Thread: Registry Question

    Registry Question

    is there any program that can detect alterations to the registry according to date ?
    the reason I ask this is because on December 17, 2003 an alteration/addition was made to my registry by a foreign chat service. I tried to locate the registry key, but it is well hidden.

    anyone who can help me on this would be much appreciated. thanks in advance...

    Well the spware program Spybot Search and destroy detects registry changes by malicious programs though I am not sure if they do all kinds. I am sure a google would find something, try

    it isnt spyware

    nah this is not spyware it's an alteration/addition made to make a certain program act or respond differently when ran. spybot isn't meant to detect those sort of reg changes, but thanks.

    Hmmm.... that's kind of interesting. I was always under the impression that the registry didn't keep track of creation and deletion dates? (at least that's what my forensics books tell me)Where did you find that?

    I don't think Registry keep track of date.. Third party software may keep track of the change and the time it happen but not Windows himself.

    The best luck is a system restore before that date!
    -Simon \"SDK\"

    If you have XP you may have daily checkpoints that you could try and restore back too. System Mechanic has a kick ass registry management module. But you really need a base line and if you already think you have a problem... I would wipe it. Then going forward make repair disks and use microsoft's built in registry backup system. Assuming you have XP or 2k.

    I'm not aware of how to do it according to date but if you'd like to see the changes made by software installation you can use MS's installation monitor which will log everything performed by an install and can then "roll-back" the install if so desired.

    \"If computers are to become smart enough to design their own successors, initiating a process that will lead to God-like omniscience after a number of ever swifter passages from one generation of computers to the next, someone is going to have to write the software that gets the process going, and humans have given absolutely no evidence of being able to write such software.\" -Jaron Lanier

    I use a programme called regrun by Greatis Software. It runs in the back ground and surveys your system for changes to the registry. It scans your system when you log on and informs you of any changes made since the last logon. It also gives a fairly comprehensive list of all programmes that start when you start your computer. It also verifies certain system files for modifications. There are other programmes out there that do the same thing and are probably better. The main inconveniences are it does take system resources (not a lot but some) and to be really efficient it needs to be running permanently. It will not see any changes made before it is installed.

    dont have XP

    k well I don't have XP i am on 98se still, but yeah I will look into those 2 applications (regrun & instaler-o)

    unfortunately its 2 late to do a restore to a prior date because the key was added and a restore won't really erase the additional key.


    I ask this is because on December 17, 2003 an alteration/addition
    I'm asking again, how do you know when it was added to the registry?

    On second thought, never mind...reformat and reinstall.

