[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3955
  • Last Modified:

Is it possible to edit registry on dual boot computer from other boot?

Hi.  I have a dual boot system.  One of my boots (boot 1 we'll call it) has some malware that I'm having trouble getting rid of. (see http://www.experts-exchange.com/Operating_Systems/WinXP/Q_21580794.html for more info)

I know at least some of the registry entries for this malware, but when I try to delete them or edit them in regedit I get an error message saying it couldn't be deleted.

Is it possible for me to boot up to the other system  (boot 2) and edit Boot 1's registry?  Thanks
0
mickn66
Asked:
mickn66
1 Solution
 
LeeTutorretiredCommented:
If the other system (boot 2) also has Windows XP, it is possible.  Boot up in a parallel copy of XP.

Open REGEDIT

If the information you want to access was in HKEY_CURRENT_USER: Highlight HKEY_USERS, choose "Load hive" from the File menu, open

C:\Documents and settings\<UserProfileName>\ntuser.dat.

When asked for a name, choose "OldProfile" (or whatever other easily remembered name you choose).  Access/backup the keys you're interested in. Once you're done, highlight the "OldProfile" key, choose "Unload hive" from the file menu.

If the information you want to access was in HKEY_LOCAL_MACHINE\System or in HKEY_LOCAL_MACHINE\Software: Highlight HKEY_LOCAL_MACHINE, choose "Load hive" from the File menu, open

C:\Windows\system32\config\system

or

C:\Windows\system32\config\software

(no extension). When asked for a name, choose "OldSystem" or "OldSoftware" (or whatever). Access/backup the keys you're interested in. Once you're done, highlight the "OldSystem" or "OldSoftware" key, choose "Unload hive" from the file menu.

Of course, in the above, you might need to change "C:" to some other drive letter, depending upon what partition "boot 1" is on...
0
 
sramesh2kCommented:
See also:

How to edit the registry offline using BartPE boot CD ?:
http://windowsxp.mvps.org/peboot.htm
0
 
mickn66Author Commented:
Thanks Lee and sramesh2k - My boot one is in fact c: and boot 2 is e: for some reason.  I have heard of BartPE but since I have a dual boot I thought it might be easier this way.  I'll give this a shot and let you know how it worked.
0
 
stewartacampbellCommented:
Did you try to take ownership of the registry keys?
Sometime when they cant be deleted all that needs to be done is to take ownership.
Start up regedit.
Right click on the key and select 'permissions'.
Now add your username to the list of permissions and give full permissions. Sometimes this is all that is needed to unklock it., while other times it wont let you add yourself.
Click the advanced button.
Click the owner tab and select you username and tick the box, then press apply.
Keep pressing Ok until you are back at the main regedit screen.
If you couldnt add yourself to the permissions bafoe go back in and add yourself now.
Delete the key.
0
 
mickn66Author Commented:
Stewart you just solved my problems.  All I needed to do was change the permissions - I didn't add my username, because I'm the only user and am the administrator - for some reason the administrator account didn't have full permissions.  So I fixed that and then I deleted the registry keys and low and behold the spyware is gone.  Thank you and thank everybody else for helping.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now