Removing Spyware

Spyware is malicious software that installs itself automatically without your consent and monitors your actions, either to learn what you do for example, to find out which websites you visit and send lists of them back to base or to try to glean sensitive information such as passwords or credit card numbers. You can remove much spyware by using tools such as Spybot Search&Destroy, but you may have to remove determined pieces of spyware manually. Many pieces of spyware install themselves in the HKEY_LOCAL_MACHINESOFTWAREMicrosoft WindowsCurrentVersionRun key, so this is a good place to look for spyware. After deleting the entries and using Windows Explorer to delete any matching executable files that are the actual spyware, you’ll need to restart Windows - and then check that the spyware hasn’t managed to reinstall the Registry entry by using another trick. If it has, search for instructions online on how to remove the spyware.

Changing Your Windows Name and Organization

If you misspelled your name or your organization’s name during setup, or if you’ve bought a computer loaded with Windows from someone else, you may need to change the name or organization that appears on the General page of the System Properties dialog box. There’s no way to make this change through the Windows user interface, but by navigating to the HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsNTCurrentVersion key and changing the RegisteredOwner and RegisteredOrganization value entries, you can fix the problem in a minute or two.

Changing Your Program Files Folder

If you want to prevent a Windows installation routine from installing a program to your Program Filesfolder for example, because you’re running out of space on the drive that contains the folder, change the location of your Program Files folder by navigating to the HKEY_ LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionsubkey and changing the ProgramFilesDir value entry to the appropriate drive and folder. Restart your computer to make the change take effect, and then run the installation routine to install the program there. Change the ProgramFilesDir value entry back again to its normal value if you want to install future programs in the Program Files folder.

Change the Name for a Removable Drive

When you insert a media item such as a CD, DVD, or CompactFlash card in a removable drive, Windows displays the item’s name. But when there’s no media item in a removable drive, Windows displays the drive’s default name. If you have many removable drives attached to your computer, telling one from the other can be hard when they’re empty. To change the default name for a removable drive, navigate to the HKEY_LOCAL_MACHINE SOFTWAREMicrosoftWindowsCurrentVersionExplorer key and create a new key named DriveIcons within it. Within the DriveIcons key, create a new key with the drive’s name - for example, E. Within this new key, create a new key named DefaultLabel. Double-click the Default value entry, type the name you want Explorer to display for the drive when it’s empty, and press Enter. You may need to restart Windows to make Explorer notice the change.

Clearing the Paging File at Shutdown

If you’re concerned about your system’s security - well, you ought really to be using Windows Professional rather than Windows Home. But here’s a technique that you can use with both OSes to clear the paging file when you shut down Windows. Article 15 discusses the paging file in detail; but briefly, it’s a huge file on your hard disk that Windows uses to store information temporarily so as to spare physical memory RAM. So the paging file can contain sensitive information that a malicious hacker or a federal agency could recover. To clear the paging file when you shut down Windows, navigate to the HKEY_LOCAL_MACHINE SYSTEMCurrentControlSetControlSessionManagerMemoryManagementkey and change the value of the value entry ClearPageFileAtShutdown to 1. Then restart your computer.

For Testing Only: Crashing Your Computer on Cue

Most people want their computer to crash seldom or preferably never. But if you want to test what happens when it crashes for example, to see how memory dumping works, you’ll be relieved to know that you don’t have to wait for Windows to crash: Windows includes a built-in way of crashing itself. You just have to add the right Registry entry, set the appropriate value, and then press a couple of keys.

Here’s what to do:

1. Back up your Registry. Yes, really back it up this time.

2. Open Registry Editor for example, choose Start Run, enter regedit, and press the Enter key.

3. Navigate to the HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesi8042prt Parameters key.

4. Right-click in the right pane and choose New DWORD Value from the context menu. Registry Editor creates a new value called New Value #1 and displays an edit box around the new value’s name.

5. Enter the name CrashOnCtrlScroll and press the Enter key.

6. Double-click the CrashOnCtrlScroll value. Registry Editor displays the Edit DWORD Value dialog box.

7. Enter 1 in the Value Data text box. In the Base group box, leave the Hexadecimal option button selected.

8. Click the OK button. Registry Editor closes the Edit DWORD Value dialog box.

9. Close Registry Editor.

10. Restart your computer and log back on.

11. Hold down the Ctrl key on the right side of the keyboard and press the Scroll Lock key twice. Windows goes down as if sandbagged, and any memory dumping you’ve set occurs.

Using Registry Favorites to Quickly Access Keys

If you find yourself using the Registry a lot, there’s another feature you should know about: Registry favorites. To access the keys you need to work with frequently, you can create favorites in Registry Editor much as you can in Explorer and Internet

Explorer. To create a favorite, follow these steps:

1. Select the key to which you want the favorite to refer.

2. Choose Favorites Add to Favorites. Registry Editor displays the Add to Favorites dialog box shown here.

3. In the Favorite Name text box, enter the name for the favorite. By default, Registry Editor suggests the key name, but you may well want to change this to more descriptive text.

4. Click the OK button. Registry Editor adds the favorite to your Favorites menu. To access a favorite, display the Favorites menu and choose the favorite from the list, as shown here.

To remove a favorite from the Favorites menu, choose Favorites Remove Favorite. Windows displays the Remove Favorites dialog box, shown here. Choose the favorite in the Select Favorite list box or select multiple favorites if you want to delete them, and then click the OK button.

Understand what the Registry is, what it’s for, and why you may need to work with it The Registry is a hierarchical database of all the settings for all the hardware, software, and users on your computer. Normally, you change the Registry only by working through the Windows user interface - for example, by making a change in Control Panel, or by installing hardware or software. But sometimes you may need to edit the Registry directly to solve a problem or implement a tweak.

Back up your Registry and learn how to restore it Before you edit the Registry, you should back it up in case your changes cause trouble. Launch Registry Editor by pressing Windows Key+R, typing regedit, and pressing Enter. Back up the Registry by clicking the Computer item, choosing File Export, and specifying the filename and folder. Restore the Registry by choosing File Import, selecting the backup file, and clicking the Open button. To repair severe damage, you may need to restart or start your computer, press F8, and select Last Known Good Configuration from the Windows Advanced Options menu.

Navigate the Registry and create, edit, and delete keys and value entries To navigate the Registry, expand the subtree and the keys it contains just as you would the folder listing in an Explorer window. You can also choose Edit Find and use the Find dialog box to find a key or data. To create a key, right-click the key that will contain the new key, choose New Key from the shortcut menu, type the name, and then press Enter. To create a new value entry, right-click the key that will contain it, choose New from the shortcut menu, and then choose the data type from the submenu. Type the name for the value entry, and then press Enter to apply the name. Double-click the value entry to open a dialog box for setting its value. To delete a key or value entry, right-click it and choose Delete from the shortcut menu.

Understand the Registry data types and what they contain Most of the Registry data consists of five data types: String text data, Binary binary values, DWORD double-word values, MultiStrings multiple pieces of text, and Expandable String text whose length can expand.

Make changes to the Registry Books, magazines, and above all websites will shower you with advice on changes you can make to the Registry. Evaluate any change carefully before you make it, because it might destabilize Windows, and always keep a recent backup of your Registry for recovery. You may need to restart Windows to make some changes take effect.

Use Registry favorites to store and access the keys you need most Registry favorites help you navigate quickly to keys you need to change. Choose Favorites Add to Favorites to add the current key to the list at the bottom of the Favorites menu. To go to a favorite, open the Favorites menu and select the favorite from the list. To delete a favorite, choose Favorites Remove Favorites, and then work in the Remove Favorites dialog box.