Tuesday, 28 June 2011

Virus in Windows System Registry

It's hard to remove the virus in the Windows System Registry, because it's not easy to find where the virus hides. Also, it's danger to edit the data inside the registry. If you enter or delete wrong key, data or value, Windows might be unable to run after that. Here we just show you how to check any unwanted program loaded into the memory when Windows start.

To change the registry data needs to run Microsoft Registry Editor - RegEdit.exe. You can click the Start Button, then select Run... item. When the Run Window will appear, then type 'RegEdit' into Open: textbox and click OK button.

You might be unable to RegEdit, because the virus blocks the doorway. In this case, you need to bring up your Windows in Safe Mode to run the RegEdit. Sometimes, you need to login the Administrator account. Therefore, make sure you know your Administrator account's password when you own the new computer.

Microsoft System Configuration Utility MSConfig.exe keeps entries of Start-Up programs. Besides that, System Registry has Run, RunOnce and RunOnceEx entry nodes to manage which program can run while Windows is starting.

First, you should check any starting programs inside the HEKY_LOCAL_MACHINE.

Go down to the node in HEKY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion, then look for program entry inside the Run, RunOnce and RunOnceEX. If you find something you don't know, then you type the program name .exe name into the following Search box to find out what's that. If the .exe name is the virus or spyware, then you can delete it.
It's same that you need to check any starting program inside the HEKY_CURRENT_USER.


Go down to the node in HEKY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion, then look for unwanted .exe programs inside the Run, RunOnce and RunOnceEX. If you find something, then delete them.

Some virus will restore the entry later or reboot, even you delete the entry from System Registry Editor. Those virus needs special tools to kill them.