Unit 9. Avanzado.The Windows Registry

As we have mentioned before, the Windows Registry is a file where we find information about the hardware, software, etc, about the system.

Manipulation of the Windows Registry can affect the performance of the system and we should therefore only do so when we know what we are doing.

On previous versions of Windows it was ok to manually manipulate the registry, but with Windows XP the most appropriate thing is to use the tools to restore the system from the restoration points previously created. We will see all of this in a different unit. Now we will familiarize ourselves with the registry and discuss when it is ok to modify it


The editor of the registry

To open the registry editor, click on Start and select the option Run.
In the dialog box that will appear, write regedit and click Ok.

This is the registry editor window. On the left side the organized keys appear. For example, in HKEY_CURRENT_MACHINE we can find information about the system´s software, and in HKEY_USERS we can find information about the users.
There are some reasons why it could be interesting to know about the Windows Registry. Here are two examples.

When we uninstall a program some undeleted remains can be left behind because of an error in the process of uninstallation. This can cause the computer to try to launch a particular program that does not exist. In these cases we can try to delete manually the notes that are causing the computer to try and launch programs that do not exist.

Another case in which it may be useful is in the case of viruses, since many viruses modify the registry in order to infect the system. In these cases it is not suficient to delete the files that have the virus, but it is also necessary to delete the traces left in the registry that cause the virus to run. Next we will see a practical case on how to rid ourselves of the Sircam virus:

Steps to follow to eradicate the Sircam virus:

 

A. Make a copy of the Windows registry

1. We make a copy of the file REGEDIT.EXE with the name REGEDIT.COM. To do this go to Start and select the option Programs and within the option Accessories select the option MS-DOS.

2. Write cd c:\windows

3. Write copy regedit.exe regedit.com and press enter

4. Once the file has been copied, write exit to close MS-DOS

B. Now we will modify the file regedit.exe.

1. Click on Start and then Run.

2. Write regedit.com and click Ok

3. Once the the Windows Me registry editor is open, we will open the folder HKEY_CLASSES_ROOT, and next we will open the folder exefile and then within this one we will open the folder shell and then open.

4. Select the folder command

C. Modifying the folder command

1. Open the Edit menu and click modify

2. If you find "c:\recycled\Sirc32.exe" "%1"%* delete it and write instead "%1" %* then click Ok.

3. Open the folder HKEY_LOCAL_MACHINE, openSOFWARE and select the folder Sircam and with the right mouse button click delete.

4. Open the subfolder Microsoft and then open the folder Windows and then open the folder CurrentVersion and select the folder RunServices.

5. Once in the folder RunServices delete the window to the right labeled Sircam or the reference Driver32=c:\windows\system\scam32.exe

6. Delete the file REGEDIT.COM writing in the interface window of the command of regedit.com and press enter.

7. Once you have done these steps we will tell Windows that we want to show all the files; to do this open Tools from the Windows Explorer.

8. Look for scam32.exe and sirc32.exe and delete them

9. Rename the file run32.exe. To do this write del rundll32.exe in the ms-dos window

10. Write ren run32.exe rundll32.exe on the screen of Ms-dos and press enter.

D. From the MS-Dos window type:

1. cd \

2. cd recycled

3. attrib *.* -H -S -R

4. del *.*

5. cd \

E. Finally, edit the file autoexec.bat and delete any reference to sirc32.exe and save the changes.

 



     

Legal warning: Authorised on-line use only. It is not allowed the use of these courses in companies or private teaching centres.
aulaClic. All rights reserved. Reproduction in any form whatsoever is prohibited.
November-2005.