Spybot Search & Destroy

I have Comodo Firewall 3.8.65951.477 and when I try to run Spybot Search & Destroy by right clicking on the desktop icon and running as administrator, I get the message ‘Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item.’ - the file being C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe.

I went to the Spybot forum and one of their helpers has taken me through various checks. He feels the problem may be with Comodo Defence+ but as he is not familiar with Comodo he has suggested that it might be sensible to bring the problem to this forum to see if someone here can help. The Spybot forum information is at: http://forums.spybot.info/showthread.php?t=48000

One thing that may be related to the problem - but is interesting even if it is not relevant to the problem - is that Commodo Defence+ Computer Security Policy shows under All Applications a file C:\Windows|System32\sddt.exe but I am unable to find this file on my computer - even when I show hidden and system files etc. My helper at the Spybot forum drew my attention to the Purge facility and I clicked on that button twice before Comodo confirmed that all the entries were valid. Strangely though the sddt entry is still there!

I am running Windows Vista Home Premium and have AVG, Comodo Firewalll, Spybot Search & Destroy, Spy
wareblaster, Adaware and Windows Defender.

Can someone please help me to be able to run Spybot Search & Destroy using the normal desktop icon and also perhaps advise on the sddt.exe file showing in Comodo but not visible on my computer?

WOW. You have way too much security. Spy Bot is a a thing of the past as well as Ad Aware. Both those programs where on top many years ago. But now SuperAntiSpyware and Malwarebytes Anti Malware are the programs to have for on demand scanning. Honeslt if I were you I would uninstall everything you have except for SoyBlaster. Then once your done and be sure all programs are removed COMPLETELY then install CIS. Download here.

https://forums.comodo.com/feedbackcommentsannouncementsnews_cis/comodo_internet_security_3995478509_released-t39202.0.html

To see if Comodo Firewall plays a role disable Defense + for testing. When in Comodo go to Defense + → Advanced → Defense + Settings → disable D+ and reboot as requested. Does the same thing happen or not?

Thanks for your advice Vettech. You may well be right but, as far as I know, there is no problem in having numerous antispyware and antimalware applications - unlike anti-virus where the recommendation is only to have one. I will look at the other programs you mention when I have time; but at the moment I am more interested in knowing why I cannot run Spybot S & D from the desktop icon and why Comodo is listing a file which does not appear to be on my computer.

Thanks for your reply too EricJH. I did as you suggested and I am able to run Spybot S & D when Defence+ is disabled. This was first tried while I was getting advice from the Spybot forum and is why my helper there feels that Comodo is stopping things from working properly; but as he is not fully conversant with Comodo he felt it better for me to pursue things on this forum. I have reset Defence+ to SAFE pending further instructions.

Not only SS&D catches AskBar as malware

Since D+ is involved I think you may not have given the proper permissions. Go to D+ → Advanced → Computer Security Policy → not look up all the Spybot related files and delete the rules.

Next step is to make Safer Networking a Trusted Vendor. Go to D+ → Common Tasks → My Trusted Software Vendors → Add → Read from a signed executable → navigate to the Spybot folder and add SpybotSD.exe. Click on all the appropriate Ok and Aply buttons.

Now start up Spybot. CIS should make most rules it’s self. When Spybot components ask to start another Spybot component allow the request and tick not to ask again.

Let us know how it goes.

Thanks for your reply EricJH. When we looked before at all the Spybot entries I found that all were set to Ask or Allow. Also, when I first had this problem I uninstalled and re-installed Spybot S & D.

However, I did as you suggested and removed all the spybot entries from the Computer Security Policy list. I next set Control Panel to view all files (including system files) so I could see SpybotSD.exe. (I added that for the benefit of anyone else having similar problems and wanting to follow the procedure!) I then made Safer Networking a Trusted Vendor as you suggested (and re-hid files and system files etc).

I right clicked on the Spybot desktop icon and selected ‘Run as Administrator’. Unfortunately the same message ‘Windows cannot access the specified file…’ appears. ??? I double checked that Safer Networking is listed as a Trusted Vendor so I wonder where we go from here?

I did some Google search for ssdt.exe wondering what it could be. It gets flagged quite a number of times as malware. Follow this tutorial to see if you are infected: https://forums.comodo.com/virusmalware_removal_assistance/what_to_do_if_youre_infected_experience_rev2-t32467.0.html .

As to the problem with accessing Spybot. Are you a limited user under Vista? I am not familiar with Limited User Account so forgive any ignorance here. Did you install the program with Admin rights?

Thanks for your reply EricJH.

My helper at Spybot S & D thought that sddt.exe might be part of Spybot Distributed Testing; see:
http://forums.spybot.info/showthread.php?t=29452
The interesting thing is that sddt.exe appears only in Comodo Defence+ Computer Security Policy and does not disappear when I do a purge. However, I cannot find the file anywhere on my computer - even when hidden files and system files are shown in Control Panel Folder Options. If the file is listed in Comodo, should I not be able to find the file if it exists on my computer? And if the file is not there, why does Comodo not remove the entry when I purge? As you will have gathered I am still a complete novice where Comodo is concerned so please bear with me if there is a simple explanation to these questions! While I am grateful to you for the link you provided for ‘if I am infected…’ I see there is quite a lot of work involved and it would be helpful if I could identify the file sddt.exe (if it still exists) and send it for analysis.

I have full administrator rights on Vista and I am fairly certain that I used ‘run as administrator’ when I installed Spybot S & D. I can run Spybot S & D in SAFE mode and also, as you know, I can run the program when Defence+ is disabled. Hopefully this means that Administrator rights is not the reason why I get the message ‘Windows cannot access the specified file…’ when I try to run the program using the desktop icon.

Thanks for the information on sddt.exe. Gonna exclude that.

I see you are using v3.8. V3.9 is now available. Are you willing to install it? Please do not copy your 3.8 configuration as it may interfere with the troubleshooting and because there are some changes to the default policies that help to keep the CPU usage peak downs when storing new rules. You can get the 3.9 here: http://personalfirewall.comodo.com/download_firewall.html .

I went to v3.8.65951.477 on 15 April as I tend to wait to see if there are problems being experienced with each new version before I install it! However, as I am now getting your help I am happy to go over to v3.9.

To ensure I do not copy my 3.8 configuration do you recommend that I uninstall Comodo and then install the new version? If this is the case, does the link you provide automatically install only the firewall version and not the full CIS suite, or do I need to select firewall during the install process? As I understood things, I automatically got just the firewall in v3.8 because I was upgrading an existing firewall installation.

I can see advantages to starting again as it should ensure that sddt.exe disappears from the Defence+ Computer Security Policy! It will also ensure that I start again with my permissions using a ‘clean slate’. I think I got caught out once or twice because I did not spot that there was a tick in the remember this box left over from a previous permission for something else when I was intending to give permission to something for one time only.

You need to uninstall 3.8 first and then reboot the computer before you can install 3.9. To be sure there is not a single piece of CIS left you can follow this tutorial: https://forums.comodo.com/help_for_v3/comprehensive_instructions_for_completely_removing_comodo_firewall_pro_3_info-t17220.0.html . Don’t remove the Legacy keys as they are a lot of work to remove.

The installer will give you the possibility to choose whether you want to install the suite or the firewall.

Good luck with v 3.9.

Sorry for the delay but I had to wait for time to get the whole process completed at one session. The very good news is that I am now able to access Spybot S & D by using the desktop icon! So, thank you for all your help. The interesting thing is that sddt.exe has appeared in the new Defence+ Computer Security Policy!

There are a couple of points that arise from the move from 3.8 to 3.9 where you may be able to help further.

Firstly, I could not find any clear instructions for uninstalling Comodo. From reading the forum I notice that a number of people have complained that uninstalling Comodo has caused them problems. Also, I found that someone mentioned that Comodo should be disabled before it is uninstalled. Perhaps if someone wrote simple uninstall instructions that we could refer to, some of the problems (and perhaps need to clean up using the zip file link you kindly provided) could be avoided.

Secondly, as part of the install process for 3.9 I did the recommended scan. This listed ‘TrojWare.Win32.TrojanDropper.Agent.~ ZAZ(ID=0x2d0bc6) at C:\Windows\System32\muzapp.exe’. As I was uncertain about this I copied it to the desktop so it would be available if it proved to be a false positive. I found I could only save it as a text file; but I presumed this would allow me to return it whence it came if the false positive was proved.

After getting 3.9 up and running I did some research and found that Lavasoft had previously shown this file as a false positive for me. The file muzapp.exe is apparently used for my wife’s Samsung MP3 player. After I sent Lavasoft details they updated their records. Perhaps Comodo needs to update their records so this doesn’t occur as a false positive in the future? And if there is a simple way of restoring the muzapp.exe file using the text file on my desktop do please let me know. Most applications seem to have quarantine vaults so that suspect files can be restored; but I am not sure if Comodo does with the initial scan.

When I checked Comodo I found that Firewall was set to Safe and Defence+ was set to Clean PC. I thought that the settings were initially set to Training mode; but perhaps I am wrong or things have changed with version 3.9 (I confess I have not yet checked through the Help file…)

It might help others if I list the procedure I used to uninstall 3.8 and install 3.9 – after I had copied your instructions and those listed for the CIS clean up zip file to the desktop.

1 download CIS 3.9, using the link you gave, and save.

2 download CIS zip file, using the link you gave, to clean up if any problems are found with the uninstall.

3 remove internet access (I removed the Ethernet cable from the cable modem).

4 remove Comodo from startup (I did this using the tools in Spybot S & D).

5 reboot.

6 although the Comodo icon no longer appeared near the clock in the bottom right hand corner of the screen, I did not get a warning from the Security Centre so I opened up the Security Centre and found that Comodo was still listed as the firewall! So, I started Comodo (from All Programs) and set both Firewall and Defence+ to disabled. Security Centre then gave me the warning!

7 I now made a restore point and then did a reboot.

8 I went to Control Panel > Programs and features and uninstalled Comodo. I saw the message that the uninstall was successful so I decided not to worry about using the zip file for clean up.

9 I did a reboot to complete the uninstall.

10 I next ran (right click and Run as Administrator) the CIS 3.9 file I downloaded earlier. I selected Firewall only as I already had AVG for antivirus. I chose ‘Yes’ to join the Threatcast but said ‘No’ to the Safesurf toolbar.

11 I next saw the offer of device software from Comodo Network Service but I opted not to install as I did not know what this was (but see 13 below).

12 I opted for the full scan – which is where the false positive mentioned earlier came to light.

13 I did a reboot and received a message that the Firewall was not functioning properly so I ran the offered diagnostics. The diagnostics told me that it had found the problem and I said ‘Yes’ to fix the problem. This led to the reappearance of the Comodo Network Services device software mentioned at 11 above so I said ‘Yes’ this time and Comodo fixed the problem!

14 I did a reboot but was concerned to find that the Comodo icon did not appear in the bottom right hand corner of the screen to let me know that the Firewall was working. However, after I had clicked the Comodo desktop icon the icon then appeared in the bottom right hand corner.

15 I reconnected the internet cable removed at 3 above and checked that I could access my e-mails ok. I then checked that IE8 was working ok.

16 I now tried Spybot S & D using the desktop icon and was pleased to find that it now ran correctly.

17 I did a reboot and found that the Comodo icon appeared in the bottom right hand corner.

Glad to see it worked out for you.

With regards to the false positive. You can submit it to Comodo using How to report False Positives/Suspicious Files & How to Submit them.