I just read the answer to something I have wondered about for years....on another forum.

"SpywareBlaster does not run as a background process. It sets a killbit on the CLSID's of all the spyware programs, in the registry. It writes the killbits according to their database, then is off until new updates are loaded."

from mtbird
Cyber Tech Forum
3-24-06

I don't understand - if it's not running in the backgroud, when does it set this killbit?

I don't understand - if it's not running in the backgroud, when does it set this killbit?


The minute you download the updates, it sets them in the registry for whatever browsers are enabled.

Kinda "nips 'em in the bud", eh? Pretty smart.

Yeah well the boys were back tonight...I walked in the room and Win Patrol was barking and the temp files were showing and Vcodec and Smitfraud and company were back in charge. So back to Spybot, kill the prefetch, Restore was off already...Windows Defender was destroyed and took back the helm. For the life of me I can't figure how it got back though I remebered the one "system32" te,p file and deleted that too this time, because that could have ushered back the whole scenario. When the scum was in charge i couldn't delete it, but with them all gone it went easily.
And I "bit the bullet" and loaded Tiny Firewall on unit 1. At least this one doesn't screw with my network!

It's been a while since I dealt with these little buggers, Rich, but I found the biggest culprits lodged themselves in startup and temp files(Oh. yes, and System Restore). I stopped cleaning machines because in XP the temp files were all over the place! You spend all your time rummaging around in Documents and settings and crossing your fingers you're not removing something important. I find my HP printer software goes postal if I am not careful deleting temp files or obselete registry entries. I recall the Win system.32 trojans embedded themselves in startup and you had to sift thru and find the legit ones and the bogus. If you think you still have rements, you may want to try Hijack This. It's an incredible tool, but you have to be very careful with it. Delete the wrong item and you're screwed. I'm amazed that this whole crap-ware problem is still so prevalent. Service Pack 2 took care of a lot of this. What we are seeing now looks to me to be a deliberate attempt by software vendors to create problems in order to sell their crappy software; A kind of 911 scenario, where they rush in to save the day. I'll tell you the truth; for the past 2 years, I've run with no real-time AV; and I had no reason to use one. Most infections were self-inflicted. If you used a bit of common sense and tools such as Spybot and Spyware Blaster, you could stay out of trouble. And Firefox was way better at keeping out nasties than IE. But things seem to be changing again. Firefox's popularity has seemed to attract new attacks and I am still convinced that a lot of malicious attacks are the result of unscrupulous vendors trying to sell security. Hell, it works for the Bushes, why not the other crime families out there. My Bit Defender license recently expired and that was a shame, because it was the best on-demand scanner out there. I tried Clam AV again but it takes forever to run a scan. Now I'm back to AVG. I notice the new trend is to limit the ability to customise the options on running AV apps. I wanted to set it to run only when I wanted to, but haven't found a way yet. Still, it isn't slowing things down much, and since Trend Micro online is a Java nightmare now, my options are limited. Still, with the current climate, I feel better having one now.
Here's what I've been using lately to check startup:

http://members.lycos.co.uk/codestuff/

It's called CodeStuff Startup and it's pretty user-friendly. Good luck.

RAK

Thanks RAK but Win Patrol keeps startup "lean and mean" and I feel that I erred in leaving that te,p file in System32, which wqas simply an oversight.
If worse comes to worse I can always use Acronis to return to "yesteryears". I just needed to defeat this crap for once the right way.
What surprised me was the fact that hijack this didn't remove this vermin, only Spybot did (of course I won't use Adaware so it might have also).

yes ur right, i dont understand aswell. i herd it doesnt reqire any scanning, it runs in the background, my question is how?? is their a way to prove that its running in the background??

yes ur right, i dont understand aswell. i herd it doesnt reqire any scanning, it runs in the background, my question is how?? is their a way to prove that its running in the background??

Does it not have to be manually enabled each time one boots up :confused:

Does it not have to be manually enabled each time one boots up :confused:

No (but you can if you want double-check the protection status), when you download the lastest SpywareBlaster protection updates thats when you Enable all protection . HTH

SpywareBlaster's primary protection is that it disables a list of known spyware related ActiveX controls by simply setting the "kill bits" (flags in the registry) for the specific items it protects against.

It works because that is the way ActiveX controls are designed. If the kill-bit is set in the registry, the associated ActiveX control can not run on the system.

Guys, I don't understand these 'kill bits', but if you go to Control Panel | Internet Options |Restricted Sites 'zone', you will see the restricted sites from SpywareBlaster. No need to 'run' in bg; just can't go there in the first place!