Editing the registry



Jeff
07-09-2005, 11:50 PM
Hi
I'm trying to clean up after a virus infection on an XP Pro SP2 machine. I
have a list of all the registry entries added by the virus, and want to
manually delete them. I can find them easily enough, but when I try to
delete them I get an 'unable to delete all occurrences' message (or words
very similar!).

I'm not very experienced in editing the registry - I usually use a util to
keep it tuned - and I know how dangerous it can be. But although I've
removed the virus exe from the machine, and prevented firewall_anti from
loading or running, I still have all these registry entries that I'd like to
get rid of. What's the right way to do it please? I'm right-clicking the
reg entry concerned and choosing delete, but then I get the message I
mentioned earlier.
Edit/Delete gives me the same
message. As I say, I have what seems like an accurate list of the reg
entries made by the virus (from Sophos).

I've also tried restoring to a full backup of the registry made by my util
(Registry Healer).
This process opens up System Restore, but I cannot go back on the calendar
of 'available' dates to select one which I know would be clean. Only the
current month is selectable.

Any pointers greatly appreciated, thanks. At this stage it looks like I
might simply reformat and start again...
Jeff

Fitz
07-09-2005, 11:50 PM
Try doing it in Safe Mode, AND, not connected to the internet.


"Jeff" <no_em@ilplea.se> wrote in message
news:OGZZoBxeFHA.3028@TK2MSFTNGP09.phx.gbl...
> Hi
> I'm trying to clean up after a virus infection on an XP Pro SP2 machine.
> I
> have a list of all the registry entries added by the virus, and want to
> manually delete them. I can find them easily enough, but when I try to
> delete them I get an 'unable to delete all occurrences' message (or words
> very similar!).
>
> I'm not very experienced in editing the registry - I usually use a util to
> keep it tuned - and I know how dangerous it can be. But although I've
> removed the virus exe from the machine, and prevented firewall_anti from
> loading or running, I still have all these registry entries that I'd like
> to
> get rid of. What's the right way to do it please? I'm right-clicking the
> reg entry concerned and choosing delete, but then I get the message I
> mentioned earlier.
> Edit/Delete gives me the same
> message. As I say, I have what seems like an accurate list of the reg
> entries made by the virus (from Sophos).
>
> I've also tried restoring to a full backup of the registry made by my util
> (Registry Healer).
> This process opens up System Restore, but I cannot go back on the calendar
> of 'available' dates to select one which I know would be clean. Only the
> current month is selectable.
>
> Any pointers greatly appreciated, thanks. At this stage it looks like I
> might simply reformat and start again...
> Jeff
>
>


Editing the registry