A Windows XP help forum. PCbanter

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Go Back   Home » PCbanter forum » Microsoft Windows XP » General XP issues or comments
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

Edit Registry from DOS



 
 
Thread Tools Display Modes
  #1  
Old July 20th 04, 05:52 PM
external usenet poster
 
Posts: n/a
Default Edit Registry from DOS

XP doesnt have DOS just a DOS prompt. You can also just
choose run from the start menu and enter regedit.

-----Original Message-----
Hi All,

I am attempting to recover from a Spyware install. I've

removed the Spyware installation and most registry
entries, however, I couldn't remove the most important
one until the file was gone. To only way to remove the
software was to boot into DOS and delete the file from
there since the way it was being loaded was through the
WinLogon process.

The problem I have now is that even though the spyware

is gone, I can't remove the entry out of the registry,
because my system will no longer boot. In it's current
state, when the system boots, it looks for the spyware
file during the winlogon process, but since it can't find
it anymore, the winlogon process blue screens.

Before the spyware software was removed, I was unable to

delete the entry in the registry, since every time I
deleted the registry entry for the spyware, it would re-
enter itself. (It had a hook into the explorer.exe
process).

I am now trying to copy the registry from this system to

another one so that I can edit it and remove the corrupt
entry. I don't know what files the registry consists of,
so I was wondering if you could point me to the correct
files.

As an alternative, if any of you are aware of DOS tools

I can use to edit the registry, I would also be willing
to try that. Note that the entries in the registry for
the Spyware are preceeded by a null character, so regular
registry tools will not even see the entries. I had a
heck of a time figuring this out, since essentially the
spyware put a null character entry in front of the entire
WinLogon registry node. Normal registry tools use the
Win32 API, which ignores anything after a null
character. In other words, the entire WinLogon registry
node in this case.

At any rate, any suggestions to edit the registry in a

non Windows mode, or by copying it to another computer,
would be highly appreciated. My understanding is that
the spyware was a variation of the VX2 Better Internet
software. Nasty stuff to get rid of, or even find.

Your help is much appreciated!

Steve.
.

Ads
  #2  
Old July 21st 04, 11:27 PM
Incognitus
external usenet poster
 
Posts: n/a
Default Edit Registry from DOS


"NobodyMan" wrote in message
...
On Mon, 19 Jul 2004 18:48:06 -0700,
wrote:

-----Original Message-----
Hi All,

I am attempting to recover from a Spyware install. I've

removed the Spyware installation and most registry
entries, however, I couldn't remove the most important
one until the file was gone. To only way to remove the
software was to boot into DOS and delete the file from
there since the way it was being loaded was through the
WinLogon process.

The problem I have now is that even though the spyware

is gone, I can't remove the entry out of the registry,
because my system will no longer boot. In it's current
state, when the system boots, it looks for the spyware
file during the winlogon process, but since it can't find
it anymore, the winlogon process blue screens.

Before the spyware software was removed, I was unable to

delete the entry in the registry, since every time I
deleted the registry entry for the spyware, it would re-
enter itself. (It had a hook into the explorer.exe
process).

I am now trying to copy the registry from this system to

another one so that I can edit it and remove the corrupt
entry. I don't know what files the registry consists of,
so I was wondering if you could point me to the correct
files.

As an alternative, if any of you are aware of DOS tools

I can use to edit the registry, I would also be willing
to try that. Note that the entries in the registry for
the Spyware are preceeded by a null character, so regular
registry tools will not even see the entries. I had a
heck of a time figuring this out, since essentially the
spyware put a null character entry in front of the entire
WinLogon registry node. Normal registry tools use the
Win32 API, which ignores anything after a null
character. In other words, the entire WinLogon registry
node in this case.

At any rate, any suggestions to edit the registry in a

non Windows mode, or by copying it to another computer,
would be highly appreciated. My understanding is that
the spyware was a variation of the VX2 Better Internet
software. Nasty stuff to get rid of, or even find.

Your help is much appreciated!

Steve.
.


XP doesnt have DOS just a DOS prompt. You can also just
choose run from the start menu and enter regedit.

Better to say XP has a Command Prompt. DOS prompt implies you are
accessing MS-DOS via the command line - and as you noted, XP doesn't
have MS-DOS.


Did you ever wonder why WinXP cmd prompt mem command doesn't know that?

From a mem command using cmd: "MS-DOS resident in High Memory Area".

  #3  
Old July 22nd 04, 12:37 AM
Incognitus
external usenet poster
 
Posts: n/a
Default Edit Registry from DOS


"NobodyMan" wrote in message
...
On Mon, 19 Jul 2004 18:48:06 -0700,
wrote:

-----Original Message-----
Hi All,

I am attempting to recover from a Spyware install. I've

removed the Spyware installation and most registry
entries, however, I couldn't remove the most important
one until the file was gone. To only way to remove the
software was to boot into DOS and delete the file from
there since the way it was being loaded was through the
WinLogon process.

The problem I have now is that even though the spyware

is gone, I can't remove the entry out of the registry,
because my system will no longer boot. In it's current
state, when the system boots, it looks for the spyware
file during the winlogon process, but since it can't find
it anymore, the winlogon process blue screens.

Before the spyware software was removed, I was unable to

delete the entry in the registry, since every time I
deleted the registry entry for the spyware, it would re-
enter itself. (It had a hook into the explorer.exe
process).

I am now trying to copy the registry from this system to

another one so that I can edit it and remove the corrupt
entry. I don't know what files the registry consists of,
so I was wondering if you could point me to the correct
files.

As an alternative, if any of you are aware of DOS tools

I can use to edit the registry, I would also be willing
to try that. Note that the entries in the registry for
the Spyware are preceeded by a null character, so regular
registry tools will not even see the entries. I had a
heck of a time figuring this out, since essentially the
spyware put a null character entry in front of the entire
WinLogon registry node. Normal registry tools use the
Win32 API, which ignores anything after a null
character. In other words, the entire WinLogon registry
node in this case.

At any rate, any suggestions to edit the registry in a

non Windows mode, or by copying it to another computer,
would be highly appreciated. My understanding is that
the spyware was a variation of the VX2 Better Internet
software. Nasty stuff to get rid of, or even find.

Your help is much appreciated!

Steve.
.


XP doesnt have DOS just a DOS prompt. You can also just
choose run from the start menu and enter regedit.

Better to say XP has a Command Prompt. DOS prompt implies you are
accessing MS-DOS via the command line - and as you noted, XP doesn't
have MS-DOS.


Did you ever wonder why WinXP cmd prompt mem command doesn't know that?

From a mem command using cmd: "MS-DOS resident in High Memory Area".

  #4  
Old July 22nd 04, 02:24 AM
Incognitus
external usenet poster
 
Posts: n/a
Default Edit Registry from DOS


"NobodyMan" wrote in message
...
On Mon, 19 Jul 2004 18:48:06 -0700,
wrote:

-----Original Message-----
Hi All,

I am attempting to recover from a Spyware install. I've

removed the Spyware installation and most registry
entries, however, I couldn't remove the most important
one until the file was gone. To only way to remove the
software was to boot into DOS and delete the file from
there since the way it was being loaded was through the
WinLogon process.

The problem I have now is that even though the spyware

is gone, I can't remove the entry out of the registry,
because my system will no longer boot. In it's current
state, when the system boots, it looks for the spyware
file during the winlogon process, but since it can't find
it anymore, the winlogon process blue screens.

Before the spyware software was removed, I was unable to

delete the entry in the registry, since every time I
deleted the registry entry for the spyware, it would re-
enter itself. (It had a hook into the explorer.exe
process).

I am now trying to copy the registry from this system to

another one so that I can edit it and remove the corrupt
entry. I don't know what files the registry consists of,
so I was wondering if you could point me to the correct
files.

As an alternative, if any of you are aware of DOS tools

I can use to edit the registry, I would also be willing
to try that. Note that the entries in the registry for
the Spyware are preceeded by a null character, so regular
registry tools will not even see the entries. I had a
heck of a time figuring this out, since essentially the
spyware put a null character entry in front of the entire
WinLogon registry node. Normal registry tools use the
Win32 API, which ignores anything after a null
character. In other words, the entire WinLogon registry
node in this case.

At any rate, any suggestions to edit the registry in a

non Windows mode, or by copying it to another computer,
would be highly appreciated. My understanding is that
the spyware was a variation of the VX2 Better Internet
software. Nasty stuff to get rid of, or even find.

Your help is much appreciated!

Steve.
.


XP doesnt have DOS just a DOS prompt. You can also just
choose run from the start menu and enter regedit.

Better to say XP has a Command Prompt. DOS prompt implies you are
accessing MS-DOS via the command line - and as you noted, XP doesn't
have MS-DOS.


Did you ever wonder why WinXP cmd prompt mem command doesn't know that?

From a mem command using cmd: "MS-DOS resident in High Memory Area".

  #5  
Old July 22nd 04, 03:18 AM
Incognitus
external usenet poster
 
Posts: n/a
Default Edit Registry from DOS


"NobodyMan" wrote in message
...
On Mon, 19 Jul 2004 18:48:06 -0700,
wrote:

-----Original Message-----
Hi All,

I am attempting to recover from a Spyware install. I've

removed the Spyware installation and most registry
entries, however, I couldn't remove the most important
one until the file was gone. To only way to remove the
software was to boot into DOS and delete the file from
there since the way it was being loaded was through the
WinLogon process.

The problem I have now is that even though the spyware

is gone, I can't remove the entry out of the registry,
because my system will no longer boot. In it's current
state, when the system boots, it looks for the spyware
file during the winlogon process, but since it can't find
it anymore, the winlogon process blue screens.

Before the spyware software was removed, I was unable to

delete the entry in the registry, since every time I
deleted the registry entry for the spyware, it would re-
enter itself. (It had a hook into the explorer.exe
process).

I am now trying to copy the registry from this system to

another one so that I can edit it and remove the corrupt
entry. I don't know what files the registry consists of,
so I was wondering if you could point me to the correct
files.

As an alternative, if any of you are aware of DOS tools

I can use to edit the registry, I would also be willing
to try that. Note that the entries in the registry for
the Spyware are preceeded by a null character, so regular
registry tools will not even see the entries. I had a
heck of a time figuring this out, since essentially the
spyware put a null character entry in front of the entire
WinLogon registry node. Normal registry tools use the
Win32 API, which ignores anything after a null
character. In other words, the entire WinLogon registry
node in this case.

At any rate, any suggestions to edit the registry in a

non Windows mode, or by copying it to another computer,
would be highly appreciated. My understanding is that
the spyware was a variation of the VX2 Better Internet
software. Nasty stuff to get rid of, or even find.

Your help is much appreciated!

Steve.
.


XP doesnt have DOS just a DOS prompt. You can also just
choose run from the start menu and enter regedit.

Better to say XP has a Command Prompt. DOS prompt implies you are
accessing MS-DOS via the command line - and as you noted, XP doesn't
have MS-DOS.


Did you ever wonder why WinXP cmd prompt mem command doesn't know that?

From a mem command using cmd: "MS-DOS resident in High Memory Area".

  #6  
Old July 22nd 04, 05:11 AM
Incognitus
external usenet poster
 
Posts: n/a
Default Edit Registry from DOS


"NobodyMan" wrote in message
...
On Mon, 19 Jul 2004 18:48:06 -0700,
wrote:

-----Original Message-----
Hi All,

I am attempting to recover from a Spyware install. I've

removed the Spyware installation and most registry
entries, however, I couldn't remove the most important
one until the file was gone. To only way to remove the
software was to boot into DOS and delete the file from
there since the way it was being loaded was through the
WinLogon process.

The problem I have now is that even though the spyware

is gone, I can't remove the entry out of the registry,
because my system will no longer boot. In it's current
state, when the system boots, it looks for the spyware
file during the winlogon process, but since it can't find
it anymore, the winlogon process blue screens.

Before the spyware software was removed, I was unable to

delete the entry in the registry, since every time I
deleted the registry entry for the spyware, it would re-
enter itself. (It had a hook into the explorer.exe
process).

I am now trying to copy the registry from this system to

another one so that I can edit it and remove the corrupt
entry. I don't know what files the registry consists of,
so I was wondering if you could point me to the correct
files.

As an alternative, if any of you are aware of DOS tools

I can use to edit the registry, I would also be willing
to try that. Note that the entries in the registry for
the Spyware are preceeded by a null character, so regular
registry tools will not even see the entries. I had a
heck of a time figuring this out, since essentially the
spyware put a null character entry in front of the entire
WinLogon registry node. Normal registry tools use the
Win32 API, which ignores anything after a null
character. In other words, the entire WinLogon registry
node in this case.

At any rate, any suggestions to edit the registry in a

non Windows mode, or by copying it to another computer,
would be highly appreciated. My understanding is that
the spyware was a variation of the VX2 Better Internet
software. Nasty stuff to get rid of, or even find.

Your help is much appreciated!

Steve.
.


XP doesnt have DOS just a DOS prompt. You can also just
choose run from the start menu and enter regedit.

Better to say XP has a Command Prompt. DOS prompt implies you are
accessing MS-DOS via the command line - and as you noted, XP doesn't
have MS-DOS.


Did you ever wonder why WinXP cmd prompt mem command doesn't know that?

From a mem command using cmd: "MS-DOS resident in High Memory Area".

 




Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off






All times are GMT +1. The time now is 03:31 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©2004-2024 PCbanter.
The comments are property of their posters.