Results 1 to 4 of 4

Thread: Registery Check

  1. #1
    Senior Member
    Join Date
    Oct 2005
    Location
    Potomac MD USA
    Posts
    119

    Default Registery Check

    Spybot suggestion
    It seems that many malware attacks change the Registry.
    Would this scheme make any sense?
    Save a copy of the registry. When a registry change is detected by Spybot and accepted save it again. When the Spybot scan runs, compare the current registry with the saved copy, report any differences which may indicate malware and offer the option to restore the saved copy.

    Frank C.

  2. #2
    Spybot Advisor Team [Retired] md usa spybot fan's Avatar
    Join Date
    Oct 2005
    Posts
    5,859

    Default

    Spybot's TeaTimer monitors approximately 35 registry keys. When TeaTimer detects a change to any of these registry keys it notifies you. At that time you can take action by either allowing the change or denying the registry change.

    I personally think that this is a better way to handle potential malicious registry changes then storing them and reporting all changes of the registry at one time. The real time monitoring by TeaTimer gives you added advantage of analyzing cause and affect at that time of the registry change.

    Getting an answer is one thing, learning is another.


    Microsoft Windows XP Home Edition running on a 2.40GHz IntelŪ PentiumŪ 4 Processor with 512 MB of RAM and a 533 MHz System Bus.

  3. #3
    Junior Member
    Join Date
    Feb 2006
    Posts
    1

    Default Registry Changes

    Quote Originally Posted by md usa spybot fan
    Spybot's TeaTimer monitors approximately 35 registry keys. When TeaTimer detects a change to any of these registry keys it notifies you. At that time you can take action by either allowing the change or denying the registry change.

    I personally think that this is a better way to handle potential malicious registry changes then storing them and reporting all changes of the registry at one time. The real time monitoring by TeaTimer gives you added advantage of analyzing cause and affect at that time of the registry change.
    I recently downloaded and installed version 1.4 and when I install a program that requires registry changes, I get a SpyBot panel that only allows me the option of remembering or not remembering my choice but I don't have a choice to accept or reject the change.

    The change is, therefore, blocked.

    What should I do?

    ldavis

  4. #4
    Spybot Advisor Team [Retired] md usa spybot fan's Avatar
    Join Date
    Oct 2005
    Posts
    5,859

    Default

    ldavis:

    It appears that you installed the optional TeaTimer program.

    There is currently a bug in TeaTimer 1.4. Portions of TeaTimer's popup dialog overlay the "Allow change" and "Deny change" buttons. On my system the very top edges of the "Allow change" and "Deny change" buttons are showing and I am still able to select the options. I also can check "Remember this decision" since it is visible. If no portion of the "Allow change" and "Deny change" buttons are showing, you can answer TeaTimer's popup dialog (English language version) by pressing "A" on your keyboard for "Allow change" or "D" for "Deny change". If you close the dialog without answering "Allow change" or "Deny change" the registry change is denied. Note that if you close the popup dialog without answering it the registry change will be denied.

    If you can't deal with the problem that way until it is fixed, you can:
    1. Apply one of the workarounds found in the following pinned (Sticky) thread that fixes the pop-up dialog so the buttons are visible:
      Solution to fix the pop-ups in TeaTimer
      http://forums.spybot.info/showthread.php?t=122
    2. Disable TeaTimer as follows:
      • Go into Spybot > Mode > Advanced Mode > Tools > Resident.
      • Uncheck the following:
        • Resident "TeaTimer" (Protection of over-all system settings) Active.

    Getting an answer is one thing, learning is another.


    Microsoft Windows XP Home Edition running on a 2.40GHz IntelŪ PentiumŪ 4 Processor with 512 MB of RAM and a 533 MHz System Bus.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •