How to check the registry for viruses

The registry stores viruses - clean it!

Good day, friends. I write a lot about fighting with different malicious programs that block system startup, slow down the computer, display ads in browsers. But removing infected files and processes is just the tip of the iceberg. You need to perform a deeper scan. Want to know how to check the registry for viruses? This article is completely dedicated to this topic.

What is a registry?

It’s a kind of database that contains an array of attributes and values responsible for the configuration of Windows and installed applications. Also, information about user accounts is stored there.

When you uninstall software, traces remain in the registry. In this article about PC optimization I wrote about this. For example, after uninstalling the graphic editor Photoshop I found some “junk”:

And after using the adware virus scanning utility Anti-Malware (from Malwarebytes) found a lot of keys that had to be cleaned manually:

Traces of Anti Malware in the registry

Imagine how much of this kind of “junk” can accumulate in a month or a year. And it all slows down the system, consuming the resources of your PC.

Have you ever wondered why Microsoft has not created its own tool for scanning the registry for errors?

Good thing there is a utility called “regedit” where you can look for unused entries and remove them yourself. It’s also a very effective way to detect viruses (or rather the consequences of their activity).

Actually, the registry can’t contain Trojans and other malicious scripts, but it can store modified entries that affect system performance. Viruses can affect autoloading, process execution, etc. This needs to be dealt with, don’t you agree?

Where to start?

We will definitely come back to the registry. First, I will briefly remind you what you should do if you find an “infection”. Read about the symptoms and symptoms in this article.

Full system scan

For this purpose I will use various protection software. KIS (Internet Security from Kaspersky Lab) is the best. This is a comprehensive tool, which I do not want to praise now. Its benefits are well known.

If you do not want to pay money for a quality scan, as an alternative I would recommend Download the latest version of Cure It!.

After launching, be sure to select all the objects to be scanned:

Scan flash drive with CureIt

Of course, this method does not give a 100% guarantee of success, but most of the threats will be removed. All that remains is to disarm them and restart your computer.

If after the above steps (scanning with antivirus nod32 or any other similar software) PC behavior still remains mysterious, you should perform a configuration database cleanup.

Different applications can handle this task. But if you do not want to install “voracious” complex utilities, it will be enough to download and run the program CCleaner.

I have been using this software for over five years because of its simplicity and ease of use. Sometimes I test other products of the same type, but in the end I come back to this optimizer.

  • After opening it, go to the Registry tab (on the left), then click the “Search…” button:
Registry tab of CCleaner
  • This will display a list of errors. It turned out to be small for me, as I check it almost daily. You may have a few hundred items if you have never cleaned it.
CCleaner Registry window Fix button
  • After clicking on “Fix…”, a window appears suggesting that you create a backup before cleaning. Agree and specify the saving path:
Registry copy creation window in CCleaner
  • A file with the extension “reg” will be created which, in case of errors after cleaning, will help you restore the successful configuration.
  • Now select “Fix Marked” in the window that will open:
Registry error window

That’s it. The registry is cleaned. The errors have been eliminated.

Manual scan

Even the best Kaspersky antivirus cannot eliminate all consequences of viruses. You will need to work with your hands and head. Ahead is a fascinating journey into the world of Registry Editor.

This program is very easy to run. It is sufficient to type in the console “Run” (Win + R) the following command:

Regedit .

You are solely responsible for further actions! I will suggest a universal way, but each situation is individual and requires a special approach and extra care!

If in doubt, be sure to ask me questions or search for answers through search engines.

I will show you an example of a problem I had not so long ago. I managed to eliminate a virus that was running from the Windows \AppPatch folder with the file “hsgpxjt.exe”. Dr. Web helped to solve the problem, but after starting the PC again, an error window appeared on the screen.

Everything indicated that traces of this script remained in the registry (autorun section). Frankly speaking, CCleaner did not help (alas, it is not all-powerful either). What did I do?

  • I went to path:

HKEY_CURRENT_USER\ Software \ Microsoft \ Windows \ CurrentVersion \ Windows

  • I deleted the keys under Load and Run:
Registry editor window with hsgpxjt virus keys
  • Rebooted the OS and the message disappeared!

You may have to spend more time if the virus has left many traces. But it will be more reliable.

By the way, many “smart guys” offer services that can check the registry for viruses online. The answer is that this is impossible. Do not believe me? You can read my article about utilities for Scanning your PC via the Internet. It has a lot of interesting and useful stuff.

At this point I’ll take my leave. All questions and suggestions can be posted in the comments. I can not promise 24/7 support, but I will answer all quickly and accurately.

Regards, Victor

Share to friends
Mobile Pedia
Mobile Pedia