Jump to content

registry editors


saturndude

Recommended Posts

Where do I find a registry editor that will let me edit the registry of another computer?

(not over a network, I have no experience with remote access)

Many times, I put a compromised hard disk as a slave drive in another box (sometimes Windows, mostly linux) and I can delete [spyware] files easily. No need for safe mode. I can even research the type of spyware the client has while I'm working.

But the client's registry still has references to spyware executables.

Basically, I make sure the client's computer has no internet access, then put the "somewhat cleaned up" hard drive back into it. Windows starts well enough to run the registry editor that came with that version of windows (and anti-virus programs). So far, I've been lucky.

Spyware is always getting worse. In the future, I might not be so lucky.

Any suggestions on registry cleaning programs (other than dedicated programs like hijackthis, crapcleaner, combofix, and so forth)?

(Registry cleaners also help remove Uncle Bill's "Bilt-Broken" Java and replace it with Sun's Java product.)

I'd really like a registry cleaner that I can run from linux (gui), but I haven't found one yet. Working from within another Windows version (on another PC) would be just fine too. Basically, I'd like to edit the registry of another Windows installation (usually Primary Slave IDE drive).

Any suggestions? Thanks in advance.

Edited by saturndude
Link to comment
Share on other sites


you need to load the registry hive from the hdd you attached.

http://technet2.microsoft.com/windowsserve...3.mspx?mfr=true

http://msdn2.microsoft.com/En-US/library/ms940849.aspx

You can also use a BartPE or similiar windows based live cd on the other machine instead of having to swap around the hdd.

http://www.nu2.nu/pebuilder/

BTW MS removed their Java VM back when SP1a came out.

http://support.microsoft.com/kb/813926

Link to comment
Share on other sites

Thanks, I'll check into those links.

BTW MS removed their Java VM back when SP1a came out.

And I am sssooooooooo grateful! A friend has had BOTH [un]Cool Web Search AND the byte-verify trojan because of MS Java!

The latest PC I'm working on is a 533 MHz Compaq with Windows ME and, you guessed it, MS Java. I predict MS Java will be around for several more years at least. Because people don't know any better.

(After this box, I've got another infested box to do, then a guy in church has what sounds like a video card failure, then a friend of a friend wants me to help him build a system. Once people find out how good you are, they seek you out!)

Another request:

What program should I use to extract Windows cabinet files (other than extract.exe)? Sometimes people have a Windows CD (or "rescue disks"), but they often lose them. Or their hard drive has a different version (or there is no 'precopy' directory, or they blew away their rescue partition, or whatever. Stuff happens). Are the cabinet files all compressed the same way? I think they differ. So is there a way to do a "quick and dirty" extract from a cabinet file from any version of Windows?

Edited by saturndude
Link to comment
Share on other sites

And I am sssooooooooo grateful! A friend has had BOTH [un]Cool Web Search AND the byte-verify trojan because of MS Java!

Just FYI MS was ordered by a court to end their Java VM. The reason people are getting infected these days through Sun Java is every time an update comes out even if you install it it leaves behind the older vulnerable version, so be sure to manually uninstall it.

(After this box, I've got another infested box to do, then a guy in church has what sounds like a video card failure, then a friend of a friend wants me to help him build a system. Once people find out how good you are, they seek you out!)

About those other things please create new topics for them when appropriate, to avoid getting to off of topic ;)

What program should I use to extract Windows cabinet files (other than extract.exe)?

I use expand.exe with "tab completion" its fast and easy. I also use UniExtract aka Universal Extractor by Nitro322, look around the forums, to unpack cabs and most other archives.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...