Difference between revisions of "RegyKey"
(→Usage: added var types) |
m (info about HKCU) |
||
(3 intermediate revisions by the same user not shown) | |||
Line 2: | Line 2: | ||
|SYNTAX = RegyKey | |SYNTAX = RegyKey | ||
|PENAME = SpybotSD.exe | |PENAME = SpybotSD.exe | ||
− | |PEVERSION = 0.95 or later | + | |PEVERSION = 0.95 or later<br />1.5.3 for adv. file |
|GROUP = Registry | |GROUP = Registry | ||
|MINUPDATE = n/a | |MINUPDATE = n/a | ||
− | |ADVFILEPARAMS = | + | |ADVFILEPARAMS = yes (sixth) |
|ADVREGPARAMS = yes (fifth) | |ADVREGPARAMS = yes (fifth) | ||
|ADVBUILDPARAMS = yes (fifth) | |ADVBUILDPARAMS = yes (fifth) | ||
Line 12: | Line 12: | ||
==Usage== | ==Usage== | ||
− | RegyKey:<description(string)>,<rootkey(enum)>,<keypath(string)>,<key(string)>[,advanced registry parameters] | + | RegyKey:<description(string)>,<rootkey(enum)>,<keypath(string)>,<key(string)>[[,advanced registry parameters][,advanced file parameters]] |
+ | |||
+ | To flag any things located in HKEY_USERS, just add one rule with HKEY_CURRENT_USER as the root key. During a scan, rules for HKEY_CURRENT_USER will be applied to all detected users, not just the ''current'' one. | ||
===Examples=== | ===Examples=== | ||
Line 24: | Line 26: | ||
# The path to the value, starting with a backslash. This may not include the actual subkey you want to remove. {{PathTemplates}} | # The path to the value, starting with a backslash. This may not include the actual subkey you want to remove. {{PathTemplates}} | ||
# The name of the key to detect. You may use a [[AlgoPrefix|Algo-Prefix]] here. {{AlgoPrefix}} {{PathTemplates}} | # The name of the key to detect. You may use a [[AlgoPrefix|Algo-Prefix]] here. {{AlgoPrefix}} {{PathTemplates}} | ||
− | # To refine detection, you can use [[Advanced registry parameters|advanced registry parameters]] to check the actual data of the value. You may use [[AlgoPrefix|Algo-Prefixes]] here. {{AlgoPrefix}} {{PathTemplates}} | + | # To refine detection, you can use [[Advanced registry parameters|advanced registry parameters]] to check the actual data of the value, as well as [[Advanced build parameters|advanced build parameters]]. You may use [[AlgoPrefix|Algo-Prefixes]] here. {{AlgoPrefix}} {{PathTemplates}} |
+ | # Starting with 1.5.3, [[Advanced file parameters|advanced file parameters]] for [[:Category:Advanced_file_parameters_for_Flow_Control|Flow Control]] can be specified. {{PathTemplates}} | ||
===Scan Results=== | ===Scan Results=== | ||
Line 30: | Line 33: | ||
==See also== | ==See also== | ||
+ | * [[Advanced file parameters]] | ||
+ | * [[Advanced build parameters]] | ||
* [[Advanced registry parameters]] | * [[Advanced registry parameters]] | ||
* [[AlgoPrefix]] | * [[AlgoPrefix]] |
Latest revision as of 14:05, 29 May 2008
RegyKey | |
Group | Registry |
Main Application | Version 0.95 or later 1.5.3 for adv. file |
Required Update | n/a |
File Parameters | yes (sixth) |
Registry Parameters | yes (fifth) |
Build Parameters | yes (fifth) |
Special Parameters | no |
Searches for the defined registry key and adds it to the results list, if found.
Usage
RegyKey:<description(string)>,<rootkey(enum)>,<keypath(string)>,<key(string)>[[,advanced registry parameters][,advanced file parameters]]
To flag any things located in HKEY_USERS, just add one rule with HKEY_CURRENT_USER as the root key. During a scan, rules for HKEY_CURRENT_USER will be applied to all detected users, not just the current one.
Examples
RegyKey:"User settings",HKEY_CURRENT_USER,\SOFTWARE\,"Spyware"
Description
Detects a registry key and flags it for removal.
- First, a description. Using a description template instead of plain text is recommended so that the user will receive a localized version.
- The root key, where HKEY_CURRENT_USER stands for all users actually.
- The path to the value, starting with a backslash. This may not include the actual subkey you want to remove. PT
- The name of the key to detect. You may use a Algo-Prefix here. AP PT
- To refine detection, you can use advanced registry parameters to check the actual data of the value, as well as advanced build parameters. You may use Algo-Prefixes here. AP PT
- Starting with 1.5.3, advanced file parameters for Flow Control can be specified. PT
Scan Results
- The identified registry key(s).
See also
- Advanced file parameters
- Advanced build parameters
- Advanced registry parameters
- AlgoPrefix
- Description templates