查看: 67074|回复: 185

庖丁解牛之Spyware Doctor(7月25日更新6.0.0.362,特征库容量重大升级)

发表于 2008-5-3 10:49:40 | 显示全部楼层 |阅读模式

第一部分 S.D简单介绍
第二部分 S.D的特性及附加插件简单介绍
第三部分 Spyware Doctor最新版本更新内容
第四部分 Spyware Doctor图形界面介绍
第五部分 Spyware Doctor v6.0.0.362更新方法详解
第六部分 Spyware Doctor 特征库备份技巧以及特征库容量大小说明
第七部分 Spyware Doctor的误杀和内存占用 – 用事实说话



2007年3月,我第一次在安防区系统的介绍了Spyware Doctor,那个时候还是4.0的时代,自那以后,陆续提供了不少自己的使用经验和破解方式的散帖,欣喜的看到越来越多的朋友对SD由陌生到喜爱的转变。一年过去了,SD在技术上的进步与4.0时代相比可谓天渊之别,同时官方信息也有很多更新。因此,我重新编写了关于SD的系统介绍,涵盖了SD的方方面面,重点增补了一些我后来发现以及请教PC Tool所获得的经验与技巧,希望能够为各位感兴趣的朋友提供帮助。

第一部分 S.D简单介绍

Spyware Doctor has been downloaded over 125 million times with millions more downloads every week. People worldwide use and trust Spyware Doctor to protect their PCs from spyware, adware and other online threats.

Spyware Doctor has consistently been awarded Editors' Choice, by leading PC magazines and testing laboratories around the world, including United States, United Kingdom, Sweden, Germany and Australia. In addition, after leading the market in 2005, Spyware Doctor was awarded the prestigious Best of the Year at the end of 2005 and again in 2006.

Spyware Doctor continues to be awarded the highest honors by many of the world's leading PC publications such as PC World, PC Magazine, PC Pro, PC Plus, PC Authority, PC Utilities, PC Advisor, PC Choice, Microdatorn, Computer Bild and PC Answers Magazine.

Note: If you are choosing Anti-Spyware make sure you choose one that is proven and has genuine awards from one or more world leading research labs such a PC Magazine, PC World, CNET, PC Pro Magazine, PC Authority, PC Answers and other trusted labs. More importantly do not use ratings from unknown review websites, as often these are designed to mislead you into purchase of affiliated, inferior or rogue product.

Detects, removes and blocks all types of Spyware.

Did you know that numerous programs tested against Spyware Doctor detected only small fraction of Spyware and completely removed an even smaller amount? Also most of them were unable to effectively block Spyware in real time from being installed on users PC in the first place.

Spyware Doctor has the most advanced update feature that continually improves its Spyware fighting capabilities on daily basis. As Spyware gets more complex to avoid detection by AntiSpyware programs Spyware Doctor responds with new technology to stay one step ahead.

Easiest to Use

Spyware Doctor is advanced technology designed especially for people, not just experts. That is one reason why it won the People's Choice Award in 2005, 2006 and 2007. It is automatically configured out of the box to give you optimal protection with limited interaction so all you need to do is install it for immediate and ongoing protection.

Spyware Doctor's advanced OnGuard technology only alerts users on a true Spyware detection. This is significant because you should not be interrupted by cryptic questions every time you install software, add a site to your favorites or change your PC settings. Such messages can be confusing and lead to undesirable outcomes such as inoperable programs, lost favorites or even Spyware being allowed to install on the system. We've done the research so you don't have to.

Spyware Doctor 软件下载次数超过1亿2500万 次,并以每周数百万的次数持续递增。 Spyware Doctor 得到全球用户的广泛使用和信赖,用以保护个人电脑免受间谍软件、广告软件以及其它在线威胁的侵害。

Spyware Doctor已持续被全球各地,包括美国、英国、瑞典、德国和澳大利亚的领先电脑杂志和实验室授予编辑选择奖。另外,Spyware Doctor 在 2005 年引领市场后,于 2005 年底获得“年度最佳”的美誉,并于 2006 年蝉联此项殊荣。

Spyware Doctor 现仍然受到世界多数主流个人电脑刊物,如 PC World、PC Magazine、PC Pro、PC Plus、PC Authority、PC Utilities、PC Advisor、PC Choice、Microdatorn、Computer Bild 以及 PC Answers Magazine 的最高赞誉。

注意: 如果您正在选择反间谍软件,请确保您选择了一套被认可且由一个或多个世界领先的研究实验室如PC Magazine, PC World, CNET, PC Pro Magazine, PC Authority, PC Answers或其他值得信任的实验室授予奖项的反间谍软件。更重要的是,请不要使用不明评论网站的评级,这些评级经常用来误导您,使您购买附属、劣质或流氓产品。


您是否知道在数以万计被Spyware Doctor测试的程序中,仅有少部分间谍软件被检测出,而且被删除的更少?同样它们中的大部分也不能第一时间实时有效阻止间谍软件在用户电脑上安装。

Spyware Doctor有着最先进的更新功能,每日持续地改进其间谍软件查杀能力。间谍软件正日趋复杂以逃避反间谍软件程序的检测, 而Spyware Doctor总是更早一步,以最新的技术做出回应。


Spyware Doctor 是一项高端技术,专门设计服务于一般用户而非专业级人士。 这也是为什么它能在 2005、2006 和 2007 赢得 People's Choice Award 奖项的原因所在。其自动配置功能能以有限的相互作为为您提供最佳保护,所有您需要做的就是安装它并获得即时和持续的保护。

Spyware Doctor先进的OnGuard技术仅在侦察到真实的间谍软件时,才会提醒用户。这一点很重要,因为在您每次安装软件、将站点加入收藏夹或改变电脑设置时,都不会被古怪的问题打断。这种信息将会使人困惑并引起不快的后果,如引起不可操作的程序、丢失收藏夹或者甚至是允许间谍软件在系统中安装。我们已做过这方面的研究,所以您大不必再做了。

[ 本帖最后由 daryl 于 2008-7-25 21:28 编辑 ]


参与人数 1魅力 +1 收起 理由
baerzake + 1 版区有你更精彩: )


 楼主| 发表于 2008-5-3 10:54:05 | 显示全部楼层
第二部分 S.D的特性及附加插件简单介绍

Comprehensive Malware Protection

Spyware Doctor provides protection against identity theft, stealthy spyware, aggressive adware, browser hijackers, malicious ActiveX objects, malware Trojans, tracking cookies, keyloggers, dialers, and other malware. The optional anti-virus module also protects your computer from viruses, worms, Trojan horse threats, and other malicious infections.
Constant Real-time Protection

Through its unique OnGuard feature Spyware Doctor provides constant protection against malware. OnGuard works by blocking both known and unknown malware threats before they can install and cause any harm to a computer. OnGuard constantly monitors for malicious behavior involving spyware processes, tracking cookies, malicious ActiveX objects, browser hijackers, keyloggers, Trojans and more.
Advanced Detection and Removal Technology

By running an Intelli-Scan™, Full Scan or Custom Scan, Spyware Doctor will inspect the computer for all types of spyware and virus1 infections. Spyware Doctor is top rated by industry experts as being extremely effective in removing particularly nefarious threats such as rootkits and keyloggers2.

The unique Intelli-Scan™ feature is specifically designed to hunt swiftly and kill active running spyware threats in as little as 3 minutes3, attributed to the intuitive and patent-pending spider scanning technology. This new technology works intelligently by using a combination of signature and behavioral scanning techniques to quickly and effectively identify internet threats.
Protection against zero-day threats - Behavioral Heuristic Detection

Spyware Doctor delivers effective zero day protection against rootkits and keyloggers (in both scanning and OnGuard real-time areas) by monitoring for suspicious behavior and blocking applications that exhibit signs of malicious activity.
Advanced Rootkit Detection

Spyware Doctor is capable of detecting and removing hidden processes and files associated with complex threats and rootkits. Using behavioral techniques, rootkits and other items that attempt to hide themselves deep in the computer operating system are effectively detected and removed.
Works silently in the background with low CPU usage

When in monitoring mode Spyware Doctor has been designed to work silently in the background, with little impact to the end user, threats are blocked and removed without any system impact, while only a small alert window is displayed to advise the user it has been protected against an attack. When running a scan, the CPU Priority settings allow users to lower the priority of the scanning in order to reduce CPU usage and impact to the computer while in use. Selecting this option may increase scan time but will ease CPU usage when other applications are running at the same time.
Automatic and silent Smart Updates

Frequent updates to detect and guard computers against new threats and viruses as well as provide enhancements to Spyware Doctor are automatically installed and downloaded through the Smart Update function. Threat signatures are updated every business day or within hours of a high risk malware outbreak to protect you from the latest online threats.
Most internationally awarded anti-spyware product

Spyware Doctor is consistently awarded editors choice and top rating by numerous internationally recognized and respected industry publications, making Spyware Doctor the most internationally awarded anti-spyware product. For a full listing of all our awards visit: www.pctools.com/company/awards/

Additional Add-ons:

Virus Protection

Available as an optional add-on to Spyware Doctor, the anti-virus component provides protection against all kinds of viruses, worms, Trojan horse threats, and other malicious infections to ensure complete protection against internet threats. It is recommended to install the anti-virus add-on if there is no other virus protection on the computer.

Email Protection

Email Guard provides protection against, and instantly removes, spyware and viruses being sent or received via e-mails. All popular e-mail applications (such as Outlook Express™ & Netscape® Mail and Thunderbird) that use POP, IMAP or SMTP are supported by Email Guard.
Internet Browsing Protection

Site Guard

Site Guard provides advanced protection against potential malicious websites and phishing attacks where dangerous site are masquerading as legitimate e-Commerce sites. Site Guard will detect malicious websites and block access to them, ensuring the computer cannot be infected.


Spyware Doctor 针对身份盗窃、隐秘性间谍软件、入侵性广告软件、浏览器劫持程序、恶意ActiveX对象、危害性特洛伊程序、追踪 cookie、击键记录器、恶意拨号器和其他恶意软件提供保护功能。可选反病毒模块还可保护您的计算机免受病毒、蠕虫,特洛伊木马威胁、和其他恶意感染。

Spyware Doctor 独一无二的OnGuard 功能可提供不间断恶意软件保护。OnGuard 能在恶意软件安装并损害计算机之前,阻止已知和未知恶意软件威胁。OnGuard 对恶意行为进行不间断监控,包括间谍软件进程、跟踪 cookie、恶意 ActiveX 对象、浏览器劫持程序、击键记录器、特洛伊程序等。

通过运行 Intelli-Scan™、全盘扫描或自定义扫描,Spyware Doctor 能检查计算机,查出所有类型的间谍软件和病毒1 感染。Spyware Doctor 被业内专家评为顶级软件,对移除危害尤其大的威胁,如根成套工具(rootkits)和击键记录器极其有效2.

Spyware Doctor针对身份盗窃、隐秘性间谍软件、入侵性广告软件、浏览器劫持程序、恶意ActiveX对象、危害性特洛伊程序、追踪 cookie、击键记录器、恶意拨号器和其他恶意软件提供保护功能。可选反病毒模块还可保护您的计算机免受病毒、蠕虫,特洛伊木马威胁、和其他恶意感染。

独特的 Intelli-Scan™ 功能特别针对快速捕捉和杀灭活跃运行的间谍软件威胁而设计,整个过程只需3分钟3, 并借助直觉性(专利申请中) spider scanning 技术。通过签名和行为扫描技术的结合,该项技术可智能运行快速高效识别来自互联网的威胁。

Spyware Doctor针对根成套工具(rootkits)和击键记录器 (扫描和OnGuard 实时区域) ,通过监视可疑行为和阻止有破坏迹象的应用程序,提供有效的零天保护。

Spyware Doctor 能够检测并移除与复杂威胁和根成套相关联的隐藏进程和文件,通过使用行为技术、根成套和其他试图在计算机操作系统深层藏匿的项目可以被有效的检测到并清除掉。

监控模式下的 Spyware Doctor 为后台无干扰设计,对终端用户几乎不会造成影响。阻止和清除威胁时会弹出警示窗口,通知用户已对攻击启用保护,而对系统并不造成影响。扫描运行时,CPU 优先设置允许用户降低扫描的优先程度,从而降低CPU 使用率及使用时对计算机造成的影响。选择此项将增加扫描时间,但在其他程序同时运行的同时,能缓解CPU 使用率。
自动无干扰 Smart Updates

为保护计算机不受新威胁和新病毒的感染以及提供增强功能,Spyware Doctor 将频繁更新,并通过 Smart Update 功能自动下载和安装。在每个工作日内,或在高风险恶意软件爆发的时间段内,威胁签名将进行更新,让您远离最新的在线威胁。

多个国际上颇具盛名的产业刊物持续将 Spyware Doctor 评选为编辑的选择及顶尖软件,使其成为全球获奖最多的反间谍程序产品。若要查看所有奖项的清单,请访问:www.pctools.com/cn/company/awards/


病毒保护是Spyware Doctor 的可选插件。本反病毒部件对各类病毒、蠕虫、特洛伊木马威胁和其他恶意感染均能提供保护,确保对来自互联网的威胁提供全方位保护。如果计算机未安装其他病毒保护,建议安装本反病毒插件。

电子邮件防护是针对通过电子邮件收发传播的间谍软件和病毒,可进行保护和即刻清除。 Email Guard支持所有使用 POP,IMAP 或 SMTP 的主流电子邮件程序(如 Outlook Express,Netscape® 邮和雷鸟)。

Site Guard针对潜在的恶意网站和钓鱼攻击(常伪装成正规的电子商务站点)提供高级保护。Site Guard 将检测到恶意站点,并阻止访问,确保计算机不受感染
 楼主| 发表于 2008-5-3 10:55:38 | 显示全部楼层
第三部分 Spyware Doctor最新版本更新内容

Spyware Doctor 5.5 - What's New?

Intelli-risk levels

In previous versions of Spyware Doctor unnecessary alarm may have sometimes occurred with threats rated as high risk. This was because inactive parts of a vicious threat were detected and may have been rated as high risk, even if the entire threat was not actively running on your computer.

Now in Spyware Doctor 5.5, intelli-risk levels work by appropriately rating inactive traces of threats detected. For example, if only one component of a high risk threat is found on your computer (and it is not running or doing any harm), the risk level will be marked as a "low risk" threat, while if the same threat was actively running on your computer it would be rated "high risk".

Further advancements in rootkit removal

Rootkit removal techniques in Spyware Doctor 5.5 have become more efficient; offering maximum protection with minimal interference to the user.

It is common knowledge that rootkits are some of the most nefarious threats to have on your computer. The new version of Spyware Doctor has enhanced rootkit detection and removal techniques to reduce the number of system reboots required to remove some of the most difficult rootkits.

Reduced Memory Footprint

All software installed on your computer has an unavoidable impact on memory usage and computer performance. This is especially true of security applications that must process and check every event to ensure system safety. As part of the ongoing optimization of Spyware Doctor, we have further reduced the overall memory usage and footprint to ensure minimal impact to your computer.

Automated threat evaluation & standardized threat descriptions

Spyware Doctor 5.5 incorporates a new system which automatically evaluates threats and provides standardized descriptions.

This new system provides a simpler method of threat categorization so that you can easily differentiate and understand the threats that have been detected on your computer.

Spyware Doctor 5.5.1 - What's New?

Improved protection capabilities:

We are continually improving our protection capabilities and with Spyware Doctor 5.5.1 we have once again increased the rate of detection & removal by seamlessly combining our anti-virus technology with our anti-spyware technology. This enhanced integration of technologies means that the Spyware Doctor detection and removal capabilities are further enhanced for both viruses1 and spyware, in particular rootkits (the nastiest threats that elude user detection).
Better handling of spyware using virus-like techniques:

Hackers are now merging spyware with virus techniques to produce even more nefarious threats. Spyware Doctor 5.5.1 comes equipped with technology to better handle threats which use virus-type techniques, with the end result being better protection against a wider range of threats.

Less alerts, greater control:

Spyware Doctor's alert system has been revised to reduce the frequency of alerts experienced when surfing the Internet.

Repeated alerts when blocking the same threat have been eliminated, and new options have been added to provide greater flexibility and control when deciding to block or allow a cookie, website or threat. There is also a "remember my answer" option which, if selected, means that you will never have to see the same alert again. User input for the alerts is optional and the default action for each particular alert-type is taken if you choose not to respond.

Spyware Doctor - What's New?

Behavior Guard – BETA add-on:

Behavior Guard provides leading edge protection from zero-day (never seen before) threats, built on the award-winning ThreatFire technology.

Behavior Guard is designed to pro-actively defend your computer against both known and unknown threats solely by detecting their malicious behavior. Traditional antivirus software cannot do this and only offers reactive protection, meaning it can only protect you from new threats after the threat has been discovered and new signatures to protect against it are developed, tested, and then released for download. Behavior Guard does not rely on signatures to protect you; instead, it uses intelligent behavioral analysis to proactively hunt down and paralyze activities or behaviors that might compromise the security of your computer.

Behavior Guard is currently available in the form of a BETA add-on at: www.pctools.com/spyware-doctor/addons/

Spyware Doctor 5.5.xxx版本系列的更新特色


在旧版 Spyware Doctor 中,高级别风险威胁发生时,可能会发出不必要的告警。这是因为恶意威胁中的非活动部分被检测到,且该恶意威胁被定义为高风险,即使整个威胁程序并未在电脑中运行。

现在,Spyware Doctor 5.5 中的「智能风险」级别是由检测到的威胁在非活动时的状态来进行合理分级。例如,如果仅在电脑上找到一种高风险威胁(非运行中,或暂时无害),则风险级别将标识为「低威胁」,但是,同一威胁程序,如果正在电脑上运行,则会被分级为「高风险」。

进一步加强 rootkit 去除技术

Spyware Doctor 5.5 中的 Rootkit 去除技术变得更有效,在尽可能减少对用户干扰的同时提供最大程度的保护。

众所周知,rootkit 是计算机中最恶毒的威胁。新版 Spyware Doctor 增强了 rootkit 检测和去除技术,以减少在去除某些最顽固的 rootkit 时系统需要重启的次数。


计算机上安装的所有软件都会对内存使用和计算机性能产生必然的影响。对于安全应用程序而言更是如此,因为,它必须处理和检查每个事件以确保系统的安全性。作为 Spyware Doctor 不断优化的一个环节,我们进一步降低了内存的整体使用量和占用率,将对计算机的影响降至最低。

Spyware Doctor 5.5 采用了一个新系统,可自动评估威胁和提供标准化说明。


Spyware Doctor 5.5.1.xxx版本系列更新特色


我们正不断改善防护功能,并通过防毒技术与反间谍软件技术的完美结合,使 Spyware Doctor 5.5.1 实现病毒检测率和移除率的进一步提高。Spyware Doctor该项增强的技术集成,意味着 Spyware Doctor 对病毒1与间谍软件,特别是 Rootkit(最令人困扰的威胁,可巧妙躲避用户检测)的检测与删除能力的进一步增强。

现今的黑客会通过间谍软件与病毒技术的结合来产生更可怕的威胁。Spyware Doctor 5.5.1 配备的技术可对病毒类型威胁进行更好处理,从而获得对更广范围威胁的更佳防护。

Spyware Doctor 的告警系统经过改进,可降低上网时遭遇告警的机率。

阻止相一威胁的重复告警已消除,并新增选项,以便您决定阻止或允许某项 Cookie、网站或威胁时,拥有更大的弹性和更强的控制。另外还提供 “remember my answer”(记住我的设置)选项,如果选中,将不会再看到相同的警告。对告警的用户输入为「可选」,而且,如果选择不对告警类型进行逐条回应,就会采用默认的动作。

最新版本Spyware Doctor的更新特色

行为判断防护  – 附带插件(测试中):

行为判断防护提供了超前的“零日”威胁的防护服务,该技术基于业内备受赞誉ThreatFire发展而来。(注:ThreatFire的前身就是大名鼎鼎的Cyberhawk,这是一家美国公司,最先提出了著名的“零日攻击”概念,也是目前国际流行的主动防御系统技术最早研发团队之一,去年为PC Tools收购,公司创办人成为PCT北美区的首席执行官,旗下原有HIPS软件Cyberhawk作为独立产品更名为ThreatFire™ AntiVirus成为在PCT产品线上获得进一步完善和提高。


行为判断防护作为Spyware Doctor v新的插件正处于测试阶段,感兴趣的用户可以通过www.pctools.com/spyware-doctor/addons/下载安装试用。

5月8日PCT释放出SD5.5.1.322版,基于321版本的一些细微bug进行了修正,同时修正了特征库的小bug,因此直接运行smart update即可升级


[ 本帖最后由 daryl 于 2008-7-25 21:33 编辑 ]
 楼主| 发表于 2008-5-3 10:58:31 | 显示全部楼层

第四部分 Spyware Doctor图形界面介绍


[ 本帖最后由 daryl 于 2008-7-25 21:35 编辑 ]








 楼主| 发表于 2008-5-3 11:01:38 | 显示全部楼层
第五部分 Spyware Doctor v v6.0.0.362更新方法详解




3、安装6.0.0.362版本(如果你在安装的时候有勾选“自动安装更新”,则会看到弹出的对话框,提示你先运行Smart Update后才可以下载到数据库文件,不用关闭这个对话框,用我提供的update.exe直接替换安装目录下同名文件,然后点击运行Smart Update即可正常升级,升级完毕后,对话框上会出现“完成”字样,点击即完成新版本数据库更新。





SD v6.0.0.362官方下载地址:http://www.pctools.com/mirror/sdsetup.exe

[ 本帖最后由 daryl 于 2008-7-25 21:44 编辑 ]

Perfect Crack for PC Tools Spyware Doctor v6.0.0.354.part1.rar

500 KB, 下载次数: 2312

Perfect Crack for PC Tools Spyware Doctor v6.0.0.354.part2.rar

500 KB, 下载次数: 2187

Perfect Crack for PC Tools Spyware Doctor v6.0.0.354.part3.rar

500 KB, 下载次数: 2159

Perfect Crack for PC Tools Spyware Doctor v6.0.0.354.part4.rar

31.42 KB, 下载次数: 1421

 楼主| 发表于 2008-5-3 11:06:03 | 显示全部楼层
第六部分 Spyware Doctor 特征库备份技巧以及特征库容量大小说明


You can do this only if you are currently using v5.5.0.xxx and wish to copy it to the latest version. If you are using say v5.1.0.xxx, then this won't work).

Copy the files refdb.bin3 and refdb.old (located in c:\Program Files\Spyware Doctor\) to another location, then install SDv5. Once it has been installed, copy these files over.

Note: If you have SD+AV, you will need also need to copy avdb folder.


将安装目录下的refdb.bin3以及 refdb.old文件备份到别的位置,然后执行SD5的安装程序,完毕后将备份文件覆盖到安装目录即可。



Roughly a year ago we added several hundred thousand special signatures to cover Storm and similar threats and the versions of those threats that were covered are no longer active, so we are removing them. Also we are trying to use generic signatures that replace thousand of individual file checksums. In that regards, the MRC team will do a clean-up of the signature database to make the database more effecient. There may be more reduction (as required) in the coming days

Signature and detection mechanisms have been optimized and may result in an overall decrease in signature counts but there will be no loss in detections and in fact are expected to improve. The optimization also helps reduce overall virtual memory usage.








[ 本帖最后由 daryl 于 2008-7-25 21:51 编辑 ]
 楼主| 发表于 2008-5-3 11:06:53 | 显示全部楼层
第七部分 Spyware Doctor的误杀和内存占用 – 用事实说话
























 楼主| 发表于 2008-5-3 11:09:31 | 显示全部楼层

[ 本帖最后由 daryl 于 2008-5-2 19:14 编辑 ]
发表于 2008-5-3 11:27:14 | 显示全部楼层
发表于 2008-5-3 22:48:13 | 显示全部楼层
谢谢老大 ,俺用你的205的是最好的,这个肯定也是很好使的,谢谢!
您需要登录后才可以回帖 登录 | 快速注册


手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2025-3-7 11:27 , Processed in 0.150222 second(s), 20 queries .


快速回复 客服 返回顶部 返回列表