PDA

View Full Version : Registry Change


Kenjii
2008-08-05, 02:12
Hello, recently i contracted something that is attempting to make a registry change - Thankfully Spybot S&D caught it before it could do anything, however, it keeps trying.. again and again. I searched and found this (http://http://forums.spybot.info/showthread.php?t=394) thread, but it confirmed that it wasn't a malicious program. Here is one of the hundreds of logs from the blocked Registry change.

8/4/2008 7:55:29 PM Denied (based on user blacklist) value "ExcludeFromKnownDlls" (new data: "") deleted in Session manager!
8/4/2008 7:55:30 PM Denied (based on user blacklist) value "BootExecute" (new data: "autocheck autochk *
") changed in Session manager!
8/4/2008 7:55:30 PM Denied (based on user blacklist) value "ExcludeFromKnownDlls" (new data: "") deleted in Session manager!
8/4/2008 7:55:31 PM Denied (based on user blacklist) value "BootExecute" (new data: "autocheck autochk *
") changed in Session manager!

It goes on and on like that, many thanks for any help you may provide.

edit: I'm running Vista 64 if that matters at all.
md usa spybot fan
2008-08-05, 05:50
Kenjii:

If you check "Remember this decision" on a change, the information concerning that change it is stored in a file. TeaTimer uses that information to automatically "Allow" or "Deny" similar registry changes for all future changes. To edit that information:Right click on the TeaTimer system tray icon and select Settings. This will bring up TeaTimer's "White & Black List". There are four (4) Buttons across the top of the "White & Black List":
Allowed registry changes
Blocked registry changes
Allowed processes
Blocked processes
You can review all the entries that you have stored by clicking on these buttons. The entries that you should review are in "Blocked registry changes". You can delete entries by clicking on the scripted black "X" to the right of the entry that you want to delete, answering "Yes" to the confirmation dialog and then clicking the "OK" button when you're done.After you have done that, the next time a similar registry change occurs TeaTimer will issue a registry change dialog rather than automatically deny the change. At that time you should allow the changes and I suggest that you do not use the "Remember this decision" option.
Kenjii
2008-08-05, 16:48
Thank you