-
October 29th, 2005, 03:45 AM
#1
Junior Member
Unregister/Stop Process/Remove?
I'm attempting to get a better understanding of parasite removal procedures.
I have seen the following terms used
- End running tasks
- Unregister DLLs
- Clean Registry entries
I think I understand what ending a process and Clean Registry entries means but I have not been able to get an explanation of what Unregister means.
Can any one give a pointer to or an explanation please.
(I'm an old hardware engineer so this software stuff is not my cup of tea)
Thanks,
-p-
-
October 29th, 2005, 04:19 AM
#2
Hi, and welcome to AO,
The tool you use is regsvr32.exe from the command line.
http://www.microsoft.com/resources/d.../regsvr32.mspx
Basically you are removing the reference to the .dll from the Registry.
-
October 29th, 2005, 02:48 PM
#3
Junior Member
Hi Nihil,
Thank you very much for your prompt response.
I have found references to and explanations of regsvr32 in several locations.
THe confusion arises when I read a removal procedure, for example:
http://www.spyware-removal-guideline.com/aurora-removal
and it states that one must first UNREGISTER and then CLEAN the registry
So my assumption from this is that Unregister performs something different from mearly using regedit to remove an entry from the registry
What do you think?
-G-
-
October 29th, 2005, 03:16 PM
#4
When you register a dll it launches without the need for a reg entry. Like when you get spyware thats apart of winlogon. Its a b!tch.
-
October 29th, 2005, 10:57 PM
#5
Gruntfuttock,
On the page you quoted you will find some bloody handy links..
the following IS the Link..
http://www.spyware-removal-guideline...e-removal-help
IF you follow the link it will give you a full description of ALL the terms you ask about, certainly giving instruction on useing the commandline tool regsvr32.exe, mentioned by nihil.
In this situation what is meant in explaination on the page is..
After unregistering the server and this could be done with a registry editor.. but you make work.. the registry cleanup .. the removal of references to the parasite in the registry... will ONLY THEN be able to proceed.
These wonderfull dll's are what usually help the parasites return after removal..
oh btw: Thanks for the link .. It is one I dont have in my bookmarks
nihil,
hmmm I'm not ready yet.. (I must edit my RSS feeds).. this is a reflex post..
"Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr
-
October 30th, 2005, 06:43 PM
#6
Junior Member
Hi Ech0 and Und3rtak3r
Thank you for you responses,
If I understand correctly, there is a parallel between:
- stopping a process before removing the exec file and
- unregistering a dll before deleting it from the registry.
-G-
-
October 30th, 2005, 11:06 PM
#7
Junior Member
Hi Nihil,
Thank you very much for your prompt response.
I have found references to and explanations of regsvr32 in several locations.
THe confusion arises when I read a removal procedure, for example:
http://www.spyware-removal-guideline.com/aurora-removal
and it states that one must first UNREGISTER and then CLEAN the registry
So my assumption from this is that Unregister performs something different from mearly using regedit to remove an entry from the registry
What do you think?
-G-
-
October 30th, 2005, 11:26 PM
#8
Yes, basically it removes stuff that you cannot see in regedit.
With some malware you need to do both.
-
October 31st, 2005, 12:48 AM
#9
If dll is in use it can still be possible to rename it then reboot computer and then remove. Or remove it befor it loading by schedulling scanner/removal tool. Or use registry
Here is explaning a litle about how to delete on reboot by using registry
http://www.bleepingcomputer.com/foru...hp/t24954.html
// too far away outside of limit
-
October 31st, 2005, 01:24 AM
#10
// too far away outside of limit
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|