So I have a person whose PC got hijacked and the exe file handlers in the registry have been altered so no exe will run, I got a VistaPE boot on there with PERegistry Loader but have had no luck in being able to edit the HKEY_CLASSES_ROOT of the system on the hard drive, anyone know how to do this?
How to Edit Local HKEY_CLASSES_ROOT ON local system from VistaPE
Started by
Burner727
, Nov 27 2009 10:08 PM
1 reply to this topic
#2
JonF
-
- .script developer
-
- 1185 posts
Gold Member
- Location:Boston, MA
-
United States
Posted 28 November 2009 - 01:36 AM
Use the Runscanner plugin, run the Remote Registry Editor shortcut it provides. HKEY_CLASSES_ROOT isn't really a registry hive, it's just a shortcut to HKEY_LOCAL_MACHINE\Software\Classes, which is where you will find the keys.So I have a person whose PC got hijacked and the exe file handlers in the registry have been altered so no exe will run, I got a VistaPE boot on there with PERegistry Loader but have had no luck in being able to edit the HKEY_CLASSES_ROOT of the system on the hard drive, anyone know how to do this?
But I hope you know a lot about what you are doing, because the organization of that section can be very complex and confusing. Have you tried Spybot Search and Destroy and/or MalwareBytes Anti-malware from VistaPE?
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
