Whats this all about ? Registry is the place where most windows programs store some data associated with that program. Moreover, registry is used by windows to store much of the configuration information, file associations, start up programs, etc ...
The registry is mainly divided into 5 sections
HKEY_CURRENT_USER : Current User Preferences.
HKEY_LOCAL_MACHINE (HKLM): Global Preferences.
HKEY_CURRENT_CONFIG : Current System Configuration.
Using the Registry
The Regedit is similar to the explorer, the left side consists of a Tree View with the various folder locations, and the right side shows the contents of the particular folder. A folder contains sub folders, key-value pairs and a (default) value.
To edit the key values right click to see the menu or double click the key.
To open a folder just double click or use the left side tree to navigate to the folder.
Important Registry Locations
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run: This location consists of all the programs that are executed by the computer after windows has loaded. Check this location periodically, most virus makes an entry here to startup when windows runs.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell FoldersStores all shell folder locations like My Documents, Music, Pictures etc,.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System: Certain critical applications such as the task manager and registry editor can be disabled by entries in this folder.
If DisableRegistryTools, DisableTaskMgr
has a value 1, then regedit.exe and taskmgr.exe (registry editor and task manager cannot be run !!) Some viruses make use of this to disable the end tasking of virus applications.