When unwanted software or malware is activated on your computer, it usually never misses to modify entries in the Windows Registry Editor – the hierarchical database of Windows Operating Systems which stores configurations and options. Unwanted software can have a small impact on Windows, such as changing the appearance of the wallpaper screensaver or adding new buttons in drop-down menus. But it can also have a heavier influence on the system and disrupt its normal functioning.
Image Source: Thewindowsclub.com
This is why its modification, backup and clean-up might be a very crucial and in the same time tricky process. In this article we aim to show you the simplest way to revert the default permissions in your Windows Registries and stop all after-effects caused by unwanted applications or malware.
What Is Windows Registry Editor and How Does It Work
Windows Registry Editor contains all configuration options in your operating system. The editor contains Keys, Values and data in them. The path in the Editor is very similar to any other Windows directory, containing “/” navigational sign.
Here are the most frequently used registry keys when you open the Windows Registry Editor:
- HKEY_LOCAL_MACHINE or HKLM
- HKEY_CLASSES_ROOT or HKCR
- HKEY_USERS or HKU
- HKEY_CURRENT_USER or HKCU
If a malicious process has set a module, called “virus.exe” in the %AllUsers% profile directory, the registry entry may look like the following example:
→HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\”cssys” = “%AllUsers%\virus.exe”
Where the “%AllUsers%\virus.exe” set as a different type of value:
- String Value
- DWORD Value (32 bit)
- QWORD Value (64 bit)
- Multi-String Value
- Expandable String Value
Every type of value is created to perform a function that varies from the other. Malware can create new values for its files or modify your current Windows Values.
Before We Begin
In case you are looking forward to remove malware from your registry, bear in mind that you should first clean the malware from your computer. Attempting to clean the registries without getting rid of any viruses that create and modify them is NOT recommended. For best results, we advise to use an advanced anti-malware tool with malicious registry entries detection abilities.
Spy Hunter scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the anti-malware tool.Find Out More About SpyHunter Anti-Malware Tool / How to Uninstall SpyHunter
How to Fix the Windows Registry by Resetting Permissions
In order to restore the permissions that may have been modified by malware in your Windows Registry back to the way they were, you need to follow these simple steps:
Step 1: Backup the Data on Your Computer Before Starting to Clean up the Registry.
Before beginning to modify the Windows Registry, it is important to take into consideration what impact it may have on your PC, especially if it is infected. This is why you should backup your data. You can use external drives such as USB, Memory Stick, etc. Additionally, you may use a cloud service or perform a Windows Backup in Control Panel:
Step 2: Backup the Data of Your Current Windows Registry Entries.
Substep 1: Open the Run window by pressing +R.
Substep 2: In it, type “regedit”.
Substep 3: The Registry Editor will appear. In it, click on the File drop-down menu, located on the top left corner.
Substep 4: From the File menu, choose Export.
Substep 5: Choose a place to export the backup and name it as you wish. For this example we named it “justincase.reg”.
Step 3: Download and Install SubInACL from Microsoft’s Website to Reset Registry Permissions
Substep 1: Download SubInACL.
Substep 2: Install SuInACL in its default directory.
Step 4: Create a Registry Fixing Script.
Substep 1: Right-click on a blank space of your desktop somewhere and choose New > Text Document to create a .txt file.
Substep 2: Open the text document and in it paste the following script:
subinacl /subkeyreg HKEY_LOCAL_MACHINE /setowner=Administrators
subinacl /subkeyreg HKEY_CURRENT_USER /setowner=Administrators
subinacl /subkeyreg HKEY_CLASSES_ROOT /setowner=Administrators
subinacl /subdirectories %SystemDrive% /setowner=Administrators
subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=system=f
subinacl /subkeyreg HKEY_CURRENT_USER /grant=system=f
subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=system=f
subinacl /subdirectories %SystemDrive% /grant=system=f
Save the file as a .bat file by clicking on File > Save As… and from the window that will appear instead of Text Documents(*.txt) choose All Files. Then in name type “fix.bat” and save it in “C:\Program files\Windows Resource Kits\Tools”.
Step 5: Clean up Your Registries.
Substep 1: Open the Command prompt by searching it in the Start menu. After you find it, right-click on it and choose Run as Administrator:
Substep 2: In the Command prompt window type one of those two commands, depending on where your “Windows Resource Kits” folder is located:
→ cd “C:\Program Files\Windows Resource Kits\Tools” or
cd “C:\Program Files (x86)\Windows Resource Kits\Tools”
For this situation it was (x86).Then, you should see the following:
Now type fix.bat and press Enter.
After the cleanup is complete, you should see a report saying how many registries have failed or contained syntax errors. All of your registry permissions should be restored back to normal.
Conclusion about Windows Registry Permissions Reset
It is important to clean up the Windows Registry not only when you have malware, but also when you see unwanted programs on your computer. A cleaning will revert any modified settings and may make your computer a little safer. We recommend you to do it on a regular basis, especially if you have been using your operating system for quite a while. It is also advisable to download and install an advanced anti-malware software, since it aims to protect your Windows Registry from being altered by malware or other potentially unwanted programs.