Spyware in Registry 1

[Twerpster]

I have ran spybot, and found two spyware programs in the registry. One is in the Windows Current Version Uninstall, and the other one is in Microsoft Security Center Firewall DisableNotify. Not sure what to do here, but I'd like them gone. Any help is appreciated, I'm not to sure I want to mess with the registry.

 

[micker377]

When I want to "play" with the registry, I first back it up with a program called "ERUNT". If you screw something up, you go into safe mode and restore the original. My restore file is 164 meg, so you can't save it to floppy. I save mine to a separate Hard Drive so I can reboot with a Bart PE CD in case of serious error.

 

[Jasen]

If Spybot found two entries in the registry that it said were spyware, did it not delete them for you?

 

[Twerpster]

I deleted the registry keys, and when I did, Norton would no longer run. I had to put them back.

 

[linney]

If you manually deleted a registry Key you may have deleted too much. You perhaps should only delete a value pertaining to the spyware rather than the whole key, and only after Exporting the key so you may Import it back in case of trouble.

It is possible to have "false positives", why don't you post the offending keys (values) and see what the consensus of opinion about them is?

Removing adware & spyware
faq608-4650

Microsoft (GIANT Antispyware) Beta available
Thread779-979113

 

[Twerpster]

These are the registry keys involved. I did delete one of the problems, and so far the computer is working fine, I kept it in recovery tho, just in case. I kept the other one, since it said it was a windows unistall key. The results of the scan are as follows.
NoAdware
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CurrentVersion\Uninstall\EE588E34-973C-4FBE-AC83-99F064009FC7

Windows Security Ceneter.FirewallDisableNotify
HKEY_LOCAL_MACHINE\SOFTWARE\Mircosoft\security center\firewall\disableNotify=dword:0

The above are the two results left from the spybot scan
Let me know if this is a false or positive if you can.
Thank You

 

[FWPIII]

This seems to be a recent issue with Spybot only reporting this as a problem. Ad Aware and MS Anti Spyware does not see it as an issue. I have read that setting them to 1 turns off the notifications when = your AV software or firewall is not enabled.

 

[Jasen]

Neither of those are any danger at all. The uninstall key is just that, it provides information on uninstalling an app. Possibly Norton, since that app was adversely affected when you deleted it.
The other one is an MS security center service key. Looks like it's been set to enable notification of something. Generally (but not always) a "0" will mean off, and "1" will mean on. And a "0" setting on a "disablexxx" key (making it a double negative) means that notify is enabled.

I'd say those are both false positives.
One thing to remember about registry keys, even if they were key made by bad programs, the keys themselves are usually pretty harmless, with the exception of keys that control Window's behavior. Deleting them is much less important than deleting the programs themselves.

 

[FWPIII]

There is more discussion on this topic in the Spybot forums, July 30th thread

 

[Twerpster]

Thank you so much, if this is not a threat, or problem, I will allow spybot to accept it, and move on. I appreciate all of your help..thank you all. [thumbsup2