How to Use the Registry Editor


WARNING: Modifying the registry may cause your computer to no longer function properly. You should Backup your files before you continue

More and more often in removing viruses you are asked to remove or change registry keys. Sometimes if you wait a day or two the virus company will provide a TOOL that will make all of the changes for you, but if you what to do it yourself or no tool is provided you may need to edit the registry.

Every version of Windows starting with Windows 95 uses a database called the registry to store important configuration information, including information about the operating system, the software applications installed on the computer, and network settings. Under normal circumstances, a computer user makes changes to the registry indirectly by using the Control Panel icons or by running the installation program of a new software application. However, there are some rare instances when you need to access the registry directly in order to fix a problem.

The following information about using the Registry Editor is provided as a general guide for those individuals who need to make one or two changes to the registry. You should only use the Registry Editor when instructed to do so by a credible source, following any instructions about deleting or modifying registry entries precisely. Otherwise, you run the risk of creating additional problems with your computer.

  1. Starting the Registry Editor
  2. Backing Up the Registry
  3. Changing or Deleting Items in the Registry
  4. Exiting Registry Editor

1) Starting the Registry Editor

Under normal circumstances, you can activate the Registry Editor by doing the following.

  1. Click on the Start button.
  2. From the menu that appears, choose Run.
  3. In the window that appears, there is a text area labeled Open. In that area, type "regedit" (without the quotation marks").
  4. Click the OK button (or hit the Enter or Return key on your keyboard).
  5. The Registry Editor window should open.

If the Registry Editor window opens, you can proceed to the next section, Backing Up the Registry. Otherwise, consult the notes below.

Notes:
  • If your computer is running Windows NT, Windows 2000, or Windows XP you may not have permission to run Registry Editor or to make changes to the registry. If this is the case, you need to contact your system administrator or your local technical support for assistance.
  • Some viruses like the W32.Blebla virus (more commonly known as the "Romeo & Juliet" virus) prevent you from running executable (.exe) files. In such cases, running "regedit" (which activates the file regedit.exe in your Windows or Winnt directory) will not work. In such cases, you want to make a copy of regedit.exe and rename it to regedit.com in order to run it. To do this, click here.

2) Backing Up the Registry

When the Registry Editor window opens, the left side of the screen should look like this:

Registry editor
window

The very first thing you should do before making any changes with the Registry Editor is to backup your registry by exporting a copy of it to the desktop. To do this:

  1. If My Computer is not highlighted as shown in the image above, click on it once so that it is highlighted.
  2. On the menu bar, click on Registry and then click on Export Registry File.
  3. The Export Registry File window will appear. In the Save In drop-down box at the top, choose Desktop.

    Export Registry File
window

  4. In the File Name box at the bottom, type "backup" (without the quotation marks), then click the Save button.

    filename: backup

  5. A backup copy of the entire registry will now be saved to your desktop in case something goes wrong. Now you can proceed to the section Changing or Deleting Items in the Registry.
Notes:

  • To restore the registry from the backup file you made, follow the same steps as above, but in step 2 choose Import Registry File instead of Export Registry File. Or, alternatively, you could double-click on the backup file on the desktop and answer Yes when it asks if you want to import the information into the registry.
  • Once you've made changes to the registry and you are sure that you no longer need the backup file you made, simply delete it from the desktop.

3) Changing or Deleting Items in the Registry

The registry contains three different types of information: keys, values, and data. Keys are containers, represented graphically as file folders, that can contain other keys (subkeys) or values. Values are configuration settings that contain data, and the data is the setting itself.

When you read instructions for changing the registry, you will often be given the location of the key where you need to change or delete a value.

Deleting registry values:

For example, you might be instructed to delete the following key:

HKEY_Local_Machine\SAM\SAM\RXACT

"HKEY_Local_Machine" is one of the 5 or 6 top-level keys that are usually displayed when you first open the Registry Editor. To the left of "HKEY_Local_Machine" is a "+" sign, indicating that "HKEY_Local_Machine" contains subkeys. Clicking on the "+" sign turns it into a "-" sign and reveals the subkeys. One of the subkeys of "HKEY_Local_Machine" is "SAM," which is the next key name in the example location.

Registry keys

Clicking on the "+" sign next to "SAM" (a process also called expanding) reveals more subkeys, including a second "SAM." Expanding the second "SAM" reveals "RXACT," the key your example instructions tell you to delete.

Registry keys

If you were supposed to delete the key "HKEY_Local_Machine/SAM/SAM/RXACT", you would highlight "RXACT" as shown above, then hit the Delete key on your keyboard (remember, this is just an example: do not actually do this). You would then be asked if you were sure that you wanted to delete this key, at which point you would click the Yes button.

Changing registry values:

In the example above, you were asked to delete an entire key. Often, you may be instructed to change or delete a value within a key. For example, you may be asked to delete or change a value like "ExampleValue" in the key:

HKEY_Local_Machine\Software\Microsoft\Windows\CurrentVersion\Run

Navigate to the key in the same method as shown in the first example. Because it is easy to lose your place when you go deep into the registry, the registry location you currently have open is displayed at the bottom of the Registry Editor screen:

registry location

Once you have opened the key by clicking on it to highlight it, the right side of the window will display the values within the key in the first column (the Name column). As you can see from the image above, there is a value called "ExampleValue" listed, containing the data "exampledata" (in the Data column).

If you simply needed to delete "ExampleValue," you would click on it once to highlight it and hit the Delete key on your keyboard. However, if you needed to change the data in "ExampleValue," you would double-click on it instead. A new window will appear:

Value name, value data

In the Value data box, you would type in the new information. Sometimes you will be instructed to type in words (a string value), while other times you will be told to enter a number (a binary or hexadecimal value). When you are done changing the data, click the OK button.

Notes:

  • It is also possible to add keys and values using Registry Editor by right-clicking on the appropriate key and choosing "New" from the pop-up menu. However, it is unadvisable to make additions to the registry unless you understand exactly what the key or value will do.

4) Exiting Registry Editor

Any changes you make in the registry are made immediately, so there is no option to "save" your changes. To exit Registry Editor, simply click on Registry on the menu bar and choose Exit.


Sources: http://www.helpdesk.umd.edu/