How to Remove Registry Entries
What is the Registry?
The Windows registry is a central hierarchical collection of software, hardware and user settings that are present in your machine. It is used in Microsoft Windows 9x, Windows CE, Windows NT, Windows 2000, Windows Millennium, Windows XP and Windows Vista. Although the Registry is common to several Windows operating systems, there are some differences among them. The registry plays a very important role in your computer’s operating system, for example, by allowing Windows to start and ensuring the stability of the entire system.
When the user makes any modifications to Control Panel settings, file associations, system policies and installed software, all these changes are reflected and stocked up in the registry. The Registry replaces most of the text-based .ini files used in Windows 3.x and MS-DOS configuration files, such as the Autoexec.bat and Config.sys.
Why is it important to remove malicious registry entries?
The majority of all hazardous parasites, especially Trojans, browser hijackers, spyware and adware threats have the ability to change the Windows registry. The malicious programs usually add various registry entries, generate new keys and modify default values. That’s why it is important to learn how to remove malicious registry entries so you can quickly detect and remove deep-seated infections. Invalid registry entries may cause a serious harm, and they may be a reason of sluggish performance of your PC as well.
Remove Spyware Registry Entries Manually
Warning: Removing spyware registry entries is difficult and risky.
Follow the steps below to manually remove registry entries:
- To open the Registry Editor, press the “Start” button and then choose the option “Run”. In the “Open” field, type “regedit” and click the “OK” button.
- The Registry Editor has two panes. The left pane is to navigate on certain registry keys and the right pane is to see values of selected keys.
- To edit the value, right-click on it and select the “Modify” option.
- You can also double-click on the value with your left mouse button. Another option is to use the “Edit” menu, where you type in the chosen value in the window and click the “OK” button. You can do the same with any other value or registry key.
- Follow the same steps as just described to delete the value or the registry key. On this step, you will have to select the “Delete” option. If you get a list of results, you may want to plug them into the Web before you delete them, just to be sure you’re erasing malware-related keys.
- To add a new registry key or a new value, click on the “Edit” menu. Then, select option “New” and select a type for the entry.
- To export any key or value from the registry to the defined file, right-click on the object and select “Export” from the menu.
- Enter a file name and save the exported registry files as a .reg extension.
- It is also possible to import a certain value or a key. Click on the “File” menu and choose “Import”. Then, select the objects that you want to import.
- Close the registry editor and reboot your computer. If something appears wrong after you change the registry, you can restore the registry from the backup you’ve created.
Posted: June 6, 2006 | By SpywareRemove
MoreRate this article:
(2 votes, average: 2.00 out of 5)
Loading ...
Hello,
My PC is infected by the trojan dropper/rs32Net.Process. May you help to remove this trojan? Will appreciate email to me direct.
Thanks
OYSP
so i’ve got MS AntiSpyware2009 stuck on my machine. I had just removed antivirus 360 a couple months ago and everything went great. This time though i’m haveing a little trouble trying to get into the regedit. Every time i try to run it, it says:Reggistry editor has been diabled by your administrator. What is that about, if anyone can help me get through this just send me an email at joshuagonnoud@yahoo, it would be a great help.
when i find the program and dlelt it i scan my computer again and it says its still there
…So i used spyhunter to locate infected files and found 6 registry keys- four of which are CLSID/{EC43E3FD-…
and i followed the above directions but the file names [nomifeyi and todomeko] continue to alternate. Please help! i’m not sure how to solve this…
thanks , good solution and explanation
Hello everyone When I turn on my computer, my desktop show up for a few seconds, then it disappears and the only thing left is my background picture. explorer.exe keeps crashing and restarting even upon killing the process in task manager. Howver every few seconds it disappears again.
No programs recently installed
p.s if i do the above procedure in safe mode it does the same thing the only thing diffrent from above is that once I click the you are running in safe mode button desktop appears then disappears again.
This causes me to be unable to run spywarehunter becasue something is killing the windows explorer process
please help me to remove the zlob.trojan it is present in the registry,also I have Trojen Virtumonde (vundo) (ms juan)
need to get the system security thing off from my computer
thanks a lot
Elaine. I would recommend searching for files created/modified on or around same day that your infected file was created. Then I would examine closely those files found near or on that same day. Most likely if they have same time stamp…they could be related. There could be another file that is meant to re-create a registry entry if deleted…like in windows registry “run” folder which is where all your windows startup files are. Also because of this…it could be eating your memory at startup, not allowing windows to fully become functional until it is done doing what it does. Hope this helps at least somewhat. Good luck.
I have been a PC user for about 25 years. I like to understand as much as possible about the machine, but I must admit that I don’t know much about the Registry. I was following your instructions trying to rid my computer of RelevantKnowledge. I noticed that there are literally thousands of entries in the Registry. By some of the names, I know that I did not have anything to do with their being there. To give you one example, there were 76 entries fiting the pattern “gay*.*. Now, I assure you I have never been on a site that fit that description. This is only one example, there were worse examples. How did they get there and how do I get them off? And more importantly, How do I prevent this from happening again?
Thanks for any help you can give.
Good
Hello. My anti virus detected something called W32.Huhk.A and what happened was it detected it in the registry entries of Windows XP and whenever I tried to remove it using the anti virus, my computer would go blank after starting up, like the task bar and start menu are not present, and I cannot right click anywhere, so I would usually end up repairing Windows. Does anybody have any idea what is going on? A response is appreciated. Thanks/
I was infected with the mr.exe trojan. How do I go about removing this from the computer? Any suggestions would be greatly appreciated.
Shalom,
I cannot find the xppubwiz.reg from the registry, what can i do?
I have just been infected with the Trojan.Downloader.Agent.ahba virus. When using the regedit to remove this it automatically closes this application. I have the location but can’t get to it using the regedit tool…any suggestions?
Thanks!
please help me to remove the zlob.trojan it is present in the registry.
I am grateful to your website, since my computer has been infected with antivirusdoc, and I can’t remove it; it pops up everytime I do anything. I followed your instructions about going to REGEDIT, and did all the steps, but when I got to UNINSTALL, I couldn’t find AntivirusDoc. At the moment, I’m on your second web page, so can’t exactly remember where AntivirusDoc was supposed to be. But I did do all the steps. HELP!!!
i’m having problems removing anti spy check from my computer. The registry files aren’t there. Any ideas?
trying to find if I can go thru registry and programs I have installed have wierd names in registry. Would like to rename them.
example
a12jfu6as is registry key name
would like to safely say *example*
downloadmanager
have xp pro.
:)
Much thanks for a great site
i cant get the thing to open
the best procedure to remove Trojan.Win32.Obfuscated.gx
jeff,
There are no guarantees that you will find any anti-spyware program that can detect and remove all the parasites on the Web because parasites are changing and creating new files. So the most important thing for anti-spyware programs is not only the detection removal mechanism, but the research and support team that it provides.
Our spyware research team actively researches to identify potential spyware threats. They’re watching new spyware threats, analyzing them and identifying their files. Our spyware research team also closely monitors existing threats to watch how they mutate and to make sure that their signature profiles are updated to the latest version.
The results of every research are included to SpyHunter. It is nearly impossible to get all the parasites from the web. This is why the support team exists, from which customers may get a custom solution for removal of spyware threats.
could you give some indication or example of an inappropriate registry that would be associated with seekmo, 180solutions, or vundo? or maybe where to find such information? Why does your program know exactly which files? Did someone sit and figure it out for 30 hours, and simply record the files to look for into a list? Or is there some functionality to the program that allows for it to actively recognize and associate one file with another suspected file?
statsman58,
In most cases parasites regenerate their registry values. So you need to remove these files, which are responsible for this regeneration. Scan your computer with our free SpyHunter scanner and it will show you the infected files and their locations. After scan, boot your computer in Safe Mode and remove these files manually.
I followed these directions to delete a registry value and then exited the registry. when I re-edit the registry that old value is still there; it did not delete. any suggestions on how to delete it ?
jon,
Try to boot your computer in Safe Mode. This should let you delete the infected file.
when i try to delete one infetced file an error message comes up saying the file cant be deleted because it is in use.
thank you.
peter,
It is not so important to delete these registry entries. The most important is to remove the files which are acociated with these entries. I advise you to use our free scanner or other free anti-spyware software to scan your computer and see what these programs will find. And if they will find any infected files or registry entries, try to remove them manually.
Hi there,
I am trying to delete all the registry entries related to cmdservice. it all went fine until HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_cmdservice. For some reason i am not allowed to change or delete this. Anyone knows what to do?
Best Regards,
Peter
Thank you!
Lolly,
After scanning your computer with free scanner, you’ll also see the locations of the infected files. So you can follow our manual removal instructions and remove the infected files manually. It’s better to boot your computer in Safe Mode while removing the infected files. Good Luck.
Hello,
After the free scanner finishes the scan, how would I remove the infected files?
Assumpta Shek,
Many parasites are mutating and the information may be old or not accurate anymore. You should scan your computer with our free scanner to find the infected files. Our free scanner won’t remove the infection, but it will show the locations of the infected files.
When I tried to delete the registry entries usign the method as described above, I received the following error message: Unable to delete all specified values. What should I do?
Grateful for a reply.
happy with the solution
thank you for the help.