Windows Registry Reader

  • Thread starter Thread starter Will
  • Start date Start date
W

Will

Has anyone created a utility that will open up registry files from another
workstation and (ideally) modify entries within those registries?

This would be a perfect utility for recovering from some kinds of viruses,
as you could inspect all of the lines where a virus takes control at boot
time and remove those in a sterile environment. Having removed the
offensive lines you could reinsert the boot device to the original system
and restart it.

We make multiple backups of server registry files, but the value of these is
lessened by our inability to inspect those and make decisions about which
ones to use in a recovery based on their content.
 
Will,

Isn't this a server protection issue. In the 10 years I've worked
with Windows servers the only time I found an infected one was because
of inadequate protection and vigilance. I learnt a lot from that one
and never again.

Concentrate on the protection side of things, of your server and its
clients, and education of your end-users if you do not want to
implement group policies, and, in my opinion, that will be more
effective than looking for the type of utility you're looking for,
particularly since for serious viruses people like Symantec produce
removal tools.


Karl


Has anyone created a utility that will open up registry files from
another
workstation and (ideally) modify entries within those registries?

This would be a perfect utility for recovering from some kinds of
viruses,
as you could inspect all of the lines where a virus takes control at
boot
time and remove those in a sterile environment. Having removed the
offensive lines you could reinsert the boot device to the original
system
and restart it.

We make multiple backups of server registry files, but the value of
these is
lessened by our inability to inspect those and make decisions about
which
ones to use in a recovery based on their content.
 
regedit (or regedt32 in Windows 2000, in Windows 2003 Server normal regedit
can do it directly) is capable of mounting arbitrary registry "hives" from
SYSTEMROOT\system32\config for editing. I've found this useful in some
scenarios where a drive image was manually transferred to a different
controller to redirect the drive letter association, for example.

Carl
 
Carl, I have had this problem as well with redirecting the drive letter
association. How do you correct that.

Thanks for the tip on regedit. Boy, I guess I didn't think about that one.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Finding the COA serial# in the registry for XP-Pro 11
Offline Registry Editor 2
Corrupted registry files 7
Win2k registry viewing 1
Dual boot registry editing 2
Repairing a corrupt registry 9
Removing Progs. Traces from Registry 3
Reproducing the error "Windows Registry Recovery..." 10

Back
Top