Snoopfree and Registry Changes

Discussion in 'other anti-malware software' started by JerryM, Nov 15, 2005.

Thread Status:
Not open for further replies.
  1. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,221
    Pretty often at startup I get the mesage that Snoopfree is trying to change a registry entry to be executed at startup. I permitted it a couple of times, but now am refusing it.
    Why would Snoopfree continue to do this?
    Thanks,
    Jerry
     

    Attached Files:

  2. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,096
    Hi Jerry,

    I'm not familiar with the app you posted that monitors the registry changes, however, I would ask you how long have you been using SnoopFree? When you installed it, did you shutdown all other applications, connections, etc.?

    If you installed SnoopFree with other applications running, it might be the case that SnoopFree is trying to modify its own registry entries, and it continues to do this as you have not allowed it to complete the operation.

    SnoopFree boots up before anything else as Group "System Reserved", even before the system boot routines.

    You need LoadOrder from sysinternals.com to see the actual load order.

    I have a HIPS that moitors SnoopFree, and it is never triggered by SnoopFree trying to change the registry. Have you right-clicked the SnoopFreeUI icon in the system tray? The display should tell you what it blocked, etc. In your case, however, you denied SnoopFree the right to modify your registry which is not the same thing - i.e. you blocked SnoopFree, not SnoopFree blocked something from hooking into your keyboard, etc.

    I suggest you save a copy of your registry with ERUNT before and after allowing the modification, and then run a comparison routine to find out the difference - may need to be in hex? - I'm not sure.

    -- Tom
     
  3. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,221
     
  4. Graphic Equaliser

    Graphic Equaliser Registered Member

    Joined:
    Nov 5, 2004
    Posts:
    411
    Location:
    London England UK
    It could be that you already have a Snoopfree value in your software\microsoft\windows\currentversion\run key that is marked readonly, and the new version can't overwrite it. Zonealarm does this trick to keep its startup value from being changed.

    I run MJ Registry Watcher and Snoopfree, and I have had no problems with it. Snoopfree has trapped the following so far :-

    Keyboard hook in PC Mark 04
    Keyboard hook in Windows Messenger
    Keyboard hook in Quake 3 Arena
    Keyboard hook in Internet Explorer
    Screen read in Paradise Poker Client

    All have been denied access permanently, and this has had no effect on how these programs function.

    HTH,
     
  5. jackvance

    jackvance Guest

    Looks like the snapshot is from registry monitor in Bitdefender.

    As for the warning, there is a perfectly reasonable explaination.
     
  6. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,221
    I had not noticed that it does appear to be from BD. I believe that is correct.

    This AM it came up again, and I clicked approved, and "remember", and so it should stop. I have no worry that it is malware, but I could not think of why it was doing it.

    Is the "perfectly reasonable explanation" that which as been given earlier?

    Thanks,
    Jerry
     
Thread Status:
Not open for further replies.