Go Back   RetouchPRO > Tools > Software
Register Blogs FAQ Site Nav Search Today's Posts Mark Forums Read

Software Photoshop, Lightroom, Paintshop Pro, Painter, etc., and all their various plugins. Of course, you can also discuss all other programs, as well.

Two days of hell ... trojan horse probs

Thread Tools
Old 04-15-2006, 12:55 PM
Cameraken's Avatar
Cameraken Cameraken is offline
Senior Member
Join Date: Feb 2005
Location: Lancashire (UK)
Posts: 1,158
Glad to see you are up and running again Craig.

I installed Hoster and the Host files recommended by Gary (Thanks Gary) But when I run Spybot I get ‘Windows Redirected Hosts’ Showing like it is a problem?

Why does Spybot want to ‘repair’ these? Surely Spybot should see these as safe?

This only happens on one of my PC’s (Running ME)

Just wondered if anyone else gets this?

I use ERUNT to backup my registry. It’s great, and much better that using XP’s.

Attached Images
File Type: gif spybotProbs.gif (23.2 KB, 6 views)
Reply With Quote top
Old 04-15-2006, 03:32 PM
Gary Richardson's Avatar
Gary Richardson Gary Richardson is offline
Senior Member
Join Date: Mar 2004
Location: Yorkshire, England
Posts: 2,717
When you install Spybot, it creates a copy of your registry which it uses as a benchmark. Any alterations to this "template" have to be "allowed" by you.

So it sees the addition of a hosts file as a large alteration to your registry that hasn't been "allowed".

Uninstall Spybot, then re-install it. As you already have your hosts file in place, Spybot should "accept" it.

Note: Each time you update your Hosts file, Spybot should prompt you to allow the alterations, you must allow them, or forever and a day you will be told they are malicious, note you only get one shot at allowing them.

If you don't want to go through uninstalling and re-installing, try the following.

Open a new Notepad file (must be Notepad NOT wordpad). Make sure Format > Wordwrap is not checked.

Copy and paste the text in the box into it.
@echo off

VER|find "Windows 2000">NUL

VER|find "Windows XP">NUL

VER|find "Windows 95">NUL

VER|find "Windows 98">NUL

VER|find "Windows Millennium">NUL

VER|find "Windows 2003">NUL

echo Unsupported Version
goto last

del /q %SYSTEMDRIVE%\docume~1\alluse~1\applic~1\spybot~1\Snapshots\*.*
del /q %SYSTEMDRIVE%\docume~1\alluse~1\applic~1\spybot~1\excludes\RegKeyWhite.sbe
del /q %SYSTEMDRIVE%\docume~1\alluse~1\applic~1\spybot~1\excludes\RegKeyblack.sbe
del /q %SYSTEMDRIVE%\docume~1\alluse~1\applic~1\spybot~1\excludes\ProcWhite.sbe
del /q %SYSTEMDRIVE%\docume~1\alluse~1\applic~1\spybot~1\excludes\ProcBlack.sbe
del /q %SYSTEMDRIVE%\docume~1\alluse~1\applic~1\spybot~1\logs\resident.log
del /q %SYSTEMDRIVE%\docume~1\alluse~1\applic~1\spybot~1\excludes\UpdateDL.sbe

deltree /y %WINDIR%\applic~1\spybot~1\snapshots\*.*
del %WINDIR%\applic~1\spybot~1\logs\resident.log
del %WINDIR%\applic~1\spybot~1\excludes\ProcBlack.sbe
del %WINDIR%\applic~1\spybot~1\excludes\ProcWhite.sbe
del %WINDIR%\applic~1\spybot~1\excludes\RegKeyWhite.sbe
del %WINDIR%\applic~1\spybot~1\excludes\RegKeyBlack.sbe
del %WINDIR%\applic~1\spybot~1\excludes\UpdateDL.sbe

del /y %WINDIR%\alluse~1\applic~1\spybot~1\snapshots\*.*
del %WINDIR%\alluse~1\applic~1\spybot~1\excludes\UpdateDL.sbe
del %WINDIR%\alluse~1\applic~1\spybot~1\excludes\RegKeyWhite.sbe
del %WINDIR%\alluse~1\applic~1\spybot~1\excludes\RegKeyblack.sbe
del %WINDIR%\alluse~1\applic~1\spybot~1\excludes\ProcWhite.sbe
del %WINDIR%\alluse~1\applic~1\spybot~1\excludes\ProcBlack.sbe
del %WINDIR%\alluse~1\applic~1\spybot~1\logs\resident.log

echo Press any key to terminate,..
Save as ResetTeaTimer.bat save as file type "All Files" NOT txt. Somewhere where you can find it.

Double click on ResetTeaTimer.bat to run the programme and reset Spybot's Tea Timer. Should cure the problem. If not Uninstall and re-install as previously stated.

Last edited by Gary Richardson; 04-15-2006 at 03:51 PM.
Reply With Quote top
Old 04-15-2006, 03:51 PM
Bob Mc Bob Mc is offline
Senior Member
Join Date: Oct 2003
Posts: 134
Scary Stuff

Thanks Gary, Craig, C.J., Nancy, Ikroll and others for the great information that you shared. I’m in awe at your technical knowledge and the help that you have provided.

Until I spent some time on this thread, I would have told you that I practiced very safe computing – but now I’m not so sure.

I’ve virtually spent all day today reading and rereading the posts, looking at various security sites and sites that provided tools to minimize the threat. Now, I’m really confused!

What I’d like to ask of you folks – who have great knowledge of the types of tools necessary to minimize the surfing risk – is to help the rest of us (probably the majority of us) to understand…
a- the types of tools available for each of the different risks and,
b- some suggestions for the tools (brands) that are most effective

(Yes I know that there will be many opinions about individual products – but when you are experienced in dealing with this stuff, opinions/impressions are very important)

I read somewhere that there are over 150 different brands of antivirus software available – and probably a like number of spyware detection tools as well – and it’s clear from the experiences in this thread none of them were the end-all and be-all.

In my instance I use the following:

Firewall – ZoneAlarm Pro - (to alert me to programs/processes trying to get into my computer or trying to send something out from my computer)

Virus Protection – Norton SystemWorks

General System Checkup – Norton One Button Checkup (finds and repairs Registry inconsistencies, bad shortcuts, identifies cleanup items, etc

Registry Analysis - Norton One Button Checkup and Registry Mechanic (I’m very paranoid about the Registry and the garbage that can accumulate there – and the risk of destructive programs that can be placed there without my knowing)

Spyware & Adware – Microsoft Antispyware, Ad-Adware, Spybot Search & Destroy (one program simply doesn’t identify all of this kind of Krap)

StartUp programs – Startup Control Panel (by Mike Lin) (Every program in the world wants to startup when the pc is turned on. This program identifies the request {to change the Registry} and allows me to decide. However, this program is a couple of years old and I wonder if it catches all the newer sophisticated start up situations) I also use msconfig

Cookie Control – Cookie Pal v 1.7 – allows me to easily see and delete cookies I know I don’t want (like ad oriented stuff) – Handles IE6, Netscape and Opera. Hasn’t been upgraded for a few years, but seems to give me the visibility I want.

? My basic question here is whether I’m covering all my bases with the robustness needed as these malicious intrusions get more sophisticated?

? Am I using the “best” tool to see all proposed Registry changes before they are allowed?

? Does “Startuplist” from identify more startup processes/programs than an older program?

? Will WinPatrol Plus provide additional protection for startup programs and/or unwanted Registry entries?

I know that multiple spyware removers seem to add to my protection – but does the “overlapping” functionality of stuff like Norton, Registry Mechanic, Winpatrol Plus, etc. cause more problems than they solve?

I do know that my browser – internet explorer – doesn’t have the tightest security options (yet) and I will have to bite that bullet to use the “Trusted zone” more – or change to another browser.


For those that are interested, the following link give a lot of information about making IE less vulnerable.

Lots of questions here and probably even more that I’m not smart enough to even ask about – but I hope you can help me improve some – and maybe my list of protections can provide others a starting point.

Thanks and Regards

Bob Mc
Reply With Quote top
Old 04-16-2006, 02:31 AM
Cameraken's Avatar
Cameraken Cameraken is offline
Senior Member
Join Date: Feb 2005
Location: Lancashire (UK)
Posts: 1,158
Thank You Gary.

I will try that when I go back to work after Easter.
I added the Host file to two PC’s last November (After your suggestions)
I added Spybot to both PC’s this week (I normally just use Adaware)

It’s just one PC running WinME that complained about these six entries out of over 1800.

Reply With Quote top
Old 04-16-2006, 09:15 AM
Gary Richardson's Avatar
Gary Richardson Gary Richardson is offline
Senior Member
Join Date: Mar 2004
Location: Yorkshire, England
Posts: 2,717
Hi Bob Mc,

If you read my earlier post to Craig, that should give you a list of things to do and install which will give you a pretty secure level of protection.

As an addition, I'll say this.

There are a great many "bogus" malware scanners available, some are even malicious in intent, so be careful what you install to your machine.

For a list of "Rogue" programmes, see
Reply With Quote top

  RetouchPRO > Tools > Software

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Chuckle for the day (jokes/humourous tales here please) jeaniesa Salon 391 11-26-2006 01:33 AM

All times are GMT -6. The time now is 06:54 AM.

Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2016, Jelsoft Enterprises Ltd.
SEO by vBSEO ©2011, Crawlability, Inc.
Copyright © 2016 Doug Nelson. All Rights Reserved