pdixit1977
asked on
Regedit disabled by administrator
Hi,
My 3 team members are not able to open REGEDIT from last 10 days. it says disabled by the administrator. I have checked group policies and no such policy applied on these users.
These three members are from transitions/testing team and they are not able to test tools just because of this.
My 3 team members are not able to open REGEDIT from last 10 days. it says disabled by the administrator. I have checked group policies and no such policy applied on these users.
These three members are from transitions/testing team and they are not able to test tools just because of this.
If that does not work, then try this sequence:
Click Start -> Run. Type this command in Run box and press Ok. (You can copy and paste)
REG add HKCU\Software\Microsoft\Wi ndows\Curr entVersion \Policies\ System /v DisableRegistryTools /t REG_DWORD /d 0
Then a prompt will come up with this question: Value DisableRegistryTools exists, overwrite (Y/N)? Type yes and hit Enter.
After u did that also type this command in the run box and hit enter.
REG add HKLM\Software\Microsoft\Wi ndows\Curr entVersion \Policies\ System /v DisableRegistryTools /t REG_DWORD /d 0
Then it will also come up with the question: Value DisableRegistryTools exists, overwrite (Y/N)? Type yes and hit Enter.
Click Start -> Run. Type this command in Run box and press Ok. (You can copy and paste)
REG add HKCU\Software\Microsoft\Wi
Then a prompt will come up with this question: Value DisableRegistryTools exists, overwrite (Y/N)? Type yes and hit Enter.
After u did that also type this command in the run box and hit enter.
REG add HKLM\Software\Microsoft\Wi
Then it will also come up with the question: Value DisableRegistryTools exists, overwrite (Y/N)? Type yes and hit Enter.
This article ahs several different methods of fixing the issue. I typically use Method 4.
http://www.pchell.com/support/registryeditordisabled.shtml
http://www.pchell.com/support/registryeditordisabled.shtml
run regedit in safe mode and make the alter as above. The problem came due to virus affected check with sdat .exe. once virus is remove then do the regedit work.
If u do regedit before virus remvel no effect with be there.
If u do regedit before virus remvel no effect with be there.
ASKER
i did all the methods but no luck.
I believe its due to some virus, we are using Symantec EndPoint Protection but that does'nt work for this virus.
Can anyone provide me any other free tools/exe thru which i can scan and remove this virus/malware.
I believe its due to some virus, we are using Symantec EndPoint Protection but that does'nt work for this virus.
Can anyone provide me any other free tools/exe thru which i can scan and remove this virus/malware.
Try this:
http://www.dougknox.com/xp/utils/xp_emergencyutil.zip
Look here for instructions:
http://www.dougknox.com/xp/utils/xp_emerutils.htm
Basically, it creates new versions of regedit, taskmanager, and msconfig. Try using the new regedit as instructed. If it works and you get in there, chances are that the following key is remapping all that great stuff to svchost so it looks like nothing is happening. Look here in the registry:
HKEY_LOCAL_MACHINE\SOFTWAR E\Microsof t\Windows NT\CurrentVersion\Image File Execution Options
Within that key, I bet you find a ton of entries, each of them remapping a "good" program to a bad. This stops the program you want from executing. As a start, scroll down the list and look for regedit. If you find it, highlight it and delete. You can actually delete every entry in that key.
http://www.dougknox.com/xp/utils/xp_emergencyutil.zip
Look here for instructions:
http://www.dougknox.com/xp/utils/xp_emerutils.htm
Basically, it creates new versions of regedit, taskmanager, and msconfig. Try using the new regedit as instructed. If it works and you get in there, chances are that the following key is remapping all that great stuff to svchost so it looks like nothing is happening. Look here in the registry:
HKEY_LOCAL_MACHINE\SOFTWAR
Within that key, I bet you find a ton of entries, each of them remapping a "good" program to a bad. This stops the program you want from executing. As a start, scroll down the list and look for regedit. If you find it, highlight it and delete. You can actually delete every entry in that key.
The ones usually recommended here are
Malwarebytes
Combofix
HitmanPro
TDSSKiller
Those usually cover a wide range.
Malwarebytes
Combofix
HitmanPro
TDSSKiller
Those usually cover a wide range.
Rename c:\windows\regedit.exe to c:\windows\blah.com
Does it work?
If so, look at the following....
start>run>cmd
Paste the lower commands...
Do they return results? Most likely the keys can be deleted.....
second set deletes them if present.....
Does it work?
If so, look at the following....
start>run>cmd
Paste the lower commands...
Do they return results? Most likely the keys can be deleted.....
second set deletes them if present.....
reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\regedit.exe"
reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe"
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\regedit.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe /f
Others to try if needed
ExeHelper
http://raktor.net/exeHelper/exeHelper.com
FixPolicies
http://downloads.malwareremoval.com/BillCastner/FixPolicies.exe
ExeHelper
http://raktor.net/exeHelper/exeHelper.com
FixPolicies
http://downloads.malwareremoval.com/BillCastner/FixPolicies.exe
Likely due to malware/viruses present in the system, so when you fix the symptom while the nasties are still there it won't work as it will be disabled almost immediately.
Use the already suggested tools to fix the symptom and then scan the system to remove the culprit.
As suggested, scanners you can use to scan the system:
MalwareBytes:
http://www.malwarebytes.or
HitmanPro:
http://www.surfright.nl/en
TDSSKiller:
http://support.kaspersky.c
ComboFix:
http://www.bleepingcompute
did you use win32 sality killer kaspersky tool
if sality virus exists there is no any effect what ever you did
so first verify whether pc is sality free
if sality virus exists there is no any effect what ever you did
so first verify whether pc is sality free
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Odd, we should have had that resolved with teh methods in the thread....
Anyhoo, glad youre fixed.....
Anyhoo, glad youre fixed.....
ASKER
I had follow all suggestions/troubleshootin g steps given by expers but nothing worked for me. Then i got RRT from one of my vendor and it resolved my issue.
I ran it on all 7 systems and all these systems are working fine now.
I ran it on all 7 systems and all these systems are working fine now.
http://www.dougknox.com/security/scripts/regtools.vbs