Understanding the Windows Registry and Computer Viruses
1. What is the Windows Registry?
The Windows Registry is a database that stores configuration settings for Windows and other programs. It contains information about hardware devices, user preferences, and software settings. From Windows, which stores information about your devices (sound cards, video cards, etc.) to programs such as WinZip, which stores the names of recently opened files, the registry is essential for system functionality.
2. Registry Utilities and Keys
- HKEY_CLASSES_ROOT (HKCR): Contains file extension associations, allowing Windows to open files with the correct programs. It also stores Component Object Model (COM) information.
- HKEY_CURRENT_USER (HKCU): Stores configuration settings for the currently logged-in user, such as Control Panel settings, desktop colors, wallpaper, and screensavers.
- HKEY_LOCAL_MACHINE (HKLM): Contains configuration information for all users on the computer.
- HKEY_USERS (HKU): Stores information for all actively loaded user profiles on the computer.
- HKEY_CURRENT_CONFIG: Stores information for computer hardware profiles.
3. Customizing OEM Information
You can customize the OEM information displayed in System Properties. Create a file named “oeminfo.ini” in the “C:\Windows\System” folder with the following content, replacing “Your Company Name” and “Your Model Name” with your desired text:[General]
Manufacturer="Your Company Name"
Model="Your Model Name"
[Support Information]
Line1="Your Support Website URL"
You can add more lines as needed (e.g., Line2="Additional Information").
Create an image file named “oemlogo.bmp” (120 pixels high and 160 pixels wide) and save it in the “C:\Windows\System” folder. This image will be displayed alongside your OEM information in System Properties.
4. Computer Viruses
A computer virus is a program that self-replicates and alters the normal functioning of a computer without the user’s permission or knowledge. While the term “malware” is often used interchangeably with “virus,” viruses specifically replicate and execute themselves. They typically replace executable files with their own infected code. Viruses can destroy data, but some are merely annoying.
Viruses spread by replication, and some also have a payload that can range from a simple prank to serious system damage or network disruption.
5. Virus Types and Actions
- Companion Viruses: These viruses exploit MS-DOS’s behavior of running COM files before EXE files. They create a COM file with the same name as an EXE file, ensuring the virus runs first.
- File Viruses: These viruses infect executable files (EXE, DRV, DLL, BIN, OVL, SYS, and even BAT). They attach themselves to the beginning or end of the file and activate when the file is executed. They can be further classified into:
- Direct Action Viruses: These viruses do not stay resident in memory and replicate only when the infected file is executed.
- Overwriting Viruses: These viruses corrupt the infected file by overwriting its contents.
- Worms: Worms register themselves to run when the operating system starts, consuming memory and slowing down the computer. They spread through email and other networks.
- Trojans: Trojans disguise themselves as legitimate programs (screensavers, games, music) to trick users into installing them. They can then download other malware or provide attackers with access to the infected system.
- Joke Viruses (Hoaxes): These are not true viruses but programs designed for amusement, though they can be annoying.
- Virus Hoaxes (False Viruses): These are messages containing false information about viruses, often spread through email to create confusion or manipulate users.
- Macro Viruses: These viruses infect files and templates containing macros (sequences of keyboard and mouse commands). They activate when the infected file is opened or used.