Tea Timer didnt detect all of Fraud.InternetSecurity2011 registry changes

[pow1983]

Hi There,

Whilst browsing I obviously landed on a dodgy site.

It attempted to install Fraud.InternetSecurity2011 on my computer. It crashed IE then Tea Timer came up with 3 requests which I denied (see below). AVG also popped up and got rid of a number of .exe files.

As a precaution I decided to do a full spybot scan and it found more registry entries that tea timer didnt pick up on. I just really wanted to know why.

This is what Tea Timer discovered:

10/07/2011 21:28:00 Denied (based on user decision) value "HideSCAHealth" (new data: "1") added in System Startup user entry!
10/07/2011 21:28:07 Denied (based on user decision) value "" (new data: ""C:\Users\ME\AppData\Local\mho.exe" -a "%1" %*") changed in EXE Extension handler!
10/07/2011 21:28:14 Denied (based on user decision) value "ctfmon.exe" (new data: "C:\WINDOWS\system32\ctfmon.exe") added in System Startup user entry!

The attached image is what Spybot then discovered after a full scan.

Thanks,

[pow1983]

Forgot to add, im using Paranoid mode

[Tom.K]

TeaTimer doesn't monitor whole registry as that would.... do really big memory consumption and CPU usage. It only monitors registry keys which are mostly used by malware to execute it as soon as possible like Startup and Services entries, or to install some kind of stealth add-on on IE. Those entries which weren't monitored by TeaTimer are just entries like any kind of program would do, for example settings, saved data etc., and they aren't supposed to do actual damage unlike entries which TeaTimer blocked.

If TeaTimer was monitoring everything... It would keep asking you forever to decide an action for some entry from almost any program.

[pow1983]

Tom!

That makes perfect sense.