Registry Virus???

  redflash 22:03 04 Feb 04
Locked

I am running Widows XP Pro and when I now try to access my Registry (via regedit) I receive the message 'Registry editing has been disabled by your administrator'. The indications are a virus but several antivirus scans have been done and nothing found.
Any suggestions please.

  LastChip 22:11 04 Feb 04

re you running Photoshop? There is an issue with that.

  Curio 22:16 04 Feb 04

click here
Download this, read instructions for your OS and Run it. May solve the problem

  redflash 22:55 04 Feb 04

Hi, Thanks for both suggestions. I am running Adobe Photoshop Album v 2 is this the program last chip is referring to?
A sweep of my system using the Stinger Anti Virus failed to reveal a virus.
Could my problem be due to another aspect I wonder?

  User-312386 23:14 04 Feb 04

are you trying to access the registry in a limited user account?

  LastChip 23:44 04 Feb 04

click here

Maybe it will help.

  temp003 02:29 05 Feb 04

If Adobe software is not the reason, check the following.

Check Group Policy in XP Pro. Click Start, Run, type gpedit.msc and press Enter. On the left, expand User Configuration, Administrative Templates, and highlight System under that. On the right, there should be an item called "Disable registry editing tools". If the setting is "Enabled", then double click the item, and change it to "Not configured" or "Disabled'. Click OK. If the setting is already "Not configured" or "disabled", leave it alone.

If that's not the cause of the problem, in My Computer, go to the C:\WINDOWS folder, and find the file regedit.exe. If the file extension (.exe) is not shown, click Tools, Folder Options, View tab, and untick "Hide file extensions for known file types" and click OK. Right click regedit.exe, copy, and paste it to the same folder, then rename the copy as regedit.com

Double click regedit.com to see if the registry editor will open (it may not). If it does, navigate to HKEY Current User\Software\ Microsoft\ Windows\ Current Version\ Policies

See if under Policies, you have a System key. If you don't, forget this step. If you do, highlight it, and look on the right to see if you have an entry with the name "DisableRegistryTools". If you do, and the value is 1, double click the entry and change the value to 0. Exit regedit and see if you can run regedit in the normal way (may need restart).

Otherwise, a virus may be the culprit, but it's a question of which program or scan can pick it up.

  temp003 02:32 05 Feb 04

If regedit.com can open the registry editor, apart from the above key, check also HKEY Local Machine\software\...\ current version \policies\system to see if the relevant entry is present.

  redflash 09:31 05 Feb 04

Thanks for all the suggestions. I have tried each and every one without any success. If (as it would now appear) it is a virus how can I get at it to try and remove it - I have tried running
3 antivirus scans to date without anything being found.

  ©®@$? 09:41 05 Feb 04

This is a symptom of [email protected]


the tool for removing 32Swen.A worm . This not
only removes the virus but also fixes the registry entry
Hkey_....\Policies\System DisableRegistryTools= 1 which
you could not directly do because editing was blocked


[email protected]" title="http://securityresponse.symantec.com/avcenter/venc/data/[email protected]" TARGET="_new">click here

  ©®@$? 09:42 05 Feb 04

this link click here

This thread is now locked and can not be replied to.

How to get Windows 10 for free | How to install Windows 10: There is still a way to avoid paying…

1995-2015: How technology has changed the world in 20 years

Alex Chinneck’s giant ice cube Christmas tree at Kings Cross

Apple rumours & predictions 2017: The iPhone 8, new iPads, and everything else you should expect fr7…