The Avenger
Command Reference
Registry values to replace with dummy:
The "Registry values to replace with dummy:" command directive replaces the registry values listed with "dummy" values (null strings for string values and zeroes for numeric values) and backs up the originals.
How do I use it?
The registry value name should be separated from the parent key name by a pipe | symbol.
Just as with all other registry commands, The Avenger can only replace values under the HKEY_LOCAL_MACHINE hive, because the other hives are not constructed at the point in the boot process when The Avenger executes. To access other hives, use "Programs to launch on reboot:" as a workaround.
When do I use it?
When there are registry values under a subkey of HKEY_LOCAL_MACHINE that you want to clear, but not delete outright. Usually this is because malware has co-opted legitimate values that Windows accesses at boot, and outright deletion will cause a crash or an error in the boot process.
In general "Registry values to replace with dummy:" tends to be more useful than "Registry keys to replace with dummy:".
Anything else I should know?
Please see the caveats for "Registry keys to delete:" or any of the other registry commands.
Any special notes on syntax?
Valid registry key paths must begin with either HKEY_LOCAL_MACHINE\ or HKLM\ for short. Either prefix is accepted. No other hives are recognized by The Avenger.
Note that this is a change from Version 1.0!
Example Usage
Registry values to replace with dummy:
HKEY_LOCAL_MACHINE\Software\SomeKey | BadValue
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon | System
HKLM\System\CurrentControlSet\Control\Session Manager | BadValue