View Full Version : Managing Spybot Detected Registry Changes
Spybot recently gave me multiple pop-ups reporting changes in my registry, I accidentally clicked 'accept' instead of 'deny' on these. Fortunately, I checked the box that says to 'remember the change', but I have no idea how to access that and reverse the changes now. Also, how is one to know what constitutes 'dangerous' registry changes and which changes are 'O.K.'? Thanks to whomever can help me with this!
md usa spybot fan
2008-07-09, 15:54
LeighB:
There is no facility within TeaTimer to reverse any Registry change decisions ("Allow change" or "Deny change") that you make. You have to redo whatever you were doing so that the Registry change is done again (or manually edit the Registry).
If you check "Remember this decision" on a change, the information concerning that change it is stored in a file. TeaTimer uses that information to automatically "Allow" or "Deny" similar registry changes for all future changes. To edit that information:Right click on the TeaTimer system tray icon and select Settings. This will bring up TeaTimer's "White & Black List". There are four (4) Buttons across the top of the "White & Black List":
Allowed registry changes
Blocked registry changes
Allowed processes
Blocked processes
You can review all the entries that you have stored by clicking on these buttons. The entries that you should review are in "Allowed registry changes" and "Blocked registry changes". You can delete entries by clicking on the scripted black "X" to the right of the entry that you want to delete, answering "Yes" to the confirmation dialog and then clicking the "OK" button when you're done.After you have done that, the next time a similar registry change occurs TeaTimer will issue a registry change dialog rather than automatically allow or deny the change. I suggest that you only use the "Remember this decision" option when necessary to prevent repetitive changes.
I will apply take your suggestions and appreciate the help. How do I know which changes are 'safe' and which are not?
md usa spybot fan
2008-07-09, 20:11
LeighB:
... How do I know which changes are 'safe' and which are not?
I'm sorry, but here is no pat (perfect) answer to your question.
The registry change function with TeaTimer is not rule based (with a few exceptions) and is merely reporting that a change to one the registry keys it monitors has occurred. This gives you the opportunity to reverse that change by responding with "Deny Change" if you think the change has been initiated by something malicious.
My personal philosophy on handling TeaTimer registry change dialogs is:
Realize that the registry change monitor within TeaTimer is not rule based (with a few exceptions so it will not interfere with certain other security packages). In general it reports all changes within certain registry keys, good, bad or indifferent.
When a change occurs try to take into consideration what is happening on your system (installing, updating, removing malware, etc.).
If you can't figure out what the change is, don't necessarily "Deny …" the change. If you deny the wrong change you can adversely affect the stability, functionality and even the security of your system.
Remember, if you "Allow …" all changes, you would be no worse off than if I didn't have TeaTimer enabled at all.
One additional note:
As long as the TeaTimer dialog is outstanding there is an opportunity to reverse the registry change by doing a "Deny change". This gives you a chance to either think about or research that type of change and what was going on in your system.
Seems to be to confusing for you, i recommend disabling it.
To disable teatimer (spybots resident) =>
Open spybot, then click mode-advanced mode. Choose yes. Go to settings, then click resident. uncheck teatimer (spybots resident) protection over all systems active. Teatimer will be disabled, but you will still be protected in Internet explorer from bad downloads. =] Hope that helps!!
(Teatimer is the thing asking allow or deny)
Northerner
2008-08-30, 13:04
LeighB:
There is no facility within TeaTimer to reverse any Registry change decisions ("Allow change" or "Deny change") that you make. You have to redo whatever you were doing so that the Registry change is done again (or manually edit the Registry).
If you check "Remember this decision" on a change, the information concerning that change it is stored in a file. TeaTimer uses that information to automatically "Allow" or "Deny" similar registry changes for all future changes. To edit that information:
Tea Timer warned me about a Registry change which I inadvertantly blocked, but should have accepted. I did not check "Remember this decision" box.
The only change I noticed,on my computer, was that McAfee Site Advisor vanished. I have downloaded it again but it disappears when I turn off the machine.
Is there anything I can do without going into Registry-something I have no intention of doing as I am strictly an "amateur"!