I was reading in the help me im infected forum about a guy who had his regedit disabled. I was going to post there but it was locked so I thought this may interest everyone anyway so here goes :

When you get that error message with regedit there are a few things you can do to fix the problem.
1) Rename regedit.exe to regedit.com
sometimes this will fix your problem. You will need to find where in the registry the trojan has disabled regedit. Below is an example


2) Use a third party registry editor. You will find quite a few free ones on sites like snapfiles.com (I even have a few on anti-trojan.org). Use the thrid party registry editor to find the registry entry that is stopping regedit being run and remove it.

:lol: You are making all of that too hard..


Copy all starting with 'Enable Registry Editing and save to a text file and call it EnableRegistryEdit.vbs
Of course you need to have scripting enabled. Then simply double click and it will delete that value from registry.




'Enable Registry Editing'
'© Veegertx - 4/7/2004
'This code may be freely distributed/modified
On Error Resume Next
'Prevents errors from values that don't exist
Set WshShell = WScript.CreateObject("WScript.Shell")
'Delete DisableRegistryTools registry values

WshShell.RegDelete "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools"
WshShell.RegDelete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools"

'display message
Message = "You should have access to Regedit now"

X = MsgBox(Message, vbOKOnly, "Done")
Set WshShell = Nothing
Set fso = Nothing






Also here is another neat one to keep..



Mainly so webpages can't hijack your homepage, disable you from changing your homepage, or disable you from accessing your registry. Would prefer a .vbs solution. Registry must still be accessible by adminstrator.



Save all below to Enable Disable Homepage Change.vbs

'Enable Disable Homepage Change.vbs
'© Veegertx - 4/7/2004
'This code may be freely distributed/modified
Option Explicit
Dim WSHShell, RegKey, ValueA, Result
On Error Resume Next
Set WSHShell = CreateObject("WScript.Shell")
RegKey = "HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\"
ValueA = WSHShell.RegRead (regkey & "HomePage")

If ValueA = 0 Then 'Change Homepage is Enabled.
Result = MsgBox("Ability to Change Homepage is currently [Enabled]." & _
vbNewLine & "Would you like to Disable?" & _
vbNewLine & "Will lock and Gray it out." & _
vbNewLine & "May need to Log-off for effect.", 36)
If Result = 6 Then 'clicked yes
WSHShell.RegWrite regkey & "HomePage", 1
End If
Else 'Change Homepage is Disabled
Result = MsgBox("Ability to Change Homepage is currently [Disabled]." & _
vbNewLine & "Would you like to Enable?", 36)
If Result = 6 Then 'clicked yes
WshShell.RegDelete "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\HomePage"
'Delete Key cause it don't exist normally
End If
End If


Note:

You must have vbs scripting enabled on any machine for the above to work.

thats a nice script :) thanks for sharing it mate

My computer was built last May by a local company that's gone bust. I need to updtae my registry because of upgrading from Windows 98 to XP and find I'm getting the messge "Registry updating has been disbled by your administrator".
I've tried both the methods described and still get the same message (I don't understand the third one).
Anybody got any further tips?

It may be that installing XP first, I'll have a new registry? - Haven't done my own upgrades before and I'm feeling rather vulnerable. :(

Intersting :o

************************

Your problem could be many things. Even a bad upgrade from 98 to XP..or a virus.

Are you correct on that message or should it be. "Registry editing has been disabled by your administrator" error msg.

I suspect there is a process that is redirecting regedit to give you that error


when you have win 98 and that happens this is one of the fixes...

*****************************************************

Registry Editing Has Been Disabled By Your Administrator

This is for Windows 98

This seems to come from a Virus, a very old one.

1st,
Go Here and get the Virus removal tool:
http://www.symantec.com/avcenter/venc/data/sub.seven.20.html

If that doesn't do it, Here are two other methods

1. Boot to DOS and rename C:\WINDOWS\REGEDIT.EXE to C:\WINDOWS\REGEDIT.COM

2. Copy and paste the following to Notepad and save it as "regedit.inf".
Find the file in Windows Explorer or My Computer, right-click and select "Install". You may have to restart the computer for the change to take effect.

[version]
signature=$chicago$
[defaultinstall]
delreg=regedit
[regedit]
HKCU,Software\Microsoft\Windows\CurrentVersion\Policies\System,"DisableRegistryTools"
HKLM,Software\Microsoft\Windows\CurrentVersion\Policies\System,"DisableRegistryTools"
[End]

****************


Can you tell me when you do get that message ? Is it all the time or just when you run certain programs...it is also possible that you have programs still on your PC that were only win 98 versions and now that you have XP they are not compatible and you would have to get the XP version of the program from the developer.


So give me some more information and i will try to help you.

Hello, thanks for the prompt reply -- I've been away on holiday and hadn't logged on until yesterday which is why this reply is only just being posted. Some details of what prompted me to use this forum:
I'm on Windows 98, Second edition, 4.10.2222 A (according to what the system tells me). I'm a novice in terms of PC software (although I used to be a "Computer Security Consultant" at a large insurance company in the UK, but mainly dealt with mainframes running IBM OS and Unix, so I know the principles of secuity but not technical details where PCs are concerned).
I use my home PC for creating my own music CDs using Easy CD Creator software from Adaptec, (now Roxio). I want to use an iPod in the near future, which isn't fully supported by W98, so I purchased a "Windows xp Home Edition" upgrade. I ran the upgrade and got an "Upgrade Report" which gave me a 3 page listing of potential compatability issues. "Easy CD Creator 4" was listed as one of them. I went onto the Roxio website which mentioned possible problems with release 4 (theyr're up to release 7 now) which could be fixed by editing the registry. I used regedit to try to look at what was in there and got the messge "registry editing has been disabled by your administrator" (not the message I incorrectly posted first.
So I'm not yet on xp. I thought perhaps there was a system id embedded in w98 which had the id "administrator" which was like "root" in Unix.
Also, one of the potential problems was with my modem support (Intel 536EP v.92) which, when I looked on Intel's website gave me a download for a new "driver". This produced 4 files (I think) but I don't know how to actually load the driver onto my system - do I right click one of them and select "install"? Sorry if this seems very naive.
Going back to the regedit problem, I did try to rename regedit to another file but got the same message, and I tried going to the symantic website as suggested, but it implied that I should have subscribed to their software in order to run the recommended fix (again, I'm not sure this is correct asssumption). Also, how do you have "scripting enabled" in order to try the other suggestions?

THANX DUDE!! I REALLY APPRECIATE THAT !!IT HELPS ALOT ! Wave.gif

I have the same problem with registry editing & my Task Manager.
I've removed the infected file with Ad-Aware, but when restarting the system
same problem accures. I've done several things as your instructions to
gain regedit, but it always disabels it wen system is restarted.
How to stop it? Plz help with Task Manager too.....

Lady-20.
Try this set of instructions ;)

1. Register with the Gladiator Security Forum if you are not currently a member" Register Here

2. If you are not using an AntiSpyware scanner, please download, install, update and run one of these free AntiSpyware programs to remove the most commonly known types of malware.

Download Adaware (get the free edition)
View Adaware Usage Tutorial?
OR
Download Spybot Search & Destroy
View Spybot Search & Destroy Usage Tutorial?

3. Finally, Run this diagnostic tool and post a log for us so we can take a close look at your system configuration.
-Download HijackThis from one of these links:
Spywareinfo or Gladiator or Majorgeeks

Please save your HijackThis.exe into a new folder (example - Programs\hijackthis\)
Do Not save to your Desktop or the Temp folder.
Navigate to it and run HijackThis from there:
-Double Click HijackThis.exe
- Hit "Scan". (When the scan is finished, the "Scan" button will change into a "Save Log" button.)
-Press "Save Log" and save the file into your HiJackThis folder.
-Open the ".log" file with notepad - "Select all" and Copy the contents to the Clipboard.

**note** Most of what it lists will be harmless or even essential,don't try to fix anything yourself.

Goto this link: HELP! think you are infected?
-Press the "New Topic" button.
-Please tell us what problems you are experiencing
-Paste in a copy of your log from HijackThis.

-Wait for someone to show up to assist you. Wave.gif

Hi All.

RE: "Registry Editing Has Been Disabled By Your Administrator"

I have had the same problem with the schools PC's, and tried this link as recomended :- http://www.dougknox.com/security/scripts_desc/regtools.htm

I downloaded the regtools.vbs file and ran it on the server.

YIPPPYYYY - it worked a treat, I am now able to edit the registry on all client PC's again.

Just thought I would pass it on to anyone who has been chasing a fix like me.

Absolutley brilliant..

Good luck.

I find that older versions of regedit work even when regedit is disabled.
find these older versions on the web in a google search or something

once you have it open,

to disable regedit go to dir:HKEY_CURRENT_USER\
Software\Microsoft\Windows\CurrentVersion\Policies\System
and create a binary value named "DisableRegistryTools" and
set value data to 01 00 00 00

if you want to enable it, than just delete the binary value!

Thanks Simon Baker, you helped me a lot!

Thanks Simon. :thumb:

I encountered a similar problem after visiting some adult or song web site. My IE home page got hijacked and systems always appear 'baidu.2008.cc' after window startup.

After seen through other replies and recommendation, I tried the following method:

1. download the hijack program and run it.
2. delete those that related to the virus like web page address of baidu etc.
3. run the enableregedit.vbs
4. run the regedit from start -> run command
5. goto the local machine -> software -> microsoft -> windows -> current version -> run, you should able to see url address got hijacked
--- delete the register
--- Also browse through other register in this page just to be awared. Because I realise my virus run hws.exe which I suppect is the main culprit of the virus.
6. Quit regedit.
7. Restart the windows and goto safe mode.
8. run regedit again. If u can run regedit now then confirm the virus is activated during the windows loading the devices and the highly suspected virus come when the windows loading in all the devices.
9. While u are still inside the regedit, use the find to find the keyword like in my case I find 'baidu' and all key related to this term appear. Delete all of them, some in your IE url address etc.
10. restart the window in normal mode to observer the happening.

If the virus appear again, go through all steps again and monitor closely the run page in your windows registries as the virus may come in different name (in my case is hws.exe where i rename it).

Hope this would help someone...

thanks for reading

Alternatively. Running Hijackthis shows the restriction which you can then fix using Hijackthis..


For XP the command line tool reg.exe can be used too to edit the registry.

There are many different ways to remove a restriction.

If XP Pro, using gpedit.msc as well.

When hijacked, asking for help at the forums and posting a Hijackthis log is the best way to get help.