How to Remove Registry Entries
What is the Registry?
The Windows registry is a central hierarchical collection of software, hardware and user settings that are present in your machine. It is used in Microsoft Windows 9x, Windows CE, Windows NT, Windows 2000, Windows Millennium, Windows XP and Windows Vista. Although the Registry is common to several Windows operating systems, there are some differences among them. The registry plays a very important role in your computer’s operating system, for example, by allowing Windows to start and ensuring the stability of the entire system.
When the user makes any modifications to Control Panel settings, file associations, system policies and installed software, all these changes are reflected and stocked up in the registry. The Registry replaces most of the text-based .ini files used in Windows 3.x and MS-DOS configuration files, such as the Autoexec.bat and Config.sys.
Why is it important to remove malicious registry entries?
The majority of all hazardous parasites, especially Trojans, browser hijackers, spyware and adware threats have the ability to change the Windows registry. The malicious programs usually add various registry entries, generate new keys and modify default values. That’s why it is important to learn how to remove malicious registry entries so you can quickly detect and remove deep-seated infections. Invalid registry entries may cause a serious harm, and they may be a reason of sluggish performance of your PC as well.
Remove Spyware Registry Entries Manually
Warning: Removing spyware registry entries is difficult and risky. If you delete the wrong file, your computer may crash and important data may be lost. As a precautionary measure, please back up important files and set a System Restore point (click Start > All Programs > Accessories > System Tools > System Restore, and follow the on-screen instructions) or run a spyware check with a trusted anti-spyware program to automatically detect spyware.
Follow the steps below to manually remove registry entries:
- To open the Registry Editor, press the “Start” button and then choose the option “Run”. In the “Open” field, type “regedit” and click the “OK” button.
- The Registry Editor has two panes. The left pane is to navigate on certain registry keys and the right pane is to see values of selected keys.
- To edit the value, right-click on it and select the “Modify” option.
- You can also double-click on the value with your left mouse button. Another option is to use the “Edit” menu, where you type in the chosen value in the window and click the “OK” button. You can do the same with any other value or registry key.
- Follow the same steps as just described to delete the value or the registry key. On this step, you will have to select the “Delete” option. If you get a list of results, you may want to plug them into the Web before you delete them, just to be sure you’re erasing malware-related keys.
- To add a new registry key or a new value, click on the “Edit” menu. Then, select option “New” and select a type for the entry.
- To export any key or value from the registry to the defined file, right-click on the object and select “Export” from the menu.
- Enter a file name and save the exported registry files as a .reg extension.
- It is also possible to import a certain value or a key. Click on the “File” menu and choose “Import”. Then, select the objects that you want to import.
- Close the registry editor and reboot your computer. If something appears wrong after you change the registry, you can restore the registry from the backup you’ve created.
October 16th, 2007 at 2:04 am
thank you for the help.
October 31st, 2007 at 4:20 am
happy with the solution
December 22nd, 2007 at 12:02 am
When I tried to delete the registry entries usign the method as described above, I received the following error message: Unable to delete all specified values. What should I do?
Grateful for a reply.
December 22nd, 2007 at 11:01 am
Assumpta Shek,
Many parasites are mutating and the information may be old or not accurate anymore. You should scan your computer with our free scanner to find the infected files. Our free scanner won’t remove the infection, but it will show the locations of the infected files.
December 27th, 2007 at 6:12 am
Hello,
After the free scanner finishes the scan, how would I remove the infected files?
December 27th, 2007 at 11:19 am
Lolly,
After scanning your computer with free scanner, you’ll also see the locations of the infected files. So you can follow our manual removal instructions and remove the infected files manually. It’s better to boot your computer in Safe Mode while removing the infected files. Good Luck.
December 27th, 2007 at 9:54 pm
Thank you!
January 1st, 2008 at 3:10 pm
Hi there,
I am trying to delete all the registry entries related to cmdservice. it all went fine until HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_cmdservice. For some reason i am not allowed to change or delete this. Anyone knows what to do?
Best Regards,
Peter
January 2nd, 2008 at 11:22 am
peter,
It is not so important to delete these registry entries. The most important is to remove the files which are acociated with these entries. I advise you to use our free scanner or other free anti-spyware software to scan your computer and see what these programs will find. And if they will find any infected files or registry entries, try to remove them manually.
January 2nd, 2008 at 2:43 pm
thank you.
January 5th, 2008 at 11:55 pm
when i try to delete one infetced file an error message comes up saying the file cant be deleted because it is in use.
January 7th, 2008 at 10:03 am
jon,
Try to boot your computer in Safe Mode. This should let you delete the infected file.
January 28th, 2008 at 1:09 pm
I followed these directions to delete a registry value and then exited the registry. when I re-edit the registry that old value is still there; it did not delete. any suggestions on how to delete it ?
January 28th, 2008 at 2:20 pm
statsman58,
In most cases parasites regenerate their registry values. So you need to remove these files, which are responsible for this regeneration. Scan your computer with our free SpyHunter scanner and it will show you the infected files and their locations. After scan, boot your computer in Safe Mode and remove these files manually.
February 19th, 2008 at 12:44 am
could you give some indication or example of an inappropriate registry that would be associated with seekmo, 180solutions, or vundo? or maybe where to find such information? Why does your program know exactly which files? Did someone sit and figure it out for 30 hours, and simply record the files to look for into a list? Or is there some functionality to the program that allows for it to actively recognize and associate one file with another suspected file?
February 19th, 2008 at 7:02 pm
jeff,
There are no guarantees that you will find any anti-spyware program that can detect and remove all the parasites on the Web because parasites are changing and creating new files. So the most important thing for anti-spyware programs is not only the detection removal mechanism, but the research and support team that it provides.
Our spyware research team actively researches to identify potential spyware threats. They’re watching new spyware threats, analyzing them and identifying their files. Our spyware research team also closely monitors existing threats to watch how they mutate and to make sure that their signature profiles are updated to the latest version.
The results of every research are included to SpyHunter. It is nearly impossible to get all the parasites from the web. This is why the support team exists, from which customers may get a custom solution for removal of spyware threats.
April 11th, 2008 at 1:39 pm
the best procedure to remove Trojan.Win32.Obfuscated.gx
April 29th, 2008 at 12:30 pm
i cant get the thing to open
June 21st, 2008 at 4:33 pm
trying to find if I can go thru registry and programs I have installed have wierd names in registry. Would like to rename them.
example
a12jfu6as is registry key name
would like to safely say *example*
downloadmanager
have xp pro.
Much thanks for a great site :):)
July 25th, 2008 at 12:49 am
i’m having problems removing anti spy check from my computer. The registry files aren’t there. Any ideas?
September 5th, 2008 at 10:21 am
I am grateful to your website, since my computer has been infected with antivirusdoc, and I can’t remove it; it pops up everytime I do anything. I followed your instructions about going to REGEDIT, and did all the steps, but when I got to UNINSTALL, I couldn’t find AntivirusDoc. At the moment, I’m on your second web page, so can’t exactly remember where AntivirusDoc was supposed to be. But I did do all the steps. HELP!!!
September 28th, 2008 at 3:03 am
please help me to remove the zlob.trojan it is present in the registry.
September 30th, 2008 at 5:51 pm
I have just been infected with the Trojan.Downloader.Agent.ahba virus. When using the regedit to remove this it automatically closes this application. I have the location but can’t get to it using the regedit tool…any suggestions?
Thanks!
October 2nd, 2008 at 9:40 pm
Shalom,
I cannot find the xppubwiz.reg from the registry, what can i do?
October 14th, 2008 at 9:33 am
I was infected with the mr.exe trojan. How do I go about removing this from the computer? Any suggestions would be greatly appreciated.
October 21st, 2008 at 3:30 am
Hello. My anti virus detected something called W32.Huhk.A and what happened was it detected it in the registry entries of Windows XP and whenever I tried to remove it using the anti virus, my computer would go blank after starting up, like the task bar and start menu are not present, and I cannot right click anywhere, so I would usually end up repairing Windows. Does anybody have any idea what is going on? A response is appreciated. Thanks/
October 24th, 2008 at 5:53 am
Good
October 28th, 2008 at 9:18 am
I have been a PC user for about 25 years. I like to understand as much as possible about the machine, but I must admit that I don’t know much about the Registry. I was following your instructions trying to rid my computer of RelevantKnowledge. I noticed that there are literally thousands of entries in the Registry. By some of the names, I know that I did not have anything to do with their being there. To give you one example, there were 76 entries fiting the pattern “gay*.*. Now, I assure you I have never been on a site that fit that description. This is only one example, there were worse examples. How did they get there and how do I get them off? And more importantly, How do I prevent this from happening again?
Thanks for any help you can give.
November 9th, 2008 at 4:32 pm
Elaine. I would recommend searching for files created/modified on or around same day that your infected file was created. Then I would examine closely those files found near or on that same day. Most likely if they have same time stamp…they could be related. There could be another file that is meant to re-create a registry entry if deleted…like in windows registry “run” folder which is where all your windows startup files are. Also because of this…it could be eating your memory at startup, not allowing windows to fully become functional until it is done doing what it does. Hope this helps at least somewhat. Good luck.
December 17th, 2008 at 11:25 am
thanks a lot
December 30th, 2008 at 9:19 pm
need to get the system security thing off from my computer
January 2nd, 2009 at 3:42 pm
please help me to remove the zlob.trojan it is present in the registry,also I have Trojen Virtumonde (vundo) (ms juan)
January 15th, 2009 at 9:51 pm
Hello everyone When I turn on my computer, my desktop show up for a few seconds, then it disappears and the only thing left is my background picture. explorer.exe keeps crashing and restarting even upon killing the process in task manager. Howver every few seconds it disappears again.
No programs recently installed
p.s if i do the above procedure in safe mode it does the same thing the only thing diffrent from above is that once I click the you are running in safe mode button desktop appears then disappears again.
This causes me to be unable to run spywarehunter becasue something is killing the windows explorer process
March 7th, 2009 at 1:19 am
thanks , good solution and explanation
March 8th, 2009 at 1:16 pm
…So i used spyhunter to locate infected files and found 6 registry keys- four of which are CLSID/{EC43E3FD-…
and i followed the above directions but the file names [nomifeyi and todomeko] continue to alternate. Please help! i’m not sure how to solve this…
March 25th, 2009 at 4:40 pm
when i find the program and dlelt it i scan my computer again and it says its still there
April 9th, 2009 at 3:02 pm
so i’ve got MS AntiSpyware2009 stuck on my machine. I had just removed antivirus 360 a couple months ago and everything went great. This time though i’m haveing a little trouble trying to get into the regedit. Every time i try to run it, it says:Reggistry editor has been diabled by your administrator. What is that about, if anyone can help me get through this just send me an email at joshuagonnoud@yahoo, it would be a great help.
April 13th, 2009 at 4:02 am
Hello,
My PC is infected by the trojan dropper/rs32Net.Process. May you help to remove this trojan? Will appreciate email to me direct.
Thanks
OYSP
April 26th, 2009 at 10:18 pm
I scanned my computer through SpyHunter 3 Security Suite and found a number of infected files. I was able to locate most of them and delete them from the computer however, I have 3 that keep showing up all under the HKCU folder which I cannot locate anywhere on the computer. I tried looking for MS Antispyware 2009, but that does not bring up anything either. Anybody know where this is located and jow I can delete these files? Here is a list of the files that need to be removed.
HKCU\Software\LastSun Ltd\AV Antispyware
HKCU\Software\LastSun Ltd\AV Antispyware\1.8
HKCU\Software\Microsoft\Windows\Current Version\Drivers\Video\Options\4e8d9ebf-122c-42bd-a8cb-7e59c9cc08ba
May 22nd, 2009 at 3:50 am
hello everybody…..
please help… i have accidentally “personal antivirus” in my computer….which infact is also a virus.. i tried to follow the steps of “removal of personal antivirus” however, my task manager is block… i don’t know what to do… im so worried about my files…. please help…..
what should i do? i will be very grateful if i could solve this. uhuhuhuhuhu!
May 25th, 2009 at 1:48 am
please give me instrusction on how to delete this trojan on my internet explorer.everytime i open a website, i am being prevented by the virus to explore further.the website i am visiting is being blocked by the virus.i need more help.thanks and more power to all of u.
June 13th, 2009 at 9:49 pm
Hi. I am attempting to delete a registry entry for which the file has already been deleted. Each time I delete the registry entry (HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run …) it reappears — I search the registry immediately after deleting the key and it is back! I have even rebooted after deletion and I get the ol’ Error loading [application represented by the registry entry] error dialog.
Anyone have any ideas?
Thank you.