Downloading Symantec's Script

1.

1
Use this tool to reset the shell open command registry keys. One way viruses can
gain control of your system is to modify the "shell open command" values in your
registry, which put the virus in control of certain types of files. This script will reset it to
its default settings.[6]

2.

2
Right click the following link and select Save Link As. Do not left-click this link, or
your browser will display the code instead of downloading it: UnHookExec.inf. In the
popup window, select a location to save the file, then click "OK" or "Save."
o

Some browsers may use the term "Save Target As" or a similar phrase.

3
Right click the file and select Install. Locate the file on your computer. Right click it
and select Install from the drop-down menu. This will run the script, even though you will
not see any new notices or windows. Try regedit to see if your problem is solved.
Method

Changing Regedit.com Files

1.

1
Search for "regedit.com" on your computer. Some viruses will add false registry files
named regedit.com to trick your computer into running the wrong file when you use the
Regedit command.
o

This is only one way viruses can disable regedit. Scanning your computer
with anti-virus software is recommended even if regedit.com is not on your computer.

2
Check whether it is a real file. Right-click the file and select "Properties." In the info
box that comes up, look for the "File size" line.

3
Delete zero-byte files. If the file size is zero bytes, it is a dummy file. Delete it and you
should have access to regedit again.[7]

4
Rename larger files. If the file has actual content, it may be your original regedit file,
renamed. Rename it back to regedit.exe and access should be restored.[8]
Method

Enabling Regedit with a Virtual Basic Script

1.

1
Open a new Notepad document. We'll use this to make a Virtual Basic Script (.vbs)
file, which will run a program to enable the registry editor.
This script was written by former Microsoft Valued Professional Doug

o
Knox.[9]

2
Copy the following into the Notepad document. Copy-paste the following into your
text file:[10]
Option Explicit
Dim WSHShell, n, MyBox, p, t, mustboot, errnum, vers
Dim enab, disab, jobfunc, itemtype
Set WSHShell = WScript.CreateObject("WScript.Shell")
p = "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\"
p = p & "DisableRegistryTools"

itemtype = "REG_DWORD"
mustboot = "Log off and back on, or restart your pc to" & vbCR & "effect the changes"
enab = "ENABLED"
disab = "DISABLED"
jobfunc = "Registry Editing Tools are now "
t = "Confirmation"
Err.Clear
On Error Resume Next
n = WSHShell.RegRead (p)
On Error Goto 0
errnum = Err.Number
if errnum <> 0 then
WSHShell.RegWrite p, 0, itemtype
End If
If n = 0 Then
n=1
WSHShell.RegWrite p, n, itemtype
Mybox = MsgBox(jobfunc & disab & vbCR & mustboot, 4096, t)
ElseIf n = 1 then
n=0
WSHShell.RegWrite p, n, itemtype
Mybox = MsgBox(jobfunc & enab & vbCR & mustboot, 4096, t)
End If

3
Save the file as "Registry Editor.vbs". Alternatively, saving it as "*.vbs" should work
as well.

4
Open the file to run the script. Close Notepad and open the file you just saved to run
the script. It should appear for a brief moment on screen, but you might not notice this.
o

This script will switch the registry editor's disabled/enabled setting. Do not
run it a second time, or the registry editor will be disabled again.

5
Use regedit. Enabling regedit with this script shouldn't require a restart, although using
it to disable regedit will.
Method

Enabling Regedit from the HKEY settings

1.

1
Open cmd.exe. See "Enabling Regedit with CMD" for how to access this. Try that
method first, since it is faster. If the CMD line responds with an error message, follow
the instructions below.
o

This process should work for Windows 7, 8, and Vista.

2
Enable an administrator account. Type n e t u s e r a d m i n i s t r a t o r
/active:yes

and hit enter. We'll use this account to gain access to HKEY_USERS

without having to use the registry editor.

3
Find your SID. Type w m i c u s e r a c c o u n t w h e r e n a m e = ' % u s e r n a m e % ' g e t
sid

and hit enter. (You may replace %username% with your account name, but it

shouldn't be necessary).[11] You should see a long "Secure ID" number, beginning with
something similar to S-1-5-. Write down the entire ID, or at least enough numbers to
uniquely identify it (for instance, the first character after each mark).

4
Switch users to the new "Administrator" account. Go to "Switch users" in the Start
menu. Leave your ordinary account logged in.

5
Navigate to HKEY_USERS. This should be located in your Computer folder.

6
Open the folder with your SID. Open the folder whose name is the SID you wrote
down. This will contain the settings for your normal account.

7
Navigate to the following folder. Go
to\Software\Microsoft\Windows\CurrentVersion\Policies\System inside your SID
folder.

8
Change your Disable Registry Tools setting. Double click on DisableRegistryTools.
In the "Value Data" field, change the text to a "0" instead of a "1." [12] This should enable
registry editing.

9
Try Regedit on your ordinary account. Switch back to your ordinary account and try
to access Regedit again. Restart your computer and try again if necessary.

10
Disable the administrator account. Return to cmd.exe on your ordinary account and
enter n e t u s e r a d m i n i s t r a t o r / a c t i v e : n o . This will disable the administrator
account. In general, that "hidden" administrator account should be disabled whenever it
isn't being actively used, as a mistake in the files it has access to could cause
catastrophic damage.
If you decide to leave the account enabled, change its settings to add a

o
password.