Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Another question please


  • Please log in to reply
4 replies to this topic

#1 Emily

Emily

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:26 PM

Posted 14 December 2004 - 06:48 PM

I guess I'll try my luck asking here since I don't know where to ask.
I have a question about making/understanding a .reg file, batch, script, whatever it's called, for editing the registry.

I hope it's okay to ask here.
I have the very basic understanding about it and I can delete a single entry with it, what I don't understand is,
Supposing that I made a reg file and the first 2 entries delete a subkeys, then another 2 entries after it(the same entries except they don't have the hyphen so it doesn't delete).
My question is, what is the purpose of the last two subkeys in that .reg?

If someone can enlighten me I'd really appreciate it.
~Emily
"True friends are like diamonds, precious and rare,
False friends are like autumn leaves, scattered everywhere."

BC AdBot (Login to Remove)

 


#2 Emily

Emily
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:26 PM

Posted 14 December 2004 - 06:54 PM

What I'm talking about is similar to this one.

This .reg was made to remove domains.

REGEDIT4

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]

On that example, it looks to me that the last 2 entries kind of cancel out the first 2.
Please explain it, thanks.
"True friends are like diamonds, precious and rare,
False friends are like autumn leaves, scattered everywhere."

#3 JEservices

JEservices

    helping hand


  • Members
  • 1,700 posts
  • OFFLINE
  •  
  • Location:Texas
  • Local time:12:26 PM

Posted 14 December 2004 - 07:36 PM

The BC registry tutorial should explain everything for you.
We are all curious like a cat. We wonder, we ask, we learn.
Please post back when a suggestion works, so that others may learn.

#4 Emily

Emily
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:26 PM

Posted 14 December 2004 - 07:51 PM

Yeah I've seen that page before when I went to their tutorial pages. it has a lot of info and it's great, but still didn't answer my question.
Thank you anyway.
"True friends are like diamonds, precious and rare,
False friends are like autumn leaves, scattered everywhere."

#5 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,542 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:26 PM

Posted 15 December 2004 - 03:24 PM

I have moved this to the windows xp directory for a lack of a better place.

As for your question, you are right they do in a way cancel each other out. The first two lines delete the Domains subkey under HKLM and HKCU. The next two lines recreate them.

What this does for you, though, is give you a clean Domains subkey. Many malware adds their domains to these subkeys and add them as trusted domains. Then whenever you visit those sites, windows wont ask when installing new software.

By using the above reg file, you are wiping all possible domains listed under the Domain key, which in many cases is good. Then you are recreating that key becuase its a valid key and necessary for certain security features of IE.

It is important to note, though, that this method will wipe out ALL domains under this subkey, even ones that were added legitimately.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users