Results 1 to 5 of 5
  1. #1
    Bronze Lounger
    Join Date
    Jan 2001
    Location
    Virginia, USA
    Posts
    1,560
    Thanks
    37
    Thanked 1 Time in 1 Post

    Spybot S&D pop-up

    I just loaded and ran Spybot S&D ver 1.3. I keep getting these little pop-up message windows where Spybot asks me to allow or deny a change to the registry. I honestly don't know how to respond. Here's an example:

    <font face="Georgia">"Spybot S&D has detected an important registry entry that has been changed.
    Category: System Startup global entry.
    Change: Value changed.
    Entry: 2SWZKN82R5K47C
    Old data: c:windowssystem32Enl7v1Va.exe
    New data: c:windowssystem32Nen8n.exe
    </font face=georgia>

    Then it asks me to allow or deny the change. OK...is this a change that Spybot made and if I'm smart I'll allow the change? <img src=/S/confused.gif border=0 alt=confused width=15 height=20> I couldn't find anything in Spybot's Help file that speaks to this. Thanks!

  2. #2
    Platinum Lounger
    Join Date
    Jan 2001
    Posts
    3,788
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Spybot S&D pop-up

    Spybot includes a feature called Tea Timer that monitors your system for changes to parts of the registry that can be associated with malware being installed. Tea Timer notifies you of all changes in those parts of the registry and so will frequently pick up legitimate changes such as when you install new software. You have to decide if you want this extra level of protection which will result in all the pop-up messages. If you do not want it you can disable Tea Timer.

    The option to disable Tea Timer is accessed by selecting Tools from the left hand pane of Spybot S&D and then select Resident.

  3. #3
    Platinum Lounger
    Join Date
    Jan 2001
    Location
    Quedgeley, Gloucester, England
    Posts
    5,333
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Spybot S&D pop-up

    Lucas

    Any time that TeaTimer detects a change, it means that "something" is trying to install/remove something in the registry, usually relating to software being installed or removed. Can you associate anything with the time that you got the messages?

    On the face of it, the names of those entries look extremely suspicious (since probably random?), and are likely to be associated with malware.

    I can only find hits on Google on the EXE files by searching for "Nen8n.exe" (I think you need the double-quotes), but there are lots if you search for 2SWZKN82R5K47C . Suggest you look at the PestPatrol reference particularly.

    I would advise you download, install, run and update Ad-Aware Personal SE, and make sure you have the latest update to your Spybot - Search and Destroy 1.3, running it again if you have done a download. If those do not fix your problem, you should download and install HiJackThis to a new directory, say C:HJT, and provide the resulting log to the forum whose location you will find from the web page or the software itself.

    Good luck...

    John
    <font face="Script MT Bold"><font color=blue><big><big>John</big></big></font color=blue></font face=script>

    Ita, esto, quidcumque...

  4. #4
    Bronze Lounger
    Join Date
    Jan 2001
    Location
    Virginia, USA
    Posts
    1,560
    Thanks
    37
    Thanked 1 Time in 1 Post

    Re: Spybot S&D pop-up

    Thanks for that information. Just one question: If I click on "Allow change," am I telling Spybot that it's OK for SPYBOT to undo some malicious activity; or am I telling Spybot to ignore something suspicious it found in my registry? (Does that make sense?)

  5. #5
    Platinum Lounger
    Join Date
    Jan 2001
    Posts
    3,788
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Spybot S&D pop-up

    Tea Timer is not designed to tell the difference between legitimate software and malware and selecting "Allow change" means that the registry will be changed whether it is legitimate or malware.

    Tea Timer is a small application that runs in the background watching for changes to parts of the registry and it runs independantly of Spybot S&D. It just tells the user that a program is trying to change the registry and it is up to the user to decide if the change should be allowed. When Tea Timer detects a program is trying to change the registry it does not communicate with Spybot to see if malware is trying to install itself.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •