It's simple, Rakion is one of my favorite games, however their updater always reinstalls BTDNA, which is a horrid program, I am almost certain it does something malicious in the background (considering when its running my internet activity is through the roof). Is there a way I can block this process, add it to the black list of processes with teatimer? Or prevent it from being able to install at all? I don't want to do my trick of making a program of the same name in the same folder that is always running, just has no lines of code :P (great for stopping viruses :P)

I'm not a Rakion user, but I'll try to explain it the best I can (give you a resolution if possible).

By BTDNA, I'm assuming you are referring to the P2P program "BitTorrent" or it's 'DNA' feature which supposedly "speeds" up downloads (which in my opinion is false). Can you manually select which updates to choose from the game, or is it automatic (like downloads all the updates)? It sounds a bit shifty like Apple.

I'm not sure if you can prevent it from installing it all with TeaTimer, but you can stop it from starting up or adding toolbars and such. A good HIP program might do the job of stopping it from installing it at all (with going through some dozen of prompts). If you are using Comodo Pro Firewall it will do the job with Defense +.

You can always kill the BitTorrent process.
-
So what happens when you uninstall BTDNA? It still comes back with the Updater?

Yeah it comes back with the next update, otherwise I kill it then uninstall it, teatimer usually stops it from getting added to startup. Teamtimer has a blacklisted processes thing, tis why I wonder if that can be configured to blacklist btdna.

Rakion does not require this to run... it actually runs smoother without it (prolly cause btdna isn' in the background broadcasting random garbage over the internet)

SlimySlayer:

See if the following thread helps:
Blocking processes (Spybot 1.5/TeaTimer beta)...
http://forums.spybot.info/showthread.php?t=15291

ah, I'm on 1.6, I made this file


// info: Trevor's blocks

:: BTDNA
File:"Description","iexplore.exe","filesize>=1"
AutoRunByFilename:"*\BTDNA.exe","","filesize>=1"
File:"Internet Explorer web browser","<$PROGRAMFILES>\Internet Explorer\iexplore.exe","filesize>=1"


Two attempts at IE in there, neither seemed to do anything, didn't block IE anyways, and doesn't show in blocked processes list in teatimer, unless I did this wrong?


C:\Program Files\Spybot - Search & Destroy\Trevor.sbi

(moved this thread into the OpenSBI section for discussions on SBI issues :) )

The first attempt fails because of the missing path. See the documentation of File (Wiki) (http://wiki.spybot.info/index.php/File). The OpenSBI editor will help you by showing problems if you press F1 as well :)

You need to restart TeaTimer so that it'll recognize new/changed files.

I unchecked it in Spybot, waited then rechecked it, thats not good enough restart?

I just sent the files to the email adress you mentioned. Before I made my detection rules I installed the samples twice in a virtual machine. Both times the ID was the same but I am quite sure that it will change soon. Is there a way to use wildcards for directories? Or is there another way how I could detect this stuff without using the static name? Additionally I am not sure if I used the startmenu rules in a correct syntax (Is it correctly to use the filerange on that way?)

I am looking forward to hear from you