• Welcome Guest, to the Spybot Forums! It's 2025, and we just upgraded our forum software.

    Today is Safer Internet Day, and with our new forum, you can finally use passkeys to login. That was about time!

    Of course, you could ask if a forum is still useful, with so many social media networks out there where you might already have an account, and met a lot of users. You can now use your login from some of those networks to log in here. And by posting here, your question and data is stored on our servers and not automatically shared with a whole social media network.

    We'll also start using the forum for small bits of information, announcements and more again.

Spybot has detected an important registry entry that has been changed

J

JoeWilli

New member
I couldn't find in the tutorial what this means exactly. Should I generally accept or deny the change? It comes after rebooting so my guess is that Spybot has changed the registry to eliminate a bot, but the malware is trying to undo Spybot's change.

I naively accepted some changes initially and checked "remember this decision", but on later thought decided I should instead be rejecting them. Is there any way to go back to undo the previous "remember this decision?"
 
please read......

more on teatimer (spybot resident) here:

http://www.spybot.info/en/faq/33.html

http://www.spybot.info/en/faq/8.html

http://www.spybot.info/en/faq/34.html

http://www.spybot.info/en/faq/5.html

The last link explains how to undo a decision you have made. :)

Hope that helps! Basically, a rule of thumb is if you are changing settings on your computer or installing/removing software when you are asked the allow or deny, it is safe to allow and remember. If you are on the internet and see this at random without changing anything, you should be cautious. :)
 
Last edited:
Joe, I think you mistakenly denied a change.

If Spybot-SD is unable to remove an entry during Normal Boot, then it'll attempt to schedule a scan during startup and remove the entry there. If you have TeaTimer active and the removal of the entry was successful, then TeaTimer will prompt you that an entry was removed/deleted (if the removal was successful) or an entry was added (if it was scheduling a scan). The entry in most cases would be "SpybotDeleting00000". The zeros represent a variable, in this case a number.
-
In TeaTimer 1.5 >>:

If you check "Remember this decision" on a registry change, the information concerning that change it is stored in a file. TeaTimer uses that information to automatically "Allow" or "Deny" similar registry changes for all future changes. To edit that information:
  • Right click on the TeaTimer system tray icon (labeled "Spybot-SD Resident") and select Settings. This will bring up TeaTimer's "White & Black List". There are four (4) Buttons across the top of the "White & Black List":
    • Allowed registry changes
    • Blocked registry changes
    • Allowed processes
    • Blocked processes
  • You can review all the entries that you have stored by clicking on these buttons. If entries you are interested in are for registry changes, the entries that you should review are in "Allowed registry changes" and "Blocked registry changes".
  • You can delete stored entries by clicking on the scripted black "X" to the right of the entry that you want to delete, answering "Yes" to the confirmation dialog and then clicking the "OK" button when you're done.
--

If you follow the instructions above, you can undo the change.
 
You must log in or register to reply here.
Back
Top