Results 1 to 4 of 4

Thread: SpyBot vs Updating the Windows Gina

  1. 2007-09-04, 22:21 #1
    MWGRAD
    MWGRAD is offline
    Junior Member
    Join Date
    Sep 2007
    Posts
    2

    Smile SpyBot vs Updating the Windows Gina

    I work for a major software vendor and we have a software install that updates the Windows Gina.

    When the install is pushed from across the network via remote execution using tools such as the ones from SYSINTERNALS, the Windows Gina is not updated.

    Spybot appears to be preventing the changing of the gina.
    Here is a sample log file.

    (27/08/2007 3:34:03 PM Denied value "GinaDLL" (new data: "XXgina.dll") added in Winlogon!)

    Any suggestions on how to address this short of removing Spybot?
    Reply With Quote Reply With Quote
  2. 2007-09-04, 22:48 #2
    PepiMK
    PepiMK is offline
    Member of Team Spybot PepiMK's Avatar
    Join Date
    Oct 2005
    Location
    Planet Earth
    Posts
    3,601

    Default

    It shouldn't deny anything unless you tell it so in the confirmation dialog it shows, unless the target file is identified as a bad file, which I think probably is not the case here, since what you mentioned sounds more like installing a redistributable provided by Microsoft, so surely not tampered with? Or is it some custom gina DLL?

    I'm forwarding this to someone who already looked into a possible Winlogon thing today!
    Just remember, love is life, and hate is living death.
    Treat your life for what it's worth, and live for every breath
    (Black Sabbath: A National Acrobat)
    Reply With Quote Reply With Quote
  3. 2007-09-05, 02:10 #3
    MWGRAD
    MWGRAD is offline
    Junior Member
    Join Date
    Sep 2007
    Posts
    2

    Default RE:SpyBot vs Updating the Windows Gina

    We actually install a 3rd party Gina so it's not Microsoft's own.

    I actually do not know much about SpyBot or what it does, but we just discovered the log SpyBot logs and the problem seems to be limited to Computers with SpyBot.

    I fully realize that some SpyWare will actually could want to alter the Gina for many nefarious reasons so I can understand why SpyBlock could want to block this action. Especially since the software installation is being initiated remotely.
    Reply With Quote Reply With Quote
  4. 2007-09-05, 09:08 #4
    Yodama
    Yodama is offline
    Senior Member Yodama's Avatar
    Join Date
    Oct 2005
    Location
    Buchenheim
    Posts
    1,110

    Default

    Hello MWGRAD,

    the Teatimer monitors the Winlogon settings for changes and will ask you if you will allow the changes. However you can set Teatimer to remember if it should allow or deny the changes, thus creating your own white/black list. To check if you added the adding of the GindaDLL value to the blacklist please rightclick on the resident icon and go to settings. Check the list in the "Blocked registry changes" tab. If you find an entry with GinaDLL in the List you can remove it by clicking on the black cross to the right.

    You can temporarily disable the Teatimer during installtion of your gina.dll to avoid this issue.
    To disable the Teatimer rightclick on the resident tray icon and select to close the resident. An alternative to disable the Teatimer is to switch Spybot S&D into advanced mode, then go to Tools - Resident and uncheck the checkbox for Resident Teatimer.
    born in the shadow to die in the shadow, that is the fate of the shinobi

    Spybot S&D Downloads

    Please help us improve Spybot and download our distributed testing client.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules