Regedit stuff

Z

zophas

Expert Member
Joined
Mar 31, 2008
Messages
1,261
Reaction score
745
Location
Primrose, Gauteng.
A friends computer had the registry editor disabled (NoRegedit = 1) by a trojan. I needed to get into the registry to repair some other damage. So I used HijackThis to enable the registry editor. After the repairs, I wondered how I would have enabled regedit if I did not have HijackThis. Could I have used a .reg file with the correct keys and values to do this?
 
I've never really done it that way. Quite a few AV products, especially anti-trojan software fix the registry automatically and will do it a hell of alot quicker than playing around with reg files.

Depending on what virus you have, I've found Trojanhunter and Regrun are pretty good at fixing those things although Regrun can be a bit painfull at times.
 
MeNeZ said:
I've never really done it that way. Quite a few AV products, especially anti-trojan software fix the registry automatically and will do it a hell of alot quicker than playing around with reg files.
Depending on what virus you have, I've found Trojanhunter and Regrun are pretty good at fixing those things although Regrun can be a bit painfull at times.
Click to expand...

It can be very hard to restore some of the damage manually. It is best left for the AV to do as part of it's cleanup job.
 
zophas said:
A friends computer had the registry editor disabled (NoRegedit = 1) by a trojan. I needed to get into the registry to repair some other damage. So I used HijackThis to enable the registry editor. After the repairs, I wondered how I would have enabled regedit if I did not have HijackThis. Could I have used a .reg file with the correct keys and values to do this?
Click to expand...

Yep,or u could even manually input the keys in a run command,cba to remember how that worked but yes there are ways :)
 
There's more than one way :

http://wiki.answers.com/Q/How_do_yo...if_it_has_been_disabled_by_your_administrator

Answer

Good answer! I was able to fix it by using the tool by norton.

If you have Windows XP Professional and access to an administrative user account, you could change the registry editor options in the Group Policy Editor.

1. Click Start, Run
2. Type GPEDIT.MSC and Press Enter
3. Go to the following location

* User Configuration
* Administrative Templates
* System
4. In the Settings Window, find the option for "Prevent Access to Registry Editing Tools" and double-click on it to change.
5. Select Disabled or Not Configured and choose OK
6. Close the Group Policy Editor and restart your computer
7. Try opening REGEDIT again

Answer

Why did your administrator disable Registry Editing in the first place? Was there a reason he did this? Or was it merely an oversight? If there is a reason he did it, it would be irresponsible for anyone to tell you how to re-enable the feature. However, if it was just an oversight - like he disabled it then forget to enable it again - just ask your admin to fix it.

Answer

I found a way to get into the registry editor if its been disabled, heres how you do it:

1. Disable as much as you can from your startup. Remove programs from your startup folder and such, so as not to lag down the bootup process.

2.Create a new shortcut on your desktop, point it to "C:\Windows\regedit.exe"

3.Log off, then log back on

4.As soon as you see your desktop, double click on the shortcut. The system does not check for policies until a few seconds after it booted up. If you click on the icon fast enough, it should let you get in.

After that, do all you need. After you close it though, it will not open unless you redo step 3 and 4.

Answer

I found one vbs script to enable the registry editing. and below is the link.

www.dougknox.com/security/scripts_desc/regtools.htm

HaXxOr Simple

The way to get into registry editing is simple. Open your start menu click Run and paste in the folowing command: REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f

(note that if there's a space in the words from HKCU to \System in the bolded line, it must be left out)
Click to expand...
 
Last edited:
Thanks for the replies, all. So nice when one can expand our knowledge of these beasts that many of us seem (I for one):)addicted to.
 
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f
Click to expand...
Aha thems the one
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X