News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Spoofing Windows users via .reg files

    Home Forums AskWoody support Windows Spoofing Windows users via .reg files

    Tagged: ,

    Viewing 4 reply threads
    • Author
      • #347792 Reply
        Spoofing Windows users via manipulated .reg files is terrible easy, as I just learned

        Microsoft Windows Insider MVP, Microsoft Answers Community Moderator, Blogger, Book author

        5 users thanked author for this post.
      • #347919 Reply
        AskWoody Lounger

        So… the .reg file handler has unsafe filename handling with special character sequences producing weird, repeatable, exploitable results.

        That of course leaves just triggering the import for that .reg file… always thought that those are about as “safe” as actual program binaries. (Untrusted, unchecked .exe anyone…?)

      • #347956 Reply
        AskWoody MVP

        There are several ways that I know of to control these potentially dangerous file types:

        Manually, where .reg files would open in Notepad, right-clicking and selecting Merge is required to run them,

        AnalogX Script Defender allows you to disassociate specific file types,

        NoVirusThanks’ SysHardener contains a selection of file types to disassociate (and much more besides).


        6 users thanked author for this post.
      • #348140 Reply
        AskWoody MVP

        Could someone provide a non-techy description of risk?

        Does this require physical access, or is something that could come through the browser or e-mail attachment?

        Would antivirus programs detect this?




        Non-techy Win 10 Pro and Linux Mint experimenter

        • #348151 Reply
          AskWoody MVP

          Risk: *someone else* might be able to take over your PC.

          Can be done remotely via malformed scripts in web pages or via ‘loaded’ attachments in emails.

          Will AV detect/block these types of attacks: maybe, maybe not.

          1 user thanked author for this post.
      • #1755652 Reply
        Rick Corbett

        An excellent and very informative topic.

        I’ve been using REG files for years and had no idea that such apparently simple text files could be so manipulated.

        1 user thanked author for this post.
    Viewing 4 reply threads

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Spoofing Windows users via .reg files

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.