Spybot - S&D v.1.3 (TeaTimer)

[Michael]

I can find nothing in the helpfile or website as to what the System Settings
Protection resident (TeaTimer) is nor much on the IE Protection resident
(SDHelper). Anyone know what these are or where I can read some detail on
them. Also where is the registry backup stored and how can it be updated
from the program. Thanks for any information on these points.

 

[°Mike°]

The TeaTimer is a system startup monitor; much
like WinPatrol. It monitors for malware that tries
to set itself to run at Windows startup, with the
option to override.

SDHelper is a BHO that blocks known malicious
downloads in Internet Explorer.

Backups are kept in:

\Documents and Settings\All Users\Application Data\
Spybot - Search & Destroy\Recovery

or

\Documents and Settings\All Users\Application Data\
Spybot - Search & Destroy\Backups

 

[Michael]

The TeaTimer is a system startup monitor; much
like WinPatrol. It monitors for malware that tries
to set itself to run at Windows startup, with the
option to override.

SDHelper is a BHO that blocks known malicious
downloads in Internet Explorer.

Backups are kept in:

\Documents and Settings\All Users\Application Data\
Spybot - Search & Destroy\Recovery

or

\Documents and Settings\All Users\Application Data\
Spybot - Search & Destroy\Backups

Thanks for this °Mike°. I can see no obvious way to update the backup reg
file from the program and wonder if this is a problem because resetting to
this know good point after a large malware problem might lose good amendents
made in the meantime. The XP System Restore point is probably safer.

 

[°Mike°]

Thanks for this °Mike°. I can see no obvious way to update the backup reg
file from the program and wonder if this is a problem because resetting to
this know good point after a large malware problem might lose good amendents
made in the meantime. The XP System Restore point is probably safer.

What do you mean by "update the backup reg"?
If you mean reversing a change, that's done from
the 'Recovery' button, and only undoes changes
made by the program -- nothing will be changed
in your system, other than that.

 

[Michael]

What do you mean by "update the backup reg"?
If you mean reversing a change, that's done from
the 'Recovery' button, and only undoes changes
made by the program -- nothing will be changed
in your system, other than that.

Perhaps I have this confused but when I first ran v.1.3 it gave me the
option to backup the registry which made the reg files regLocal and regUsers
in the backups directory. It was said that these could be used after a
serious malware problem as reference to restore to orginal state. I accept
or at least hope that these entire reg files would not be merged with the
current registry if this were the case but even if a part of them were they
would not necessarily be the most current settings and it seemed as if there
should be a button to refresh these files. This is entirely separate to the
recovery files. Thanks.

 

[°Mike°]

On Sun, 16 May 2004 22:27:26 +0100, in
<[email protected]>
Michael scrawled:

Perhaps I have this confused but when I first ran v.1.3 it gave me the
option to backup the registry which made the reg files regLocal and regUsers
in the backups directory. It was said that these could be used after a
serious malware problem as reference to restore to orginal state. I accept
or at least hope that these entire reg files would not be merged with the
current registry if this were the case but even if a part of them were they
would not necessarily be the most current settings and it seemed as if there
should be a button to refresh these files. This is entirely separate to the
recovery files. Thanks.

They are merely "exported" .reg files (in REGEDIT4 format),
and yes, they would be merged in their entirety; that's the
point of backing up the entire registry. They only need
to be double clicked, or right click 'Merge' from Windows
Explorer. All processes should be terminated before doing
this; I suppose that's why Patrick didn't include the option
to restore from within the program. Though ideally, this
should be done on a reboot, before Windows fully loads,
and an option for this in the program would be, perhaps,
a good idea. Of course, users of Windows 9x can do
this from DOS.

Frankly, if you have System Restore active, you shouldn't
need these, anyway.

 

[Michael]

On Sun, 16 May 2004 22:27:26 +0100, in
<[email protected]>
Michael scrawled:



They are merely "exported" .reg files (in REGEDIT4 format),
and yes, they would be merged in their entirety; that's the
point of backing up the entire registry. They only need
to be double clicked, or right click 'Merge' from Windows
Explorer. All processes should be terminated before doing
this; I suppose that's why Patrick didn't include the option
to restore from within the program. Though ideally, this
should be done on a reboot, before Windows fully loads,
and an option for this in the program would be, perhaps,
a good idea. Of course, users of Windows 9x can do
this from DOS.

Frankly, if you have System Restore active, you shouldn't
need these, anyway.

Thanks

 

[°Mike°]

Thanks

You're welcome.

 

[Doc]

They are merely "exported" .reg files (in REGEDIT4 format),
and yes, they would be merged in their entirety;

Surely, if malware ADDED extra keys to the registry - as well as modifying
existing keys - then merging the backup into the registry will 'repair' the
modified keys, but do absolutely nothing about the added keys.

Sounds like your registry could end up very broken or disjointed.

 

[Doc]

Sorry all at ACF ....... I never noticed all the cross-posts before I sent.

 

[°Mike°]

Surely, if malware ADDED extra keys to the registry - as well as modifying
existing keys - then merging the backup into the registry will 'repair' the
modified keys, but do absolutely nothing about the added keys.

Sounds like your registry could end up very broken or disjointed.

That's very true, unless you have Windows 9x.
Isn't XP wonderful?

 

[Hello]

Surely, if malware ADDED extra keys to the registry - as well as modifying
existing keys - then merging the backup into the registry will 'repair' the
modified keys, but do absolutely nothing about the added keys.

Sounds like your registry could end up very broken or disjointed.

That's what I was thinking. IIUC, the freeware ERUNT handles this
problem

http://www.pricelessware.org/2004/PL2004SYSTEMUTILITIES.htm

 

[Michael]

Surely, if malware ADDED extra keys to the registry - as well as
modifying existing keys - then merging the backup into the registry
will 'repair' the modified keys, but do absolutely nothing about the
added keys.

Sounds like your registry could end up very broken or disjointed.

Yes that was thrust of my original point. Using an old, non-updated entire
registry export is a very dangerous thing to do particularly when windows
keeps more current backups (those created via system restore in xp and those
backed up to the sysbackup folder in 98). I wonder if this function should
be included at all in SpyBot. From the original wording I wondered if it
might refer to the backup in some intelligent non-bulk way.