Registry Files and Hives Overview

Question: What is the difference between registry files and registry hives?

Answer: Registry files can be opened by text editors, such as notepad, wordpad and so on. Registry hives have their own binary data format, so you cannot open a registry hive using notepad or wordpad. There is no standard application to view a registry hive.
Registry files and registry hives consist both of registry keys and registry values, but only registry files can delete a certain registry key (for example:
[-HKEY_LOCAL_MACHINE\SOFTWARE\Virusses]) or a certain registry value
(for example [HKEY_LOCAL_MACHINE\SOFTWARE\Virusses], ‘JustFormatTheHDD=-‘). A registry key with preceeding ‘-‘ and all of its subkeys and values will be deleted, if you decide to merge the appropriate file to your local registry. A registry value with succeeding ‘-‘ will be deleted as well. So, the advantage of deleting/renaming of certain registry keys and values can cause a lot of trouble!
Registry files and registry hives are supposed to create new registry keys or values. Existing values will be overridden. Assume, there is a DWORD value, named “DaysLeft” containing a value of 16D (decimal=365).  Now, the File, you want to merge the appropriate file with the existing registry by right-clicking on the filename in your windows explorer.  It contains “DaysLeft” containing a value of 10 (decimal=16). Guess what happens 17 days later..

Or assume, you bought and registered expensive software. What would you think, when your info screen suddenly shows the following “Registered Owner: P.A.W.G” instead of your real first and last name. PAWG means “Phat Ass White Girl”, by the way.

Valid Registry Datatypes can be found here.

Because of threatening your systems health, both kinds of registry setting files are real dangerous. I could not find any anti-virus software that is capable of scanning *.reg, *.dat, *.hiv, *.log, *.sam, *.sav or any related file types. Up to now, anti-virus software concentrates on executable filetypes like *.com or *.exe!