20 Jan
Posted by Abdul Aziz as Freeware, Windows, Windows Vista
Some viruses or spywares create entries in your Windows registry so that they can automatically restart with the reboot of Windows. And if you try to delete them, you may get an “Access is denied” messsage.
To delete such stubborn/locked registry key entries, there is a freeware application called RegASSASSIN by Malwarebytes. RegASSASSIN can remove access denied registry entries by resetting the key’s permissions and then deleting it. This software should be used with care after backing up the registry.
Download here
9 Responses
Dave Tuck
August 22nd, 2008 at 4:32 pm
1I have an entry that wont let Windows Installer back-up because of the access denied. So I can’t install Installer. It also wont let me save the permission changes I make on it,again saying access denied.
I tried your RegAssassin,it said that it had changed the permissions on it,but it didn’t. I then tried to delete it. RegAssassin said the entry had been deleted,but it hadn’t. Not impressed.
Zerosum
September 4th, 2008 at 11:01 am
2Most people are unaware of it, but NT (also valid for XP) has security settings on registry entries, just like it does on files on a NTFS volume. When you try to delete one of the registry entries and get a refusal from the system, it is likely that the Virus has set the permissions to prevent you from deleting it.
With the offending registry key highlighted, right click and select Permissions’ from the menu and set the permissions back to ‘Everyone - Full Control’, then you will be allowed to delete it. You may have to manually add ‘Everyone’ under “Group and User Names’. Be aware that you may need to tick the box for ‘replace on all sub-keys’ as well, if the key you are trying to delete has subkeys underneath it - a locked key further down the branch you are trying to kill will cause the same ‘refused’ symptoms you described.
(the above was copied from another website)
Joh
September 12th, 2008 at 12:02 am
3“I tried your RegAssassin,it said that it had changed the permissions on it,but it didn’t. I then tried to delete it. RegAssassin said the entry had been deleted,but it hadn’t. Not impressed.”
Neither me, because I had the same experience with RegAssassin! It’s rather a process connected with the key, which prevents key deletion. RegAssassin only switches permission to everyone, but does not unlock the key. If you know of a better App, lease let me know. Thx jdrinda@hotmail.com
Jon
October 6th, 2008 at 5:57 am
4I have tried all of the above and still cannot delete a registry key. I am trying to remove a program PREVX from my machine, it has been uninstalled but the keys will not delete, nor will RegASSASSN remove them. Any idea on how to get these keys removed?
Ola
March 3rd, 2009 at 9:37 pm
5when deleting registry keys you have to start at the bottom menu level (key values doesn’t count).
i.e.
HKLM\system\currentcontrolset\enum\root\legacy_6to4
won’t work, since the is a key below is at a lower value
HKLM\ststem\currentcontrolset\enum\root\legacy_6to4000
this one has to be deleted first, after this the first one will work as well.
Dion
May 14th, 2009 at 6:48 pm
6What Ola says is correct. A registry key won’t delete if the subkeys can’t be deleted. Try deleting all the subkeys first.
Sometimes the registry subkeys won’t delete or accept permission changes using Zerosum’s method, so one has to try setting each subkey permissions individually.
For Vista, check the following (Regedit):
1. With the offending registry key highlighted, right click and select Permissions’ from the menu
2. N.B. In the security tab, check that your name or administrator appears in the “Group or user names:” block
3 If it doesn’t, click ADD and type in your name (assuming that you are a user that can log in and that you have administrators rights) and click OK. It should place your name into the block without further questions. If you need to fill in more information, your name probably isn’t a user recognised by your computer
4. Click OK again to exit the “Permissions” window.
You should now be able to delete the subkey. Continue to delete all the subkeys using the steps above.
Once all the subkeys are deleted, delete the offending registry key. Use the above steps on the key too if needed.
Dion
May 15th, 2009 at 11:46 am
7I forgot to add in the previous reply that one also needs ownership of the key or subkey, so if it still refuses to delete, check the following on all the subkeys and the offending key (also a check of point 5 in this previous post was left out):
1. After checking steps 2 and 3 from the previous post, click the “Advanced” tab for special permissions and advanced settings
2. Click the “Owner” tab
3. Check the “Current owner:” block and if it doesn’t display a name, select one by highlighting your name in the “Change owner to:” block and click “Apply”. Your name should now be the “Current owner:”.
4. Make sure the “Replace owner on subcontainers and objects” is NOT selected and click OK.
5. On the “Permissions” window, check the “Full control - Allow” block is selected.
6. Click OK again to exit the “Permissions” window.
This should give you control of the subkeys and then the registry key. Remember to delete all subkeys first.
haoeard
October 5th, 2009 at 12:05 am
8In my experience, this method fails as long as windows has hold of/has locked the key as no changes to it are allowed . Or they only become effective when a rewrite of the key takes place.
emopecubcumet
January 2nd, 2010 at 4:40 am
9My computer is running slow what steps can I do to fix it?
RSS feed for comments on this post · TrackBack URI
Leave a reply
Subscribe [PC]
Subscribe [Mobile]
Categories
Links
Archives
Tech[dot]Blog