Once you hit by any computer virus, there is a possibility to corrupt your Windows registry or modified it by the virus. You will be stuck with that point, and you won’t be able to edit registry from Windows.
Sometimes it won’t allow you to execute Regedit command from your affected PC. The best solution is that use another OS to temporary boot into your Windows and modify from that OS.
Linux is offering a fantastic utility named chntpw, which was originally designed to reset passwords, and then acquired the registry editing ability. You can use chntpw to edit your Windows registry, and it is coming with free Ubuntu OS.
Here are the steps to reset the password using Ubuntu OS CD.
1. Boot from a LiveCD (you can create from downloading ISO files from Ubuntu website) one or install a second system Ubuntu.
2. Install chntpw utility:
sudo apt-get install chntpw
3. Mount Windows partition:
Find the Windows partition:
$ sudo fdisk -l
Assume it is on /dev/sda2. Next step is mounting of the partition:
$ sudo mkdir /media/windows
$ sudo mount /dev/sda2 /media/windows
4. Registry editing
$ chntpw -l /media/windows/Windows/system32/config/software
Move to registry branch you need, for example:
$ cd MicrosoftWindows NTCurrentVersionWinlogon
and edit a key, for example:
$ ed Shell
Just cite the places in the registry where they can hide a record of running viruses:
HKLMSOFTWAREMicrosoftActive SetupInstalled Components
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotify HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWinlogonUserinit HKLMSOFTWAREMicrosoftWindowsCurrentVersionExp lorerSharedTaskScheduler HKLMSOFTWAREMicrosoftWindowsCurrentVersionShe llServiceObjectDelayLoad
The default values in Regedit:
“Shell” = “Explorer.exe”
“Userinit” = “C:WINDOWSsystem32userinit.exe”
Check Explorer.exe file for the double presence … the right place for the file is Windows but not Windows > System32.
Shut off your Ubuntu, after this procedure, try to restart windows. Good Luck.