RE: Messed up editing registry, need previous values
- From: peg2009 <peg2009@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 23 Jun 2009 06:49:01 -0700
Thanks very much for this. My question is whether I caused a more widespread
problem with the backup and import methods I used, such that it's not going
to be enough to fix this section of the registry. Also, do these settings
correspond to a certain level of internet security settings? The PC had a
custom level of IE security settings. Sorry if these are dumb questions.
Thanks again.
"nass" wrote:
.
"peg2009" wrote:
I'm running WinXP Pro, SP2. I messed up while trying to remove a trojan with
instructions in an article from Symantec. Article said to remove changes in a
list of registry keys, if required. Some of the keys in my registry had the
same value as on the list in Symantec's article, some did not. I started
changing the ones that differed from the values in the Symantec article. Then
I realized the article must be showing the "bad" values that might have been
assigned by the trojan. So I was changing to the wrong values.
I had made a backup of the registry before doing any editing, but when I
tried to import it, I got the message that it could not be imported because
some keys were in use. ("All data was not written.")
I had changed maybe 8 keys, all in
HK_Local_Machine\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\
I went back after trying to import the registry backup file and checked
these keys against the values in the Symantec article. Some do appear to have
gone back to a previous value, but I can't be sure now if all of them are
changed back. Also, most of them had the same value as the potentially "bad"
value in the Symantec writeup. In short, now I don't know what would be the
right values for any of these registry keys.
Of course, the first thing I did was to disable System Restore per the
Symantec instructions, so I can't go to a restore point.
My questions:
1. What did the original error message I got when importing the backup
registry file mean? That the backup wasn't good, or that it just couldn't be
restored because programs were running?
2. Would other parts of the registry have been affected/corrupted by my
attempting to import a file unsuccessfully?
3. Is there any other way to correct these keys such as through Internet
Settings?
4. Is there anything else I can do? Is there a way to diagnose what other
problems I might have caused?
The method I used to create a registry backup was to run a tool on
Symantec's site, linked in their writeup.
I really appreciate any help.
Hi,
Please Open a Notepad and copy and paste the following into it, then save as
Zones.reg on your Desktop.
Right click on the Zones.reg and select Merge from the list to merge to your
registry.
====/* copy code below this line*/=====
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones]
@=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0]
"1206"=dword:00000000
"1806"=dword:00000000
@=""
"DisplayName"="Computer"
"Description"="Your computer"
"Icon"="explorer.exe#0100"
"CurrentLevel"=dword:00000000
"Flags"=dword:00000021
"1001"=dword:00000000
"1004"=dword:00000000
"1200"=dword:00000000
"1201"=dword:00000001
"1400"=dword:00000000
"1402"=dword:00000000
"1405"=dword:00000000
"1406"=dword:00000000
"1407"=dword:00000000
"1601"=dword:00000000
"1604"=dword:00000000
"1605"=dword:00000000
"1606"=dword:00000000
"1607"=dword:00000000
"1608"=dword:00000000
"1609"=dword:00000001
"1800"=dword:00000000
"1802"=dword:00000000
"1803"=dword:00000000
"1804"=dword:00000000
"1805"=dword:00000000
"1A00"=dword:00000000
"1A02"=dword:00000000
"1A03"=dword:00000000
"1A04"=dword:00000000
"1A05"=dword:00000000
"1A06"=dword:00000000
"1A10"=dword:00000000
"1C00"=dword:00020000
"1E05"=dword:00030000
"1207"=dword:00000000
"1807"=dword:00000000
"1808"=dword:00000000
"2000"=dword:00000000
"2100"=dword:00000000
"2101"=dword:00000003
"2102"=dword:00000000
"2200"=dword:00000000
"2201"=dword:00000000
"2300"=dword:00000001
"1809"=dword:00000003
"1208"=dword:00000000
"1209"=dword:00000000
"120A"=dword:00000000
"1408"=dword:00000000
"160A"=dword:00000000
"180A"=dword:00000000
"180C"=dword:00000000
"180D"=dword:00000000
"2103"=dword:00000000
"2104"=dword:00000000
"2105"=dword:00000000
"2301"=dword:00000003
"2400"=dword:00000000
"2401"=dword:00000000
"2402"=dword:00000000
"2500"=dword:00000003
"2600"=dword:00000000
"LowIcon"="inetcpl.cpl#005422"
"PMDisplayName"="Computer [Protected Mode]"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1]
"1206"=dword:00000000
"1806"=dword:00000000
@=""
"DisplayName"="Local intranet"
"Description"="This zone is for all websites that are found on your intranet."
"Icon"="shell32.dll#0018"
"CurrentLevel"=dword:00010500
"MinLevel"=dword:00010000
"RecommendedLevel"=dword:00010500
"Flags"=dword:00000143
"1001"=dword:00000001
"1004"=dword:00000003
"1200"=dword:00000000
"1201"=dword:00000003
"1400"=dword:00000000
"1402"=dword:00000000
"1405"=dword:00000000
"1406"=dword:00000001
"1407"=dword:00000000
"1601"=dword:00000000
"1604"=dword:00000000
"1605"=dword:00000000
"1606"=dword:00000000
"1607"=dword:00000000
"1608"=dword:00000000
"1609"=dword:00000001
"1800"=dword:00000001
"1802"=dword:00000000
"1803"=dword:00000000
"1804"=dword:00000001
"1805"=dword:00000000
"1A00"=dword:00020000
"1A02"=dword:00000000
"1A03"=dword:00000000
"1A04"=dword:00000000
"1A05"=dword:00000000
"1A06"=dword:00000000
"1A10"=dword:00000000
"1C00"=dword:00020000
"1E05"=dword:00020000
"1207"=dword:00000000
"1807"=dword:00000000
"1808"=dword:00000000
"2000"=dword:00000000
"2100"=dword:00000000
"2101"=dword:00000000
"2102"=dword:00000000
"2200"=dword:00000000
"2201"=dword:00000000
"2300"=dword:00000001
"1809"=dword:00000003
"1208"=dword:00000000
"1209"=dword:00000000
"120A"=dword:00000003
"1408"=dword:00000000
"160A"=dword:00000000
"180A"=dword:00000000
"180C"=dword:00000003
"180D"=dword:00000000
"2103"=dword:00000000
"2104"=dword:00000000
"2105"=dword:00000000
"2301"=dword:00000003
"2400"=dword:00000000
"2401"=dword:00000000
"2402"=dword:00000000
"2500"=dword:00000000
"2600"=dword:00000000
"LowIcon"="inetcpl.cpl#005423"
"PMDisplayName"="Local intranet [Protected Mode]"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2]
"1206"=dword:00000003
"1806"=dword:00000001
@=""
"DisplayName"="Trusted sites"
"Description"="This zone contains web sites that you trust not to damage
your computer or your files"
"Icon"="inetcpl.cpl#00004480"
"CurrentLevel"=dword:00011000
"MinLevel"=dword:00010000
"RecommendedLevel"=dword:00011000
"Flags"=dword:00000047
"1001"=dword:00000001
"1004"=dword:00000003
"1200"=dword:00000000
"1201"=dword:00000003
"1400"=dword:00000000
"1402"=dword:00000000
"1405"=dword:00000000
"1406"=dword:00000003
"1407"=dword:00000001
"1601"=dword:00000000
"1604"=dword:00000000
"1605"=dword:00000000
"1606"=dword:00000000
"1607"=dword:00000003
"1608"=dword:00000000
"1609"=dword:00000001
"1800"=dword:00000001
"1802"=dword:00000000
"1803"=dword:00000000
"1804"=dword:00000001
"1805"=dword:00000001
"1A00"=dword:00020000
"1A02"=dword:00000000
"1A03"=dword:00000000
"1A04"=dword:00000003
"1A05"=dword:00000001
"1A06"=dword:00000000
"1A10"=dword:00000001
"1C00"=dword:00010000
"1E05"=dword:00020000
"1207"=dword:00000000
"1807"=dword:00000001
"1808"=dword:00000000
"2000"=dword:00000000
"2100"=dword:00000000
"2101"=dword:00000000
"2102"=dword:00000003
"2200"=dword:00000003
"2201"=dword:00000003
"2300"=dword:00000001
"1809"=dword:00000000
"1208"=dword:00000000
"1209"=dword:00000003
"120A"=dword:00000003
"1408"=dword:00000000
"160A"=dword:00000000
"180A"=dword:00000003
"180C"=dword:00000003
"180D"=dword:00000000
"2103"=dword:00000000
"2104"=dword:00000000
"2105"=dword:00000000
"2301"=dword:00000000
"2400"=dword:00000000
"2401"=dword:00000000
"2402"=dword:00000000
"2500"=dword:00000003
"2600"=dword:00000000
"LowIcon"="inetcpl.cpl#005424"
"PMDisplayName"="Trusted sites [Protected Mode]"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3]
"1206"=dword:00000003
"1806"=dword:00000001
@=""
"DisplayName"="Internet"
"Description"="This zone is for Internet websites, except those listed in
trusted and restricted zones."
"Icon"="inetcpl.cpl#001313"
"CurrentLevel"=dword:00011500
"MinLevel"=dword:00011000
"RecommendedLevel"=dword:00011500
"Flags"=dword:00000001
"1001"=dword:00000001
"1004"=dword:00000003
"1200"=dword:00000000
"1201"=dword:00000003
"1400"=dword:00000000
"1402"=dword:00000000
"1405"=dword:00000000
"1406"=dword:00000003
"1407"=dword:00000001
"1601"=dword:00000000
"1604"=dword:00000000
- Follow-Ups:
- References:
- Messed up editing registry, need previous values
- From: peg2009
- RE: Messed up editing registry, need previous values
- From: nass
- Messed up editing registry, need previous values
- Prev by Date: Re: Messed up editing registry, need previous values
- Next by Date: Re: How to reset default programme to open file
- Previous by thread: RE: Messed up editing registry, need previous values
- Next by thread: RE: Messed up editing registry, need previous values
- Index(es):
Relevant Pages
|
