select “Settings” –> “File Sets” in the navigation bar on the left. The checkboxes in front of “Usage tracking, Beta.uti, NewTracks.uti and Tracks.uti” have to be unticked if you do not want to find usage tracks anymore. For excluding Cookies from the search deactivate the checkbox in front of Cookies.sbi.

If this does not help, please delete the contents of your Windows temp folder and try it again. Also, you might want to disable the Create system restore point when fixing spyware/usage tracks option on the settings page.


FAQ Category: Known Issues, Spybot 1.6

Why does Spybot – Search & Destroy slow down my System?

Maybe you run more than one security software that interferes with each other. The resident protection of Spybot – Search & Destroy monitors the processes the whole time, so that nothing bad gets on your system – that can slow down your pc a little bit. If you do not want to have this feature you only need to disable the resident protection.

Please run Spybot-S&D and select “Spybot-S&D” –> “Immunize” in the navigation bar on the left. Please hit “Undo”. Then open Spybot – Search & Destroy in the Advanced mode via the menu item Mode. Now select ‘Tools’ – ‘Resident’ from the navigation bar on the left. Please untick the checkboxes in front of the two tools.


FAQ Category: Known Issues, Spybot 1.6

Why does Spybot-S&D run automatically on every pc start?

Maybe you have automated your Spybot.
Open Spybot in the advanced mode via the menu item mode, go to ‘tools’->’System Startup’
Then mark the following entry and remove it: C:\Program Files\Spybot – Search & Destroy\SpybotSD.exe” /autocheck

If this does not help maybe this is due to the message during the scan “It is recommended that you reboot and scan again to find items that may be uncovered only after a reboot.”

If you need to you can download the latest version of Spybot S&D from our website and also download a new advcheck.dll file.

Move those two files: SpybotSD.exe and advcheck.dll to your program installation folder, and accept to replace the old ones.


FAQ Category: Known Issues, Spybot 1.6

Why does Spybot-S&D not open anymore?

1. Please try to rename the SpybotSD.exe into iexplore.exe or firefox.exe and try to run it.

Using Windows Explorer navigate to:

C:\Program Files\Spybot – Search & Destroy

In the Tools menu select Folder Options

In the Folder Options dialog select the View tab.

Uncheck the following option:

Hide protected operating system file (Recommended)

Click the Apply button.

Click the OK button.

The SpybotSD.exe should be visible now.

Rightclick the file and choose rename.

Give it a different name like iexplore.exe or firefox.exe and try again to run it.

2. If this does not help you might be infected with a Rootkit. We need some logs now to locate the infection that is mostly hidden deep in your system. Please download our free RunAlyzer from our website.

Now, run the RunAlyzer and choose “Logs” from the menu bar above. Now create a “SBSD log” and a “hjt log” and choose “Save”. You can save the files to your desktop. Please attach these files to your e-mail.

3. Please download our RootAlyzer. Here is the direct download link: http://www.spybotupdates.biz/files/rootalyz-0.3.4.47.zip

Please set your computer to show all files.

Double-click My Computer.

Click the Tools menu, and then click Folder Options.

Click the View tab.

Clear “Hide file extensions for known file types.”

Under the “Hidden files” folder, select “Show hidden files and folders.”

Clear “Hide protected operating system files.”

Click Apply, and then click OK.

Please select the tab ‘deep scan’ and let it fully scan your Pc. The scan will take a moment, please be patient. After the scan is done please click on ‘pack suspicious files’ which is located right at the bottom. This will create a .cab file on your desktop which contains the log and the suspicious files the scan has found. Please attach this .cab file to your next mail.

4. Please also download GMER: www.gmer.net and let it do a full scan on your pc. Subsequent you will be allowed to save the log created during the scan. Please also send us this log.

5. Please also try this tool: RootRepeal

Here is also the direct download link: http://ad13.geekstogo.com/RootRepeal.zip

Unzip the file to the folder

Start RootRepeal.exe

Select “Report” tab

Click “Scan” button

Select following scan options: Drivers, Files, Processes, Stealth Objects, Hidden Services

Click “OK” button

Select your hard drive with the installed operating System and click “OK” button

Save Report via Clipboard or click “Save Report Button” to save a text file

Please send the report files to our detections department. You will find the address on our website.


FAQ Category: Known Issues, Spybot 1.6

How do I edit the Blacklist & Whitelist in resident TeaTimer?

Please right-click the Resident icon in the system tray Spybot-SD Resident and select Settings. There you will find four lists for remembered decisions (allowed/denied processes and registry changes). In order to remove an entry, just click on the cross next to it. TeaTimer will then “forget” this decision and you will be asked again the next time.


FAQ Category: Spybot 1.6, TeaTimer

How do I disable the TeaTimer notifications?

TeaTimer will inform you about all changes  in the registry whether they good or bad. There are so many registry keys that it is impossible to classify them by default. So the user needs to decide whether to allow it or not. The TeaTimer made snapshot files when you started it the first time and the tool is comparing the current registry with the snapshot files.

If you want to make new snapshot files please shutdown the TeaTimer with the Resident icon and then start it manually from the Spybot S&D program folder. There is no possibility yet to hide the popups which remind you which keys are blocked. As a workaround, you can only make new snapshot files.


FAQ Category: Spybot 1.6, TeaTimer

What is the Resident TeaTimer?

The Resident TeaTimer is a tool of Spybot-S&D which constanty monitors the processes called/initiated. It immediately detects known malicious processes trying to start and terminates them giving you some options on how to deal with this process in the future. You can set TeaTimer to:

– inform you when the process tries to start again

– automatically kill the process

– or allow the process to run

There is also an option to delete the file associated with this process.

In addition, TeaTimer detects when something wants to change some critical registry keys. TeaTimer can protect you against such changes again giving you an option: You can either Allow or Deny the change.

The TeaTimer is always running in the background.


FAQ Category: Spybot 1.6, TeaTimer

Why does Resident TeaTimer terminate the application before asking?

Because threats like toll dialers are time critical – they cost from the first second they have connected.

In order to protect you, these have to be terminated before they can connect.


FAQ Category: Spybot 1.6, TeaTimer

Why is TeaTimer called TeaTimer?

We used to forget that our tea when it was brewing. This led to us having to drink cold very strong tea. To overcome this serious problem we built a small tool with a system tray icon to remind us! We called this tool TeaTimer.

When we started to develop the Resident tool for Spybot-S&D, we also needed a system tray icon for this. As we do not like having too many icons in the system tray, we decided to put both tools together and kept the name TeaTimer.

A future version of the Resident tool might have the functions of the original TeaTimer again if our users request it!


FAQ Category: Spybot 1.6, TeaTimer

Why does TeaTimer crash during the Windows shutdown (System Settings Protection Error Message)

Please make sure that you have the most current version of Spybot-S&D installed – version 1.6.2.

To see which version number and/or updates of Spybot-S&D you are using please run Spybot-S&D and choose “Help”, “About” in the menu bar.

There you can see which version you have and which updates are installed.


FAQ Category: Spybot 1.6, TeaTimer

Why does the TeaTimer use so much memory / has such a high CPU load?

When the computer is running for a long time without a standby, reboot, or shutdown sometimes memory consumption of  can slightly increase.

If you think TeaTimer is consuming to much memory you could try rebooting. Usually TeaTimer will take up 35-50MB of RAM. Seeing that modern PCs built today have more RAM and resources, 80MB should be nothing.

If this does not help you can disable TeaTimer as follows:

– Go into Spybot – Mode – Advanced Mode – Tools – Resident.

– Uncheck the following: Resident “TeaTimer” (Protection of over-all system settings) Active.


FAQ Category: Spybot 1.6, TeaTimer

Why does Spybot-S&D also remove IE toolbars that seem useful to me?

Nearly all IE toolbars make the web access easier for you.
Sadly, to tailor their information to your needs, they need to collect data about you;
and most privacy statements are unclear about how they use this data beside sending you what they think is what you want.


FAQ Category: Detections, Spybot 1.6

Why do other spyware programs appear to find spies in Sypbot-S&D’s directory?

Please have a look at the path where such a program has found the spyware. As Spybot-S&D has no spyware integrated, this must be a false alarm.

The reason for such a false alarm is simple: Spybot-S&D saves backups of the problems you have fixed; to make it possible to recover them in case something stops working after the fix.

If the file found is in the Recovery directory inside the Spybot-S&D directory, it is such a backup. It is no longer of any harm there, as the file will not be found and loaded from there. But once you are sure you do not need the backup, go to the Recovery section inside Spybot-S&D and purge that files.

Current versions compress the recovery files into password-protected zip archives, thus avoiding other spyware applications will give false alarms. Some programs might notify you that they cannot access these zip archives – this can easily be ignored. As the recovery files are named after the threat some programs might also naively detect the backups as threats just because of the file name. This can also be ignored.

In recent weeks there was a noticeably high number of cases where other anti-virus and anti-spyware programs wrongly detected parts of Spybot-S&D, which probably has to be traced back to insufficient testing at these companies.


FAQ Category: Detections, Spybot 1.6

Why can I not remove the Sti_Trace.log (or SchedLgU.txt) file?

The Sti_Trace.log file is opened on many machines; most often on Windows ME/2000/XP/Vista. The reason is that the ‘Still Image Monitor’ runs all the time, using this file. You can use msconfig to disable the Still Image Monitor, but as it is of no harm you can add  this log file to the single ignore list.

The same is valid for the SchedLgU.txt; it is the log file of the scheduler. If the scheduler is running, this file is kept open. If you are not using the scheduler, I suggest disabling it, this will not only allow you to back up this file, but also save some RAM.

(To add a problem to the single ignore list, simply right-click on it in the results list, and choose the appropriate menu item.)


FAQ Category: Detections, Spybot 1.6

Why do other anti-spyware applications appear to detect so many more tracking cookies?

Some anti-spyware applications have started to detect nearly every third-party cookie they find as a tracking cookie. In many cases, that is more or less correct, since many contain a GUID (Generic Unique Identifier).

But instead of bloating our detection database with thousands of cookies out there, we prefer recommending to change your browser settings a bit to block out all these third party cookies before they even come into your system:

Internet Explorer: Open “Internet Options…” from the “Tools” menu. Choose the “Privacy” tab, and raise the Settings to at least Medium; or use the “Advanced…” button to enabled “Override automatic cookie handling” and set “Third-party Cookies” to “Block”.

Firefox 1.x: Open “Options” from the “Tools” menu. Click the “Privacy” icon, and open the “Cookies” category. Under “Allow sites to set cookies”, just set the “for the originating web site only” option.
Firefox 2: Type “about:config” into Firefox’s address bar, then type “network.cookie.cookiebehavior” in the “Filter” box. That will leave one settings line visible; double-click it, type “1” in the “Enter integer value” box, then click OK.

Firefox 3: Open “Options” from the “Tools” menu, then click the “Privacy” icon. Deselect the checkbox next to “Accept third party cookies” in the paragraph “Cookies”.

Mozilla/Netscape: Open “Preferences…” from the “Edit” menu. Open the category “Privacy & Security” and click on its first entry “Cookies”. In the group “Cookie Acceptance Policy”, select “Allow cookies for the originating web site only”.

 

Opera: Open “Preferences” from the “Tools” menu. Click on “Privacy” in the list on the left, then open the pull-down list about “Third party cookies” on the right and set it to “Refuse all cookies”.

 

Opera 9: Open “Preferences” from the “Tools” menu, go to “Advanced” → “Cookies” and select “Accept cookies only from the site I visit.”.


FAQ Category: Spybot 1.6

Why does Spybot-S&D not detect running processes?

This is not correct and is often misunderstood as we do not display an extra list of running processes after the scan. But we do not consider that as necessary – every running process is identical to a file on the hard disk, because a process is more or less that file loaded into memory.

But when you use Spybot-S&D to fix problems, it will automatically terminate the bad processes detected before doing anything else. And if you are using our TeaTimer, TeaTimer will detect malware processes as soon as they are started and terminate them.

Our logs of course do include a full list of processes, and since version 1.4 Spybot-S&D even lists open network connections per process (except for on Vista), allowing you to easily see which processes are connecting to the outside and where to.


FAQ Category: Detections, Spybot 1.6

Why does MS AntiSpyware complain that Spybot-S&D adds bad sites to the trusted zone?

That is a mistake by Microsoft. Microsoft has since released knowledge base article 902956 that describes this known issue.


FAQ Category: Detections, Spybot 1.6

Why does Spybot-S&D flag changes in the Windows Security Center?

Spybot 2 detects registry changes associated with Microsoft Security Center;
they are listed as “Windows Security Center”. This is neither a false positive nor a bug.
It is just an information about a potential threat – Spybot 2 only wants to bring to your attention that someone or something disabled one or more notifications in the Windows Security Center, e.g. the notifications that your virus protection is not active or not up-to-date.
If you changed the settings yourself you can safely tell Spybot 2 to exclude those detections from further scans.
In order to do so you have to run the Start Center, switch to advanced mode and start Settings.
Now browse to the “Ignore Lists“ tab and switch here to „Products“. Via the “Add“ button you will get a list of products to be excluded. Just select the product you want to exclude and hit “OK“.
Settings can also be launched via SDTray (the small Spybot 2 icon beside your systems clock in the taskbar).
The same is true if you have another security solution installed (like McAfee Security Center or Norton Internet Security).
These programs disable announcements of Window Security Center in order to signal things by themselves.
The reason why the changes are flagged by Spybot 2 is that there are also malware programs that disable the notifications so the user does not take note of his security tools not being effective.
More information is available in our forum: Windows Security Center


FAQ Category: Detections, Spybot 1.6

What files do I need to update?

Updates usually can be divided into the following categories:

Detection updates and plugins: these updates are usually preselected when you use the updater, it is highly recommended to download them whenever there are updates available, since these are responsible for the detection rate. These are usually named Detection rules, Advanced detection library, Detection support library or Some plugin.
Localized updates: language files and localized product information. These files are not necessary if you use Spybot-S&D exclusively in English. If you use only one other language, you just need your local ones.

Beta updates: if you are willing to help us improve Spybot-S&D, you might download these as well. Do not forget the usual beta disclaimer though: there might be a bunch of new features, but there is also the risk of new bugs.

Malware documentation and help updates: as the name already indicates, these are for those who like to read up some information, on malware and on Spybot-S&D.

Full updates: rare, but when a new release comes out, it will usually be available through the updater.

The second and third option are not displayed by default; in version 1.4 you can enable these categories on the settings page, since version 1.5 there are two checkboxes for them on the start page of the new updater application.


FAQ Category: Spybot 1.6, Updates

Why is the integrated update not working?

The most common reason for this problem is that you need to use a proxy server to access the internet. If this is the case, the proxy server is already set up in your browser. You can check the settings here and use them for Spybot-S&D.

In Mozilla, you can find the Proxy settings if you open the Edit menu, choose Settings… at the bottom, and navigate to the section Advanced – Proxies.

In Internet Explorer, see the Menu Extras – Internet options, go to the tab Connections and click the Settings button at the bottom.

In Opera, see the Menu Tools – Preferences, go to the tab Advanced, section Network and click the Proxy servers button. Look for the HTTP proxy there.

Back inside Spybot-S&D go to the Advanced Mode (via menu Mode), then choose Settings → Settings, and scroll down to the entry Automation – Web update – Use proxy. Now check the box below it, and a dialog will appear where you can enter your proxy settings.

The format is host:port (the host is the name, the port the number you found in your browser). If you need to access your proxy using a login, you can use the format username:password@host:port.


FAQ Category: Spybot 1.6, Updates

Why does Spybot-S&D freeze when doing an update?

SDUpdate can freeze up if the servers are reacting very slowly. This can happen the day new updates are released (usually on Wednesdays), when too many people try to download them at the same time. But Spybot 2 isn’t really freezed up, it’s just delayed. There are a few solutions for this problem:

1. Wait a minute, it should be active again.
2. You can still use the manual updater.

Download the current file and install it, and you’ll be up-to-date. Here is the direct-update-link where you can reach the latest update everytime.
Please use the Spybot 2 program folder as Destination Folder to store the update, by default:
Windows XP: C:\Program Files\Spybot – Search & Destroy 2
Windows Vista or Windows 7 or Windows 8: C:\Programs (x86)\Spybot – Search & Destroy 2


FAQ Category: Spybot 1.6, Updates

Why do I receive a “Socket Error”?

Please take a look at the security settings of your firewall (if you are using one) and make sure that Spybot-S&D is not blocked. If it is blocked try un-block it. That should help to get into the updates. If Spybot-S&D is not blocked it is also possible that our server is temporarily not available. Please try again a few hours later.

If this does not help please download the manual updaters from our website. The manual updaters are self-installing, you just need to run them.


FAQ Category: Spybot 1.6, Updates

Why do I receive: “Error Retrieving Update Info File”?

1. The error message “Error retrieving update info file” usually appears when Spybot-S&D has accidently imported bad Internet Explorer proxy settings. In this case, it helps just to disable the proxy option in Spybot-S&D: Open the Settings section and go to the Settings page. Locate the Use proxy entry in the Automation – Web update category, and disable it. If you cannot see the Settings section, start Spybot-S&D in advanced mode (see your Start menu group for Spybot-S&D).

2. Please check your firewall. Most people who do not have problem #1 do have Spybot-S&D accidentally blocked in their firewall.

3. If nothing else works, you can still use the manual updater, which is available on the website. (Notice: if the Info page does not show the correct update date after installing the updates with the manual updater, please ignore that – this will be fixed with the next release)


FAQ Category: Spybot 1.6, Updates

Why do I receive “update error – select files from the list”?

There was a problem with compatibility under Windows Vista.
You can solve the problem as follows:

1. Download this new SDUpdate.exe.

To use this beta file, extract the downloaded archive into the main application folder (usually C:\Program Files\Spybot – Search & Destroy\) and replace the old file with the new one.

2. If this does not help go to your SDUpdate.exe file in your program folder:
C:\Program Files\ Spybot – Search & Destroy\

Rightclick the file and choose properties.
Then choose the tab compatibilty.
Activate the checkbox in front of “Run this program in compatibility mode for” and select from the drop down menu “WindowsXP”. Now click “Apply” and “OK”.

That should fix the problem.

This problem has also been discussed in our forum.


FAQ Category: Spybot 1.6, Updates

How can I contribute to the cause?

As you may have read, we are working full-time on this free project, but we have got to pay hosting bills and develop software. So we would be glad if you could donate a small amount to our cause. Thank you :-)


FAQ Category: General, Spybot 1.6

Where are features like the Tools or Settings section?

If you have a fresh installation of Spybot-S&D, you may not see functions like the Tools or Settings section.

Spybot-S&D has two different modes. From the menu bar item Mode you can choose between Default Mode with the basic functions and Advanced Mode where you will find the Tools and the Settings section.


FAQ Category: General, Spybot 1.6

What is blindman.exe for?

Some of you may have noticed a new file blindman.exe inside the Spybot-S&D folder, and have asked yourself what it is for. In short words: it does nothing.

I guess an explanation is needed why a file that does exactly nothing comes with Spybot-S&D. Spybot-S&D offers a tool to control the System startup in its Tools section. This includes the ability to disable or enable startup entries from the Autostart group (found in your Start menu under Programs). This group contains links to the actual files. Windows stores those links as files with the extension .lnk. When Windows encounters a *.lnk file in that folder upon startup, it will start the linked application. Now the easiest way to disable those entries is to change the extension. The System startup tool of Spybot-S&D does simply change the extension .lnk to .disabled. This easily prevents the linked application from being started. But as Windows does not know this extension, this could slow the startup down. So Spybot-S&D does link that extension to blindman.exe. Windows now tries to run the .disabled file with blindman.exe – and as blindman.exe does exactly nothing, there is no slow-down in booting.

Some people have suspected it could even be spyware itself. For those I will print the Delphi source code (blindman.dpr) here (the included resource file is blindman.res and contains just the icon):

program blindman;
{$R *.res}
begin
end.
Anyone knowing a very small bit of programming should see that this program is totally harmless (actually, the version shipped since Spybot-S&D 1.5 is a bit larger than the above, because one of Microsofts certification requirements is that every executable file need to call GetVersionEx at least once, and needs to crash on inserted code injections, even if just a 1 millisecond empty dummy).


FAQ Category: General, Spybot 1.6

Do I need this FAQ?

Before you read this FAQ or other support documents, we would recommend that you use the updater and see if you have the most current updates for Spybot-S&D (we removed some FAQ entries for older versions to keep this FAQ up to date and clearly arranged).

If you already have the recent updates, we hope to be able to help you either here, on the support forum or by email.


FAQ Category: General, Spybot 1.6

I have two Windows installations on my hard disk. Can I scan both at the same time?

Yes, if you have Windows 2000, XP, 2003 or Vista, Spybot-S&D does allow you to scan inactive Windows versions as well, including the registry of other installations!

To scan your system including installations on other partitions, right-click the link/icon you use to start Spybot-S&D, click on Properties, then on the tab shortcut and insert /allhives (separated by a space from the rest) in the box target. If you start Spybot-S&D through this link, it will automatically detect other installations, and scan their registries and files as well. From now on, that will happen every scan, so please delete the command /allhives if you do not want to scan several hives any longer.


FAQ Category: General, Spybot 1.6

How can I get Administrator rights under Windows Vista or Windows 7?

Running Spybot-S&D with administrator rights from Vista's start menu

Running Spybot-S&D with administrator rights from Vista’s start menu

On Windows Vista and Windows 7, Spybot-S&D might tell you that you are not authorized to perform some actions, since they require Administrator rights. You can solve this problem as follows:

  1. Right-click the Spybot – Search & Destroy entry in your start menu, instead of just left-clicking to start it.
  2. Choose Run as administrator from the context menu.

FAQ Category: General, Spybot 1.6

Is Spybot-S&D compatible with WinPE/BartPE bootable CDs?

Yes, Spybot-S&D offers full support for PE in general and PEBuilder.
You can download the necessary plugin here, or just run Spybot-S&D from your harddisk after booting a PE disk.
Once run from your bootable PE CD, Spybot-S&D will automatically scan all registry and drives it can find (if you want that feature without PE, check our FAQ entry).

Furthermore we have our own bootable edition: Spybot-S&D Personal Edition.


FAQ Category: General, Spybot 1.6

Which browsers does Spybot-S&D support?

Spybot-S&D does support many common browsers.

As for resident protection, Spybot-S&D contains the Resident ‘ TeaTimer’ which is completely browser independent. It is a Spybot-S&D tool perpetually monitoring the processes called/initiated. In addition, TeaTimer detects changes to some critical registry values.

Spybot-S&D supports detection in cookies, history, start & search pages and bookmarks of these browsers (plus cache for Internet Explorer and Opera):

Beonex Communicator
Firefox pre-0.9, 0.9, 1.x, 2.0, 3.x and old Firebird variants
Flock
Google Chrome
K-Meleon
Microsoft Internet Explorer 5.0, 5.5, 6.0, 7.0, 8.0
Mozilla Suite
Netscape Communicator 4.x, 6, 7
Opera 4.x, 5.x, 6.x, 7.x, 8.x, 9.x
Safari 4
Seamonkey 1.0.x, 1.1.x
Thunderbird 1.x, 2.x (where applicable)


FAQ Category: General, Spybot 1.6

Is Spybot-S&D compatible with other resident protection tools?

Using more than one anti-spyware program with a resident protection tool might cause conflicts. However, Spybot – Search & Destroy’s Resident protection is designed such that there should not be any compatibility issues.

In rare cases there could appear a problem because another security program detects our ‘TeaTimer’ and flags it as bad. This could be because TeaTimer is able to change registry settings because it is a realtime protection tool. (for more information about Resident TeaTimer see this FAQ entry).

Another issue could be that the Keylogger detection files Keyloggers.sbi and Keyloggers.*.nfo of Spybot-S&D are detected as an Activity Monitor Keylogger. These detected keyloggers are just the Spybot-S&D detection rules, which obviously need to contain the names of the threats. Please ignore these false positives. There is a related article on our website.

For more information there is compatibility overview, listing some software for which there have been questions on compatibility.

Items that have been removed and are now stored in the recovery area as zip files might be detected and flagged as bad. The zip files are needed for recovery in case something does not work after fixing a problem with Spybot-S&D.


FAQ Category: General, Spybot 1.6

What is the immunization feature and what are the other permanent protection options?

From version 1.2, Spybot-S&D has had a feature to allow you to immunize your computer against certain pieces of spyware. It also allows you to use native browser settings to block cookies, malware installations, bad websites and other threats.

SDHelper is an Internet Explorer plugin that adds a second layer for blocking threats.

For more information please check the TeaTimer FAQ entry.


FAQ Category: General, Spybot 1.6

Are there any command line parameters that can be used with Spybot S&D?

Here is a list of command line parameters that the Spybot-S&D main executable (SpybotSD.exe) supports:

/taskbarhide

Runs Spybot-S&D completely hidden (no window, no taskbar icon), so make absolutely sure you use it only in combination with /autoclose (otherwise it would remain in memory sitting idle). Useful only in combination with /autocheck, /autoupdate or /autoimmunize, as it cannot be controlled when completely invisible.

/minimized
Starts the window minimized.

/uninstall
Uninstalls Spybot-S&D. This command line parameter is very outdated – unins000.exe should be used instead!

/blinduser
Starts with support for blind users (special menus).

/allhives
Scans all Windows installations on your system, even inactive ones (for an alternative solution see this FAQ entry).

/autoupdate
Does an update after starting the program.

/autocheck
Starts scanning immediately.

/autofix
Fixes problems after scan.

/autoclose
Closes program after it has scanned or updated.

/autoimmunize
Runs the immunization at program start.

/onlyspyware
Fixes only spyware (red) entries with /autofix, leaving all usage tracks as they are.

/easymode
Starts with easier interface for beginners.

/createenglish
Updates the English.sbl language file with the newest texts; useful only for translators.

And here is a list of command line parameters that the Spybot-S&D installer (spybotsd16.exe) supports:

/sp-
Will skip the first page of the installation wizard (Do you wish to continue? …)

/silent
Will display the progress during installation, but not the wizard.

/verysilent
Even the progress will not be shown. Errors etc. would still be shown.

/suppressmsgboxes
Will use standard actions for message boxes (no overwriting of files, cancelling where the alternative would be retrying…)

/log (or /log=”filename”)
Creates a log file in the temp folder that contains detailed information about actions taking place during the installation.

/nocancel
Disables the Cancel and Close button. Useful with /silent.

/norestart
Suppress reboots even if they were necessary at the end of the installation.

/restartexitcode=N
If a restart is needed, the setup would return the specified exit code.

/loadinf=”filename” (and /saveinf=”filename”)
Can be used to use a saved setup configuration (or save one).

/lang=language
Overrides the language dialog with a predefined language. Use ISO 2 letter language describers here.

/dir=”x:\dirname”
Installs into that directory instead of the default one.

/group=”folder name”
Installs into a program group of that name instead of the default one.

/noicons
Avoids creation of any icons for the installed software.

/type=typename
Starts installation with a give type. Supported types are
full,
blind and
compact.

/components=”comma separated list of component names”

Installs the given components instead of the default ones. Supported components are:

º main
º blind (icons for blind users)
º language (all language files)
º skins
º updatedl (for downloading updates as part of the installation)
º updatew95 (to download prerequisites on Windows 95)
º SDWinSec (to install the Security Center integration on Vista)
º SDShredder (to install the stand-alone shredder)
º SDDelFile (to install the file removal helper).

/tasks=”comma separated list of tasks”
Specifies a list of tasks that should be executed. Tasks currently supported are:
desktopicon
quicklaunchicon
launchsdhelper
launchteatimer

/mergetasks=”comma separated list of tasks”
Same as /tasks, just with the exception that standard tasks are not disabled by default.

Note: Please be aware that the Spybot-S&D path has to be in quotation marks and multiple parameters have to be separated by a space.

Example: “C:\Program Files\Spybot – Search & Destroy\SpybotSD.exe” /taskbarhide /autoclose /autocheck /autofix /onlyspyware


FAQ Category: General, Spybot 1.6

Sometimes malware problems reappear when I reboot the computer, why is this and can it be fixed?

A rootkit is a type of malware that can hide the existence of certain processes or programs.

These processes or programs can evade normal methods of detection. If your computer is infected with a rootkit it will reload itself each time your computer is restarted.

If an attacker can gain root or Administrator access they can install a rootkit. This can be done by exploiting a known vulnerability, acquiring a password or by social engineering. Emails with attachments are one of the most common attacks. A seemingly innocent attachment can carry a dangerous payload. Once the malware is installed it becomes possible to hide the intrusion as well as to maintain privileged access. Most root kits disable software that might otherwise be used to detect or circumvent it.

A ‘clean boot’ and scan or re-installation of the operating system may sometimes be the only available solution to this type of infection.

The Spybot S&D liveCD can often fix this type of problem as it will allow you to do a clean boot of Windows. Doing a clean boot using Linux and running a scan is not as effective as it will not scan all the registry hives.


FAQ Category: General, Spybot 1.6

Why do I get a critical license error after installing Spybot S&D Update and Configuration Server?

Make sure the program directory of Spybot S&D Update and Configuration Server contains the files license.txt and license.key and then restart the program.

The license files are contained in the installer. If you cannot locate your license details please contact our sales team.


FAQ Category: Spybot 1.6, sbNet