Regedit

Status
Not open for further replies.
contact your administratr. is it at school? if it's your home PC, logon as an Administrator and do it there. i forgot how to though. what OS are you using?
 
When you get that error message with regedit there are a few things you can do to fix the problem.
1) Rename regedit.exe to regedit.com
sometimes this will fix your problem. You will need to find where in the registry the trojan has disabled regedit. Below is an example
CODE
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
"DisableRegistryTools"
Type: REG_DWORD
Data: 01, 00, 00, 00


2) Use a third party registry editor. You will find quite a few free ones on sites like snapfiles.com (I even have a few on anti-trojan.org). Use the thrid party registry editor to find the registry entry that is stopping regedit being run and remove it
 
If you're really stuck...and I mean really really really stuck -there is another way of doing it.
However, I must stress that if you;re doing this on a computer that doesn't belong to you -please think twice before acting upon this, ok?
However, I also stress that I have ot tested this on Win NT boxes -e.g. Win 2k, XP, 2003 ETC, but i suspect it won't work on those machines anyway.

What you need to do is find the files USER.DAT and SYSTEM.DAT.
They are naturally hidden 'system' files and you will need to go to explorer and select tools, folder options and uncheck 'hide system files' and make sure 'show hidden files' is allowed.
Then refresh the search and look for USER.DAT and SYSTEM.DAT. These files are what make up the registry for a WIN computer.
Now, delete them.

Trust me...you really do have to delete them.

Restart the box and log in...you'll get some message saying the registry has been tampered with. Ignore this. Instead, press ctrl + del and get rid of the box. You should find that now you have no restrictions at all -e.g. you can access regedit, etc...
When you restart, everything will be fine.
However, I'm aware that certain registry programs may ell pick up this weakness and re-copy the .DAT files...you may have to disable these programs first before restarting the machine.

If you can, access 'msconfig' from run menu and click on 'startup' -make sure you uncheck all the registry scanners you can find there.
Now you shoudl be fine. ;-)
 
also depends on the version of windows. may want to try a ERD to reset the password. it's gonna be hard to find one. many of the most common ones out there are only made during the installation and contain the password info. so, for example, you would make a password reset disk when in admin mode in windows and can use it to reset these passwords. however, you can get access to password recovery disks. normally have to be a ms cert pro to get these.
 
one such, and not sure if this entirly legal, is called 'John the Ripper'. BE WARNED! If this IS NOT your computer, you hacking into it is ILLEGAL. So do yourself a favor. If its NOT a home computer (yours) LEAVE IT ALONE! You can do some serious time for this if its a govt or fed computer (and that DOES include school computers and library!)
 
and if you're really really really really really really really really really really really really stuck, you can format and reinstall Windows........
 
Status
Not open for further replies.
Back
Top Bottom