SpywareRemove HomeHome Security NewsSecurity News How to Remove Registry EntriesHow to Remove Registry Entries

How to Remove Registry Entries   AddThis Social Bookmark Button AddThis Feed Button

What is the Registry?

The Windows registry is a central hierarchical collection of software, hardware and user settings that are present in your machine. It is used in Microsoft Windows 9x, Windows CE, Windows NT, Windows 2000, Windows Millennium, Windows XP and Windows Vista. Although the Registry is common to several Windows operating systems, there are some differences among them. The registry plays a very important role in your computer’s operating system, for example, by allowing Windows to start and ensuring the stability of the entire system.

When the user makes any modifications to Control Panel settings, file associations, system policies and installed software, all these changes are reflected and stocked up in the registry. The Registry replaces most of the text-based .ini files used in Windows 3.x and MS-DOS configuration files, such as the Autoexec.bat and Config.sys.

Why is it important to remove malicious registry entries?

The majority of all hazardous parasites, especially Trojans, browser hijackers, spyware and adware threats have the ability to change the Windows registry. The malicious programs usually add various registry entries, generate new keys and modify default values. That’s why it is important to learn how to remove malicious registry entries so you can quickly detect and remove deep-seated infections. Invalid registry entries may cause a serious harm, and they may be a reason of sluggish performance of your PC as well.

Remove Spyware Registry Entries Manually

Warning: Removing spyware registry entries is difficult and risky. If you delete the wrong file, your computer may crash and important data may be lost. As a precautionary measure, please back up important files and set a System Restore point (click Start > All Programs > Accessories > System Tools > System Restore, and follow the on-screen instructions) or run a spyware check with a trusted anti-spyware program to automatically detect spyware.

Follow the steps below to manually remove registry entries:

  1. To open the Registry Editor, press the “Start” button and then choose the option “Run”. In the “Open” field, type “regedit” and click the “OK” button.

    Run Regedit

  2. The Registry Editor has two panes. The left pane is to navigate on certain registry keys and the right pane is to see values of selected keys.

    The Registry Editor

  3. To edit the value, right-click on it and select the “Modify” option.

    Modify the value

  4. You can also double-click on the value with your left mouse button. Another option is to use the “Edit” menu, where you type in the chosen value in the window and click the “OK” button. You can do the same with any other value or registry key.

    Edit the value

  5. Follow the same steps as just described to delete the value or the registry key. On this step, you will have to select the “Delete” option. If you get a list of results, you may want to plug them into the Web before you delete them, just to be sure you’re erasing malware-related keys.

    Delete the value

  6. To add a new registry key or a new value, click on the “Edit” menu. Then, select option “New” and select a type for the entry.

    Add the new value

  7. To export any key or value from the registry to the defined file, right-click on the object and select “Export” from the menu.

    Export the value

  8. Enter a file name and save the exported registry files as a .reg extension.

    Export registry entries to a file

  9. It is also possible to import a certain value or a key. Click on the “File” menu and choose “Import”. Then, select the objects that you want to import.

    Import registry entries

  10. Close the registry editor and reboot your computer. If something appears wrong after you change the registry, you can restore the registry from the backup you’ve created.
« How to Find Spyware with File Search Tool
How to Remove DLL Files »

This entry was posted on Tuesday, June 6th, 2006 at 12:48 pm and is filed under Tutorials. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

19 Responses to “How to Remove Registry Entries”

  1. Mark Alonzo Says:
    October 16th, 2007 at 2:04 am

    thank you for the help.

  2. prashant kadam Says:
    October 31st, 2007 at 4:20 am

    happy with the solution

  3. Assumpta Shek Says:
    December 22nd, 2007 at 12:02 am

    When I tried to delete the registry entries usign the method as described above, I received the following error message: Unable to delete all specified values. What should I do?

    Grateful for a reply.

  4. ghostrider01 Says:
    December 22nd, 2007 at 11:01 am

    Assumpta Shek,

    Many parasites are mutating and the information may be old or not accurate anymore. You should scan your computer with our free scanner to find the infected files. Our free scanner won’t remove the infection, but it will show the locations of the infected files.

  5. Lolly Says:
    December 27th, 2007 at 6:12 am

    Hello,
    After the free scanner finishes the scan, how would I remove the infected files?

  6. ghostrider01 Says:
    December 27th, 2007 at 11:19 am

    Lolly,

    After scanning your computer with free scanner, you’ll also see the locations of the infected files. So you can follow our manual removal instructions and remove the infected files manually. It’s better to boot your computer in Safe Mode while removing the infected files. Good Luck.

  7. Lolly Says:
    December 27th, 2007 at 9:54 pm

    Thank you!

  8. peter Says:
    January 1st, 2008 at 3:10 pm

    Hi there,

    I am trying to delete all the registry entries related to cmdservice. it all went fine until HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_cmdservice. For some reason i am not allowed to change or delete this. Anyone knows what to do?

    Best Regards,

    Peter

  9. ghostrider01 Says:
    January 2nd, 2008 at 11:22 am

    peter,

    It is not so important to delete these registry entries. The most important is to remove the files which are acociated with these entries. I advise you to use our free scanner or other free anti-spyware software to scan your computer and see what these programs will find. And if they will find any infected files or registry entries, try to remove them manually.

  10. peter Says:
    January 2nd, 2008 at 2:43 pm

    thank you.

  11. jon Says:
    January 5th, 2008 at 11:55 pm

    when i try to delete one infetced file an error message comes up saying the file cant be deleted because it is in use.

  12. ghostrider01 Says:
    January 7th, 2008 at 10:03 am

    jon,

    Try to boot your computer in Safe Mode. This should let you delete the infected file.

  13. statsman58 Says:
    January 28th, 2008 at 1:09 pm

    I followed these directions to delete a registry value and then exited the registry. when I re-edit the registry that old value is still there; it did not delete. any suggestions on how to delete it ?

  14. ghostrider01 Says:
    January 28th, 2008 at 2:20 pm

    statsman58,

    In most cases parasites regenerate their registry values. So you need to remove these files, which are responsible for this regeneration. Scan your computer with our free SpyHunter scanner and it will show you the infected files and their locations. After scan, boot your computer in Safe Mode and remove these files manually.

  15. jeff Says:
    February 19th, 2008 at 12:44 am

    could you give some indication or example of an inappropriate registry that would be associated with seekmo, 180solutions, or vundo? or maybe where to find such information? Why does your program know exactly which files? Did someone sit and figure it out for 30 hours, and simply record the files to look for into a list? Or is there some functionality to the program that allows for it to actively recognize and associate one file with another suspected file?

  16. ghostrider01 Says:
    February 19th, 2008 at 7:02 pm

    jeff,

    There are no guarantees that you will find any anti-spyware program that can detect and remove all the parasites on the Web because parasites are changing and creating new files. So the most important thing for anti-spyware programs is not only the detection removal mechanism, but the research and support team that it provides.

    Our spyware research team actively researches to identify potential spyware threats. They’re watching new spyware threats, analyzing them and identifying their files. Our spyware research team also closely monitors existing threats to watch how they mutate and to make sure that their signature profiles are updated to the latest version.

    The results of every research are included to SpyHunter. It is nearly impossible to get all the parasites from the web. This is why the support team exists, from which customers may get a custom solution for removal of spyware threats.

  17. amardeep Says:
    April 11th, 2008 at 1:39 pm

    the best procedure to remove Trojan.Win32.Obfuscated.gx

  18. MICHAEL Says:
    April 29th, 2008 at 12:30 pm

    i cant get the thing to open

  19. Jack Says:
    June 21st, 2008 at 4:33 pm

    trying to find if I can go thru registry and programs I have installed have wierd names in registry. Would like to rename them.

    example

    a12jfu6as is registry key name

    would like to safely say *example*
    downloadmanager

    have xp pro.
    Much thanks for a great site :):)

Leave a Reply

*
To prove you're a person (not a spam script), type the security word shown in the picture.
Anti-Spam Image