Virus blocked registry editor

The registry cannot be edited by the system administrator

Greetings to all readers of my blog. Often in my articles I suggest ways to solve problems that involve making changes to the system registry. But sometimes situations arise when a virus has blocked the registry editor and editing becomes impossible. Now I will tell you how to deal with such a problem.

The crux of the problem

Many “Trojans” and malicious adware scripts are able to get into not only the file system, browser settings, but also into more secluded places of the OS. In order to eliminate them, we have to resort to extreme measures. But what to do if access to regedit is denied? How to act in such cases?

Very often the cause of such phenomena is a virus that sets administrative blocking on resources and configurators. This is done with the purpose of “self-protection”. Less often, the trouble is due to human inattention or malice, when someone changes the user settings. This is what it looks like in practice:

Solution methods

If we are dealing with viruses or assume so, we should start with a full scan of Windows using an installed anti-virus program or utilities like DrWeb CureIt. But even after eliminating the cause, the problem won’t go away. The registry will have to be unblocked manually. Here is how it is done.

Using the Group Policy Editor

This tool is very important for fine-tuning your system. I talked about it in detail in a previous post.

  • To run the built-in utility, you have to invoke the “Run” console and enter the command gpedit.msc:

  • Now you should go to the following path:

User Configuration – Admin Templates – System

  • A list of options will appear on the right. We are interested in prohibiting access to edit the registry:
The gpedit editor window
  • Highlight this item and call the context menu, where you select “Change”.
  • This will open the settings window, where you should set the switch to “Disabled”:
Regedit access denial settings window
  • Be sure to save the changes by clicking on the “OK” button.

Often this method is enough to remove all restrictions. But if you are dealing with an “Starter” or “Home” version of the operating system, where there is no local group policy management, then you should use the following method.

Using Symantec tools

This company used to be famous for its powerful anti-virus tools and other software for disk cleaning, optimization and healing. The developers allow you to download a file with the extension “inf”, which will allow you to quickly “clean” problem areas in the system parameters, setting their default values (that is, by performing a reset).

  • Click on the link: UnHookExec.inf
  • Browser will open the contents of the document, on which you should click the PCM, select the menu item “Save…”.
  • Be sure to remove the ending “.txt” from the item name so that only “UnHookExec.inf” remains.
  • Now call the context menu of the file and click “Install”. At this point, visually you will not notice any changes. This is how it should be.
  • All that remains is to check whether the registry editor opens.

Using the command line

Here is another way for Power Shell and CMD fans. These tools must be run with admin rights (mandatory!). If somebody does not know how to do it, here is a brief instruction.

  • Windows 7: Open “Start”, go to “Programs”, then go to “Standard” and there find the shortcut “Command Prompt” shortcut.. Right click, run as admin, DONE!
  • Windows 8 / 10: Here everything is much easier. It’s enough to press Win + X on the desktop. A list of actions will appear with the desired item:
Context menu in Windows 10 (Win + X)

Copy this command:

reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System" /t Reg_dword /v DisableRegistryTools /f /d 0

Then paste it into the console and hit “Enter”. You can then restart the PC, but it should also work.

It also happens that the CMD utility won’t open (it’s blocked by a virus). Then you can go another way.

  • We copy again the above mentioned code.
  • Open any text editor (Notepad++) and paste the command into a new document.
  • Save it as “bat” (an executable file like “exe” but with a higher priority).
  • Now it’s time to run the created file as an administrator. The changes will be made shortly.

Hooray! We did it! In order to eliminate for sure all traces of the virus, I advise to clean up disks, registry, browser cache and other “stuff” with any “worthy” utility. Ccleaner is the best way to do all your dirty work quickly and efficiently. Tested by millions of users.

I’m sure it will work for you. At least, I am not aware of any cases where this instruction did not help to restore access to the registry. Maybe yours is an exceptional case? Tell me what problems you encountered in the comments. I will try to help you.

Regards, Victor

Share to friends
Mobile Pedia
Mobile Pedia