One of my reader just emailed me and he wants to remove the virus from his computer manually but his problem was he cannot open his registry editor it say’s that “Registry Editing Has Been Disabled By Your Administrator”. This type of problem usually also happens to me when I am working on a virus, trojan or spyware infected computer. Regedit is one of the most important command of Windows that is also why virus makers love’s to disable the Registry Editor so it makes solving the problem and removing the issue difficult.
Viruses are not always the reason for this issue sometimes administrators in I.T. departments place a restrictions on using the regedit command to keep employees from changes things on company computers, on his case his registry is disabled by a virus.
Below are the different ways that I recommend to enable his Registry Editor.(the #1 method successfully worked for him). Although there are a few other ways, the four ways below are the way that I have used with great success in re-enabling the REGEDIT command.
#1 Using a registry tool.
- You can use regtools.vbs to enable your registry. This is a VBscript that enables or disables the Registry Editor based on the following location in the registry. Of course, since the registry editor is disabled, you can’t change it manually. Visit the site for more information http://www.dougknox.com/security/scripts_desc/regtools.htm
- After downloading regtools double-click on it to run it, then reboot your computer and try to open the Registry Editor.
This works best but If this fix didn’t solve your problem, try the other ways below.
#2 Using Symantec’s tool to reset shell\open\command registry keys
Sometimes worms and trojans will make changes to the shell\open\command registry entries as part of their infections. This will cause the virus to run each time you try to run an .exe file such as the Registry Editor. In these cases, visit Symantec’s website and download the UnHookExec.inf file to your desktop. Right-click on it and choose Install. Restart your computer and then try to open the Registry Editor.
#3 Renaming Regedit.com to Regedit.exe
Some viruses and other malware will load a regedit.com file that is many times a zero byte dummy file. Because .com files have preference over .exe files when executed if you type REGEDIT in the run line, it will run the regedit.com instead of the real regedit.exe file.
Delete the regedit.com file if its a zero byte file to restore access to REGEDIT. In some cases, such as the W32.Navidad worm, you’ll need to rename the REGEDIT file to get it to work.
#4 Changing Windows XP Professional and Group Policy Editor
If you have Windows XP Professional and access to an administrative user account, you could change the registry editor options in the Group Policy Editor.
- Click on Start then Run
- Type GPEDIT.MSC and Press Enter
- Go to the following location
- In the Settings Window, find the option for “Prevent Access to Registry Editing Tools” and double-click on it to change.
- Select Disabled or Not Configured and choose OK
- Close the Group Policy Editor and restart your computer
- Try opening REGEDIT again