System security: Windows Registry and computer security - RISING - Antivirus,Firewall,Virus,Trojan,Worm Protection,Free Download

Home > Information Center > Security Articles

System security: Windows Registry and computer security

Aug 09, 2007 - RISING

While Internet has given us the great convenience to our work and study, viruses, Trojans, backdoor programs and hacker programs also seriously affect the information security. A common feature of these malicious programs is by editing Windows Registry to achieve automatic execution, destruction and propagation. Following is the collection of modifying the Registry to deal with viruses, Trojans, backdoor programs and hacker programs to ensure personal computer security.

1. Clean up the left information after visit the Network Neighbor.
HEKY_CURRENT_USER/Network/Recent, delete the primary key.

2. Cancel automatic dial up
KEY_LOCAL_MACHINE / SOFTWARE / Microsoft / Windows / CurrentVersion / Network / RealModeNet, change the value of ‘autologon’ to ’01 00 00 00 00’.

3. Cancel user selection while login
HKEY_LOCAL_MACHINENetworkLogon, change the value of ‘UserProfiles’ to 0.

4. Conceal the login user name
KEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionWinlogon, create a new string ‘DontDisplayLastUserName’ and set the value to be 1.

5. Protect against Acid Battery v1.0 Trojan
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunServices, if ‘Explorer’ is found, Delete it.

6. Protect against YAI Trojan
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunServices, if ‘Batterieanzeige’ is found, that is YAI Trojan. Delete it.

7. Protect against Eclipse 2000 Trojan
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunServices, if ‘bybt’ is found, delete it. Then delete the key ‘cksys’ from HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunServices.

8. Protect against BO2000
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunServices, if ‘umgr32.exe’ is found, delete it. If ‘MSKernel32’ is found, delete it.

9. Protect against BackDoor
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun, if ‘Notepad’ is found, delete it.

10. Protect against WinNuke
HKEY_LOCAL_MACHINESystemCurrentControlSetServicesVxDMSTCP, create or modify the string ‘BSDUrgent’ and set its value to 0.

11. Protect against KeyboardGhost
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunServices, if ‘KG.EXE’ is found, delete it. Then search file KG.exe and KG.dat and delete them.

12. Search NetSpy hacker program
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun, if ‘NetSpy’ is found, delete it.

*You can buy RISING Antivirus here or free download to try.

*If you have any questions about RISING products, please visit http://support.rising-global.com for help.

Releated Articles