Hacking the Registry to Get Rid of Spyware

I don't believe I've seen you here before. You may want to subscribe to my feed to keep informed of new posts at DynamicVB.NetRSS feed. Thanks for stopping by!

Spyware is rapidly becoming one of most dangerous threats on the Internet. It has been reported by CNN that approximately 90% of all computers connected to the Internet are infected with at least one spyware program. The programmers who create these leaching programs are becoming better at evading the various applications designed to eradicate these infections from your computer.

There are many applications designed to combat this growing threat, but they do not always work correctly. Sometimes it is necessary to take more stringent actions in riding your self of any infection than just running a scan from one of these applications. If you are not able to clean a spyware infection with your detector, then the next step is to try a restore operation. You can attempt to restore your computer to the state it was before the computer became infected. You can do this by Selecting the restore option from the Start Menu > Accessories > System Tools > System Restore. From this location you can select to restore your computer to an earlier time before it became infected. This is a fairly safe process and you should not lose any of your data, but this option is not always available.

The system restore option usually takes a system snapshot any time you install new software or during a predetermined schedule, but sometimes this does not happen. System Restore can be turned off either through configuration changes or through other software installation. In this case you pretty much only have a couple of choices to rid yourself of the infection. You could backup your data and perform a clean install. A clean install is where you reformat your hard drive and reinstall all your applications. This is not a pleasant experience and could require hours of your time depending on the type and number of applications you have installed.

The second option is to hack your registry. It should be noted that Hacking the Registry is not a task to be taken lightly and if done improperly you could still wind up doing a clean install as mentioned earlier. In order for you to hack the registry to effectively clean a spyware infection from your machine will require you knowing a little about the Spyware application you are attempting to remove. Before touching your registry make sure you make a backup and have a current windows boot disk. You may need it if you touch the registry and make a mistake. When touching the registry always have a backup plan. Once you open the registry by going to Start > Run > and typing in regedit the registry will be opened. The registry in Windows XP is quite large and if you go through every key then you will be there longer than if you had re-installed. You can search by pressing F3 and typing in the name of the spyware application that you are trying to destroy. When you find an occurrence then you can just delete that key, but be careful because if you delete the wrong key you can render the Operating System worthless.

If done properly you can effectively kill those spyware instances that just won’t seem to go away and you should only resort to this step if you have no other choice. The safest solution to eradicate spyware is to utilize one of the many tools out there such as Windows Defender, Adaware, or one of the many others you can find by searching on the Internet. There are also some commercial applications produced by well known virus companies such as McAffee or Norton that will help clean an infected system and help protect you from future infections. In this day of rampant Spyware infections you should not go online until you have one of these protection applications installed as protection is better than the cure, especially in the case of having to hack the registry.

Data Recovery Service

If you have lost, or are unable to access, data due to a virus or computer crash, then probably your best and most affordable option is to try to use data recovery software. Sometimes however this is just not a powerful enough solution, or is inappropriate for the type of loss that your computer or hard drive has suffered. Then probably your only option, if you’re not a computer whiz yourself, is to look for a good data recovery service

A reputable data recovery service will very often offer a free assessment. In general you should not have to make an upfront payment for a company to assess the drive and tell you the options available to you for the recovery of your data. Although if it is a much more complex problem than you may have to pay for an assessment

Although you will want to get the work in progress as quickly as possible it is not always a good idea to go for the first data recovery service that you see. Some data recovery services are much more expensive than others and do not necessarily offer a better service, but if you can get a good recommendation, then this is probably the best way to

Make sure that the data recovery service gives you a quote before they start work. You do not want to be worrying about the cost of the work as well as the potential loss of your data. A good data recovery service should be able to give you fairly firm quotes when they have assessed the hard drive and are able to see the work that needs to be done

You may get two different prices from the data recovery service. This depends on whether the fault with the drive is a physical problem or a logical problem. This is not unusual, as the company cannot always know exactly what they will find when undergoing the process of data recovery, and physical data recovery is a much higher cost operation

Make sure, if you have two quotes from the data recovery service that it is for the two different procedures and not just a rough guess at what the costs may go up to in the end

When you first contact the data recovery service, make sure that you give them as much information as possible about the drive, any applications that you were running and the type of setup and operating system that was being used, when the data was lost. Especially if you are contacting them by e-mail, this can save a lot of time and allow them to get you a quote and start your data recovery as soon as possible.

Spam Policy Framework (SPF) it will stop SPAM if used

I was reading a forum post today in which a forum member was complaining because an unscrupulous spammer was spoofing his domain an using it to send out large amounts of unsolicited email, SPAM. The forum user posted the domain in question so I immediately posted it in the form over at http://www.dnsreport.com , just as I thought the domain did not have a Spam Policy Framework (SPF) record in their Domain Name System ( DNS ) server.

It amazes me how many ISP’s still do not have a policy for requiring a SPF record in the DNS servers for the mail servers they manage mail for. I’m guessing a lot of people do not even understand the purpose of the Spam Policy Framework and why its important in preventing SPAM. Basically SPF is a method for telling other mail servers the authorized mail server for sending mail from a particular domain. It is very easy to implement and only takes one line in the DNS server zone if you are defining the mail servers for one domain.

SPF makes it really easy to define the authorized email servers for your domain. It works like this When someone sends an email message out and the receiving server attempts to do a reverse lookup on the domain then your DNS server replies hey I’m xyz.com and I only send email from my server mail.xyz.com. If you get email from any other server you should really deny it since it did not come from me and its not my mail.

So you can see SPF is an effective method for preventing unauthorized users from spoofing your mail domain and getting your servers listed as a spammer. I would say its in the top three of things you should do on your servers to help stop the proliferation of SPAM through out the world and to stop wasting all the bandwidth these spammers waste everyday. These three things that every email administrator should implement include: 

  • Close Relays – Don’t let other people bounce SPAM through your server. All major email servers allow for the definition of servers that are allowed to relay, but most people just don’t turn it on.
  • Define Reverse Lookups for your mail server—Many people now do this because most mail systems will not accept mail from mail servers without a reverse lookup record. This is a little harder to do, since it requires that the ISP either set it up for you or they must delegate your Internet Protocol ( IP ) scope to your DNS servers. This usually only works for companies when you have a range of IP addresses leased, but your ISP should do this for you if they are managing your email servers. If you are managing your own email servers and Domain Name Servers then you should really have the authority for the range delegated to you.
  • Spam Policy Framework—Implement SPF and tell the world which servers are authorized to send mail form your domain. It’s very easy to implement in the most simple form all it takes is the following line in your zone file:
    First you have you MX record
    Somedomain.com. MX 0 mail.somedomain.com.
    Somedomain.com IN TXT "v=spf1 mx"

Add this second line after your MX record in bind and you are done and your DNS server will send out the allowed email servers for your domain when someone requests it.

I hope that more and more Internet Service Providers will start to require this feature for all domains. I think once it becomes normal and receiving mail domains will stop accepting mail from domains without an SPF defined then you will start to see a reduction in the amount of SPAM on the Internet today.

After all, SPAM is a technical problem and no laws like the CanSpam Act are ever going to stop this problem. The technical infrastructure allowed the problem to start and the technical infrastructure can stop the problem as soon as network administrator’s start implementing every feature at their disposal. Once everyone starts using this then the SPAM filtering companies can deny any mail that does not have a SPF record without having to worry about false positives and that should help a lot. Right now on my domains I put you half way to a being defined as SPAM if you don’t have one of these records. If all the domains that send me mail had SPF implemented then I would give them all a 100% and quarantine the message immediately. Maybe one day I’ll be able to stop SPAM at my doorway.