• Welcome to Overclockers Forums! Join us to reply in threads, receive reduced ads, and to customize your site experience!

Should we allmemoou regestries?

Overclockers is supported by our readers. When you click a link to make a purchase, we may earn a commission. Learn More.
science man

science man

Disabled
Joined
Jun 23, 2008
Location
Earth
I was surfing through the list on norton.com of viruses. It's like a glossary. Anyway, I found that in removal steps for the latest viruses discovered on the last one it says to remove any values added to the registry. Does that mean that we should all memorize our regestries s can tell what the additions are because if I had to do that right now I could tell which files to delete and not delete aksgod andbad files/entries.
 
You'd be one exceptional individual if you could memorize your registry :^D

You'll generally get cleanup tips for specific viruses when the need arises. Those will point you to the appropriate keys as needed.
 
Most viruses I've ran into that hook themselves into the registry could be found in the "Run" keys (at least this is how it was with Win9x when I had to manually help people remove stuff out of their registry, with NT-based Windows I let AV programs do that dirty work).

In the 9x days the two keys I would find viruses loading from were:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

If you're interested in seeing or disabling what is loading from the Run keys you should do it via MSCONFIG instead of REGEDIT as it is easier and safer. Msconfig will let you disable those launch programs and then easily bring them back if something doesn't go right.

But yeah, your best defense is an updated anti-virus program, keep your OS and programs up to date, exercise safe computer habits (especially safe web browsing habits), and if you suspect a virus you can almost always find detailed removal instructions online like Johnz said.
 
Just as an aside. It wouldn't hurt for you to poke around the registry to see how it's laid out, and where things generally are. It'll give give you a feel for what it's about, and won't seem as foreign when you have to go in for some editing.
 
benbaked said:
Most viruses I've ran into that hook themselves into the registry could be found in the "Run" keys (at least this is how it was with Win9x when I had to manually help people remove stuff out of their registry, with NT-based Windows I let AV programs do that dirty work).

In the 9x days the two keys I would find viruses loading from were:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

If you're interested in seeing or disabling what is loading from the Run keys you should do it via MSCONFIG instead of REGEDIT as it is easier and safer. Msconfig will let you disable those launch programs and then easily bring them back if something doesn't go right.

But yeah, your best defense is an updated anti-virus program, keep your OS and programs up to date, exercise safe computer habits (especially safe web browsing habits), and if you suspect a virus you can almost always find detailed removal instructions online like Johnz said.
Click to expand...

in that case history is repeating itself. Virusses are still using those keys to boot themselves. {url=http://www.symantec.com/norton/security_response/writeup.jsp?docid=2009-061215-3706-99] things like like this but more damaging scare the crap out of me.[/url]
 
johnz said:
Just as an aside. It wouldn't hurt for you to poke around the registry to see how it's laid out, and where things generally are. It'll give give you a feel for what it's about, and won't seem as foreign when you have to go in for some editing.
Click to expand...

I was thinking about doing that too. Thanks for the push.
 
You must log in or register to reply here.

Similar threads

don256us
I think that we are still #8 in the world. Let's see. Yep. We are. WOOT!
Replies
3
Views
466
Holdolin
Holdolin
Tyerker
Screwed up an attempted dual install (kind of)
Replies
2
Views
701
Tyerker
Tyerker
rainless
WD EasyStore Portable (2.5") seen, but won't serve files.
2
Replies
21
Views
1K
rainless
rainless
don256us
Another week already!?
Replies
4
Views
416
superducky
superducky
don256us
We have a new billionaire!
Replies
7
Views
551
don256us
don256us
Back