|
The Windows Registry is a collection
of information that Windows uses to configure and run
your computer. Windows has its own information in the
registry, and almost every program that you install puts
its own information there, too. The registry is a vast
repository of cryptic keys and values, and it is very
easy for spyware to take advantage of it to perform its
irritating tasks.
More dangerous spyware can use the
registry to compromise your computer in several ways.
Those that take the form of DLLs, such as about:blank
and se:dll, set references to themselves in the
registry. This reference tells Windows where to find
the spyware and how to load it into memory. Other
registry entries tell Windows what programs to start
when you start your computer. Spyware often sets
references to itself so that it can start invading your
privacy as soon as you’ve turned on your machine.
Editing the registry directly to
remove these rogue entries is no small undertaking.
Changing or deleting the wrong values can have very
serious consequences, so manually editing the registry
should never be taken lightly. Spyware removal tools
generally include as part of their analysis a registry
scan. These programs can find and delete traces of
spyware in the registry, so you shouldn’t have to do the
searching and editing yourself.
Once you have removed all spyware
from your computer, it is useful to make a registry
backup. If your system becomes infected with spyware,
having a copy of the registry as it was before the
infection occurred can be useful in eliminating entries
made by offending programs. The previous article about
using System Restore to eliminate spyware is the easiest
way to return the registry to an uninfected state. If
you wish to have a little “extra insurance” by making a
separate registry backup, take the following steps:
1. Click the “Start” button. The
Start Menu appears.
2. Click “Run.” The “Run” dialog
appears.
3. Type “regedit” into the “Open:”
combo box.
4. Click the “OK” button. The
“Registry Editor” window appears.
5. Click “File” on the menu bar.
6. Click “Export…” The “Export
Registry File” dialog appears.
7. Use the folder list at the top
of the window to pick a location for your registry
backup file.
8. Enter a file name for the
registry backup in the “File name:” combo box below the
folder list.
9. Select the “All” radio button in
the “Export range” panel at the bottom of the window.
10. Click the “Save” button.
Registry Editor makes a backup of the registry in the
location that you specified in Steps 7 and 8.
To restore the registry from a backup
that you have previously made, do the following:
1. Repeat Steps 1 – 5 above.
2. Click “Import…” The “Import
Registry File” dialog opens.
3. Locate and click the registry
backup file in the folder list at the top of the
window. The name of the backup file appears in the
“File name:” combo box.
4. Click the “Open” button. The
Registry Editor imports the registry from the backup
file that you selected in Step 3.
Remember that manually dealing with
the registry is a serious operation. If at all
possible, you should use tools that edit the registry
for you.
Back To FAQ and Tutorials
|
