Registry Question
Page 1 of 3 123 LastLast
Results 1 to 10 of 24

Thread: Registry Question

  1. #1
    Senior Member isle_of_infamy's Avatar
    Join Date
    Dec 2003
    Posts
    136

    Registry Question

    is there any program that can detect alterations to the registry according to date ?
    the reason I ask this is because on December 17, 2003 an alteration/addition was made to my registry by a foreign chat service. I tried to locate the registry key, but it is well hidden.

    anyone who can help me on this would be much appreciated. thanks in advance...

  2. #2
    Junior Member
    Join Date
    Jul 2003
    Posts
    21
    Well the spware program Spybot Search and destroy detects registry changes by malicious programs though I am not sure if they do all kinds. I am sure a google would find something, try www.webattack.com

  3. #3
    Senior Member isle_of_infamy's Avatar
    Join Date
    Dec 2003
    Posts
    136

    it isnt spyware

    nah this is not spyware it's an alteration/addition made to make a certain program act or respond differently when ran. spybot isn't meant to detect those sort of reg changes, but thanks.

  4. #4
    Senior Member
    Join Date
    Aug 2003
    Posts
    1,019
    Hmmm.... that's kind of interesting. I was always under the impression that the registry didn't keep track of creation and deletion dates? (at least that's what my forensics books tell me)Where did you find that?

  5. #5
    AO French Antique News Whore
    Join Date
    Aug 2001
    Posts
    2,126
    I don't think Registry keep track of date.. Third party software may keep track of the change and the time it happen but not Windows himself.

    The best luck is a system restore before that date!
    -Simon \"SDK\"

  6. #6
    Senior Member RoadClosed's Avatar
    Join Date
    Jun 2003
    Posts
    3,834
    If you have XP you may have daily checkpoints that you could try and restore back too. System Mechanic has a kick ass registry management module. But you really need a base line and if you already think you have a problem... I would wipe it. Then going forward make repair disks and use microsoft's built in registry backup system. Assuming you have XP or 2k.

  7. #7
    Senior Member Maestr0's Avatar
    Join Date
    May 2003
    Posts
    604
    I'm not aware of how to do it according to date but if you'd like to see the changes made by software installation you can use MS's installation monitor which will log everything performed by an install and can then "roll-back" the install if so desired.

    http://www.microsoft.com/windows2000...instaler-o.asp

    -Maestr0
    \"If computers are to become smart enough to design their own successors, initiating a process that will lead to God-like omniscience after a number of ever swifter passages from one generation of computers to the next, someone is going to have to write the software that gets the process going, and humans have given absolutely no evidence of being able to write such software.\" -Jaron Lanier

  8. #8
    AO Guinness Monster MURACU's Avatar
    Join Date
    Jan 2004
    Location
    paris
    Posts
    1,002
    I use a programme called regrun by Greatis Software. It runs in the back ground and surveys your system for changes to the registry. It scans your system when you log on and informs you of any changes made since the last logon. It also gives a fairly comprehensive list of all programmes that start when you start your computer. It also verifies certain system files for modifications. There are other programmes out there that do the same thing and are probably better. The main inconveniences are it does take system resources (not a lot but some) and to be really efficient it needs to be running permanently. It will not see any changes made before it is installed.

  9. #9
    Senior Member isle_of_infamy's Avatar
    Join Date
    Dec 2003
    Posts
    136

    dont have XP

    k well I don't have XP i am on 98se still, but yeah I will look into those 2 applications (regrun & instaler-o)

    unfortunately its 2 late to do a restore to a prior date because the key was added and a restore won't really erase the additional key.

    thanks...

  10. #10
    Senior Member
    Join Date
    Aug 2003
    Posts
    1,019
    I ask this is because on December 17, 2003 an alteration/addition
    I'm asking again, how do you know when it was added to the registry?

    On second thought, never mind...reformat and reinstall.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides