【英文】注册表编辑器

Preface

The registry (Registry in English, translated as “注册表” in mainland China and “登录档” in Taiwan, Hong Kong, and Macao) is an important hierarchical database in the Microsoft Windows operating system and its applications, used for storing system and application settings information. (Wikipedia)

Common Registry Entries for Viruses and Trojans

  • The solution is to check if the disabled entry exists in the registry. If it exists and its value is 1, change the value to 0 or delete the entry to solve the problem.

  • Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System

Registry Entry Data Type Data Value Notes
DisableCMD REG_DWORD 1 Disable using CMD
  • Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer
Registry Entry Data Type Data Value Notes
NoClose REG_DWORD 1 Disable shut down
NoControlPanel REG_DWORD 1 Disable Control Panel
NoDesktop REG_DWORD 1 Disable desktop
NoDevice REG_DWORD 0xffffffff Disable drives
NoFileMenu REG_DWORD 1 Disable file menu
NoFind REG_DWORD 1 Disable search
NoFolderOption REG_DWORD 1 Disable folder options
NoRun REG_DWORD 1 Disable run
  • Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
Registry Entry Data Type Data Value Notes
Disableregistrytools REG_DWORD 1 Disable registry editor
DisableTaskmgr REG_DWORD 1 Disable task manager
  • Computer\HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer
  • Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer
Registry Entry Notes
NoControlPanel Disable Control Panel
NoRun Disable run
NoClose Disable shutdown
NoLogOff Disable logoff menu 01 00 00 00
NoViewContextMenu Disable right-click 01 00 00 00
NoDesktop Disable desktop
NoDriveTypeAutoRun Disable drive auto-run
NoFavoritesMenu Disable favorites in start menu
NoDeletePrinter Disable delete printer in printer settings
NoAddPrinter Disable add printer in printer settings
NoChangeStartMenu Disable modify start menu
NoSetFolders Disable modify control panel
NoSetFolders Disable modify control panel and printer settings
NoDrives Hide all drives FFFFFFFF
NoDrives Hide drive A 1
NoDrives Hide drive C 4
NoDrives Hide drive D 8
NoDrives Hide drive E 10
NoSaveSettings Exit without saving settings
WinOlaApp Disable MS-DOS
NoRealMode Disable MS-DOS on restart
NoPrinters Disable modify printer settings
NoStartBanner Disable start banner 01 00 00 00
NoNetHood Disable My Network Places
NoNetSetup Disable network settings in control panel
  • Computer\HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
Registry Entry Notes
NoAdminPage Disable remote management
NoNetSetup Disable network options in control panel
NoProfilePage Disable user options in control panel
NoSecCPL Disable password options in control panel
DisableRegistryTools Disable registry editor
NoDispCPL Disable display properties modification
  • Computer\HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
Registry Entry Notes
Explorer Infected with Acid Battery v1.0 Trojan
Batterieanzeige Infected with YAI Trojan
bybt, cksys Eclipse 2000 Trojan
umgr32.exe Infected with BO2000 Trojan
KG.EXE Infected with KeyboardGhost Trojan
  • Computer\HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Registry Entry Notes
MSKernel32 Infected with Love Bug
Notepad Infected with BackDoor Trojan
NetSpy Infected with NetSpy Trojan

File Extension Associations

  • Computer\HKEY_LOCAL_MACHINE\Classes\.exe
  • Computer\HKEY_LOCAL_MACHINE\Classes\exefile\shell\open\command
    • Default value: %1 %*

Startup Items

  • Computer\HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

Hide Shortcuts on the Left Side of File Explorer

  • Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions

  • In the subfolders under this folder, determine the folder name based on its “Name” property

    1. Add the “PropertyBag” entry (no need to add again)
    2. Add a string value “ThisPCPolicy” in this entry (no need to add again)
    3. Set the value of this string to “Hide”
  • Restart “Windows Explorer” to apply the changes

Conclusion

References

Computer enthusiasts and beginners’ home jsjbbs-yyw258520
Zhihu-Youyu
Xigua Video-Love Comparison