How do you enable Registry Editing again if it has been disabled by your administrator?


A way to get into the registry editor if its been disabled, heres how you do it:

1. Disable as much as you can from your startup. Remove programs from your startup folder and such, so as not to lag down the bootup process.

2.Create a new shortcut on your desktop, point it to “C:\Windows\regedit.exe”

3.Log off, then log back on

4.As soon as you see your desktop, double click on the shortcut. The system does not check for policies until a few seconds after it booted up. If you click on the icon fast enough, it should let you get in.

After that, do all you need. After you close it though, it will not open unless you redo step 3 and 4.

 

There’s one vbs script to enable the registry editing. and below is the link.

www.dougknox.com/security/scripts_desc/regtools.htm

The way to get into registry editing is simple. Open your start menu click Run and paste in the folowing command: REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f Submited By HaXxOr.

Administrator does not disable registry editing its the bloody virus called rontokbro@mm. you can remove the virus but enable registy editing you will need the tool provided by symantec on their web site http://securityresponse.symantec.com/avcenter/venc/data/tool.to.reset.shellopencommand.registry.keys.htmlyou can also learn about rontokbro@mm on this site. 1)download the inf file 2)rightclick it and choose install appearently nothing happens but amaizingly registry editing is enabled type regedit on command prompt or RUN and enjoy. muzammal baig.

This section is for technical experts who want to know more.

W32/Brontok-C is an email worm that sends itself to the addresses gathered from the infected computer, skipping email addresses that contain the following strings :

PLASA,TELKOM,INDO,.CO.ID,.GO.ID,.MIL.ID,.SCH.ID,.NET.ID,.OR.ID,.AC.ID,.WEB.ID,.WAR.NET.ID,ASTAGA,GAUL,BOLEH,EMAILKU,SATU

W32/Brontok-C may arrive attached with a filename randomly chosed from the following :

winword.exe kangen.exe ccapps.exe syslove.exe untukmu.exe myheart.exe my heart.exe jangan dibuka.exe

The email is sent with a blank subject line and the following message text :

— Hentikan kebobrokan di negeri ini — 1. Penjarakan Koruptor, Penyelundup, Tukang Suap, & Bandar NARKOBA ( Send to “NUSAKAMBANGAN”) 2. Stop Free Sex, Aborsi, & Prostitusi ( Go To HELL ) 3. Stop pencemaran lingkungan, pembakaran hutan & perburuan liar. 4. SAY NO TO DRUGS !!! — KIAMAT SUDAH DEKAT — Terinspirasi oleh: Elang Brontok (Spizaetus Cirrhatus) yang hampir punah By: HVM31 — JowoBot #VM Community — !!! Akan Kubuat Mereka (VM lokal yg cengeng & bodoh) Terkapar !!!

When first run W32/Brontok-C copies itself to:

\Local Settings\Application Data\csrss.exe \Local Settings\Application Data\inetinfo.exe \Local Settings\Application Data\lsass.exe \Local Settings\Application Data\services.exe \Local Settings\Application Data\smss.exe \Local Settings\Application Data\winlogon.exe \Empty.pif \Templates\Brengkolang.com \ShellNew\sempalong.exe \eksplorasi.exe \repclient1’s Setting.scr

W32/Brontok-C will create a remote task in the following location in order to run a copy of itself on a daily basis to maintain infection :

\Tasks\At1.job

W32/Brontok-C attempts to download files from a remote website to the following location :

\Local Settings\Application Data\ListHost11.txt \Local Settings\Application Data\Update.11.Bron.Tok.bin

At the time of writing these files were unavailable from the remote website. The following registry entries are created to run W32/Brontok-C on startup:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run Tok-Cirrhatus \Local Settings\Application Data\smss.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Bron-Spizaetus \ShellNew\sempalong.exe

The following registry entry is changed to run eksplorasi.exe on startup:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Shell Explorer.exe “\eksplorasi.exe”

(the default value for this registry entry is “Explorer.exe” which causes the Microsoft file \Explorer.exe to be run on startup).

The following registry entry is set, disabling the registry editor (regedit):

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System DisableRegistryTools 1

Registry entries are set as follows:

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer NoFolderOptions 1

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System DisableCMD 0

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced Hidden 0

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced HideFileExt 1

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced ShowSuperHidden

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s