How to make a registry script?

  • Thread starter Thread starter Ekka
  • Start date Start date
E

Ekka

If I wanted to use a registry script to delete the following files, How
would I go about it?

C:\WINDOWS\SYSTEM32\mswinf32.dll
C:\WINDOWS\SYSTEM32\mswinf32.exe
--
Ekka@DeeWhy
 
"Ekka" <Ekka@discussions.microsoft.com> wrote:

> If I wanted to use a registry script to delete the following files, How
> would I go about it?

First, you can't delete any files physically (hard disk) via the registry
and second, removing some virulent files (trojans) from the disk or from
the registry (entries) does not clean your system!

> C:\WINDOWS\SYSTEM32\mswinf32.dll
> C:\WINDOWS\SYSTEM32\mswinf32.exe

"Trojan.RealSearch"
http://www.symantec.com/security_response/writeup.jsp?docid=2006-050815-5558-99&tabid=2

--
d-d
 
Ekka wrote:
> If I wanted to use a registry script to delete the following files, How
> would I go about it?
>
> C:\WINDOWS\SYSTEM32\mswinf32.dll
> C:\WINDOWS\SYSTEM32\mswinf32.exe

What do you mean "a registry script"? You don't delete files in the
registry, you delete them on the hard drive. Do you mean that you want
to delete references to those files in the registry?

The files in question seem to be installed with a trojan. Use your AV
software to remove it:
http://www.symantec.com/security_response/writeup.jsp?docid=2006-050815-5558-99&tabid=2

John
 
"Ekka" wrote:

>
> If I wanted to use a registry script to delete the following files, How
> would I go about it?
>
> C:\WINDOWS\SYSTEM32\mswinf32.dll
> C:\WINDOWS\SYSTEM32\mswinf32.exe
> --
> Ekka@DeeWhy

You could do, but it is best if you clear all not just only these entries.
Download these tools, handy in deleting on reboot:
"AutoRuns for Windows v8.61 By Mark Russinovich and Bryce Cogswell"
http://www.microsoft.com/technet/sysinternals/ProcessesAndThreads/Autoruns.mspx

http://www.ccleaner.com
 
--
Ekka@DeeWhy


"nass" wrote:

>
>
> "Ekka" wrote:
>
> >
> > If I wanted to use a registry script to delete the following files, How
> > would I go about it?
> >
> > C:\WINDOWS\SYSTEM32\mswinf32.dll
> > C:\WINDOWS\SYSTEM32\mswinf32.exe
> > --
> > Ekka@DeeWhy
>
> You could do, but it is best if you clear all not just only these entries.
> Download these tools, handy in deleting on reboot:
> "AutoRuns for Windows v8.61 By Mark Russinovich and Bryce Cogswell"
> http://www.microsoft.com/technet/sysinternals/ProcessesAndThreads/Autoruns.mspx
>
> http://www.ccleaner.com
>
Hi,
I should have made myself a bit clearer. I know what the files are, they
were on a computer I helped fix. I am just trying to understand scripts and
the registry a bit better.
 
You can edit the Registry using VBScript, if that's what you're asking. You
can manipulate files and folders using VBScript. But your initial question
makes no sense. There is no such thing as a "Registry script".

--
Gary S. Terhune
MS-MVP Shell/User
www.grystmill.com

"Ekka" <Ekka@discussions.microsoft.com> wrote in message
news:D61CE7A4-6F13-4302-8440-4AD778ED5E3A@microsoft.com...
>
> --
> Ekka@DeeWhy
>
>
> "nass" wrote:
>
>>
>>
>> "Ekka" wrote:
>>
>> >
>> > If I wanted to use a registry script to delete the following files, How
>> > would I go about it?
>> >
>> > C:\WINDOWS\SYSTEM32\mswinf32.dll
>> > C:\WINDOWS\SYSTEM32\mswinf32.exe
>> > --
>> > Ekka@DeeWhy
>>
>> You could do, but it is best if you clear all not just only these
>> entries.
>> Download these tools, handy in deleting on reboot:
>> "AutoRuns for Windows v8.61 By Mark Russinovich and Bryce Cogswell"
>> http://www.microsoft.com/technet/sysinternals/ProcessesAndThreads/Autoruns.mspx
>>
>> http://www.ccleaner.com
>>
> Hi,
> I should have made myself a bit clearer. I know what the files are, they
> were on a computer I helped fix. I am just trying to understand scripts
> and
> the registry a bit better.
 
On Fri, 20 Jul 2007 11:10:03 -0700, Ekka
<Ekka@discussions.microsoft.com> wrote:

>Hi,
>I should have made myself a bit clearer. I know what the files are, they
>were on a computer I helped fix. I am just trying to understand scripts and
>the registry a bit better.

Ekka:

Are you trying to get a script to run at startup time that
automatically deletes some files or does similar work ?

There are some registry keys that hold the names of programs that get
loaded at various points... is that what you are looking for?
 
I guess I need to make a batch file to delete the files and then use regedit
to delete the run entries.
I am doing an exercise where I have been asked to fix certain findings. some
are files and some are registry entries but I can't use normal delete methods
ar manually go into the registry
--
Ekka@DeeWhy


"+Bob+" wrote:

> On Fri, 20 Jul 2007 11:10:03 -0700, Ekka
> <Ekka@discussions.microsoft.com> wrote:
>
> >Hi,
> >I should have made myself a bit clearer. I know what the files are, they
> >were on a computer I helped fix. I am just trying to understand scripts and
> >the registry a bit better.
>
> Ekka:
>
> Are you trying to get a script to run at startup time that
> automatically deletes some files or does similar work ?
>
> There are some registry keys that hold the names of programs that get
> loaded at various points... is that what you are looking for?
>
>
>
 
Yeah, use a batch file. For REGEDIT command line procedures, see:
http://support.microsoft.com/kb/82821
For info on how to write the REG file to delete Keys or Values, see:
http://support.microsoft.com/kb/310516/en-us

I assume you already know how to delete files using a batch file.

--
Gary S. Terhune
MS-MVP Shell/User
www.grystmill.com

"Ekka" <Ekka@discussions.microsoft.com> wrote in message
news:ADB2C107-D0E3-44E9-89A6-58D5138AB118@microsoft.com...
>I guess I need to make a batch file to delete the files and then use
>regedit
> to delete the run entries.
> I am doing an exercise where I have been asked to fix certain findings.
> some
> are files and some are registry entries but I can't use normal delete
> methods
> ar manually go into the registry
> --
> Ekka@DeeWhy
>
>
> "+Bob+" wrote:
>
>> On Fri, 20 Jul 2007 11:10:03 -0700, Ekka
>> <Ekka@discussions.microsoft.com> wrote:
>>
>> >Hi,
>> >I should have made myself a bit clearer. I know what the files are, they
>> >were on a computer I helped fix. I am just trying to understand scripts
>> >and
>> >the registry a bit better.
>>
>> Ekka:
>>
>> Are you trying to get a script to run at startup time that
>> automatically deletes some files or does similar work ?
>>
>> There are some registry keys that hold the names of programs that get
>> loaded at various points... is that what you are looking for?
>>
>>
>>
 
Thanks Gary,
Two good articles for me too.

--
HTH,
Curt

Windows Support Center
www.aumha.org
Practically Nerded,...
http://dundats.mvps.org/Index.htm

"Gary S. Terhune" <none> wrote in message
news:%23T9Ktt8yHHA.1776@TK2MSFTNGP03.phx.gbl...
| Yeah, use a batch file. For REGEDIT command line procedures, see:
| http://support.microsoft.com/kb/82821
| For info on how to write the REG file to delete Keys or Values, see:
| http://support.microsoft.com/kb/310516/en-us
|
| I assume you already know how to delete files using a batch file.
|
| --
| Gary S. Terhune
| MS-MVP Shell/User
| www.grystmill.com
|
| "Ekka" <Ekka@discussions.microsoft.com> wrote in message
| news:ADB2C107-D0E3-44E9-89A6-58D5138AB118@microsoft.com...
| >I guess I need to make a batch file to delete the files and then use
| >regedit
| > to delete the run entries.
| > I am doing an exercise where I have been asked to fix certain findings.
| > some
| > are files and some are registry entries but I can't use normal delete
| > methods
| > ar manually go into the registry
| > --
| > Ekka@DeeWhy
| >
| >
| > "+Bob+" wrote:
| >
| >> On Fri, 20 Jul 2007 11:10:03 -0700, Ekka
| >> <Ekka@discussions.microsoft.com> wrote:
| >>
| >> >Hi,
| >> >I should have made myself a bit clearer. I know what the files are,
they
| >> >were on a computer I helped fix. I am just trying to understand
scripts
| >> >and
| >> >the registry a bit better.
| >>
| >> Ekka:
| >>
| >> Are you trying to get a script to run at startup time that
| >> automatically deletes some files or does similar work ?
| >>
| >> There are some registry keys that hold the names of programs that get
| >> loaded at various points... is that what you are looking for?
| >>
| >>
| >>
|
|
 

Similar threads

K
Windows 8 Asus gaming laptop C:\WINDOWS\System32\Logfiles\Srt\SrtTrail.txt
Replies
0
Views
9
Keith_69
K
J
Lesson Learned #495: Monitoring DNS Resolution with PowerShell of Azure SQL Server
Replies
0
Views
23
Jose_Manuel_Jurado
J
AWS
How to restore backups from Amazon S3 to Azure SQL Managed Instance
Replies
0
Views
175
AWS
AWS
M
My windows 8 can't run exe files aven after using regedit. Is it a software related problem?
Replies
0
Views
16
Matheus Rodrigues da Silva1
M
AWS
How to Detect Duplicate Files on your Computer via PowerShell
Replies
0
Views
123
AWS
AWS
Back
Top