Question

Locked

windows cannot find c:\Windows\regedit.exe

By vanbinh.nguyen ·
Previous time my PC infected with virus.
Now virus be cleaned by Symantec Antivirus. But i still cannot open "Registry".
When I try to open "Registry" by Start->Run->regedit, an error message display "windows cannot find c:\windows\regedit.exe. Make sure you typed the name correctly, and then try again. To search for a file, click Start button and click Search".
open regedit.exe in c:\windows folder and Command Propmt is the same problem.
Repairing OS and "Sfc /Scannow" command cannot solve the problem.
Please help me open registry?

This conversation is currently closed to new comments.

15 total posts (Page 2 of 2)   Prev   01 | 02
Thread display: Collapse - | Expand +

All Answers

Collapse -

Check quarantine

by msnep In reply to windows cannot find c:\Wi ...

I'm not familiar with Symantec, but I suppose it has a quarantine folder to which infected files are move when they are "deleted" (if they can't be cleaned).

Check this quarantine folder, or for a function in the Symantec scanner to restore deleted files.

Of course, make sure you got rid of the virus!

Btw, can you run the file c:\windows\system32\regedt32.exe?

Collapse -

c:\windows\system32\regedt32.exe is not work

by vanbinh.nguyen In reply to Check quarantine

I double click on c:\windows\system32\regedt32.exe file but it is not run. Maybe it ran but there are no window appeared.

Collapse -

c:\windows\system32\regedt32.exe is not work

by vanbinh.nguyen In reply to Check quarantine

I double click on c:\windows\system32\regedt32.exe file but it is not run. Maybe it ran but there are no window appeared.
Sysmantec did not quarantine regedit.exe.

Collapse -

Process Explorer

by msnep In reply to Check quarantine

I would first make sure that the virus is really gone.

What I would try:

1. Can you copy the file regedt32.exe from another computer, then boot the problem computer in safe mode and run regedt32.exe.

2. Run Process Explorer (not in safe mode) and check if there's any suspicious activity, esp. with svchost processes. You can look at the threads and see which files are associated with suspicious processes, and then remove/rename these files and related entries in the registry (maybe you need restart in Safe mode to remove/rename files). Make sure you know what you're doing, and/or have a backup...
Process Explorer can be downloaded from Microsoft.

Let me know how it's going

Collapse -

copying regedt32.exe from another PC work well

by vanbinh.nguyen In reply to Process Explorer

Thank you very much for your help!Msnep

Back to Malware Forum
15 total posts (Page 2 of 2)   Prev   01 | 02

Related Discussions

Related Forums