Fix Windows Registry Errors Caused by Malware - How to, Technology and PC Security Forum | SensorsTechForum.com

Fix Windows Registry Errors Caused by Malware

windows-registry-defragWhen unwanted software or malware is activated on your computer, it usually never misses to modify entries in the Windows Registry Editor – the hierarchical database of Windows Operating Systems which stores configurations and options. Unwanted software can have a small impact on Windows, such as changing the appearance of the wallpaper screensaver or adding new buttons in drop-down menus. But it can also have a heavier influence on the system and disrupt its normal functioning.

Image Source: Thewindowsclub.com

This is why its modification, backup and clean-up might be a very crucial and in the same time tricky process. In this article we aim to show you the simplest way to revert the default permissions in your Windows Registries and stop all after-effects caused by unwanted applications or malware.

What Is Windows Registry Editor and How Does It Work

Windows Registry Editor contains all configuration options in your operating system. The editor contains Keys, Values and data in them. The path in the Editor is very similar to any other Windows directory, containing “/” navigational sign.

Here are the most frequently used registry keys when you open the Windows Registry Editor:

  • HKEY_LOCAL_MACHINE or HKLM
  • HKEY_CLASSES_ROOT or HKCR
  • HKEY_USERS or HKU
  • HKEY_CURRENT_USER or HKCU

If a malicious process has set a module, called “virus.exe” in the %AllUsers% profile directory, the registry entry may look like the following example:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\”cssys” = “%AllUsers%\virus.exe”

Where the “%AllUsers%\virus.exe” set as a different type of value:

  • String Value
  • DWORD Value (32 bit)
  • QWORD Value (64 bit)
  • Multi-String Value
  • Expandable String Value

Every type of value is created to perform a function that varies from the other. Malware can create new values for its files or modify your current Windows Values.

Before We Begin

In case you are looking forward to remove malware from your registry, bear in mind that you should first clean the malware from your computer. Attempting to clean the registries without getting rid of any viruses that create and modify them is NOT recommended. For best results, we advise to use an advanced anti-malware tool with malicious registry entries detection abilities.

Download

Malware Removal Tool


Spy Hunter scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the anti-malware tool.Find Out More About SpyHunter Anti-Malware Tool / How to Uninstall SpyHunter

How to Fix the Windows Registry by Resetting Permissions

In order to restore the permissions that may have been modified by malware in your Windows Registry back to the way they were, you need to follow these simple steps:

Step 1: Backup the Data on Your Computer Before Starting to Clean up the Registry.

Before beginning to modify the Windows Registry, it is important to take into consideration what impact it may have on your PC, especially if it is infected. This is why you should backup your data. You can use external drives such as USB, Memory Stick, etc. Additionally, you may use a cloud service or perform a Windows Backup in Control Panel:

backup

Step 2: Backup the Data of Your Current Windows Registry Entries.

Substep 1: Open the Run window by pressing +R.
Substep 2: In it, type “regedit”.
ss1
Substep 3: The Registry Editor will appear. In it, click on the File drop-down menu, located on the top left corner.
Substep 4: From the File menu, choose Export.

ss2

Substep 5: Choose a place to export the backup and name it as you wish. For this example we named it “justincase.reg”.

ss5

Step 3: Download and Install SubInACL from Microsoft’s Website to Reset Registry Permissions

Substep 1: Download SubInACL.

Microsoft Download Link for SubInACL

Substep 2: Install SuInACL in its default directory.

s1

Step 4: Create a Registry Fixing Script.

Substep 1: Right-click on a blank space of your desktop somewhere and choose New > Text Document to create a .txt file.
Substep 2: Open the text document and in it paste the following script:

subinacl /subkeyreg HKEY_LOCAL_MACHINE /setowner=Administrators
subinacl /subkeyreg HKEY_CURRENT_USER /setowner=Administrators
subinacl /subkeyreg HKEY_CLASSES_ROOT /setowner=Administrators
subinacl /subdirectories %SystemDrive% /setowner=Administrators

subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=system=f
subinacl /subkeyreg HKEY_CURRENT_USER /grant=system=f
subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=system=f
subinacl /subdirectories %SystemDrive% /grant=system=f

ss22

Save the file as a .bat file by clicking on File > Save As… and from the window that will appear instead of Text Documents(*.txt) choose All Files. Then in name type “fix.bat” and save it in “C:\Program files\Windows Resource Kits\Tools”.

Step 5: Clean up Your Registries.

Substep 1: Open the Command prompt by searching it in the Start menu. After you find it, right-click on it and choose Run as Administrator:

runasadmin

Substep 2: In the Command prompt window type one of those two commands, depending on where your “Windows Resource Kits” folder is located:

→ cd “C:\Program Files\Windows Resource Kits\Tools” or
cd “C:\Program Files (x86)\Windows Resource Kits\Tools”

For this situation it was (x86).Then, you should see the following:

sss2

Now type fix.bat and press Enter.

ssss3

After the cleanup is complete, you should see a report saying how many registries have failed or contained syntax errors. All of your registry permissions should be restored back to normal.

Conclusion about Windows Registry Permissions Reset

It is important to clean up the Windows Registry not only when you have malware, but also when you see unwanted programs on your computer. A cleaning will revert any modified settings and may make your computer a little safer. We recommend you to do it on a regular basis, especially if you have been using your operating system for quite a while. It is also advisable to download and install an advanced anti-malware software, since it aims to protect your Windows Registry from being altered by malware or other potentially unwanted programs.

Vencislav Krustev

A network administrator and malware researcher at SensorsTechForum with passion for discovery of new shifts and innovations in cyber security. Strong believer in basic education of every user towards online safety.

More Posts - Website

8 Comments

  1. Shubham Jain

    How much time does it take to finish running the fix.bat?
    Looks like forever…

    Reply
    1. Vencislav Krustev

      It will finish it, depending on your PC. For me, it took 15 minutes and I am running a mobile i7 processor dual-core. I am sorry for the late reply!

      Reply
  2. 羚羊奕

    I can’t save the fix.bat at the location. It says no permission to save in this location, but I am an administrator for my computer :/
    Help pls!!

    Reply
    1. Vencislav Krustev

      hello, try performing this process in Safe Mode with Networking. You can enter Safe Mode by doing the following:

      Press WIN button + R.
      In the box type msconfig and press OK
      Click on the Boot tab.
      Tick Safe Boot and then choose Network underneath it.

      Reply
  3. Shray Mehta

    Awesome dude. thanks a ton.
    for posting this here. I find this page through googling up and came to this page and its worked for me. Keep posting it dude this will help a lot. Thanks once again.

    Reply
    1. Vencislav Krustev

      Welcome, bro 🙂

      Reply
  4. Shray Mehta

    Sorry forgot to share the process with you while posting earlier post.
    the cleaning process is going on it modified 1.10 lakh reg. files and yet not received any failed reg. message. and the process is still going on while posting this.

    Reply
    1. Vencislav Krustev

      Good news for you so far, then 😉

      Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.