Reverse Spyware Attack by Reverting Registry?

Dennis Faas's picture

Infopackets Reader Bill S. writes:

" Dear Dennis,

I just finished reading your article on how important it is to maintain a clean System Registry in order to achieve optimal PC performance.

I have a question for you: I have two computers (one with Windows XP and the other with Windows 98); the Windows XP computer has a feature called "system restore" which automatically reverts my System Registry to a previously working state [in case I get attacked with Spyware, for example] ... however, my Windows 98 PC doesn't have the system restore feature. My question is: how can I backup my System Registry, in case I need to revert it some time later? "

My response:

The answer to this question is two-tiered.

First, let me say: I agree that reverting your Registry due to a severe Spyware attack may be the only chance you have in recovering your system -- but only under dire circumstances (I.E.: no other means of restoring your system is available).

Having said that, it is possible to Export (backup) your Registry by clicking start -> run "regedit" (no quotes); once the Registry Editor window appears, click file -> export; ensure that "all" has been clicked and enter the file name of your registry backup (regbackup_20050301.reg, for example).

The caveat, however is that reverting your registry may inadvertently put your computer into a state of DLL Hell, and is therefore not recommended.

Reminder: What is DLL Hell?

DLL Hell typically occurs when an install program haphazardly overwrites a shared system file, and can leave your computer in a severely demented state.

For a theoretical example:

Let's say you've got Windows Solitaire (the card game) installed on your system -- heck, almost every computer with MS Windows has Solitaire!

Let's also say that the program Solitaire utilizes a special system file, called "MSVB.DLL (revision 3)" -- and that same system file (MSVB.DLL) also happens to be shared by other programs on the system.

OK. Let's also say that you decided to download and install a new program called 'Visual Room' -- a cutting edge freeware 3D room design program. But, without you knowing it, the Visual Room install program has haphazardly overwritten MSVB.DLL (revision 3) with a newer version, "MSVB.DLL (revision 5)!"

The problem, however -- unbenounced to you -- is that MSVB.DLL revision 5 has been drastically redesigned and is therefore no longer compatible with any program that utilizes MSVB.DLL revision 3 -- including Windows Solitaire.

Get the picture?

All of this can cause a major conflict in the Operating System (I.E.: Windows), which may result in crashes, freeze-ups, strange error messages (like the one above) -- and even the dreaded Blue Screens of Death. Since DLL version / revision information is stored in the Windows Registry, DLL Hell can also occur if you revert your system Registry back to a previous state *without* reverting your DLLs at the same time (a next-to-impossible task).

Avoiding DLL Hell

Since most of us aren't reverting our Registry to a previous state, the latter explanation is an unlikely scenario (but still plausible). The theoretical example I illustrated, however, is something that happens all the time -- often without us knowing about it.

The program that Bill S. is referring to is Registry Mechanic, and is designed to eliminate DLL Hell. When writing the review on Registry Mechanic v4.0, I chose not to go into great detail in defining DLL Hell -- mostly because I knew it would take a lot of explaining to do, but also because resolving DLL Hell is just one aspect of Registry Mechanic's *many* deep-cleaning and system optimizing functions.

Having said that: if you missed last week's stellar review of RM v4.0, you can read all about it online our web site (an excellent and informative read!):

Registry Mechanic 4 Review

Rate this article: 
No votes yet