PDA

View Full Version : S&D registry entry



Aceric
2010-02-23, 04:53
I recently got spyware called "Antivirus Soft". After getting rid of it as far as I'm aware of, I've been getting a constant registry change for my winlogon. The entry is UserInit, old data userinit.exe and new data is C:\Windows\SysWOW64\Userinit.exe. I've been reading forums and I understand this is a normal process, but after getting this spyware I turned on paranoid mode so I have no previous knowledge of this registry change. I deny just cause I don't want it to end up being the spyware trying to get going again. I've read that this can be spyware, since this process doesn't happen except at logon, and its trying to replace the data. If any of this is confusing or you need more information I'll be glad to answer, until then I'll keep denying this change. One other thing is when I deny the change another one pops up saying its value was deleted and the entry is shell with old data being explorer.exe and no new data.

spybotsandra
2010-02-23, 11:22
Hello,

Please read this information about TeaTimer: FAQ33 (http://www.safer-networking.org/en/faq/33.html) and FAQ34 (http://www.safer-networking.org/en/faq/34.html).
If you surf the web and without any user interaction the TeaTimer pops up and warns about a registry change it is better to "deny".
But if you install something by yourself it is OK to "allow" the change.
The tutorial (http://www.safer-networking.org/en/tutorial/index.htm) (point 8) on our homepage should also help explaining.

If you have scanned and fixed items with Spybot you have to allow the registry change that the Resident TeaTimer is asking for.
Only then the items will be deleted completely.

Best regards
Sandra
Team Spybot

Aceric
2010-02-23, 19:10
Okay, thank you very much. I allowed it and I'm running the scan again, to double check things. Tea Timer is no longer popping up and nothing funny has been happening. Thank you again, I can't stand dealing with spyware.