Error trying to install Spybot

Welcome to Major Geeks!

Perhaps you need to restore whatever you removed with Ad-Aware 2007.

First a general comment. You must be careful following steps given to another person. Not all steps are generic. Many instructions in a thread are for only that user on that particular PC with a particular Windows Operations System and service pack revision level. While running a tool like Spybot is generic and anyone can run it, just becareful about other steps which could be specific.

So you are saying that Spybot downloaded okay, but when you try to install it you get this error???? If that is correct, you may just be having a problem automatically downloading the updates.

During the installation process, Spybot will ask you if you want to Search for updates ( or install updates, I forget the exact wording). The update process will try to download a file from safer-networking.com. If you denied access to www.safer-networking.org (like you block that website, use a proxy server, ...etc) the updates will not be downloaded and you will get an error like this.

You can bypass that update step and continue, once Spybot is installs you can update by going into Spybot > Update > "Search for updates" and get the same update that would have been installed during the installation process. Or you can also update manually using this:Spybot Search and Destroy Update

 

So you are saying it crashes when you run a full scan. Is that correct? Did the older Ad-Aware SE run to completion?

You already did. If you have malware problems which is the reason you are trying to install Spybot, then complete the READ & RUN ME sticky thread procedure and attach your logs to this thread.

No problem. Did you get the updates installed afterwards?

 

Ad-Aware 2007 is not on my list of favorites. Personally I would uninstall it unless you have purchased a full license and are not just using the free version.

You will have to speak to Earthlink about this especially since it is not a topic for the malware forum, but I have heard many problems with this software.

No you only attach a problem related to installing Spybot and I believe we fixed this. BSODs are more frequently related to problems within your Windows OS than they are related to malware. But the only way we will know if you have malware is if you complete the READ ME and attach the requested logs.

 

Our experience is that what it finds are not problems to be concerned with. It spends too much time trying to get people all worried about cookies and MRUs which are not problems.

You need to run the READ ME so that we can see if you have any malware that could potentially be causing the BSODs.

 

Re: Now what?

You appear to have run a combination of the old outdated READ ME and the new READ ME (which is where ComboFix is from). Also you seem to have ignore some steps in the READ ME.

You have multiple antivirus programs installed. Authentium Command AV which is part of the stuff you installed from Earthlink and you also have AVG. You need to remove all but one. Note that this could even be part of your problem with crashes. I actually would recommend uninstall all the stuff from Earthlink since it is mostly from Aluria who had close ties to adware and used deceptive practices in the past. Also the TotalAccess software form EarthLink has caused many people problems.

Also why do you have both EarthLink and AOL? Do you need both of these ISP's?

You also did not enable viewing of hidden files and folders as recommend.

After deciding what you want to due about the multiple antivirus programs, attach a new log from the below procedure which is from the new READ ME.

Using MGtools

The log to attach is C:\MGlogs.zip

 

Re: Now what?

Yes!

Many people have system crashes due to it.

There are multiple things to do in the procedure given in the READ ME. You did not do all of them. You left system files and folders hidden.

 

Re: Now what?

Yes but read the instructions again and scroll down a little further. You did not do the below step:

 

Re: BTW... What would cause this?

I'm not clear on what you are saying. Are you saying you cannot access www.google.com in IE or in FireFox?

 

Re: The original BSOD

This most likely not related to malware. You should post this in the Software or Hardware forum along with information on exactly when it occurs.

 

Re: The original BSOD

You said you uninstall Total Access but I see all of it EarthLink in your latest logs. I see the below installed:

And I see all of the below in your HJT log:

I cannot help you with this. You need to remove it if you can still work without it. You still have multiple antivirus programs installed.

You also need to do the below.

Uninstall the below old versions of software:
J2SE Development Kit 5.0 Update 11
J2SE Runtime Environment 5.0 Update 11
Mozilla Firefox (2.0.0.7)
Viewpoint Media Player <-- should have been uninstalled in step 0 of the READ ME


Make sure you reboot after uninstalling the above!


After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment


Then install the current version of FireFox from: Mozilla Firefox


If you need the Sun Java Development kit you can get it here: http://java.sun.com/javase/downloads/index.jsp

 

Re: BTW... What would cause this?

So FireFox work and IE does not (yes or no)?

Does IE let you go to any sites (yes or no)?

What are you doing about what I posted in message # 21?

 

Re: BTW... What would cause this?

Do the below when you finish.


Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created.

 

Re: BTW... What would cause this?

Based on your logs you got all of Earthlink other than a Desktop icon.


Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.earthlink.net/AL/Search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {656EC4B7-072B-4698-B504-2A414C1F0037} - (no file)
O2 - BHO: My Web Search Bar BHO - {8EAB99C1-F9EC-4b64-A4BA-D9BCAE8779C2} - C:\Program Files\MyWebSearchWB\bar\1.bin\W6BAR.DLL
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

After clicking Fix, exit HJT.

Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it
double click it and allow it to merge with the registry.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created


Are you still having problems?

 

Re: BTW... What would cause this?

All clean!

If you are not having any other malware problems, it is time to do our final steps:

1. If we used Pocket Killbox during your cleanup, do the below
   • Run Pocket Killbox and select File, Cleanup, Delete All Backups
2. If we used ComboFix, you can delete the ComboFix.exe file, C:\ComboFix folder, C:\QooBox folder, C:\WINDOWS\nircmd.exe, C:\combofix.txt and C:\ComboFix-quarantined-files.txt logs that was created.
3. If we user SDFix you can delete all the SDFix related files and folders from your Desktop or whereever you installed it.
4. If we used SmitFraudFix, you can delete all files and folders related to it now including the c:\rapport.txt log.
5. If we used VundoFix, you can delete the VundoFix.exe file and the C:\VundoFix Backups folder and C:\vundofix.txt log that was created.
6. If we had your run FixWareOut, you can delete the Fixwareout.exe file and the C:\fixwareout folder.
7. If we had you run Avenger, you can delete all files related to Avenger now.
8. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
9. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
10. If you are running Windows XP or Windows ME, do the below:
    • Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
    • Then reboot and Enable System Restore to create a new clean Restore Point.
11. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!

 

Re: BTW... What would cause this?

It's been over a month since last posting here. We never found any malware last time to remove thus any problems are probably not malware. They may just be due to what you allowed your ISP to do to your PC. Or you could be blocking things yourself in your firewall or another application. Since so much time has passed, I have no idea what your current status is. You will have to at least run the current version of MGtools from here: MGtools.exe and attach a new MGlogs.zip file.

Also some questions. Are the below files on your PC?
C:\AluriaCacheFile.dat
C:\WINDOWS\system32\AluriaReg.dll
C:\WINDOWS\system32\drivers\ADSFilter.sys
C:\WINDOWS\system32\aamd532.dll

Are the below folders on your PC?
C:\Program Files\Common Files\Command Software
C:\Program Files\EarthLink TotalAccess
C:\Program Files\EarthLink

 

Re: BTW... What would cause this?

There are still no malware problems showing in your logs other than Viewpoint Media Player to uninstall. I stated the below in my last message. You should check this:

Or perhaps you don't have IE setup properly to access the Internet.

Can you access the internet from Safe Boot mode using IE?

You should post about your problems with IE in the Software Forum.

 

Re: BTW... What would cause this?

Good luck! Let me know if you get it worked out.

 

Re: BTW... What would cause this?

You're welcome. I'm happy to hear you figured it out.