Spybot – Search & Destroy is a tool to scan and remove malware. It also provides real-time protection using TeaTimer, SDHelper and Immunization. This article provides tips in using Spybot-S&D program.
Spybot-S&D Basic and Advanced Mode
There are two modes in using Spybot-S&D:
Basic Mode allows you to scan and remove for spyware and other type of malware. It also allows you to immunize your system against spyware and bad websites. An option to “recover" remove items (restore).
Advanced Mode provides more controls in using Spybot – S&D. It is only advisable to use this option if you need to enable/disable any settings in using the program. Or to take advantage the available tools for Windows.
Tip: Use Basic Mode if you prefer to not use TeaTimer. Activating Advanced Mode will enable TeaTimer! You can disable it by un-checking TeaTimer in the Resident option of SS&D.
Check if SDHelper is working
SDHelper is a plug-in of Spybot-S&D for Internet Explorer. SDHelper is capable to silently block a bad site, to notify a user when it has blocked a site or to ask a user before blocking a bad site. The default settin g is to silently block bad websites. To check if SDHelper is working while you are browsing, click the Tools menu in Internet Explorer then select to open “Spybot – Search Destroy Configuration". You should see how many unwanted pages and cookies have been blocked by SDHelper.
Should you use the TeaTimer?
The old version of TeaTimer is not recommended to use because it can cause confusion to non-advanced users. The author of Spybot-S&D has released a new version of TeaTimer that will stop TeaTimer in nagging users on every process it will detect. It’s a good move by them because the new TeaTimer will now alert only when a malware or bad processes has started or was executed. The only issue I’ve seen with TeaTimer is the huge amount of memory usage and the available selection to “Inform me again" when a bad processes is detected. In my opinion, “to remove or not to remove" is the proper selection and just put the deleted item in quarantine so users have the option to restore it when needed.
Tip: Do not use TeaTimer’s Paranoid mode to prevent confusion and many nags. The Paranoid mode is not enabled by default. If you have real-time protection by other anti-malware program, there is no need to use TeaTimer by Spybot-S&D because the database of Spybot-S&D is updated on weekly basis only.
Spybot – S&D’s Immunization and HOSTS file
The immunization feature in Spybot-S&D will add thousands of bad sites in the restricted sites of Internet Explorer. The same numbers of bad sites will be listed in the Windows Hosts file. By immunizing, you will be protected against known bad sites because the connection to the bad website is dropped. Some malware can hijack a Hosts file but with the help of added items in the Restricted Sites zone in Internet Explorer, users who will visit bad sites can enjoy the other layer of protection – by restricting bad websites in running known spyware using ActiveX and scripting using Internet Explorer.
Another usage of allowing immunization in IE is to block bad IP address. A HOSTS file cannot contain an IP address but a domain or website name only. Internet Explorer’s Restricted sites allows you to block by IP and domain so any bad IP address that a HOSTS file do not protect can be protected against, if it’s entered in Restricted Sites zone of Internet Explorer.
Internet Explorer v8 with Spybot-S&D’s immunization can cause slow down in starting-up IE and the work-around is to disable immunization or re-install Spybot-S&D. Microsoft IE Team confirmed the problem in Internet Explorer and looking for ways to address the issue.
Tip: If you are using a HOSTS file by another provider, uncheck Global HOSTS file in Immunization option of Spybot-S&D. Or you can use a HOSTS file manager to manage your HOSTS file by removing duplicate Host file entry added by Spybot-S&D and another HOSTS file provider.
Removing malware using Spybot-S&D
If you suspect that your Windows is infected and your anti-virus does not detect anything, you can try to scan using Spybot-S&D. If a malware is detected, you are provided an option to “fix" all or by selecting only the items you want it to fix. Any fixed items will be removed by Spybot-S&D and a backup copy will be stored in the “Recovery" feature.
Tip #1: Before running a scan using Spybot-S&D, it is a good idea to allow it to scan “all products it can detect". To do this: Advanced Mode>Settings>Ignore Products>PUPS.sbi tab. Uncheck any “Checked items" so that Spybot-S&D will try to detect if those items exists on your computer.
Tip #2: The “Select All" option in removing all detected malware is not enabled by default. To enable “Select All ", you will need to activate it thru Advanced Mode>Settings>Settings>Expert Settings. Put a checkmark on “Show Expert buttons in results list" and “Show Expert buttons in recovery list"
Scanning using Spybot-S&D will help determine if another malware scanner failed to detect spyware or malware. It is a useful tool and you should update it all the time to take advantage of the new program feature and detection updates.