The Avenger
Command Reference
Registry values to delete:
The "Registry values to delete:" command directive deletes and backs up the registry values listed.
How do I use it?
The registry value name should be separated from the parent key name by a pipe | symbol.
Just as with "Registry keys to delete:", The Avenger can only delete values under the HKEY_LOCAL_MACHINE hive, because the other hives are not constructed at the point in the boot process when The Avenger executes. To access other hives, use "Programs to launch on reboot:" as a workaround.
When do I use it?
When there are malicious registry values under a subkey of HKEY_LOCAL_MACHINE that you want to delete.
Anything else I should know?
Please see the caveats for "Registry keys to delete:".
Any special notes on syntax?
Valid registry key paths must begin with either HKEY_LOCAL_MACHINE\ or HKLM\ for short. Either prefix is accepted. No other hives are recognized by The Avenger.
Note that this is a change from Version 1.0!
Example Usage
Registry values to delete:
HKEY_LOCAL_MACHINE\Software\SomeKey | BadValue
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | BadRunValue
HKLM\System\CurrentControlSet\Control\Session Manager | BadValue