Difference between revisions of "RegyKey"
m (info about HKCU) |
|||
(9 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
− | Searches for the defined registry key and adds it to the results list, if found. | + | {{SbiCmdInfo |
+ | |SYNTAX = RegyKey | ||
+ | |PENAME = SpybotSD.exe | ||
+ | |PEVERSION = 0.95 or later<br />1.5.3 for adv. file | ||
+ | |GROUP = Registry | ||
+ | |MINUPDATE = n/a | ||
+ | |ADVFILEPARAMS = yes (sixth) | ||
+ | |ADVREGPARAMS = yes (fifth) | ||
+ | |ADVBUILDPARAMS = yes (fifth) | ||
+ | |ADVSPECIALPARAMS = no | ||
+ | }}Searches for the defined registry key and adds it to the results list, if found. | ||
==Usage== | ==Usage== | ||
− | RegyKey: | + | RegyKey:<description(string)>,<rootkey(enum)>,<keypath(string)>,<key(string)>[[,advanced registry parameters][,advanced file parameters]] |
+ | |||
+ | To flag any things located in HKEY_USERS, just add one rule with HKEY_CURRENT_USER as the root key. During a scan, rules for HKEY_CURRENT_USER will be applied to all detected users, not just the ''current'' one. | ||
===Examples=== | ===Examples=== | ||
Line 12: | Line 24: | ||
# First, a description. Using a [[Description templates|description template]] instead of plain text is recommended so that the user will receive a localized version. | # First, a description. Using a [[Description templates|description template]] instead of plain text is recommended so that the user will receive a localized version. | ||
# The root key, where HKEY_CURRENT_USER stands for all users actually. | # The root key, where HKEY_CURRENT_USER stands for all users actually. | ||
− | # The path to the value, starting with a backslash. This may not include the actual subkey you want to remove. | + | # The path to the value, starting with a backslash. This may not include the actual subkey you want to remove. {{PathTemplates}} |
− | # The name of the key to detect. You may use a [[AlgoPrefix|Algo-Prefix]] here. {{AlgoPrefix}} | + | # The name of the key to detect. You may use a [[AlgoPrefix|Algo-Prefix]] here. {{AlgoPrefix}} {{PathTemplates}} |
− | # To refine detection, you can use [[Advanced registry parameters|advanced registry parameters]] to check the actual data of the value. You may use [[AlgoPrefix|Algo-Prefixes]] here. {{AlgoPrefix}} | + | # To refine detection, you can use [[Advanced registry parameters|advanced registry parameters]] to check the actual data of the value, as well as [[Advanced build parameters|advanced build parameters]]. You may use [[AlgoPrefix|Algo-Prefixes]] here. {{AlgoPrefix}} {{PathTemplates}} |
+ | # Starting with 1.5.3, [[Advanced file parameters|advanced file parameters]] for [[:Category:Advanced_file_parameters_for_Flow_Control|Flow Control]] can be specified. {{PathTemplates}} | ||
+ | |||
+ | ===Scan Results=== | ||
+ | * The identified registry key(s). | ||
==See also== | ==See also== | ||
+ | * [[Advanced file parameters]] | ||
+ | * [[Advanced build parameters]] | ||
+ | * [[Advanced registry parameters]] | ||
* [[AlgoPrefix]] | * [[AlgoPrefix]] | ||
* [[Description templates]] | * [[Description templates]] | ||
− | |||
===Similar commands=== | ===Similar commands=== | ||
Line 28: | Line 46: | ||
[[Category:SBI Commands]] | [[Category:SBI Commands]] | ||
− | |||
− |
Latest revision as of 14:05, 29 May 2008
RegyKey | |
Group | Registry |
Main Application | Version 0.95 or later 1.5.3 for adv. file |
Required Update | n/a |
File Parameters | yes (sixth) |
Registry Parameters | yes (fifth) |
Build Parameters | yes (fifth) |
Special Parameters | no |
Searches for the defined registry key and adds it to the results list, if found.
Usage
RegyKey:<description(string)>,<rootkey(enum)>,<keypath(string)>,<key(string)>[[,advanced registry parameters][,advanced file parameters]]
To flag any things located in HKEY_USERS, just add one rule with HKEY_CURRENT_USER as the root key. During a scan, rules for HKEY_CURRENT_USER will be applied to all detected users, not just the current one.
Examples
RegyKey:"User settings",HKEY_CURRENT_USER,\SOFTWARE\,"Spyware"
Description
Detects a registry key and flags it for removal.
- First, a description. Using a description template instead of plain text is recommended so that the user will receive a localized version.
- The root key, where HKEY_CURRENT_USER stands for all users actually.
- The path to the value, starting with a backslash. This may not include the actual subkey you want to remove. PT
- The name of the key to detect. You may use a Algo-Prefix here. AP PT
- To refine detection, you can use advanced registry parameters to check the actual data of the value, as well as advanced build parameters. You may use Algo-Prefixes here. AP PT
- Starting with 1.5.3, advanced file parameters for Flow Control can be specified. PT
Scan Results
- The identified registry key(s).
See also
- Advanced file parameters
- Advanced build parameters
- Advanced registry parameters
- AlgoPrefix
- Description templates