Non-stop Registry Updates

[7trumpets]

Been using Spybot 1.60 for a while. Getting a high volume of Spybot pop-up's asking me if I'd like to make changes to the Registry. The vast majority of these pop-up's do not identify whom or what on-board software or other files might be requesting these updates. Most often the request is denied. Just seems practical. It's a Pentium 3, 800 Mhz WINME Compaq Presario 17XL570 machine. Am unable to upgrade to WINXP due to a corrupt HID.EXE file that can only be replaced (according to multiple inquiry's to HP / Compaq) via the supplied hot swappable floppy drive. Sadly, the floppy drive has been misplaced for years and the net value of the PC does not seem to merit spending $20. on eBay for a replacement drive. It's just a back-up PC. Running Avast! Antivirus, AOL 9.0VR, MS Works, RealPlayer, MIE and not much more. Spybot scans (together with Avast!) continue to clear-up any & presumably most if not all potential problems but it's those Registry changing pop-up's that are a concern. A) Should I turn those pop-up's off? Are they necessary? B) If they should be turned-off, how? C) If not, might the pop-up's be signaling some other incompatibility or are they useful? D) Is there no other method to determine exactly what software or other files, malicious or otherwise might be generating or even spoofing - as I continue to deny the Regsistry changes? Thank you!

[drragostea]

Spybot-SD's Resident Shield (TeaTimer) monitors critical registry changes (homepage, startup, new BHOs, and many more). However, TeaTimer does not monitor what but where. It lists the old value and the new value.
--
In TeaTimer 1.5 >>:

If you check "Remember this decision" on a registry change, the information concerning that change it is stored in a file. TeaTimer uses that information to automatically "Allow" or "Deny" similar registry changes for all future changes. To edit that information:

• Right click on the TeaTimer system tray icon (labeled "Spybot-SD Resident") and select Settings. This will bring up TeaTimer's "White & Black List". There are four (4) Buttons across the top of the "White & Black List":
  
  • Allowed registry changes
  • Blocked registry changes
  • Allowed processes
  • Blocked processes
• You can review all the entries that you have stored by clicking on these buttons. If entries you are interested in are for registry changes, the entries that you should review are in "Allowed registry changes" and "Blocked registry changes".
• You can delete stored entries by clicking on the scripted black "X" to the right of the entry that you want to delete, answering "Yes" to the confirmation dialog and then clicking the "OK" button when you're done.

--
If you chose to allow or deny an entry and chose "Remember my Decision" there is hope that you can undo that change. Some users tend to click the 'Remember' option out of frustration of constant prompts. However, if you have chosen to allow or deny an entry once, it is impossible to undo that change as you'll have to reproduce the event again for the value change.

If you would not like to use TeaTimer (the prompts of registry changes) you can: Open Spybot>Advanced Mode>Tools>Resident>&untick TeaTimer. You will no longer be notified of important registry changes. The pop-ups can be useful or not depending on the user's perspective. If the user believes the prompts are an irritation and a thorn on their side, then they may wish to remove it. TeaTimer would be more like your watchdog.

In TeaTimer 1.6, it uses a black&whitelist so it is easier for novice users, and "gives them a break" from the prompts. TeaTimer can be considered a HIP (Hosts Intrusion Prevention). It does not tell if change is malicious or legitimate.

If you feel you need to undo the changes you can following the instructions above to undo the change.

[caterwaul]

I do not have the "settings" option on my context menu when "right clicking" on the Teatimer icon in the system tray for my SB1.3 even though my help file does refer to this very thing just as you have posted by stating that this option is available.

Is there another way to access the black & white lists for blocked and allowed for both registry and process lists since I do not have the "shortcut" on the context menu of the Teatimer icon?

[spybotsandra]

Hello,

It is also possible to manually add the TeaTimer blacklist.
You can write your own custom .sbi files, which are used by the Resident TeaTimer for blocking as well.
For more informations please have a look at this thread in our forum:
http://forums.spybot.info/showthread.php?t=15291

Best regards
Sandra
Team Spybot

[md usa spybot fan]

caterwaul:

I do not have the "settings" option on my context menu when "right clicking" on the Teatimer icon in the system tray for my SB1.3 even though my help file does refer to this very thing just as you have posted by stating that this option is available.

Is there another way to access the black & white lists for blocked and allowed for both registry and process lists since I do not have the "shortcut" on the context menu of the Teatimer icon?

Yes there is. However, I do not believe that your query is germane to the subject that
7trumpets, who is running Spybot 1.6, started in this thread. If you start your own thread on the subject, I would be more than happy to answer your question.