Post reply

Warning: this topic has not been posted in for at least 120 days.
Unless you're sure you want to reply, please consider starting a new topic.
Name:
Email:
Subject:
Message icon:

Verification:
This box must be left blank:

Math question: 6+3 equals what?:

shortcuts: hit alt+s to submit/post or alt+p to preview


Topic Summary

Posted by: Admin
« on: April 03, 2005, 07:01:32 pm »

Hi.

I'm not sure that you mean when saying "Hive". Sorry - maybe try to explain it instead :-[.

What the function does is that it dumps:
o Every thing in HKEY_CLASSES_ROOT.
o Everything in HKEY_CURRENT_USER.
o Everything but "\System" and "\SOFTWARE\Classes" in HKEY_LOCAL_MACHINE.
o Everything in HKEY_CURRENT_CONFIG.
 
When I say dump, what it does is that it makes a file with info about the registry: Key names (the ones that looks like folders in regedit), values (the "files" in regedit) and the value of the value, it the value is not binary.

I don't know if it is better or worse than TotalUninstall, sorry.

Also, as I understand rootkits, they, if "good enough", can hide themselves 100%...
Posted by: controler
« on: April 03, 2005, 04:15:13 pm »

Hello

When you say you dump the registry, are you saying you are dumping the hive?
Would this be a good way to detect rootkits also?

I have used TotalUninstall before and found it left too many registry entries left.
I found this out by running RegistryCrawler.

How does your software compare to TotalUninstall?

Thank you

controler