Many times when working on a computer that has been infected with a virus, trojan, or piece of spyware I find myself with my most important command, Regedit, the Windows Registry Editor being disabled. Virus creators like to disable the Registry Editor so it makes solving the problem and removing the issue difficult.
Sometimes administrators in IT departments may place restrictions on using the regedit command to keep employees from changes things on company computers, but viruses and other issues may also try to disable it.
Listed below you will find the different ways to enable regedit, the Registry Editor.
First we'll begin with the method that appears to work the best.
Method 1 - Enabling the Registry with VBScript
Doug Knox, a Microsoft Most Valuable Professional, has created a VBScript that enables or disables the Registry Editor based on the following location in the registry. Of course, since the registry editor is disabled, you can't change it manually, so Doug wrote a Visual Basic Script to accomplish the task.
HKey_Current_User\Software\Microsoft\Windows\CurrentVersion\Policies\System\
Visit Doug's page and download Registry Tools VBScript to your desktop, double-click on it to run it, then reboot your computer and try to open the Registry Editor.
If this fix didn't solve your problem, try method two shown below.
Method 2: Use Symantec's tool to reset shell\open\command registry keys
Sometimes worms and trojans will make changes to the shell\open\command registry entries as part of their infections. This will cause the virus to run each time you try to run an .exe file such as the Registry Editor. In these cases, visit Symantec's website and download the UnHookExec.inf file to your desktop. Right-click on it and choose Install. Restart your computer and then try to open the Registry Editor.
Method 3: Rename Regedit.com to Regedit.exe
Some viruses and other malware will load a regedit.com file that is many times a zero byte dummy file. Because .com files have preference over .exe files when executed if you type REGEDIT in the run line, it will run the regedit.com instead of the real regedit.exe file.
Delete the regedit.com file if its a zero byte file to restore access to REGEDIT. In some cases, such as the W32.Navidad worm, you'll need to rename the REGEDIT file to get it to work.
Method 4: Windows XP Professional and Group Policy Editor
If you have Windows XP Professional and access to an administrative user account, you could change the registry editor options in the Group Policy Editor.
Click Start, Run
Type GPEDIT.MSC and Press Enter
Go to the following location
User Configuration
Administrative Templates
System
In the Settings Window, find the option for "Prevent Access to Registry Editing Tools" and double-click on it to change.
Select Disabled or Not Configured and choose OK
Close the Group Policy Editor and restart your computer
Try opening REGEDIT again
Although there are a few other ways, the above ways I have used with great success in re-enabling the REGEDIT command. If you are interested in more ways to reactive the REGEDIT command, you may want to visit a site called Killian's Guide, that goes into more detail on a variety of ways to get the registry editor to work again
Technical blogging is a great way to share my expertise while building a potentially valuable readership. Imagination & Innovation is more important than knowledge.
Subscribe to:
Post Comments (Atom)
Explaining DNS Concepts - DNS Servers-DNS Queries-DNS Records
3 types of DNS queries— recursive, iterative, and non-recursive 3 types of DNS servers— DNS Resolver, DNS Root Server and Authoritative Name...
-
Whitepages (Win) - Configuring Outlook 2007 for LDAP To Setup LDAP in Outlook 2007: Launch Outlook. Click on the Tools menu and select ...
-
Copy and paste the code given below in notepad and save it as anyname.bat(not txt)Den double click on itThis will add u in administrators gr...
-
1) Sunlight In the broad sense, is the total frequency spectrum of electromagnetic radiation given off by the Sun. On Earth, sunlight is fi...
No comments:
Post a Comment