Security & Anti-Malware Terminology

• **Trojan (TRJ, Trj, TROJAN, Troj, Trn)** – A type of malware disguised as legitimate software to trick users into executing it.
  
• **Virus (VIR, Virus, Vir, V)** – A self-replicating program that spreads by infecting files.
  
• **Malware (MAL, Mal, MALWARE, M)** – Any software designed to cause harm to a system.
  
• **Rootkit (RTK, Rkit, RKIT, Rtk, RK, Rk)** – Malware that hides its presence and gains deep system access.
  
• **Worm (WORM, Wm, WM)** – A self-replicating malware that spreads over networks.
  
• **Adware (ADW, Adw, AD, Ad)** – Software that displays unwanted advertisements.
  
• **Spyware (SPY, Spy, SPYWARE, SP, Sp, S)** – Malware designed to monitor user activity and steal information.
  
• **Keylogger (KLGR, Klgr, KG, Key, KSL, KL, Keylogr, KEYLOGR, Ksl)** – Malware that records keystrokes to steal credentials.
  
• **Bootkit (BOOTKIT, BTKT, Btkt, BOOT, Boot, BRTK, Brtk, BTK, Btk, RtkB)** – A type of rootkit that infects the boot sector.
  
• **Backdoor (BCKDR, BD, Bd, Back, BACK)** – Malware that allows remote access to a compromised system.
  
• **Ransomware (RNSM, Rnsm, RNSMWR, Rnsmwr, RAN)** – Encrypts user files and demands ransom for decryption.
  

• **Banker Trojan (BANKER, BANKTRJ, Bktrj, BKTRJ, BKRTRJ)** – Malware designed to steal banking credentials.
  
• **Browser Helper Object Infection (BHO, BHObject)** – Malicious browser add-ons that alter browser settings.
  
• **Master Boot Record Infection (MBR, Mbr)** – Malware that infects the **MBR** to load before the OS.
  
• **Bot Trojan (BOT, Bot, BT)** – Turns a computer into a **botnet** node for remote control.
  
• **Cookie Tracker (COOKIE, CKIE, Ckie)** – Tracks user activity for advertising or data collection.
  
• **Dialer Trojan (DIALER, Dialer, DLR)** – Hijacks modem connections to dial premium-rate numbers.
  
• **Dropper Trojan (DROPPER, Dropper, DRPR, Drpr, DP)** – Malware that installs additional infections.
  
• **EICAR Test File (EICAR, ECR, Ecr, TEST)** – A harmless file used to test antivirus detection.
  
• **Exploit Malware (EXPLOIT, EXP, Exp, EPT, Ept)** – Malware that exploits system vulnerabilities.
  
• **Hoax Malware (HOAX, Hoax, HX, Hx)** – Fake security alerts designed to scare users into installing malware.
  
• **Hijacker (HIJACK, Hij, HIJ, HJ)** – Malware that hijacks system settings (e.g., browser homepage).
  
• **Hack Tool (HACKER, Hack, HCK)** – Unauthorized tools used for hacking or exploiting security flaws.
  
• **Heuristic Detection (HEURISTIC, Heur, HEUR)** – A detection method based on behavior analysis.
  
• **IRC Trojan (IRC, Relay, RELAY)** – Malware that spies on **IRC (Internet Relay Chat)** conversations.
  
• **Macro Virus (MACRO, MCR, Mcr)** – Targets macro-based applications (e.g., Microsoft Office).
  
• **Password Stealing Trojan (PASSWORD, PSW, PS)** – Designed to steal user credentials.
  
• **Phishing Malware (PHISHING, PHISH, PHSH)** – Used to steal user data by impersonating trusted entities.
  
• **Polymorphic Virus (POLYMORPHIC, Plymrph, PLYMRPH, PLMC)** – Changes code to evade detection.
  
• **Process Killer (TASKILLER, PRCKILL, TSKILL)** – Malware that terminates security software processes.
  
• **Redirect Trojan (REDIRECT, RDT)** – Hijacks browser traffic to malicious websites.
  
• **Remote Access Trojan (REMOTE, RMT, Rmt, REM)** – Allows remote control over a compromised system.
  
• **Spamming Malware (SPAM, SPAMMER, SMTP, IMAP, SPM)** – Sends spam emails from infected machines.
  
• **Scamming Malware (SCAM, SCAMMER, SCM)** – Designed to defraud users through deception.
  
• **Rogue Malware (ROGUE, RG, Rg)** – Fake security software that extorts users.
  

• **ActiveX** – A component of **Internet Explorer** that extends browser functionality.
  
• **Administrator** – A user with system-wide access and control privileges.
  
• **Algorithm** – A structured set of instructions for problem-solving.
  
• **Alias** – An alternate name for a malware variant (e.g., **Alureon = TDL4**).
  
• **Anti-Malware** – A tool designed to detect and remove all types of malware.
  
• **Anti-Spyware** – A tool specifically for detecting **spyware infections**.
  
• **Antivirus** – A security program that detects and removes **viruses**.
  
• **Application Programming Interface (API)** – A set of routines that allow software to interact with an OS.
  
• **Armoring** – A technique used by malware to evade detection.
  
• **ASCII (American Standard Code for Information Interchange)** – A character encoding system.
  
• **Attributes** – Characteristics of files or folders (e.g., **read-only, hidden**).
  
• **BIOS (Basic Input/Output System)** – Firmware that initializes system hardware.
  
• **Botnet** – A network of **compromised computers** controlled by hackers.
  
• **Cache** – A temporary storage mechanism used to improve system performance.
  
• **Denial of Service (DoS) / Distributed DoS (DDoS)** – An attack that overwhelms a server to disrupt service.
  
• **DNS (Domain Name System)** – Translates domain names into IP addresses.
  
• **Driver** – A program that allows the OS to communicate with hardware.
  
• **Dynamic Link Library (DLL)** – A file that contains shared code modules.
  
• **Encryption / Decryption** – The process of encoding/decoding data for security.
  
• **Exceptions** – A security program’s list of **whitelisted files and programs**.
  
• **Firewall** – A security feature that monitors network traffic.
  
• **Hacker** – A person who gains unauthorized access to a computer system.
  
• **HTTP/HTTPS (Hypertext Transfer Protocol Secure)** – The protocols for **web browsing**.
  
• **Identity Theft** – The act of stealing someone's **personal or financial data**.
  
• **ISP (Internet Service Provider)** – A company that provides **internet access**.
  
• **LAN (Local Area Network)** – A private network connecting computers in a **small area**.
  
• **Payload** – The malicious effects of malware execution.
  
• **PUP (Potentially Unwanted Program)** – Software that behaves **suspiciously but is not malware**.
  
• **Protocol** – A set of rules for data transmission (e.g., FTP, TCP/IP).
  
• **Signature** – The unique identifier of a malware sample.
  
• **UPX (Ultimate Packer for Executables)** – A tool used to compress executable files.
  
• **Windows Registry** – A database storing system settings and configurations.
  

Infection Types Defined

• **Backdoor Trojan** – Gains unauthorized administrative access, often modifying system components to remain undetected. These are difficult to remove entirely.
  
• **Backdoor Rootkit** – Injects itself into low-level system components, such as device drivers, hardware interfaces, or the Master Boot Record (MBR). These are among the hardest infections to detect and remove.
  

• **File Infector Virus** – Attaches itself to executable files, spreading through the OS and damaging files. Examples: **Virut, Sality**.
  
• **Boot Sector Virus** – Infects the **MBR** or **boot sector**, making removal difficult without replacing system boot data.
  
• **Macro Virus** – Targets software like **Microsoft Office** by executing malicious macros when a document is opened.
  
• **Polymorphic Virus** – Changes its **code structure or encryption pattern** each time it infects a file, making detection harder.
  
• **Metamorphic Virus** – An advanced virus that **rewrites its own code** to avoid signature-based detection.
  

• **Computer Worm** – A self-replicating malware that spreads across networks, consuming bandwidth and slowing down systems. Example: **ILOVEYOU Worm**.
  

• **Backdoor Trojan** – Grants an attacker remote access to the system. (See **Backdoors** above.)
  
• **Generic Trojan** – Pretends to be a useful program but actually steals data or downloads more malware.
  

• **Ad-Supported Software** – Displays intrusive advertisements.
  
• **Tracking Cookies** – Monitors browsing activity to target users with specific ads.
  

• **Encrypting Ransomware** – Encrypts files and demands payment for decryption keys. Example: **WannaCry**.
  
• **Non-Encrypting Ransomware** – Locks users out of their systems and demands payment without encrypting files.
  

• **User-Mode Rootkit** – Operates at the software level, injecting itself into processes or system modules. Runs in **Ring 3**.
  
• **Kernel-Mode Rootkit** – Gains **Ring 0** privileges, modifying the operating system and even hiding processes. These are extremely dangerous.
  
• **Bootkit** – Infects the **MBR, boot sectors, or firmware**, making removal complex.
  
• **Firmware Rootkit** – Persists by infecting device firmware (e.g., BIOS, UEFI), making traditional removal methods ineffective.
  

• **Software Keylogger** – Runs as a background process, logging keyboard inputs.
  
• **Hardware Keylogger** – A physical device attached to a computer that captures keystrokes.
  

• **Malware** is the umbrella term for any software intended to **harm, steal, or disrupt a system**.
  
• **Spyware** includes **Trojans, Adware, System Monitors, and Tracking Cookies** – all designed to collect user data.
  
• **The term "virus" is not synonymous with malware**; it is just one type of malware.
  

• Understanding malware types helps in **recognizing threats and improving cybersecurity**.
  
• Each type of malware has **unique behaviors and removal challenges**.
  
• Staying informed and using **trusted security tools** can **prevent infections**.
  
• **Regular backups, updates, and vigilance** are key to protecting against evolving threats.
  

Effective Communication, Etiquette, and Dealing with Users

• Using **proper spelling, grammar, and punctuation**.
  
• Avoiding **chatspeak**, as it is difficult to read and unprofessional.
  
• Structuring responses in **clear, concise sentences**.
  
• Capitalizing appropriately—capitalization matters, as certain words change meaning based on it.
  
• Ensuring users can easily follow your instructions without confusion.
  

• **Windows** (as in the operating system; lowercase "windows" refers to glass panels)
  
• **Windows Registry** (otherwise, "registry" could refer to anything)
  
• **HijackThis**, **SmitfraudFix**, **ComboFix** (Always spell program names correctly)
  
• **PC** (stands for "Personal Computer"; lowercase "pc" could mean "political correctness")
  
• **Norton Antivirus** (Specific product names are capitalized)
  
• **Trojan.Vundo** (The specific malware name; lowercase "trojan" refers to a brand of condoms)
  
• **Fix checked** (from HijackThis; do not capitalize as "Fix Checked" or other variations)
  

• The **English version of Firefox** has a built-in spell checker.
  
• **Microsoft Word, Google Docs, and LibreOffice** all have spell-checking features.
  
• **Browser extensions and add-ons** can enable spell checking in Internet Explorer and Edge.
  

• **Use paragraphs** for different topics instead of one long block of text.
  
• **Use bullet points or numbered lists** for steps and instructions.
  
• **Use full words**, not abbreviations, unless they are widely accepted.
  

• **Local Area Network (LAN)**
  
• **Random Access Memory (RAM)**
  
• **Universal Serial Bus (USB)**
  
• **Graphics Interchange Format (GIF)**
  
• **Microsoft (MS)**
  
• **Malwarebytes' Anti-Malware (MBAM)**
  
• **Internet Service Provider (ISP)**
  

• **Use polite and encouraging language.** Instead of saying, "You should print this," say, "Please print this."
  
• **Use proper punctuation.** Sentences should not run together, and spacing should be consistent.
  
• **Minimize excessive formatting.** While colors can emphasize key points, they should not make text difficult to read.
  
• **Do not demand actions from users.** Guide them politely to solutions.
  
• **Refrain from excessive technical jargon.** If technical terms must be used, explain them.
  

• Use **simple, step-by-step instructions** for beginners.
  
• Use **technical explanations** where necessary for advanced users.
  
• Ask clarifying questions when necessary to determine a user's experience level.
  

• **Politely request clarification.** Example: 
  
  Code:

  I want to help, but I’m having trouble understanding your request. Could you rephrase it?
• **If you understand their request, proceed with assistance.**
  
• **If their writing is incomprehensible, leave it for another staff member.**
  

• Seek a staff mentor who speaks your native language.
  
• Use grammar tools like **Grammarly** to refine responses.
  
• Ask for help if needed before posting important responses.
  

• Your posts may be flagged for review.
  
• You may struggle to pass the **Quiz or Practice Logs** phase.
  
• Users may find it harder to follow your instructions, affecting your effectiveness.
  

• **Effective communication is essential for helping users with malware removal.**
  
• **Proper spelling, grammar, and punctuation improve clarity.**
  
• **Using structured responses and avoiding chatspeak enhances readability.**
  
• **Polite, professional interactions encourage cooperation from users.**
  
• **Following these guidelines makes you a more effective and respected helper.**
  

What is a BSOD and How to Deal with It

• Hardware failures
  
• Driver conflicts
  
• Corrupt system files
  
• Overheating or power issues
  
• Malware infections
  

• **CRITICAL_PROCESS_DIED** – A critical system process failed.
  
• **KMODE_EXCEPTION_NOT_HANDLED** – Kernel-mode process encountered an invalid instruction.
  
• **IRQL_NOT_LESS_OR_EQUAL** – Faulty drivers or RAM corruption.
  
• **PAGE_FAULT_IN_NONPAGED_AREA** – Windows tried to access invalid memory.
  
• **SYSTEM_THREAD_EXCEPTION_NOT_HANDLED** – Unhandled system thread error (often driver-related).
  
• **VIDEO_TDR_FAILURE** – Graphics driver crash (related to NVIDIA or AMD).
  
• **MEMORY_MANAGEMENT** – RAM-related issues.
  
• **DRIVER_IRQL_NOT_LESS_OR_EQUAL** – Driver conflict or bad system memory.
  
• **WHEA_UNCORRECTABLE_ERROR** – Hardware failure (CPU, RAM, or PSU).
  
• **DPC_WATCHDOG_VIOLATION** – Storage device or driver issue.
  

• When a BSOD occurs, take note of the **STOP error code** and any **driver file names** mentioned.
  
• Example:
  
  Code:

  IRQL_NOT_LESS_OR_EQUAL (STOP: 0x0000000A)

• Restart your computer and press **F8** repeatedly before Windows loads.
  
• Select **Safe Mode with Networking**.
  
• If Safe Mode works, the issue is likely **driver or software-related**.
  

• Go to **Settings > Update & Security > Windows Update**.
  
• Install any **pending updates**.
  
• Restart and check if the issue is resolved.
  

• Open **Device Manager** (`Win + X > Device Manager`).
  
• Look for any devices with a **yellow exclamation mark (!)**.
  
• Right-click the device and select **Update driver**.
  
• Check for updates on the manufacturer’s website for GPU, chipset, and network drivers.
  

• Press **Win + R**, type:
  
  Code:

  mdsched.exe
• Select **Restart now and check for problems**.
  
• Windows will scan RAM for errors.
  

• Open **Command Prompt as Administrator**.
  
• Run the following command:
  
  Code:

  chkdsk C: /f /r /x
• Restart your PC to allow Windows to fix drive errors.
  

• Use **Windows Defender** or a third-party tool like:
      - **Malwarebytes**
      - **ESET Online Scanner**
      - **HitmanPro**
  
• Perform a **full system scan**.
  

• Press **Win + X**, select **Event Viewer**.
  
• Navigate to **Windows Logs > System**.
  
• Look for critical events with **"Kernel-Power" or "BugCheck"**.
  

• Press **Win + R**, type:
  
  Code:

  rstrui
• Select a restore point before the BSOD started.
  
• Follow the instructions to restore Windows.
  

• Backup your important files.
  
• Go to **Settings > Update & Security > Recovery**.
  
• Click **Reset this PC** and follow the prompts.
  

• Keep **Windows and drivers updated**.
  
• Avoid **overclocking** components excessively.
  
• Use **reliable power sources** to prevent sudden shutdowns.
  
• Run **regular system maintenance** (`sfc /scannow`, `chkdsk`).
  
• Monitor **CPU and GPU temperatures** to avoid overheating.
  
• Ensure **your RAM and hardware are compatible** with your motherboard.
  

• **BlueScreenView** – Reads minidump files.
  
• **WhoCrashed** – Identifies faulty drivers causing BSODs.
  
• **Windows Debugging Tools (WinDbg)** – Advanced BSOD analysis.
  
• **LatencyMon** – Detects driver and hardware-related latency issues.
  

• **BSODs occur due to system crashes**, often caused by hardware failures, driver issues, or corrupt files.
  
• **Understanding STOP codes** can help diagnose and fix the problem.
  
• **Following a step-by-step troubleshooting guide** can resolve most BSOD errors.
  
• **Regular maintenance and updates** help prevent future BSOD occurrences.
  

Understanding the Hosts File and Malware Relating to the Hosts File in Windows

• Redirecting users to **phishing or malicious websites**.
  
• Blocking access to **antivirus/security update servers**.
  
• Hijacking legitimate domain names to display **fake websites**.
  
• Preventing users from visiting **security-related domains**.
  

• Press **Win + R**, type **notepad C:\Windows\System32\drivers\etc\hosts**, and press **Enter**.
  
• If you see suspicious entries like **unknown IP addresses mapped to popular websites**, your hosts file may be infected.
  
• Compare your hosts file with the default format (see above).
  

• Open **Notepad as Administrator** (`Win + R`, type `notepad`, press **Ctrl + Shift + Enter**).
  
• Click **File > Open**, navigate to:
  
  Code:

  C:\Windows\System32\drivers\etc
• Change file type to **All Files** (`*. *`), then open **hosts**.
  
• Delete any **suspicious or unknown entries**.
  
• Save the file and restart your computer.
  

• Visit **Microsoft's Support Page**.
  
• Download the **Fix it** tool to reset the hosts file.
  

• Open **Command Prompt as Administrator** (`Win + R`, type `cmd`, press **Ctrl + Shift + Enter**).
  
• Run the following command:
  
  Code:

  type nul > C:\Windows\System32\drivers\etc\hosts
• Then restore the default hosts file with:
  
  Code:

  echo 127.0.0.1 localhost > C:\Windows\System32\drivers\etc\hosts
• Restart your computer.
  

• **Make the hosts file read-only** to prevent unauthorized modifications:
  
  Code:

  attrib +r C:\Windows\System32\drivers\etc\hosts
• Use **antivirus software** that monitors changes to the hosts file.
  
• Enable **Windows Defender’s Tamper Protection** to block modifications.
  
• Avoid downloading **untrusted programs** that can alter system settings.
  
• Regularly check the hosts file for **unexpected changes**.
  

• **Malwarebytes** - Detects and removes hosts file infections.
  
• **HitmanPro** - Scans for malware that modifies system files.
  
• **ESET Online Scanner** - Free cloud-based malware scanner.
  
• **Microsoft Safety Scanner** - Checks for system infections.
  
• **Kaspersky TDSSKiller** - Detects rootkits that modify the hosts file.
  

• Boot into **Safe Mode** (`Win + R`, type `msconfig`, go to **Boot > Safe Mode**).
  
• Run a **full antivirus scan**.
  
• Reset the hosts file manually.
  

• The **Windows hosts file** is a powerful tool for local DNS resolution.
  
• Malware often **abuses the hosts file** to hijack web traffic or block security updates.
  
• Regular **monitoring and security best practices** can help prevent modifications.
  
• If the hosts file is compromised, **reset it and remove malware** immediately.
  

Malware Analysis: Understanding and Analyzing the Master Boot Record (MBR) of Windows

• The **partition table**, which defines disk partitions.
  
• The **bootloader code**, responsible for loading the operating system.
  
• A **disk signature** that uniquely identifies the disk.
  

• MBR malware overwrites the bootloader, executing **malicious code at startup**.
  
• It can be used for **persistence**, **rootkit installation**, or **data corruption**.
  
• Common MBR-based threats include:
      - **Petya Ransomware** – Encrypts the MBR to prevent booting.
      - **TDL4 (TLD-4 Rootkit)** – Infects the MBR to hide malware processes.
      - **StoneDrill** – A destructive wiper malware targeting the MBR.
      - **Whistler Bootkit** – Modifies the MBR to execute stealthy payloads.
  

• **HxD Hex Editor** – View and modify the raw MBR data.
  
• **WinHex** – Advanced disk editing tool for forensic analysis.
  
• **MBRCheck** – Scans and validates MBR integrity.
  

• **GMER** – Detects rootkits, including MBR infections.
  
• **Malwarebytes Anti-Rootkit** – Scans for boot-level malware.
  
• **MBR Backup Tool** – Creates and restores clean MBR backups.
  
• **ESET Online Scanner** – Detects MBR infections and bootkits.
  

• **Unexpected boot failures** or "Operating System Not Found" errors.
  
• **Slow boot times** with unusual disk activity.
  
• **Ransomware messages** at boot instead of Windows loading.
  
• **Changes to partition structures** detected in Disk Management.
  
• **Suspicious network activity** before the OS loads.
  

• Boot from a **Windows installation USB/DVD**.
  
• Select **Repair your computer** → **Advanced options** → **Command Prompt**.
  
• Run:
  
  Code:

  bootrec /fixmbr
bootrec /fixboot
bootrec /scanos
bootrec /rebuildbcd
• Restart the system.
  

• **MiniTool Partition Wizard** – Fixes MBR and boot issues.
  
• **EaseUS Partition Master** – MBR repair and partition recovery.
  
• **AOMEI Partition Assistant** – Fixes bootable drive issues.
  

• Use a **secure disk wiping tool** like **DBAN (Darik’s Boot and Nuke)**.
  
• Reinstall Windows from a **clean installation media**.
  
• Restore backed-up data after confirming it is malware-free.
  

• **Enable Secure Boot** – Prevents unauthorized bootloader modifications.
  
• **Use UEFI Instead of MBR** – Modern UEFI firmware protects against MBR attacks.
  
• **Keep Security Software Updated** – Use real-time anti-malware tools.
  
• **Avoid Suspicious Downloads and Attachments** – Do not run unknown bootable media.
  
• **Regularly Backup the MBR** – Use tools like Macrium Reflect for disk imaging.
  

• The MBR is a **critical system component** targeted by advanced malware.
  
• **Analyzing the MBR** can help detect boot-level infections and prevent system compromises.
  
• **Using proper tools and security practices** can prevent and mitigate MBR-based threats.
  
• **Switching to UEFI and Secure Boot** provides better protection against MBR-based attacks.
  

Resources for Researching Files, Registry Entries, and Processes

• **VirusTotal** - Scans files, hashes, and URLs against 70+ antivirus engines.
  
• **Hybrid Analysis** - Provides deep file analysis using sandbox technology.
  
• **OPSWAT MetaDefender** - Multiscanning engine for files, IPs, and URLs.
  
• **Joe Sandbox** - Advanced behavior analysis for malware detection.
  
• **Kaspersky Threat Intelligence Portal** - Free file and URL scanning.
  
• **URLScan.io** - Analyzes URLs and provides detailed reports.
  
• **Jotti’s Malware Scan** - Free online scanner using multiple engines.
  
• **ANY.RUN** - Interactive malware analysis sandbox.
  
• **Fortinet Web Filter Lookup** - Checks URLs for threats.
  

• **MalwareBazaar** - Search malware hashes and download samples.
  
• **ThreatFox** - Collection of threat intelligence indicators.
  
• **AlienVault OTX** - Threat intelligence sharing platform.
  
• **Microsoft Defender Threat Intelligence** - Microsoft’s threat database.
  
• **MISP Malware Information Sharing** - Threat sharing platform.
  
• **Threat Intelligence Platform** - IP, domain, and file reputation analysis.
  
• **ThreatMiner** - Research domain names, IPs, and malware families.
  
• **URLHaus** - Database of malicious URLs.
  
• **Cisco Talos Intelligence** - Threat analysis and security research.
  
• **ANY.RUN Threat Analysis** - Live malware execution analysis.
  

• **SystemLookup** - Database of startup items, toolbars, and registry entries.
  
• **File.net** - Provides descriptions of Windows system files and processes.
  
• **WinHelpOnline** - Windows registry tips and troubleshooting.
  
• **PC Pitstop Process Library** - Information on Windows processes.
  
• **BleepingComputer Startup Database** - Research startup entries and registry keys.
  
• **Should I Remove It?** - Identifies potentially unwanted programs.
  
• **WinPatrol** - Detects changes in startup items and registry keys.
  
• **Microsoft Security & Malware Info** - Official Microsoft security documentation.
  
• **LifeWire Windows Registry Guide** - Guide to understanding registry entries.
  

• **Process Explorer** - Advanced task manager to check running processes.
  
• **CurrProcess** - View detailed process information.
  
• **Who’s Locking This File?** - Detects which process is using a file.
  
• **GMER** - Detects rootkits hidden in Windows.
  
• **WhatInStartup** - Displays programs that run at startup.
  
• **Sysinternals Suite** - Collection of advanced Windows utilities.
  

• **IPQualityScore** - Checks IP addresses for fraud and malware activity.
  
• **Shodan** - Search engine for devices and network security research.
  
• **VirusTotal Domain Scan** - Checks if a domain is malicious.
  
• **DomainTools WHOIS** - Get domain registration information.
  
• **AbuseIPDB** - Checks if an IP has been reported for malicious activity.
  
• **Team Cymru IP Lookup** - Research IP and ASN information.
  
• **Robtex** - Provides DNS and IP research.
  
• **DNSDumpster** - Domain and subdomain investigation tool.
  

Understanding the 64-bit Registry and File System Compared to 32-bit

• 32-bit applications cannot access **64-bit registry keys** directly.
  
• When a 32-bit application tries to access certain registry keys, Windows **redirects** it to a special location: 
  
  Code:

  HKEY_LOCAL_MACHINE\Software\WOW6432Node
• This prevents conflicts between 32-bit and 64-bit versions of the same software.
  

• 64-bit software registry location: 
  
  Code:

  HKEY_LOCAL_MACHINE\Software\MyApp
• 32-bit software registry location (redirected): 
  
  Code:

  HKEY_LOCAL_MACHINE\Software\WOW6432Node\MyApp

• 64-bit applications access registry keys normally.
  
• 32-bit applications get redirected to **WOW6432Node**.
  
• Some registry keys are **shared** between 32-bit and 64-bit applications.
  

• 64-bit Windows **redirects** 32-bit application file access from `C:\Windows\System32` to: 
  
  Code:

  C:\Windows\SysWOW64
• This prevents compatibility issues between 32-bit and 64-bit system files.
  

• 64-bit system files: 
  
  Code:

  C:\Windows\System32
• 32-bit system files (redirected): 
  
  Code:

  C:\Windows\SysWOW64

• System32 contains **64-bit system files**.
  
• SysWOW64 contains **32-bit system files**.
  

• Open **Task Manager** (`Ctrl + Shift + Esc`).
  
• Look at the **Processes tab**.
  
• 32-bit applications are marked with **"(32-bit)"**.
  

• **Impossible without emulation**.
  
• 32-bit Windows **cannot run** 64-bit applications since it does not support 64-bit instruction sets.
  
• A **virtual machine (VM)** or **Windows Upgrade** is needed to run 64-bit applications.
  

• **Better security** - 64-bit Windows enforces stricter driver signing.
  
• **More memory access** - 64-bit applications can access **more than 4GB RAM**.
  
• **Better performance** - Faster execution for memory-intensive applications.
  
• **Backward compatibility** - 32-bit applications still run on a 64-bit OS.
  

• Some **older 32-bit applications** may not function properly in a **64-bit environment**.
  
• Some applications **may fail to find** their registry keys due to redirection.
  
• 16-bit applications **cannot run** on 64-bit Windows.
  

• Editing registry keys without knowledge can **break applications**.
  
• Modifying files in `System32` or `SysWOW64` can **cause system instability**.
  

• You have **more than 4GB of RAM**.
  
• You use **64-bit applications** or require **better performance**.
  
• You need **enhanced security features**.
  
• You run **modern software and games**.
  

• You have **older hardware** that does not support 64-bit.
  
• You need to run **legacy 16-bit applications**.
  
• Your system has **less than 4GB of RAM**.
  

• **Windows uses redirection techniques** to ensure compatibility between **32-bit and 64-bit applications**.
  
• **64-bit Windows has separate registry and file system locations** for 32-bit applications.
  
• **WOW64 allows 32-bit applications to run on a 64-bit OS**, but 64-bit applications cannot run on a 32-bit OS.
  
• **Understanding file paths and registry locations** is essential for troubleshooting compatibility issues.
  

Understanding the Windows Registry: A Comprehensive Guide

• Stores system and application settings.
  
• Manages hardware configurations.
  
• Controls user preferences.
  
• Stores security policies and system behavior settings.
  
• Provides a centralized structure for configuration management.
  

• Keys are like folders.
  
• Subkeys are nested inside keys.
  
• Each key can contain multiple values.
  

• REG_SZ: String value (e.g., file paths, settings).
  
• REG_DWORD: 32-bit integer value (e.g., 0 or 1 for boolean settings).
  
• REG_QWORD: 64-bit integer value.
  
• REG_BINARY: Raw binary data.
  
• REG_MULTI_SZ: Multi-line string (multiple values in one entry).
  
• REG_EXPAND_SZ: Expandable string containing environment variables.
  

• Use the left pane to browse registry hives and keys.
  
• Right-click a key to create, delete, or modify values.
  
• Use Ctrl + F to search for specific entries.
  

• Right-click the key → Select Export.
  
• Save as a `.reg` file.
  

• Double-click the `.reg` file → Click Yes to merge.
  

• Right-click a key → Select New → Choose the value type.
  
• Double-click a value to modify its data.
  
• Delete values carefully to avoid breaking system functions.
  

• Always back up the registry before making changes.
  
• Do not edit registry keys unless necessary.
  
• Be cautious when running `.reg` files from unknown sources.
  
• Use antivirus software to prevent unauthorized registry modifications.
  
• Avoid using "registry cleaner" software as they can cause unintended issues.
  

• Export a registry key:
  
  Code:

  reg export "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run" backup.reg
• Add a new value:
  
  Code:

  reg add "HKEY_LOCAL_MACHINE\Software\MyApp" /v "Setting1" /t REG_DWORD /d 1 /f
• Delete a registry key:
  
  Code:

  reg delete "HKEY_LOCAL_MACHINE\Software\MyApp" /f

• List all registry keys:
  
  Code:

  Get-ChildItem -Path HKLM:\Software\Microsoft
• Create a new registry entry:
  
  Code:

  New-ItemProperty -Path "HKCU:\Software\MyApp" -Name "Setting1" -Value "1" -PropertyType DWORD
• Delete a registry entry:
  
  Code:

  Remove-Item -Path "HKCU:\Software\MyApp" -Force

Computer Security Risks: A Comprehensive Guide

• Viruses: Attach themselves to legitimate files and spread when executed.
  
• Worms: Self-replicating malware that spreads without user action.
  
• Trojans: Disguised as legitimate software but execute harmful actions.
  
• Ransomware: Encrypts files and demands payment for decryption.
  
• Spyware: Secretly collects user information without consent.
  
• Adware: Displays unwanted ads and can slow down performance.
  
• Rootkits: Hide deep within the system to maintain control over an infected device.
  
• Keyloggers: Record keystrokes to steal passwords and sensitive data.
  

• Clicking on malicious links.
  
• Downloading malware-infected attachments.
  
• Providing login credentials or financial information.
  

• Email Phishing: Fake emails pretending to be from banks, PayPal, or other trusted organizations.
  
• Spear Phishing: Targeted attacks using personal information to increase credibility.
  
• Vishing (Voice Phishing): Fraudulent calls pretending to be tech support, IRS, or other officials.
  
• Smishing (SMS Phishing): Fake text messages prompting users to click malicious links.
  

• Volumetric Attacks: Flood networks with massive amounts of data (e.g., UDP floods, ICMP floods).
  
• Protocol Attacks: Exploit vulnerabilities in protocols (e.g., SYN flood, Ping of Death).
  
• Application Layer Attacks: Target web applications to exhaust server resources.
  

• No security patches exist at the time of exploitation.
  
• They are often used in targeted cyberattacks.
  
• Attackers can infiltrate systems unnoticed.
  

• Disgruntled Employees: Individuals leaking or sabotaging company data.
  
• Unintentional Mistakes: Employees falling for phishing scams or misconfiguring security settings.
  
• Third-Party Risks: Contractors or vendors with access to sensitive systems.
  

• Gain unauthorized access to systems.
  
• Install malware and steal data.
  
• Bypass security measures.
  

• Brute Force Attacks: Automated bots try multiple password combinations.
  
• Credential Stuffing: Using leaked credentials from one breach to access other accounts.
  
• Dictionary Attacks: Guessing passwords using common words.
  

• Trust: Pretending to be IT support or a company executive.
  
• Fear: Creating a sense of urgency to make users act without thinking.
  
• Curiosity: Sending fake security warnings or offers.
  

• Unsecured Wi-Fi Networks: Hackers intercept data on public Wi-Fi.
  
• Session Hijacking: Stealing session cookies to access user accounts.
  
• DNS Spoofing: Redirecting users to malicious websites.