When dealing with a Malware infested PC, you may have to prune several registry entries manually in case the cleanup tool you use does not remove all of them. In most cases, you would get an error ("Error Deleting Key") stating that you don’t have permissions to delete the specified branch. So, additional steps are required to reset the registry ACL Permissions first, before deleting the key. RegASSASSIN from MalwareBytes makes it very easy to reset the ACLs and delete the keys. Whew! You don’t have to perform half a dozen steps to reset the permissions for each key.
RegASSASSIN is a portable application which makes difficult to remove registry keys placed on your system by Malware a thing of the past. The program allows you to remove registry keys by resetting the keys permissions and then deleting it. Please use with caution as deleting critical registry keys may cause system errors.
Let’s assume that a Malware has added a Service to the registry and protected the key using ACL Permissions. Deleting the key using the Registry Editor causes the following error.
Deleting a Stubborn Registry Key
1. Copy the Registry key in question. This can be done by right-clicking on the key and choosing Copy Key Name.
2. Download RegASSASSIN from MalwareBytes Website.
3. Run RegASSASIN and paste the registry key that was copied in Step 1.
4. Select the following checkboxes:
- Reset registry key permissions
- Delete registry key and all subkeys
5. Click the Delete button. Click Yes when you see the following dialog:
6. Click Yes when you’re prompted for confirmation:
The registry key is deleted!
RegASSASSIN to Just Reset the Registry Key Permissions?
In case a software installation in your PC fails due to lack of permissions to write to a specified registry key, you can simply reset the corresponding registry key (without deleting the key) using RegASSASSIN. To just reset the ACLs and preserve the registry key, uncheck the Delete registry key and all subkeys checkbox in RegASSASIN.
- This tool does not substitute for anti-malware / anti-virus software. All this tool does is to reset the permissions for the specified registry key and delete it.
- This tool needs to be run as administrator (elevated) in Windows Vista & Windows 7. To do so, right-click on the RegASSASSIN executable, and choose Run as Administrator option in the context menu.
- Complex Malware removal is to be performed by trained personnel, as they’re capable of doing a surgical cleanup without affecting other components of the Operating System. The above article is for informational purposes only.
About the author
Ramesh Srinivasan founded Winhelponline.com back in 2005. He is passionate about Microsoft technologies and has a vast experience in the ITeS industry — delivering support for Microsoft's consumer products. He has been a Microsoft MVP [2003 to 2012] who contributes to various Windows support forums.