Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spybot - Registry Changes.....i Don't Know What To Do!


  • Please log in to reply
19 replies to this topic

#1 mischievous

mischievous

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Glasgow,Scotland,United Kingdom
  • Local time:04:59 AM

Posted 01 May 2007 - 02:50 AM

Since I downloaded Spybot I've had pop-up boxes asking should I allow certain registry changes. I may have allowed changes I shouldn't have or not to one's I should....I just don't know.

On the whole I like spybot but don't like this registry stuff as I don't have a clue about it. Any advice?

Thanks

BC AdBot (Login to Remove)

 


#2 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:10:59 PM

Posted 01 May 2007 - 06:45 AM

A general rule to follow:
If you're installing a program, that you trust, and it asks about a registry change, Allow it.
If you're not installing any programs, and it asks about a registry change, Deny it.

If you permanently allowed something you shouldn't have, or permanently blocked something you shouldn't have, by putting a check next to Remember this decision, you can reverse the changes.

Right-click on the TeaTimer system tray icon, and select Settings.
This will bring up TeaTimer's "White & Black List".
There are four (4) Buttons accross the top of the "White & Black List":

* Allowed processes
* Blocked processes
* Allowed registry changes
* Blocked registry changes

If you donít see all four buttons, try expanding the window to the right, by clicking on the edge of the window, and dragging it.

The buttons you're looking for in the "White & Black List" are, Allowed registry changes, and Blocked registry changes.
You can review all the entries that you've stored.
You can also delete entries by clicking on the scripted black "X", to the right of the entry.
When your finished, click the OK button.
This will make TeaTimer "forget", what you told it to remember.
During future changes to these items, TeaTimer will issue a pop-up dialog, asking if you want to Allow, or Deny, the change.

If you have any questions about a particular entry, you can post about it here, and I'm sure someone will be able to help you out.
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook

#3 mischievous

mischievous
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Glasgow,Scotland,United Kingdom
  • Local time:04:59 AM

Posted 02 May 2007 - 03:20 AM

A general rule to follow:
If you're installing a program, that you trust, and it asks about a registry change, Allow it.
If you're not installing any programs, and it asks about a registry change, Deny it.

If you permanently allowed something you shouldn't have, or permanently blocked something you shouldn't have, by putting a check next to Remember this decision, you can reverse the changes.

Right-click on the TeaTimer system tray icon, and select Settings.
This will bring up TeaTimer's "White & Black List".
There are four (4) Buttons accross the top of the "White & Black List":

* Allowed processes
* Blocked processes
* Allowed registry changes
* Blocked registry changes

If you donít see all four buttons, try expanding the window to the right, by clicking on the edge of the window, and dragging it.

The buttons you're looking for in the "White & Black List" are, Allowed registry changes, and Blocked registry changes.
You can review all the entries that you've stored.
You can also delete entries by clicking on the scripted black "X", to the right of the entry.
When your finished, click the OK button.
This will make TeaTimer "forget", what you told it to remember.
During future changes to these items, TeaTimer will issue a pop-up dialog, asking if you want to Allow, or Deny, the change.

If you have any questions about a particular entry, you can post about it here, and I'm sure someone will be able to help you out.


Thank you for your reply. I looked where you pointed me and there was only one item in the blocked area so I clicked on the x and it went. Maybe in the past I have clicked to block but not to remember and if so maybe there are other changes but too late to worry about that now. I'd prefer not to be given the choice of changing the registry as I don't understand what to do there. Is there a way to use Spybot without that part of it? :thumbsup:

Regards

#4 rowal5555

rowal5555

    Just enough info to be armed & dangerous...


  • Members
  • 2,644 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:St Kilda, Dunedin. South Island. NZ
  • Local time:05:59 PM

Posted 02 May 2007 - 04:45 AM

Open Spybot, up in the top left click on MODE and choose ADVANCED. Down at the bottom left, click on TOOLS.

In the pane that comes up, click RESIDENT. Uncheck RESIDENT TEATIMER.

This should stop the questions, but you realise that you have lost the realtime protection that you were being asked about.

Cheers

rowal5555 (Rob ) † † † † † † † † † † † † † † † † †† † † † † † † † † † † † † †

Avid supporter of Bleeping Computer's
Team 38444

You can help find a cure





#5 mightyvh

mightyvh

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:59 PM

Posted 02 May 2007 - 09:09 AM

tg1911, you mentioned installing programs. I assume this goes for upgrades of various trusted programs and windows updates as well that might change registry entries. It would seem that checking the remember box should be the default so as to allow time to research any changes and to allow reversing our possible bad choices. Although I use a computer daily for both work and pleasure, I'm still pretty clueless when it comes to the registry etc. I suppose this bodes well for the future of bc
I like my Dell Latitude w/ XP PRO but I love my Duramax

#6 mischievous

mischievous
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Glasgow,Scotland,United Kingdom
  • Local time:04:59 AM

Posted 03 May 2007 - 11:16 AM

Open Spybot, up in the top left click on MODE and choose ADVANCED. Down at the bottom left, click on TOOLS.

In the pane that comes up, click RESIDENT. Uncheck RESIDENT TEATIMER.

This should stop the questions, but you realise that you have lost the realtime protection that you were being asked about.

Cheers



I'm thinking maybe I'd be better getting Spybot off my computer rather than mess up the registry. If I do what you suggest wouldn't my AOL spyware just do the same as the Spybot without the teatimer thingy?

#7 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:10:59 PM

Posted 03 May 2007 - 11:39 AM

You don't need to remove Spybot, as it's still a good tool for doing the occasional scan, for malware.
Since no program will catch everything, it's a good idea to use several programs to detect, and remove, malware.
If AOL has a real time spyware scanner, then you can disable TeaTimer, as rowal5555 suggested, and just use Spybot, when you do your routine maintenance scans.


mightyvh,

I assume this goes for upgrades of various trusted programs and windows updates as well that might change registry entries.

Correct.

It's when your surfing the web, and the registry change warning pops up, that you want to Deny the change.
This indicates, there is something that the site is trying to install on your computer, without your knowledge.

It would seem that checking the remember box should be the default so as to allow time to research any changes and to allow reversing our possible bad choices.

I assume you're talking about having Deny, and the remember box, checked, by default.
The problem with that, is say you're installing a Windows update, that requires a registry change.
If it was denied, and the decision remembered, you would have to go into the White & Black List, remove the entry, then go back and reinstall the update, because by not allowing the registry change the first time, the update would have failed.
So, you end up having to install the update, twice, unless you forget to uncheck the remember box, then it becomes a vicious cycle of ..... install, remove from list, install, remove from list, install, .......... :thumbsup:

If it's a trusted program, site, or update, Allow it.
If it's something unexpected, Deny it, and if you change your mind later, you can always go back, and remove it from the list.

In addition to TeaTimer, I use SpywareGuard, which performs basically the same function.
I have had instances, where TeaTimer catches things that SpywareGuard misses, and vise versa.
I use them both, to check up on one another.
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook

#8 mischievous

mischievous
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Glasgow,Scotland,United Kingdom
  • Local time:04:59 AM

Posted 04 May 2007 - 02:26 AM

Thanks again for the reply. I think I will take the suggestion of rowal5555 and put off the teatimer and yours also to leave Spybot so that I could run whenever. I might even go have a wee peek at the SpywareGuard you mention too :thumbsup:

Thanks again everyone


Mod Edit: Edited to remove unnecessary quote. ~tg

Edited by tg1911, 04 May 2007 - 02:52 AM.


#9 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:10:59 PM

Posted 04 May 2007 - 02:54 AM

You're quite welcome, mischievous.
If there's anything else we can help you with, don't hesitate to ask.
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook

#10 rowal5555

rowal5555

    Just enough info to be armed & dangerous...


  • Members
  • 2,644 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:St Kilda, Dunedin. South Island. NZ
  • Local time:05:59 PM

Posted 04 May 2007 - 03:14 AM

Hi mischievous.

There is a sister programme to SpywareGuard called SpywareBlaster - http://www.javacoolsoftware.com/spywareblaster.html.
I use both of these together with Spybot and SuperAntispyware Pro, which seems to do the trick.

Cheers

rowal5555 (Rob ) † † † † † † † † † † † † † † † † †† † † † † † † † † † † † † †

Avid supporter of Bleeping Computer's
Team 38444

You can help find a cure





#11 mischievous

mischievous
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Glasgow,Scotland,United Kingdom
  • Local time:04:59 AM

Posted 04 May 2007 - 03:37 AM

Hi mischievous.

There is a sister programme to SpywareGuard called SpywareBlaster - http://www.javacoolsoftware.com/spywareblaster.html.
I use both of these together with Spybot and SuperAntispyware Pro, which seems to do the trick.

Cheers



I've had a look at both mentioned sites and will download them later today. I've also stopped teatimer but now know I can still run it along side AOL spyware.I think what I'm being adviced to do is run a few different programs so will give it a try. What always showed up in both AOL and Spybot were tracking stuff and although both programs seemed to block them, five minutes later if I ran either program the same stuff was back and I wondered why bother! I thought these programs once allowed to block a site would stop it for all times in the future too.

One last point if I may. I have read on here "NOT" to have two different anti-virus programs as they could conflict with each other and have also read post's that offer hints on safety for your computer, so my question is this, when I have more than one Spyware program downloaded, do I have to turn Aol or others off when I am running whichever one I pick to use?

I know, I don't ask much....do I :thumbsup:

#12 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:59 PM

Posted 04 May 2007 - 03:48 AM

The tracking stuff that keeps coming up are probably tracking cookies. While they may be considered an invasion of privacy, they are not harmful to your system.

From Wikipedia:

HTTP cookies, sometimes known as web cookies or just cookies, are parcels of text sent by a server to a web browser and then sent back unchanged by the browser each time it accesses that server. HTTP cookies are used for authenticating, tracking, and maintaining specific information about users, such as site preferences and the contents of their electronic shopping carts. The term "cookie" is derived from "magic cookie," a well-known concept in Unix computing which inspired both the idea and the name of HTTP cookies.

Cookies have been of concern for Internet privacy, since they can be used for tracking browsing behavior. As a result, they have been subject to legislation in various countries such as the United States and in the European Union. Cookies have also been criticised because the identification of users they provide is not always accurate and because they could potentially be used for network attacks. Some alternatives to cookies exist, but each has its own drawbacks.

Cookies are also subject to a number of misconceptions, mostly based on the erroneous notion that they are computer programs. In fact, cookies are simple pieces of data unable to perform any operation by themselves. In particular, they are neither spyware nor viruses, despite the detection of cookies from certain sites by many anti-spyware products.

Most modern browsers allow users to decide whether to accept cookies, but rejection makes some websites unusable. For example, shopping baskets implemented using cookies do not work if cookies are rejected.


The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#13 rowal5555

rowal5555

    Just enough info to be armed & dangerous...


  • Members
  • 2,644 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:St Kilda, Dunedin. South Island. NZ
  • Local time:05:59 PM

Posted 04 May 2007 - 04:09 AM

That is correct. You must have ONE Firewall and ONE AntiVirus only. Then you can have as much antispyware as you are comfortable with, and your system will handle. You will get varying advice on this matter so you try various things and go with what works for you.

rowal5555 (Rob ) † † † † † † † † † † † † † † † † †† † † † † † † † † † † † † †

Avid supporter of Bleeping Computer's
Team 38444

You can help find a cure





#14 mischievous

mischievous
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Glasgow,Scotland,United Kingdom
  • Local time:04:59 AM

Posted 04 May 2007 - 04:19 AM

[quote name='Budapest' date='May 4 2007, 09:48 AM' post='513266']
The tracking stuff that keeps coming up are probably tracking cookies. While they may be considered an invasion of privacy, they are not harmful to your system.

OK so on one of my Spyware programs I have to click if I want it to show tracking cookies, if I uncheck this box then these won't show up, right? Thanks for the info about the cookies. I only really want to make sure there is nothing harmful getting on my computer and it looks like this is nothing to worry about.

:thumbsup:

#15 graveangel

graveangel

  • Members
  • 399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Nottingham England Home to the Hood of Robin
  • Local time:05:59 AM

Posted 04 May 2007 - 04:20 AM

I personally keep Tea-timer on and advise to do so, although it is not needed it is a handy tool.

If i can just add mischievous, if you follow the route rowal5555 walked you through in turning off Tea-timer protection, just have a browse in the option of 'Start Up' programmes on your way there.

That will contain a list of the programmes that start up when you PC does, these are there because they place themselves in the start up of your registry, these listed items are what Tea-timer was popping up and warning you about. Now most in there will have ome strange name or a combination of letters or digits, and will not make any sense to you, but open up google and type each one in one by one and do a search. You will find many results pop up for websites that offer you the answer as to what the item is and what it is needed for. You will tend to find this will give you the answer to knowing if your entry is safe or not.

Dont just go with the first result you find on google, it may just be a link to a web that suggests it could be a virus, scroll through the list read the short term responses, you will find most if not all are harmless and just running from programmes you have added.

If you find everything is fine, then jsut go to the option of turning Tea-Timer off, do so, then turn it back on again. It will refresh the pop ups you keep getting and, will only pop up again if you install a programme or update Windows. If you know this is happening, then allow it. If you get one pop up at random, then thats when you use caution, and when it does pop up, keep it on the screen, open up your browser and search for whatever it is trying to install itself in your registry, that way you will have a good idea if you should allow it or not, its worth doing this instead of just saying NO, because it maybe a value a perfectly genuine programme already on your system is updating, and as always, if you have anymore questions or just not sure what to allow or deny, then just come back to BC and someone here will help you out.

Happy Surfing
:thumbsup:
....And on the 8th day God said, "When my children are intelligent, and create the Computer, for my sake may they never screw around with the registry or subscribe to AOL"Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users