Results 1 to 9 of 9
  1. #1
    Untanglit
    Join Date
    Apr 2008
    Location
    Colorado
    Posts
    29

    Default Spybot caught as a virus

    I have a computer here that has tons of junk on it so I went to download Spybot. When I tried running the program it said that the executable was corrupt. I checked the untangle logs and it says that spybotsd152.exe has a virus and was blocked. I downloaded from Spybot's servers, not a mirror and got the same thing. I plugged in a aircard and downloaded it and checked it with our AV with no virus found.

    Any clue why this was blocked?

  2. #2
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,024

    Default

    If UT blocks a file because it is a virus you don't get the file on your desktop to run... You get a web page that says this is a virus you can't download this.

    Now, there are several viruses on the market that locate and corrupt spybot, ad-aware, and several other security packages, then corrupt the exe so you can't install it.

    www.nu2.nu, start reading... you will probably need the livecd to clean the thing.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  3. #3
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,747

    Default

    Quote Originally Posted by sky-knight View Post
    If UT blocks a file because it is a virus you don't get the file on your desktop to run... You get a web page that says this is a virus you can't download this.

    Now, there are several viruses on the market that locate and corrupt spybot, ad-aware, and several other security packages, then corrupt the exe so you can't install it.

    www.nu2.nu, start reading... you will probably need the livecd to clean the thing.
    actually, depending on the size of the file you can get a partial file.

    my guess is that spybot has some signatures in it that set off the virus scanner.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  4. #4
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,024

    Default

    I can download Spybot152.exe from spybotupdates.com just fine on my 5.2.1 server. As far as I know, Spybot and Ad-Aware encrypt their signatures to prevent two things... 1.) their competition from stealing their work, and 2.) other security software from detecting the signatures.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  5. #5
    Untanglit
    Join Date
    Apr 2008
    Location
    Colorado
    Posts
    29

    Default

    Well if that is the case, I am crazy because the logs say that the file was blocked from all three computers that I tried to download it from, but I had the file in the end. I didn't realize UT was blocking until later when I looked at the logs. I put the file on a network drive to install from, then to a memory stick and finally from the computer itself with the junk. Same result, same log on the UT. I then downloaded it using the air card to memory stick. Scanned it for viruses, installed it will out problems. Spybot found the offending programs and all is fine. All this after scanning the drive with 2 AV programs to clean any true viruses before cleaning the spyware. I think it is odd that UT says it is block, but I still get the file and when ran the file says it is corrupt. Not to big a deal since I found a workaround, but maybe something isn't right with the virus module.

    Thanks for the link to nu2, but I have had a PE disk for years and it is a great tool. My buddy Bart has saved my rear more than once.

    Edit: I started typing this and had to go to a different location to work on something, came back and finished and see the two new responses.
    Last edited by Zcubed; 06-03-2008 at 06:20 PM. Reason: continuity

  6. #6
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,747

    Default

    Quote Originally Posted by Zcubed View Post
    Well if that is the case, I am crazy because the logs say that the file was blocked from all three computers that I tried to download it from, but I had the file in the end. I didn't realize UT was blocking until later when I looked at the logs. I put the file on a network drive to install from, then to a memory stick and finally from the computer itself with the junk. Same result, same log on the UT. I then downloaded it using the air card to memory stick. Scanned it for viruses, installed it will out problems. Spybot found the offending programs and all is fine. All this after scanning the drive with 2 AV programs to clean any true viruses before cleaning the spyware. I think it is odd that UT says it is block, but I still get the file and when ran the file says it is corrupt. Not to big a deal since I found a workaround, but maybe something isn't right with the virus module.

    Thanks for the link to nu2, but I have had a PE disk for years and it is a great tool. My buddy Bart has saved my rear more than once.

    Edit: I started typing this and had to go to a different location to work on something, came back and finished and see the two new responses.
    the issue is that for large files untangle has to scan the whole thing (so it can unzip for example)

    Untangle can't just buffer the whole 1 gig file because the client will time out, so it trickles the file to the client at whatever you define the trickle rate to be (90% default i think). If there is a virus, you won't get the rest of the file and thus the file is useless.

    In the case where the virus is small it is handled differently. It buffers the whole file and scans it before deciding to give the client the whole file or displaying the block page.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  7. #7
    Untanglit
    Join Date
    Apr 2008
    Location
    Colorado
    Posts
    29

    Default

    Good to know.

    Thanks

  8. #8
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,024

    Default

    Strange that I can snag the file just fine though... I don't know why the thing would be caught. You would think that two 5.2.1 servers would react the same way on the same file from the same server....
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  9. #9
    Master Untangler
    Join Date
    Mar 2008
    Posts
    170

    Default

    your not the only one sky i have no problem downloading it from spybot.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2