Results 1 to 10 of 10

Thread: Unregister/Stop Process/Remove?

  1. #1
    Junior Member
    Join Date
    Oct 2005
    Posts
    4

    Unregister/Stop Process/Remove?

    I'm attempting to get a better understanding of parasite removal procedures.

    I have seen the following terms used
    - End running tasks
    - Unregister DLLs
    - Clean Registry entries

    I think I understand what ending a process and Clean Registry entries means but I have not been able to get an explanation of what Unregister means.

    Can any one give a pointer to or an explanation please.
    (I'm an old hardware engineer so this software stuff is not my cup of tea)

    Thanks,
    -p-

  2. #2
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Hi, and welcome to AO,

    The tool you use is regsvr32.exe from the command line.

    http://www.microsoft.com/resources/d.../regsvr32.mspx

    Basically you are removing the reference to the .dll from the Registry.


  3. #3
    Junior Member
    Join Date
    Oct 2005
    Posts
    4
    Hi Nihil,
    Thank you very much for your prompt response.

    I have found references to and explanations of regsvr32 in several locations.

    THe confusion arises when I read a removal procedure, for example:
    http://www.spyware-removal-guideline.com/aurora-removal

    and it states that one must first UNREGISTER and then CLEAN the registry

    So my assumption from this is that Unregister performs something different from mearly using regedit to remove an entry from the registry

    What do you think?

    -G-

  4. #4
    Senior Member
    Join Date
    Oct 2005
    Posts
    197
    When you register a dll it launches without the need for a reg entry. Like when you get spyware thats apart of winlogon. Its a b!tch.
    meh. -ech0.

  5. #5
    The Doctor Und3ertak3r's Avatar
    Join Date
    Apr 2002
    Posts
    2,744
    Gruntfuttock,

    On the page you quoted you will find some bloody handy links..

    the following IS the Link..

    http://www.spyware-removal-guideline...e-removal-help

    IF you follow the link it will give you a full description of ALL the terms you ask about, certainly giving instruction on useing the commandline tool regsvr32.exe, mentioned by nihil.

    In this situation what is meant in explaination on the page is..
    After unregistering the server and this could be done with a registry editor.. but you make work.. the registry cleanup .. the removal of references to the parasite in the registry... will ONLY THEN be able to proceed.
    These wonderfull dll's are what usually help the parasites return after removal..

    oh btw: Thanks for the link .. It is one I dont have in my bookmarks


    nihil,
    hmmm I'm not ready yet.. (I must edit my RSS feeds).. this is a reflex post..
    "Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

  6. #6
    Junior Member
    Join Date
    Oct 2005
    Posts
    4
    Hi Ech0 and Und3rtak3r
    Thank you for you responses,

    If I understand correctly, there is a parallel between:
    - stopping a process before removing the exec file and
    - unregistering a dll before deleting it from the registry.

    -G-

  7. #7
    Junior Member
    Join Date
    Oct 2005
    Posts
    4
    Hi Nihil,
    Thank you very much for your prompt response.

    I have found references to and explanations of regsvr32 in several locations.

    THe confusion arises when I read a removal procedure, for example:
    http://www.spyware-removal-guideline.com/aurora-removal

    and it states that one must first UNREGISTER and then CLEAN the registry

    So my assumption from this is that Unregister performs something different from mearly using regedit to remove an entry from the registry

    What do you think?

    -G-

  8. #8
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Yes, basically it removes stuff that you cannot see in regedit.

    With some malware you need to do both.


  9. #9
    Senior Member
    Join Date
    Oct 2003
    Posts
    394
    If dll is in use it can still be possible to rename it then reboot computer and then remove. Or remove it befor it loading by schedulling scanner/removal tool. Or use registry

    Here is explaning a litle about how to delete on reboot by using registry
    http://www.bleepingcomputer.com/foru...hp/t24954.html
    // too far away outside of limit

  10. #10
    Senior Member
    Join Date
    Oct 2003
    Posts
    394
    Here is a good tut about removing:

    http://www.antionline.com/showthread...hreadid=265440
    // too far away outside of limit

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •