View Full Version : Spybot has detected an important registry entry that has been changed
JoeWilli
2008-08-03, 16:39
I couldn't find in the tutorial what this means exactly. Should I generally accept or deny the change? It comes after rebooting so my guess is that Spybot has changed the registry to eliminate a bot, but the malware is trying to undo Spybot's change.
I naively accepted some changes initially and checked "remember this decision", but on later thought decided I should instead be rejecting them. Is there any way to go back to undo the previous "remember this decision?"
more on teatimer (spybot resident) here:
http://www.spybot.info/en/faq/33.html
http://www.spybot.info/en/faq/8.html
http://www.spybot.info/en/faq/34.html
http://www.spybot.info/en/faq/5.html
The last link explains how to undo a decision you have made. :)
Hope that helps! Basically, a rule of thumb is if you are changing settings on your computer or installing/removing software when you are asked the allow or deny, it is safe to allow and remember. If you are on the internet and see this at random without changing anything, you should be cautious. :)
drragostea
2008-08-04, 05:06
Joe, I think you mistakenly denied a change.
If Spybot-SD is unable to remove an entry during Normal Boot, then it'll attempt to schedule a scan during startup and remove the entry there. If you have TeaTimer active and the removal of the entry was successful, then TeaTimer will prompt you that an entry was removed/deleted (if the removal was successful) or an entry was added (if it was scheduling a scan). The entry in most cases would be "SpybotDeleting00000". The zeros represent a variable, in this case a number.
-
In TeaTimer 1.5 >>:
If you check "Remember this decision" on a registry change, the information concerning that change it is stored in a file. TeaTimer uses that information to automatically "Allow" or "Deny" similar registry changes for all future changes. To edit that information: Right click on the TeaTimer system tray icon (labeled "Spybot-SD Resident") and select Settings. This will bring up TeaTimer's "White & Black List". There are four (4) Buttons across the top of the "White & Black List":
Allowed registry changes
Blocked registry changes
Allowed processes
Blocked processes
You can review all the entries that you have stored by clicking on these buttons. If entries you are interested in are for registry changes, the entries that you should review are in "Allowed registry changes" and "Blocked registry changes". You can delete stored entries by clicking on the scripted black "X" to the right of the entry that you want to delete, answering "Yes" to the confirmation dialog and then clicking the "OK" button when you're done.
--
If you follow the instructions above, you can undo the change.