Home > HOW TO GUIDES > Fix (Repair) Windows Registry Errors Caused by Malware
HOW TO

Fix (Repair) Windows Registry Errors Caused by Malware

Fix Registry Errors Caused by Malware

When unwanted software or malware is activated on your computer, it usually never misses to modify entries in the Windows Registry Editor – the hierarchical database of Windows Operating Systems which stores configurations and options. Unwanted software can have a small impact on Windows, such as changing the appearance of the wallpaper screensaver or adding new buttons in drop-down menus. But it can also have a heavier influence on the system and disrupt its normal functioning.

This is why its modification, backup, and clean-up might be a very crucial and at the same time tricky process. In this article, we will show you the most efficient way to revert the default permissions in your Windows Registries and stop all after-effects caused by unwanted applications or malware.

What Is the Windows Registry Editor and How Does It Work?

Windows Registry Editor contains all configuration options in your operating system. The editor contains Keys, Values, and data in them. The path in the Editor is very similar to any other Windows directory, containing “/” navigational sign.

Here are the most frequently used registry keys when you open the Windows Registry Editor:

  • HKEY_LOCAL_MACHINE or HKLM
  • HKEY_CLASSES_ROOT or HKCR
  • HKEY_USERS or HKU
  • HKEY_CURRENT_USER or HKCU

If a malicious process has set a module, called “virus.exe in the %AllUsers% profile directory, the registry entry may look like the following example:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\”cssys” = “%AllUsers%\virus.exe”

Where the “%AllUsers%\virus.exe” set as a different type of value:

  • String Value
  • DWORD Value (32 bit)
  • QWORD Value (64 bit)
  • Multi-String Value
  • Expandable String Value

Every type of value is created to perform a function that varies from the other. Malware can create new values for its files or modify your current Windows Values.

Before We Begin

In case you are looking forward to removing malware from your registry, bear in mind that you should first clean the malware from your computer. Attempting to clean the registries without getting rid of any viruses that create and modify them is NOT recommended. For best results, we advise using an advanced anti-malware tool with malicious registry entries detection abilities.

Download

Malware Removal Tool


Spy Hunter scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the anti-malware tool.Find Out More About SpyHunter Anti-Malware Tool / How to Uninstall SpyHunter

How to Fix the Windows Registry by Resetting Permissions

In order to restore the permissions that may have been modified by malware in your Windows Registry back to the way they were, you need to follow these simple steps:

Step 1: Backup the Data on Your Computer Before Starting to Clean up the Registry.

Before beginning to modify the Windows Registry, it is important to take into consideration what impact it may have on your PC, especially if it is infected. This is why you should backup your data. You can use external drives such as USB, Memory Stick, etc. Additionally, you may use a cloud service or perform a Windows Backup in Control Panel:

backup

Step 2: Backup the Data of Your Current Windows Registry Entries.

Substep 1: Open the Run window by pressing +R.
Substep 2: In it, type “regedit”.
ss1
Substep 3: The Registry Editor will appear. In it, click on the File drop-down menu, located on the top left corner.
Substep 4: From the File menu, choose Export.

ss2

Substep 5: Choose a place to export the backup and name it as you wish. For this example we named it “justincase.reg”.

ss5

Step 3: Download and Install SubInACL from Microsoft’s Website to Reset Registry Permissions

Substep 1: Go search for SubInACL and download it. Your best choice will be the official Microsoft website.

Substep 2: Install SuInACL in its default directory.

s1

Step 4: Create a Registry Fixing Script.

Substep 1: Right-click on a blank space of your desktop somewhere and choose New > Text Document to create a .txt file.
Substep 2: Open the text document and in it paste the following script:

subinacl /subkeyreg HKEY_LOCAL_MACHINE /setowner=Administrators
subinacl /subkeyreg HKEY_CURRENT_USER /setowner=Administrators
subinacl /subkeyreg HKEY_CLASSES_ROOT /setowner=Administrators
subinacl /subdirectories %SystemDrive% /setowner=Administrators

subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=system=f
subinacl /subkeyreg HKEY_CURRENT_USER /grant=system=f
subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=system=f
subinacl /subdirectories %SystemDrive% /grant=system=f

ss22

Save the file as a .bat file by clicking on File > Save As… and from the window that will appear instead of Text Documents(*.txt) choose All Files. Then in name type “fix.bat” and save it in “C:\Program files\Windows Resource Kits\Tools”.

Step 5: Clean up Your Registries.

Substep 1: Open the Command prompt by searching it in the Start menu. After you find it, right-click on it and choose Run as Administrator:

runasadmin

Substep 2: In the Command prompt window type one of those two commands, depending on where your “Windows Resource Kits” folder is located:

→ cd “C:\Program Files\Windows Resource Kits\Tools” or
cd “C:\Program Files (x86)\Windows Resource Kits\Tools”

For this situation it was (x86).Then, you should see the following:

sss2

Now type fix.bat and press Enter.

ssss3

After the cleanup is complete, you should see a report saying how many registries have failed or contained syntax errors. All of your registry permissions should be restored back to normal.

Conclusion about Windows Registry Permissions Reset

It is important to clean up the Windows Registry not only when you have malware, but also when you see unwanted programs on your computer. A cleaning will revert any modified settings and may make your computer a little safer. We recommend you to do it on a regular basis, especially if you have been using your operating system for quite a while. It is also advisable to download and install an advanced anti-malware software, since it aims to protect your Windows Registry from being altered by malware or other potentially unwanted programs.

Ventsislav Krastev

Ventsislav is a cybersecurity expert at SensorsTechForum since 2015. He has been researching, covering, helping victims with the latest malware infections plus testing and reviewing software and the newest tech developments. Having graduated Marketing as well, Ventsislav also has passion for learning new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management, Network Administration and Computer Administration of System Applications, he found his true calling within the cybersecrurity industry and is a strong believer in the education of every user towards online safety and security.

More Posts - Website

Follow Me:
Twitter

10 Comments
  1. Shubham Jain

    How much time does it take to finish running the fix.bat?
    Looks like forever…

    Reply
    1. Vencislav Krustev

      It will finish it, depending on your PC. For me, it took 15 minutes and I am running a mobile i7 processor dual-core. I am sorry for the late reply!

      Reply
  2. 羚羊奕

    I can’t save the fix.bat at the location. It says no permission to save in this location, but I am an administrator for my computer :/
    Help pls!!

    Reply
    1. Vencislav Krustev

      hello, try performing this process in Safe Mode with Networking. You can enter Safe Mode by doing the following:

      Press WIN button + R.
      In the box type msconfig and press OK
      Click on the Boot tab.
      Tick Safe Boot and then choose Network underneath it.

      Reply
  3. Shray Mehta

    Awesome dude. thanks a ton.
    for posting this here. I find this page through googling up and came to this page and its worked for me. Keep posting it dude this will help a lot. Thanks once again.

    Reply
    1. Vencislav Krustev

      Welcome, bro :)

      Reply
  4. Shray Mehta

    Sorry forgot to share the process with you while posting earlier post.
    the cleaning process is going on it modified 1.10 lakh reg. files and yet not received any failed reg. message. and the process is still going on while posting this.

    Reply
    1. Vencislav Krustev

      Good news for you so far, then ;)

      Reply
  5. Arslan sajid

    I can’t run the fix.bat file in the cmd prompt.all the steps were as same as you told
    But it says that the following isn’t a windows command or abatch file.
    Help pla

    Reply
  6. Ginger

    I can’t even access my network. Now what?

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree