Once you hit by any computer virus, there is a possibility for a  corrupted Windows registry or modified by the virus. You will be stuck with that point, and you won’t be able to boot to Windows or edit the registry from Windows. Most of the time, it won’t allow you to execute Regedit command from your affected PC. One of the best solutions is to use a Linux thumb drive to temporary boot on your PC, access your Windows registry and modify it.
Let us see how to modify the Windows Registry using Ubuntu from an external USB without harming the Windows OS installation.
Editor’s Note: If you don’t have a bootable Linux USB, please scroll down for the guide to create a Live Ubuntu Thumb Drive.Â
How to Edit Windows Registry Using Ubuntu from a Live USB
Linux is offering a fantastic utility named chntpw, which was originally designed to reset passwords, and then acquired the registry editing ability. You can use chntpw to edit your Windows registry, and it is coming with free Ubuntu OS.
Here are the steps to reset the password using the Ubuntu OS CD.
- Boot from a LiveCD (you can create from downloading ISO files from Ubuntu website) one or install a second system Ubuntu.
- Install chntpw utility:
sudo apt-get install chntpw
- Find the Windows partition:
sudo fdisk -l
- Assume it is on /dev/sda2. Next step is mounting of the partition:
sudo mkdir /media/windows
sudo mount /dev/sda2 /media/windows
- Edit Windows registry now
chntpw -l /media/windows/Windows/system32/config/software
- Move to registry branch you need, for example:
cd Microsoft\Windows NT\CurrentVersion\Winlogon
- And edit a key, for example:
ed Shell
Just cite the places in the registry where they can hide a record of running viruses:
HKCU\Software\Microsoft\Windows\CurrentVersionRun
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersionRun
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersionWinlogonShell
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersionWinlogonNotify
 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersionWinlogonUserinit
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersionExplorerSharedTaskScheduler
HKLM\SOFTWARE\Microsoft\WindowsCurrentVersionShellServiceObjectDelayLoad
The default values in Regedit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersionWinlogon]
"Shell" = "Explorer.exe"
"Userinit" = "C:WINDOWSsystem32userinit.exe"
Check Explorer.exe file for the double presence, the right place for the file in Windows but not Windows > System32.
Turn off your Ubuntu, after this procedure and remove the USB drive from Windows Machine. Now restart Windows and make sure the Windows is loading properly without any issues. Good Luck!
Create a Live Ubuntu Thumb Drive
Now, your Windows PC is obviously not booting so you can’t use it to create a live Ubuntu USB. You may have to borrow a friend’s or use another PC you may have around.
- Download any version of Ubuntu (preferably the latest) from their official website.
- Download Rufus. Rufus is a utility that helps create bootable USB flash drives, such as USB keys/pen drives, memory sticks, etc.
- Insert a USB drive into the PC with 4GB or more capacity. This should be the USB drive you will use to boot Ubuntu and edit Windows registry.
- Launch Rufus.
- Select your USB drive from the Device drop-down menu.
- Next, click SELECT then navigate to and select the downloaded Ubuntu image file.
- Make sure all the other options are as shown in the screenshot above.
- Click START.
- You may be asked to download additional Syslinux files, choose Yes.
- Then you’ll see a ISOHybrid image detected warning. Choose to Write in ISO Image mode (Recommended)Â and click OK.
Rufus will take some time to copy all the necessary image files to the USB drive. You can track the progress from the progress bar. When it’s complete, click CLOSE and remove the USB. Now you have a bootable Linux OS in your USB drive.
Repair Windows Registry with Linux Live USB
You did the Windows registry fix from Linux OS. Now you can boot back to Windows, and make sure Windows is loading. Before you start using the Windows, you have to run all possible scan to makes sure that you completely removed the malware or virus affected in your system. Please use some virus scanner and antimalware tools to clean up the Windows System.
All the slashes are missing.
Thank you for the feedback. Updated the article.