If you export entire registry, .reg file will be quite large, between 20MB and 30MB. You might want to export just a specific branch of registry. To export a branch, highlight branch in left pane of Registry before selecting "Export Registry File..." in Registry Editor programs "Registry" menu. In "Export Range" section, make sure "Selected branch" radio button is set.

One reason to export a Registry file is to be able use a text editor to search it. The Registry Editor prgram has a "Find..." function in "Edit menu, but it's more difficult to use.

- Don't double-click file to open it in a text editor, as default action for a file with .reg extension is to merge it back into Registry.

- Before you edit registry file, make a backup copy.

Right-click on file and select "Open with..." in popup menu, or drag and drop file to Notepad or Wordpad. Then use capabilities of text editor to search and edit exported registry branch.

After you have completed editing file, you can import it back into Registry by selecting "Import Registry File" in Registry Editor program's "Registry" menu, or by double-clicking on file name.

The Registry is normally modified through Administrative or Control Panel utilities, but by using method described in this article it is possible to safely edit Registry directly.

---------------------------------------------------------- Resource Box: Copyright(C) 2004 Bucaro TecHelp. To learn how to maintain your computer and use it more effectively to design a Web site and make money on Web visit bucarotechelp.com To subscribe to Bucaro TecHelp Newsletter visit http://bucarotechelp.com/search/000800.asp ----------------------------------------------------------

Restart your PC in DOS mode (NT/Win2k users should boot from cd-rom or setup disks) Use FDISK command to delete all partitions on disk (NT/2k users should follow appropriate prompts in setup program) Power cycle your PC with setup disk in floppy drive or CD-Rom drive as appropriate (switch off, wait 10 seconds, switch on). This applies to all versions of windows including NT and win2k (power cycle after removing partitions, don't worry about still being in setup utility) and ensures that any memory-resident or boot sector virus is removed. Reload your operating system & required drivers from original disks. At this point you'll have a working system with no software installed other than operating system & drivers. Assuming you used only original media, system will be free of any Trojan horse or virus but may not be secure.

Step 4 : Secure your system and load additional software. You now need to obtain and apply latest security patches for your operating system. Ideally you should download these from their source using another machine and apply them from disk. If that is not possible, connect your rebuilt system to internet for minimum period possible to obtain patches you need. Apply them at once. You should be aware that this opens your system to potential compromise while you are downloading patches so keep connection as short as possible. Windows 98,ME and 2000 users can use 'Windows Update' function to automatically update their systems.

Once your system is updated, you can begin installing additional software. Be sure only to use software you know has not been tampered with, ideally from original distribution media. If necessary, download a fresh copy from source and use that. Install software in a logical order, beginning with security-related products (anti-virus, firewall etc.).

Step 5 : Finishing off Once you've installed and configured all your software you are ready to begin restoring data from backups. Before doing so, you may wish to make an image copy of your system using a utility such as Norton's ghost. This will allow you to quickly restore machine to a known clean state in event of future compromise. If you do this, store image on non-volatile media such as CD-Rom. You may also wish to take a 'fingerprint' of files installed on your machine to enable comparison in future. See 'Attack Mitigation' for details on this.

When you eventually restore data, do so gradually especially if you copied files from an infected machine. Virus scan each one first and discard any with unexpected macros.

That's it, your machine is now rebuilt and ready to reconnect to network and internet. It's been a lot of work but you now know for sure that your machine is virus-free and reasonably secure against attack in future.

Attack Mitigation

There are a number of steps you can take to limit damage done by a system compromise. Not all apply to all systems and some require additional software but they can make you life considerably easier if you are unfortunate enough to be hacked.

File Signatures Keeping a database of file signatures can help you pinpoint any files which change unexpectedly. This is often one of first signs of a security breach. You can get free file signature checkers from a number of sources, we suggest WinTerrogate (all versions of windows, basic but effective) from http://winfingerprint.sourceforge.net or LANGuard File Integrity Checker (NT/2000 only, more advanced) from http://www.gfi.com/languard

Image Files Taking an image of your disk regularly can dramatically reduce amount of work involved in recovering from a security breach. The best known tool for doing this is Norton's GHOST although there are other options. You should keep two or three images files on non-volatile media and update them regularly.

Keep data on a separate partition. Keeping your data on a separate partition (ideally on a separate disk) will reduce amount of work needing done if you have to rebuild system. It also makes backing up much easier and can improve overall system performance.

www.str8junk.com