The development team come with this intro : Linux distribution that can scan for malware and clean infected files. It runs from a CD/DVD or a USB device, independently of the host operating system, but has direct access to the disk and file system. This makes it possible to remove threats that under normal operating… Read More »
After install go programming language from here, you will need to deal with the go command. I’m not very good with golang , but I found some interesting issues for those who want to use go command with golang. About go command can you read here and the go help output come with this help:… Read More »
The development team tell us: What it fixes: Corrupted registry keys on 64-bit operating systems Corrupted registry keys that control the update data Problems that prevent new programs from being installed Problems that prevent existing programs from being completely uninstalled or updated Problems that block you from uninstalling a program through Add or Remove Programs… Read More »
This is my first tutorial in a long series about Go and Android programming. In the limit of my free time I will try to show you how to do simple applications with the Go programming language (or known as Golang). You need to install the Go programming language using MSI installer from here. I… Read More »
This old command REG QUERY help us to search the windows registry and use the output to see the integrity and check malware infection. This is operation of the default REG command that performs operations on registry. The help command show us:
reg query /?
REG QUERY KeyName [/v [ValueName] | /ve] [/s]
[/f Data [/k] [/d] [/c] [/e]] [/t Type] [/z] [/se Separator]
[/reg:32 | /reg:64]
Machine - Name of remote machine, omitting defaults to the
current machine. Only HKLM and HKU are available on
FullKey - in the form of ROOTKEY\SubKey name
ROOTKEY - [ HKLM | HKCU | HKCR | HKU | HKCC ]
SubKey - The full name of a registry key under the
/v Queries for a specific registry key values.
If omitted, all values for the key are queried.
Argument to this switch can be optional only when specified
along with /f switch. This specifies to search in valuenames only.
/ve Queries for the default value or empty value name (Default).
/s Queries all subkeys and values recursively (like dir /s).
/se Specifies the separator (length of 1 character only) in
data string for REG_MULTI_SZ. Defaults to "\0" as the separator.
/f Specifies the data or pattern to search for.
Use double quotes if a string contains spaces. Default is "*".
/k Specifies to search in key names only.
/d Specifies the search in data only.
/c Specifies that the search is case sensitive.
The default search is case insensitive.
/e Specifies to return only exact matches.
By default all the matches are returned.
/t Specifies registry value data type.
Valid types are:
REG_SZ, REG_MULTI_SZ, REG_EXPAND_SZ,
REG_DWORD, REG_QWORD, REG_BINARY, REG_NONE
Defaults to all types.
/z Verbose: Shows the numeric equivalent for the type of the valuename.
/reg:32 Specifies the key should be accessed using the 32-bit registry view.
/reg:64 Specifies the key should be accessed using the 64-bit registry view.
REG QUERY HKLM\Software\Microsoft\ResKit /v Version
Displays the value of the registry value Version
REG QUERY \\ABC\HKLM\Software\Microsoft\ResKit\Nt\Setup /s
Displays all subkeys and values under the registry key Setup
on remote machine ABC
REG QUERY HKLM\Software\Microsoft\ResKit\Nt\Setup /se #
Displays all the subkeys and values with "#" as the seperator
for all valuenames whose type is REG_MULTI_SZ.
REG QUERY HKLM /f SYSTEM /t REG_SZ /c /e
Displays Key, Value and Data with case sensitive and exact
occurrences of "SYSTEM" under HKLM root for the data type REG_SZ
REG QUERY HKCU /f 0F /d /t REG_BINARY
Displays Key, Value and Data for the occurrences of "0F" in data
under HKCU root for the data type REG_BINARY
REG QUERY HKLM\SOFTWARE /ve
Displays Value and Data for the empty value (Default)
First you need to know the registry vales are into registry database:… Read More »