Results 1 to 3 of 3

Thread: Spybot has detected an important registry entry that has been changed

  1. #1
    Junior Member
    Join Date
    Aug 2008
    Posts
    1

    Default Spybot has detected an important registry entry that has been changed

    I couldn't find in the tutorial what this means exactly. Should I generally accept or deny the change? It comes after rebooting so my guess is that Spybot has changed the registry to eliminate a bot, but the malware is trying to undo Spybot's change.

    I naively accepted some changes initially and checked "remember this decision", but on later thought decided I should instead be rejecting them. Is there any way to go back to undo the previous "remember this decision?"

  2. #2
    Senior Member 129260's Avatar
    Join Date
    Sep 2007
    Location
    Somewhere in the USA
    Posts
    1,142

    Lightbulb please read......

    more on teatimer (spybot resident) here:

    http://www.spybot.info/en/faq/33.html

    http://www.spybot.info/en/faq/8.html

    http://www.spybot.info/en/faq/34.html

    http://www.spybot.info/en/faq/5.html

    The last link explains how to undo a decision you have made.

    Hope that helps! Basically, a rule of thumb is if you are changing settings on your computer or installing/removing software when you are asked the allow or deny, it is safe to allow and remember. If you are on the internet and see this at random without changing anything, you should be cautious.
    Last edited by 129260; 2008-08-03 at 18:51.
    "I am learning just like everyone else"
    new members!
    Custom built PC. Windows 7 pro x64 16GB Ram
    AMD FX 8 core 8350 Black edition
    SABERTOOTH 990FX/GEN3 R2.0
    Asus HD 7870 2GB GDDR5

  3. #3
    Senior Member drragostea's Avatar
    Join Date
    Jan 2008
    Location
    @Home
    Posts
    3,699

    Default

    Joe, I think you mistakenly denied a change.

    If Spybot-SD is unable to remove an entry during Normal Boot, then it'll attempt to schedule a scan during startup and remove the entry there. If you have TeaTimer active and the removal of the entry was successful, then TeaTimer will prompt you that an entry was removed/deleted (if the removal was successful) or an entry was added (if it was scheduling a scan). The entry in most cases would be "SpybotDeleting00000". The zeros represent a variable, in this case a number.
    -
    In TeaTimer 1.5 >>:

    If you check "Remember this decision" on a registry change, the information concerning that change it is stored in a file. TeaTimer uses that information to automatically "Allow" or "Deny" similar registry changes for all future changes. To edit that information:
    • Right click on the TeaTimer system tray icon (labeled "Spybot-SD Resident") and select Settings. This will bring up TeaTimer's "White & Black List". There are four (4) Buttons across the top of the "White & Black List":
      • Allowed registry changes
      • Blocked registry changes
      • Allowed processes
      • Blocked processes
    • You can review all the entries that you have stored by clicking on these buttons. If entries you are interested in are for registry changes, the entries that you should review are in "Allowed registry changes" and "Blocked registry changes".
    • You can delete stored entries by clicking on the scripted black "X" to the right of the entry that you want to delete, answering "Yes" to the confirmation dialog and then clicking the "OK" button when you're done.

    --

    If you follow the instructions above, you can undo the change.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •