Garry Shape
asked on
Windows XP - view HKCU registry entries?
If I open Registry and Load Hive and open the ntuser.dat file of a profile from another computer, that won't import those registry entries into my system will it? It will just let me view/edit/make changes to it, right?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Okthanks
I basically just made a copy of it to research for malware
so I'm working with a copy. I deleted their original so next time they logon it will be new.
We use Citrix foreverything so nothing important's in there.
I basically just made a copy of it to research for malware
so I'm working with a copy. I deleted their original so next time they logon it will be new.
We use Citrix foreverything so nothing important's in there.
Should be perfectly safe.... You can learn a lot about how the current malwares prevent you from removal and cleanup. Pay special attention to the 2 Policies keys.
If you remove these policies from across the network using Remote Regostry, you can get to the Task Manager, Cmd prompt etc. (assuming your file associations aren't hosed)... Which you can also remove from across the network by accessing their hkey_users hive, that corresponds to their hkcu hive....
Manual malware removal does take some poking around, and learning where they alter the registry, based on the symptom you see. It can be a valuable method, when traditional scanners do not load/run/work at all.... You can get yourself to a somewhat stable point for removal....
Some will argue that there is no need for it, but I do disagree with that, as you have to know what parts of the registry get modified, to recover your system enough for mainstream tools to be effective....
If you remove these policies from across the network using Remote Regostry, you can get to the Task Manager, Cmd prompt etc. (assuming your file associations aren't hosed)... Which you can also remove from across the network by accessing their hkey_users hive, that corresponds to their hkcu hive....
Manual malware removal does take some poking around, and learning where they alter the registry, based on the symptom you see. It can be a valuable method, when traditional scanners do not load/run/work at all.... You can get yourself to a somewhat stable point for removal....
Some will argue that there is no need for it, but I do disagree with that, as you have to know what parts of the registry get modified, to recover your system enough for mainstream tools to be effective....
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Glad we could be of help. If you have any further quesitons about malware in the registry, dont hesitate to ask....
John
John
Thank you Garry
Otherwise you will not be able to load the hive, as it will be locked by the os....