spybot entry

I have 2 computers that I help maintain. They are both running xp with service pack 2. When running spybot for the first time on both these machines, and entry came up that I am unsure about. This is not the exact wording, but it says "windows security anti-virus override ". I run service pack 1 on my computer and I have never seen this entry. I do not know if this has something to do with the windows security center, or if it is a spyware program masquerading. Should I let spybot "fix" the problem or ignore it? Anyone know anything about this entry? Thanks.

 

Hello Beth,

I and others have noticed a new SSD alert concerning the Security Center alerts: http://www.windowsbbs.com/showthread.php?t=46779

The exact wording would be helpful. If no one comes up with the answer here, the SpyBot forum presided over by the auther is here: http://forums.net-integration.net/index.php?

Regards - Charles

 

If you're referring to Spybot's "found: Windows Security Center.AntiVirusDisableNotify Settings" alert, I think you'll be OK to let Spybot fix it. I had Spybot fix that issue on August 9 and, so far, I haven't had ill effects.

After the fix, this showed up in my Spybot log report that I saved after the fix:
Windows Security Center.AntiVirusDisableNotify: Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify!=dword:0

I expect Spybot makes a single change to that registry key (changes the dword value from 1 to 0). That appears to be what Spybot did on my machine.

If you decide later you don't like Spybot's "fixing" action it took, I expect you can undo the change via the "Recovery" button in Spybot.

 

Here is a link to a thread on Spybot's forums that appears to be relevant.

http://forums.net-integration.net/index.php?showtopic=32562

 

I really thought both my friends reported that the spybot entry was something about "anti virus override" which I can find nothing about. Perhaps it was "anti virus disable ". I will check the settings in the security center and see if all the monitoring is turned on. I have told them to uncheck this item in spybot until we know what it is about. Apparently it is not much to worry about. Thanks for the info.

 

Okay. I just ran a Spybot scan again and Spybot gave me a red alert like the one I described above (since my dword value for the key was 1).

It appears that Spybot wants the dword for that key to be 0 instead of 1.

I'm not too concerned about malware causing my dword value to change to 1 since I also have several other anti-malware products in use.

I'm guessing now about what sets the dword to 1. I'll play around with some ideas and I'll post back if I learn anything.

I'll also play with Spybot's "Recovery" button in the process.

[Edit:]
BTW, if you have System Restore active on your machine and you elect to have Spybot fix a problem, Spybot also wants to create a restore point that you can go back to if the need should arise. (Handy feature, IMO.)

 

It appears that the item that are being displayed by Spybot are directly relalted to the settings in Windows Security Center.

Specificly under " Change the way Security Cente Alerts me. "

I turned them all ON and ran Spybot again and NOTHING.

Before I only have the AntiVirus check and had the one about Updates and Firewall.

It is late aso I need to get my backside into bed and get some rest. But will do further checking in the AM.

BillyBob

 

Changed my mind.

I went back to Security center " Change the way Security Cente Alerts me. " and unchecked Firewall and Update.

Re-ran Spybot and the two were back.

But I will STILL DOUBLE CHECK myself in the AM.

Goodnight

BillyBob

 

Beth:
I read through the Spybot forum posts I linked to above (including the lengthy thread linked within that thread). I also read through the http://forums.net-integration.net/index.php?showtopic=32260 thread and I'm inclined to recommend the following (even if your issue is about the "anti-virus override" you mentioned in your first post):

Make sure you have the current version of Spybot (version 1.4) with latest detection update (currently 2005-08-13).

Scan with Spybot and tell Spybot to fix the red text alerts it finds.

Regularly scan with Spybot for awhile, perhaps several days if necessary, (both before and after reboots) and see if/when you get alerts again (and how often) and have Spybot fix the problem(s) each time.

If you keep getting alerts with Spybot scans after you have had Spybot fix the problems it found. Then something (perhaps malware) is changing those settings and you need to troubleshoot.

If you need to troubleshoot, then please post the exact wording of your red alerts and when they occur (i.e., during rescanning immediately after having Spybot fix the problem(s), immediately after reboots, etc.) so we have the exact problem to start from.

 

Great idea.

Deciding last night to dig further while I still ( hopefully ) remembered what I was doing, I did a System Restore from earlier in the day before I updated and ran SpyBot.

I had all 3 turned on before the SR and Spybot said all was OK.

But, the Firewall and Update alerts were back when I ran Spybot after the SR.

I did an upgrade check on Spybot after the SR and before I ran it and none were available. I believe this is ( at least partly ) due to the fact that S&D is not installed on the C: drive.

BillyBob

 

Hi BB,

Look at the references I gave in my first post - especially Christer's post. If you turned off the SC alerts on purpose, then ignore the SSD alerts - have SSD stop the search for this - see this post on how to do that http://www.windowsbbs.com/showthread.php?t=47247

If you did not turn them off, then have SSD fix it.

Regards - Charles

 

Hi Charles.

I undestand what you write. But, I believe we may have a mis-understanding here. lets see if we can fix it.

My previous reply was related ( and hopefully added to ) this by Mailman

Many, Many users do not even think about SR when making addition/removals/corrections. I went through pretty much this same thing with a Daughter. She made a lot of changes and got things working much better. Then without thinking she used and old RP. ALL of her changes and new software were GONE.

I turned them ALL ON on purpose. I then did a system restore and two of them were set to OFF again. That is the way I prefer it to be. But that is not the real point I am trying to make.

I ( along with Mailman ) am just TRYING to bring out a point as to HOW things can get changed.

When things go astray, we not only need to think about what the OS or some software has done but also what the USER has done. In my case it was USER using an older RP.

Now. If I do not wish System Restore to do this type of thing to me I must ( and if all is well will do tomorrow ) destory all old restore points and make ( have made ) a new one that DOES CONTAIN the latest settings.

This time use of System Restore was deliberate. I pretty much new ahead of time what was going to happen.

System Restore is a nice thing to use. BUT ! If not used properly it can also be a problem. It can ( and just did even though purposely this time ) mess up all changes/additions/corrections that I made.

Yes. I do ignore the SSD alerts as I do have the two items set to off. Now that I know for sure the reason they are there.

BillyBob