PDA

View Full Version : spybot destroyed my registry



cpasule
2007-09-29, 22:59
spybot messed up my registry so bad that i couldn't even boot up to restore a registry point. it corrupted system32 folders and i had to reinstall windows on another drive and reinstall all my software. i'm never using it again. no adaware program should mistake system32 entries for spyare.

tashi
2007-09-30, 04:01
Hello.

spybot messed up my registry so bad that i couldn't even boot up to restore a registry point. it corrupted system32 folders and i had to reinstall windows on another drive and reinstall all my software.

Are you sure you downloaded and installed Spybot-S&D from Safer-Networking or one of our official mirrors.

I have not heard of such a thing as you describe, please give more details.

JeffBowser
2007-10-01, 19:04
Same for me - how does one access the spybot reg backup from the recovery console ? Safe mode won't gp, Xp repair doesn't. In-place reinstall of Xp, they all lead to same thing. Blue 0x0000007B STOP error right after the XP logo screen. Only thing I allowed Spybot 1.5 to do was remove a reg entry for WudfdRD, which I now believe was a false positive on a vital Windows driver...

tashi
2007-10-01, 19:26
Hello.

Please produce a complete Spybot scan report:

Open Spybot-S&D and start a scan ("check for problems"). After the scan, right-click in the results field and choose either "Save full report to file..." or "Copy full report to clipboard".

Then attach the file (or copy the report) to the email and send it to: detections(at)spybot.info (Replace AT with @)

Thanks.

JeffBowser
2007-10-01, 20:53
How does one open SpyBot when Windows won't boot.


Hello.

Please produce a complete Spybot scan report:

Open Spybot-S&D and start a scan ("check for problems"). After the scan, right-click in the results field and choose either "Save full report to file..." or "Copy full report to clipboard".

Then attach the file (or copy the report) to the email and send it to: detections(at)spybot.info (Replace AT with @)

Thanks.

tashi
2007-10-01, 20:56
Hello.

I have left a note for the Team. Is this a PC or workplace machine?

Best regards.

JeffBowser
2007-10-01, 21:07
Workplace machine.


Hello.

I have left a note for the Team. Is this a PC or workplace machine?

Best regards.

Buster
2007-10-02, 09:14
Do you remember the name of the threat Spybot was trying to remove?

JeffBowser
2007-10-02, 15:05
What I stated in post 3 was it. That and 20 cookies.


Do you remember the name of the threat Spybot was trying to remove?

Buster
2007-10-02, 17:02
Thatīs the name of the key. I was asking for the name of the threat. Usually it should be displayed in big red letters. Unfortunately I did not find anything like "WudfdRD" in our detection database.
I guess the original file name is "Wudfrd.sys" located at "windows\system32\drivers" but it isnīt in our database, too. If youīd remember the threatīs name, we may find the reason for this fault.:fear:

JeffBowser
2007-10-03, 18:03
Too late, I had to get back to work. Made a parallel XP install, and reinstalled all my stuff. Terrible day and a half.


Thatīs the name of the key. I was asking for the name of the threat. Usually it should be displayed in big red letters. Unfortunately I did not find anything like "WudfdRD" in our detection database.
I guess the original file name is "Wudfrd.sys" located at "windows\system32\drivers" but it isnīt in our database, too. If youīd remember the threatīs name, we may find the reason for this fault.:fear:

macthings
2007-10-08, 05:07
Spybot turned off a file named wudfrd
and now I cant get into my Vista

JeffBowser
2007-10-08, 15:18
Good luck with that one, mate. Unless you have a recent and accessible registry backup, it's likely you'll end up where I did: reinstalling Windows. Apparently nobody here knows what this "wudfrd" file is about.

macthings
2007-10-08, 20:52
HKEY_LOCAL_MACHINE\system\controlset002\service\wudfrd

It mentioned something about that before i ruined everything.

Yodama
2007-10-09, 17:25
thank you for reporting this,

as Buster said, we do not target this service and file.
It is actually related to mobile devices attached to a Windows computer.

As it appears this issue appears on certain configurations and/or situations only, which is why we have not been able to recreate this issue with our test computers.

If possible we would like have some more information:
* which OS do you use ( information on language, service packs and patches can also be helpfull, this info can be found in a Spybot S&D Report)
* version and updateversion of Spybot S&D (also visible in Spybot S&D Report)
* was the Teatimer active
* were there mobile devices attached to the computer
* were there other active security tools running, like a virus guard or similar?