I recently recovered from a nasty virus. … I understand that a virus does
its thing by making changes in the registry. I have a utility called erunt that
makes a backup of the registry and has a utility to restore the same. If a
virus is onboard would restoring the registry eliminate it? Could that registry
backup be kept on a CD and restored to the hard drive and what would be the
process?
Yes, you could burn your registry backup to a CD and then restore from
that.
However, I’m a tad concerned. Viruses typically do much more than
play with the registry, and many other programs keep information in the
registry. Using this as your safety net may well simply replace one set of
problems with another.
Become a Patron of Ask Leo! and go ad-free!
First, it’s not true that viruses, spyware and other malware only modify the
registry. While that’s often an important part of how malware operates, they’re
actually often much more insidious. Additional techniques often involve
modifying, replacing or infecting system or other common executable files,
placing themselves in boot sectors, batch files, and other locations on your
computer.
Even if a particular piece of malware only works by installing references to
itself in the registry, fixing the registry does not remove the file containing
the malware. As long as that file exists, you’re still technically infected,
and are at risk of re-enabling it.
The other concern I have is that other programs are making changes to the
registry all the time. Legitimate changes. If you “roll back” the registry, and
only the registry, to some prior point in time, then all those legitimate
changes that were made since that backup was taken are lost.
malware infestation is, in my opinion, a very bad idea.”
In most cases that’s fairly benign. But, for example, if you installed
additional software since the registry backup was taken, then that software may
not appear to be installed after a restore. Or only partially installed. Or it
may simply not work at all, depending on how that particular software package
works.
All in all, relying on a registry restore to recover from a malware
infestation is, in my opinion, a very bad idea.
The alternative I recommend is this:
-
Be religious about running anti-spyware and anti-virus packages, keeping
their databases up to date, running a firewall and keeping windows up to date.
In other words, do everything you’re supposed to do to avoid the problem in the
first place. -
Use a more complete backup solution. Any of the standard backup programs
that backup all of your system, not just the registry. Then, if a restore
becomes necessary, you restore your system to a previously known good
state, rather than hoping that the registry is enough.
So then just when are registry backups appropriate?
I recommend them in situations where the window between making a change and
seeing a problem is likely to be short – meaning that other legitimate changes
you might care about are less likely to have happened between the backup and
any restore.
For example, I recommend a registry backup prior to doing any manual work in
the registry yourself. If you’ve been given instructions to make a change
inside the registry by firing up the registry editor or executing a “.reg”
file, then taking a backup snapshot immediately prior is a great idea. Then, if
you encounter a problem, you can immediately restore.
To answer your final question: how would you restore a registry backup from
a CD? That’s going to depend heavily on the particular registry backup tool
you’re using. In your case, I’m not familiar with erunt, but looking at the
product’s web site they do seem to have extensive information on various ways
to restore your registry, depending on the condition of your machine. So the
general advice is to check the documentation for the tool you’re using –
ideally before a problem arises, so you’ll know whether the tool is appropriate
for your situation.
how can you edit the registry to repair it after fixing an internal hard drive from virus’s when the internal hard drive was attached VIA USB adapter.
do u know any virus protection with a registry protection form virus to and dont give me no registry cleaner i am talking about registry protection form virus and spyware thanks
and aslo i was thinking that virus detecter cant detect any virus form registry if that is right do i need to protect my registry
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1
Anti-virus scanners certainly can scan the registry, as can
anti-spyware scanners.
Leo
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1.4.7 (MingW32)
iD8DBQFHdTM5CMEe9B/8oqERAuVsAJ9IkehlwqbWrIx1J2+wtPoS7Qy6xwCfeSrz
m82yhJVTwxJZ+Ai/3WJxhjg=
=VD2N
—–END PGP SIGNATURE—–
whats the difference between registry files and system files? I really enjoy your column and have learnt a great deal from it. Recently I have been hit by a virus and have not fully recovered from it. But have been able to fix it to some extent using your suggestions from various articles. I must say that i always look forward to your articles every week.
-Leo
hi all, I was thinking for a long time with this idea, pls give your comments on this, when we get a virus attack, the body itself produce immunity. likewise we build immunity in computer to prevent virus and update it. my idea is that can’t we write programes for kill specific viruses and let spred automaticaly over the net, these programs should halmless to computers and must active whenever its meet a virus onboard.