PDA

View Full Version : Registery Check



Frank C
2005-12-20, 20:58
Spybot suggestion
It seems that many malware attacks change the Registry.
Would this scheme make any sense?
Save a copy of the registry. When a registry change is detected by Spybot and accepted save it again. When the Spybot scan runs, compare the current registry with the saved copy, report any differences which may indicate malware and offer the option to restore the saved copy.

Frank C.

md usa spybot fan
2005-12-20, 22:18
Spybot's TeaTimer monitors approximately 35 registry keys. When TeaTimer detects a change to any of these registry keys it notifies you. At that time you can take action by either allowing the change or denying the registry change.

I personally think that this is a better way to handle potential malicious registry changes then storing them and reporting all changes of the registry at one time. The real time monitoring by TeaTimer gives you added advantage of analyzing cause and affect at that time of the registry change.

ldavis
2006-02-13, 23:07
Spybot's TeaTimer monitors approximately 35 registry keys. When TeaTimer detects a change to any of these registry keys it notifies you. At that time you can take action by either allowing the change or denying the registry change.

I personally think that this is a better way to handle potential malicious registry changes then storing them and reporting all changes of the registry at one time. The real time monitoring by TeaTimer gives you added advantage of analyzing cause and affect at that time of the registry change.

I recently downloaded and installed version 1.4 and when I install a program that requires registry changes, I get a SpyBot panel that only allows me the option of remembering or not remembering my choice but I don't have a choice to accept or reject the change.

The change is, therefore, blocked.

What should I do?

ldavis

md usa spybot fan
2006-02-13, 23:46
ldavis:

It appears that you installed the optional TeaTimer program.

There is currently a bug in TeaTimer 1.4. Portions of TeaTimer's popup dialog overlay the "Allow change" and "Deny change" buttons. On my system the very top edges of the "Allow change" and "Deny change" buttons are showing and I am still able to select the options. I also can check "Remember this decision" since it is visible. If no portion of the "Allow change" and "Deny change" buttons are showing, you can answer TeaTimer's popup dialog (English language version) by pressing "A" on your keyboard for "Allow change" or "D" for "Deny change". If you close the dialog without answering "Allow change" or "Deny change" the registry change is denied. Note that if you close the popup dialog without answering it the registry change will be denied.

If you can't deal with the problem that way until it is fixed, you can:
Apply one of the workarounds found in the following pinned (Sticky) thread that fixes the pop-up dialog so the buttons are visible:
Solution to fix the pop-ups in TeaTimer
http://forums.spybot.info/showthread.php?t=122
Disable TeaTimer as follows:
Go into Spybot > Mode > Advanced Mode > Tools > Resident.
Uncheck the following:Resident "TeaTimer" (Protection of over-all system settings) Active.