Needed: a file to remove a registry key.

[Stu]

Hi,

I've a user with a virus on his PC, and to remove the
virus I need to remove a registry key that the virus put
in.

Its a standalone PC at a remote site, I want to write
a .reg file to remove the key, that I can send via floppy
disk to the user.

Any idea's?? This is the first time I've tried this so any
help would be really appreciated.

Stu

 

[Mark V]

Stu wrote in

Hi,

I've a user with a virus on his PC, and to remove the
virus I need to remove a registry key that the virus put
in.

Its a standalone PC at a remote site, I want to write
a .reg file to remove the key, that I can send via floppy
disk to the user.

Any idea's?? This is the first time I've tried this so any
help would be really appreciated.

Yes, but just removing an entry in a start-up location in the
registry is rarely enough to actually "remove" or "disinfect" a
virus.... Good A-V products may be able to do the job completely.
Or additional research on the nastie may point to other files and
registry entries that need to be addressed.

Below is an example REG file that could be merged from a batch file
using:
regedit.exe /s path\myregfile.reg
Example only for KEY, VALUENAME and DATA
The "-" (minus sign) does the removal of the valuename and data.
=========== begin myregfile.reg =============
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BadApp"=-
=========== end ==============================

 

[stu]

So to remove

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersio
n\Run "mssyslanhelper" = c:\winnt\system32\msmsgri32.exe

I'd create a text file with the extension .reg with

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersio
n\Run "mssyslanhelper" = c:\winnt\system32\msmsgri32.exe -

in??

thanks for your help on this.

Stu

-----Original Message-----
Stu wrote in

Hi,

I've a user with a virus on his PC, and to remove the
virus I need to remove a registry key that the virus put
in.

Its a standalone PC at a remote site, I want to write
a .reg file to remove the key, that I can send via floppy
disk to the user.

Any idea's?? This is the first time I've tried this so any
help would be really appreciated.

Yes, but just removing an entry in a start-up location in the
registry is rarely enough to actually "remove" or "disinfect" a
virus.... Good A-V products may be able to do the job completely.
Or additional research on the nastie may point to other files and
registry entries that need to be addressed.

Below is an example REG file that could be merged from a batch file
using:
regedit.exe /s path\myregfile.reg
Example only for KEY, VALUENAME and DATA
The "-" (minus sign) does the removal of the valuename and data.
=========== begin myregfile.reg =============
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi
on\Run]
"BadApp"=-
=========== end ==============================


.