bikerman
2008-03-28, 12:38
As a non-techie new user of spybot, I have what may be a naive question, but I'm hoping someone can help me on it: Whenever I open a new IE browser window or tab, spybot detects "an important registry entry that has been changed". The category is "User-specific browser toolbar". The Change is "Value added". The Entry and New Data descriptions are a string of alpha-numerics (hex maybe?). I am asked to Allow or Deny the change. In layman's terms, what has spybot discovered and what should I do about it? To date I've been Denying the change with no obvious adverse effects, but I'm loathe to click "Remember this decision" until I know more about what's actually happening here. Any help or guidance would be greatly appreciated!
spybotsandra
2008-03-28, 13:30
Hello,
Please read this information about TeaTimer:
http://www.safer-networking.org/en/faq/33.html
and http://www.safer-networking.org/en/faq/34.html
If you surf the web and without any user interaction the teatimer pops up and warns about a registry change it is better to "deny", but if you install something by yourself it is OK to "allow" the change.
Best regards
Sandra
Team Spybot
bikerman
2008-03-28, 13:54
But what is actually happening to cause this detect notification? And do I seriously have to click "Deny" every single time I open an IE window or tab? That would be a pain. And I've lived without spybot for years with no detrimental effect from merely opening IE. Why is something potentially attacking me (if that's what it is) now every time I open a window or tab? (Also, at the end of your reply you refer to not using PMs for help... what are they?)
Thanks and regards
Bikerman
md usa spybot fan
2008-03-28, 14:30
bikerman:
Please post the portion of the Resident.log that shows the changes you are having problems with.
There are several ways (4 listed below) to access the TeaTimer's Resident.log file:
Right click on the TeaTimer (Spybot-SD Resident) system tray icon and select Show Log.
Go into Spybot > Mode > Advanced Mode > Tools > Resident.
Go into Spybot > Mode > Advanced mode > Tools > View Reports > View Previous reports. Select the Resident.log file and open it.
Using Windows Explorer, navigate to the Resident.log file located in one of the following directories:
Windows 95 or 98:
C:\Windows\Application Data\Spybot - Search & Destroy\Logs
Windows ME:
C:\Windows\All Users\Application Data\Spybot - Search & Destroy\Logs
Windows NT, 2000 or XP:
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs
Windows Vista:
C:\ProgramData\Spybot - Search & Destroy\Logs
Double click on Resident.log file and it should open with Notepad.
To copy information from the log into a post in the forum:
Copy the information into the Clipboard:
Highlight the portion of the log that you want to copy.
Right click and select Copy.
Paste (Ctrl+V) the information from the Clipboard to a new post in this thread.
__________
PMs are Private Messages which is a forum feature that allows communication between individual forum members.
bikerman
2008-03-28, 19:55
OK - here's what's in the log for today:
28/03/2008 10:40:53 Denied (based on user decision) value "{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}" (new data: "hex:39,B2,D4,F0,4B,DA,AF,4D,81,E4,DF,EE,49,31,A4,AA") added in User-specific browser toolbar!
28/03/2008 10:42:17 Denied (based on user decision) value "{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}" (new data: "hex:39,B2,D4,F0,4B,DA,AF,4D,81,E4,DF,EE,49,31,A4,AA") added in User-specific browser toolbar!
28/03/2008 10:44:51 Denied (based on user decision) value "{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}" (new data: "hex:39,B2,D4,F0,4B,DA,AF,4D,81,E4,DF,EE,49,31,A4,AA") added in User-specific browser toolbar!
28/03/2008 10:47:45 Denied (based on user decision) value "{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}" (new data: "hex:39,B2,D4,F0,4B,DA,AF,4D,81,E4,DF,EE,49,31,A4,AA") added in User-specific browser toolbar!
28/03/2008 10:48:43 Denied (based on user decision) value "{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}" (new data: "hex:39,B2,D4,F0,4B,DA,AF,4D,81,E4,DF,EE,49,31,A4,AA") added in User-specific browser toolbar!
28/03/2008 11:00:32 Denied (based on user decision) value "{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}" (new data: "hex:39,B2,D4,F0,4B,DA,AF,4D,81,E4,DF,EE,49,31,A4,AA") added in User-specific browser toolbar!
28/03/2008 11:34:27 Denied (based on user decision) value "{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}" (new data: "hex:39,B2,D4,F0,4B,DA,AF,4D,81,E4,DF,EE,49,31,A4,AA") added in User-specific browser toolbar!
md usa spybot fan
2008-03-28, 20:10
bikerman:
Do you use ZoneAlarm? Were you installing, upgrading, etc. and opted to allow the installation of the optional Spy Blocker Toolbar?
The messages you were/are getting appear to be related to the ZoneAlarm Spy Blocker toolbar. Reference: CastleCops - GUID {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} (http://www.castlecops.com/clsid-39920.html)
bikerman
2008-03-28, 20:34
Correct - I have the ZoneAlarm Spy Blocker Toolbar installed... so what would you advise I do?
md usa spybot fan
2008-03-28, 21:35
bikerman:
Correct - I have the ZoneAlarm Spy Blocker Toolbar installed... so what would you advise I do?
???
If you want the ZoneAlarm Spy Blocker Toolbar installed, stop doing a "Deny change" when that TeaTimer dialog requests you to respond and do an "Allow change" so that the ZoneAlarm Spy Blocker Toolbar can be installed.
bikerman
2008-03-31, 10:26
That would make sense, except that it is already installed and works as expected even when I deny the change.