Catch and remove malicious registry entries

Automagically

• Restoro

• Iolo System Mechanic

Manually

Windows Registry is one of the most important built-in tools on your Windows computer. Registered malware is not uncommon. Check the Windows Registry for malware because any operation on your PC can make a footprint in it. And you can remove malware from the Windows Registry.

1. Create a system restore point

2. Run regedit to open the Registry Editor

3. Go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion

4. Scroll down and find the folders which start with Run

5. Click each folder to open the program list

Be careful. Not all are malicious. Check for:

• Misspelled names

• Unfamiliar programs

• Search with DuckDuckGo to find confirmation either way

If it turns out malicious, right-click on that entry and select Delete to remove it from Windows Registry.

Also look in:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\User Shell Folders
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\Shell Folders

Related

• Endpoint detection and response

• Malware analysis