Jump to content
Sign in to follow this  
cholla

XP Registry Restore ?

Recommended Posts

I have Windows ME & the scanreg /restore at the command prompt gives me a choice of about 5 previous registries to select.

Does XP have a way to do this? Like in its scannow  ?

The reason I ask is a question about some spyware that was staying in a system.

Could spyware hide in the saved registries ?

If it could I would think deleting these would be something necessary like disabling system restore.

Share this post


Link to post
Share on other sites

I have Windows ME & the scanreg /restore at the command prompt gives me a choice of about 5 previous registries to select.

Does XP have a way to do this? Like in its scannow  ?

The reason I ask is a question about some spyware that was staying in a system.

Could spyware hide in the saved registries ?

If it could I would think deleting these would be something necessary like disabling system restore.

yes spyware can have entries in a saved registry. deleting them can help because if the registry crashes, and windows restories it, then your system will be infected with spyware again.

Share this post


Link to post
Share on other sites

Windows XP organizes the registry in hives. For each hive file, XP creates additional supporting files that contain backup copies of each hive's data.  These backups allow the OS to repair the hive during the installation and boot processes if something goes terribly wrong.

Hives are only in two root keys: HKLM (HKEY_LOCAL_MACHINE) and HKU (HKEY_USERS) ~ all other root keys are links to keys within those two ~ HKLM and HKU are the only root keys that Windows XP actually stores on disk.

[The hive and supporting files for all hives other than those in HKU are in %SYSTEMROOT%System32config.  Hive files for HKU are in the user's profile folders.]

This is how it works;

XP creates the registry on boot-up in two phases; text-mode and graphics-mode. Xp copies each hive file to a SAV file at the end of the text-mode phase so that it can recover if the graphics-mode phase fails.  If graphics-mode phase does fail, XP repeats that phase after restoring the hive file from the SAV file.

So, (almost) no matter how much you might think you screwed the registry, there's a backup SAV file that it can use to recreate the last working registry configuration on boot-up (w/ a safe-mode option, if necessary).

Besides System Restore, there's a Performace Option (in XP SP2) in System Properties called Data Execution Prevention for essential Windows programs and services, that monitors System memory locations for any changes and/or executions from malicious attacks, either by you or some unseen virus!

Share this post


Link to post
Share on other sites

HI ROM-DOS :Do all or part of these work if system restore is disabled?

peepnklown: Thanks pretty detailed MS articles on repairing registry .

lol ~ . . .as much as I have tweaked and deleated my registry files (1000's), I haven't had any problems. . .I've never used System Restore. . .but hacking into system files can be a pain in the @ss . . .sometimes, even months later, after a hack ~ the system restores (somehow) the 'ol windows way ~  . ..how,  I don't know? . . .but it keeps me busy ~ lol

[i personally think Windows keeps about five back-ups!! ~ XP's a tight system ~ ]

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

×
×
  • Create New...