Results 1 to 2 of 2

Thread: What does this Spybot message mean? What should I do? Need help. thanks.

  1. #1
    Junior Member
    Join Date
    Feb 2016
    Location
    Shawnee, KS (Kansas City)
    Posts
    1

    Question What does this Spybot message mean? What should I do? Need help. thanks.

    Hello,

    I just registered as a new member so if I make a mistake re a forum rule please forgive me. I did spend an hour reading the rules plus another hour looking through prior threads in case my question had already been covered.

    I'm not the smartest computer techie but I'd rate myself as a "nine" so I rarely have to go to forums such as this one asking for help. I date from the dial-up bulletin board days, made a few minor techie contributions of code to the beginning of the Internet and did some work putting the "Dark Net" together (I'm a bit ashamed to admit that considering what the Dark Net is now mostly used for - if I had to do it over again - I wouldn't have).

    Anyway - my question: My screen popped up with the following message:

    Spybot S&D has detected an important registry entry that has changed.
    Category: System Startup user entry
    Change: Value Added
    Entry: Uninstall C:\users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64
    New data: C:\Windows\system32\cmd.exe/q/c rmdir /s /q "C:\users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64"

    My choices are:
    1. Allow change
    2. Deny change

    Clicking the info button yields nothing
    Clicking the ? button brings up Spybot HELP pointing me to Tea timer and Startup entry

    Windows 10

    Can anyone help me? I've never seen anything like this before.

    "Messing with" two critical areas of Windows "users" and "system32" concerns me. "System32 is where (evil) virus writers love to go (that and hide entries in the registry).

    As an aside, it APPEARS Microsoft sent out an update yesterday evening(?) that (maybe) has a problem. I have four PC's (only one has the above spybot message) and all four are set to "automatic windows update". Three of the four when I turned them on showed "please wait - installing Windows updates". After awhile each one showed "could not install update - reversing to uninstall updates". Then they ran in that mode for two plus hours. I finally did a hard power down on all three. They came up and tried to (again) install updates but this time didn't wait 2 hours before giving up. One more hard power down and this time all three booted to Windows normally. Two are Windows 7 and one is Windows 10. I attempted to do a restore/recovery to an earlier date on all three to get rid of what ever the glitch was/is but restore failed on all three. As of now all three are running OK. I've read nothing about Microsoft having a problem with an update yesterday. ??

    IF MS did send out a glitch and my pc's automatically installed it that is the LAST time that will happen. I had that happen a few years ago and I had to spend a full day fixing two pc's and had to wipe a third one clean and do a fresh install. I went into "Windows update" and changed the setting from "automatic" to "notify me before downloading" on all of my computers. From now on I'll sit on updates for a few days waiting to see if anyone else has a problem.

    Thanks in advance for advice anyone has for me. "Deny or "Allow"? Any idea what this change does? An (OK) Microsoft change or a virus? Anyone else see this message?

    Best regards,

    Gary w0tm1

    p.s. I just spotted why my attempts at "restore" all failed. I forgot to turn off another anti-virus program (AVAST) and AVAST crashed the restore attempts.
    Last edited by w0tm1; 2016-02-12 at 05:38. Reason: new info

  2. #2
    Spybot Advisor Team Zenobia's Avatar
    Join Date
    Oct 2005
    Posts
    5,178

    Default

    This person noticed a similar entry in their start-up, and concluded that it was One Drive updating. Their post is the third one down:
    http://answers.microsoft.com/en-us/w...b275ce8?auth=1

    It does look legit. In that case, it would be best to Allow the change, so OneDrive can update. I believe it would perhaps be a run once start-up entry, so if you choose to Allow the change, you'd likely get another prompt from teatimer afterwards, and that ought to be allowed,too.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •