| Tutorials How does spyware use the registry, and how can I protect my registry from spyware?
The Windows Registry is a collection of information that Windows uses to configure and run your computer. Windows has its own information in the registry, and almost every program that you install puts its own information there, too. The registry is a vast repository of cryptic keys and values, and it is very easy for spyware to take advantage of it to perform its irritating tasks.
More dangerous spyware can use the registry to compromise your computer in several ways. Those that take the form of DLLs, such as about:blank and se:dll, set references to themselves in the registry. This reference tells Windows where to find the spyware and how to load it into memory. Other registry entries tell Windows what programs to start when you start your computer. Spyware often sets references to itself so that it can start invading your privacy as soon as you’ve turned on your machine.
Editing the registry directly to remove these rogue entries is no small undertaking. Changing or deleting the wrong values can have very serious consequences, so manually editing the registry should never be taken lightly. Spyware removal tools generally include as part of their analysis a registry scan. These programs can find and delete traces of spyware in the registry, so you shouldn’t have to do the searching and editing yourself.
Once you have removed all spyware from your computer, it is useful to make a registry backup. If your system becomes infected with spyware, having a copy of the registry as it was before the infection occurred can be useful in eliminating entries made by offending programs. The previous article about using System Restore to eliminate spyware is the easiest way to return the registry to an uninfected state. If you wish to have a little “extra insurance” by making a separate registry backup, take the following steps:
- Click the “Start” button. The Start Menu appears.
- Click “Run.” The “Run” dialog appears.
- Type “regedit” into the “Open:” combo box.
- Click the “OK” button. The “Registry Editor” window appears.
- Click “File” on the menu bar.
- Click “Export…” The “Export Registry File” dialog appears.
- Use the folder list at the top of the window to pick a location for your registry backup file.
- Enter a file name for the registry backup in the “File name:” combo box below the folder list.
- Select the “All” radio button in the “Export range” panel at the bottom of the window.
- Click the “Save” button. Registry Editor makes a backup of the registry in the location that you specified in Steps 7 and 8.
To restore the registry from a backup that you have previously made, do the following:
- Repeat Steps 1 – 5 above.
- Click “Import…” The “Import Registry File” dialog opens.
- Locate and click the registry backup file in the folder list at the top of the window. The name of the backup file appears in the “File name:” combo box.
- Click the “Open” button. The Registry Editor imports the registry from the backup file that you selected in Step 3.
Remember that manually dealing with the registry is a serious operation. If at all possible, you should use tools that edit the registry for you.
Back To FAQ and Tutorials
|
