How to check and manually remove malware from Registry in Windows 10

How to check and manually remove malware from Registry in Windows 10

The Windows Registry is one of the most sensitive parts of the Windows computer, taking care of all the operations that happen in the system. It’s not uncommon to encounter malware in the Registry on a Windows 10 computer, which leads to a hacked system or damaged resources. In this article, Macworld will guide you through the process manually to check and remove malicious software from the registry in Windows 10.

How to check for malware in the Registry on Windows 10

It is not easy to know if the PC is infected with any malware in the Registry or not. Fileless Malware can also sometimes be hidden in Rootkits or Windows Registry. However, if you suspect that a malware has infected your machine, you can either remove the software or let an anti-malware do it for you.

  • Root removal of malware (malware) on a Windows 10 computer

When malware infects the system registry, it takes over the command center, which can lead to system crashes and sometimes irreversible data.

To check and manually remove malware from Registry in Windows 10, please do as follows:

Manually remove malware from Registry in Windows 10

Since this is a Registry related operation, you should back up the Registry or create a system restore point as necessary precaution. Once done, you can proceed as follows:

Press Win + R keys to bring up the Run dialog box .

In the Run dialog box, type regedit and press Enter to open Registry Editor.

Navigate or navigate to the registry key path below:

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersion

On the left panel, scroll down to find folders that start with Run.

You can find 1 to up to 6 such folders depending on the computer.

Now, click on each of these Run folders, which contains a list of programs that your computer is programmed to run automatically as soon as you start it up.

It’s important to pay attention to entries with misspelled names or that look strange to you (many malware programs may be located there). If you find any such name, you can search for it on Google or any other search engine and study the information carefully. As soon as you find the item is invalid and possibly malware, right-click on it and remove it.

After deleting the suspect entry, the malware in the Registry will be removed.

Other common registry keys used by malware

  • HKEY_LOCAL_MACHINE Software Microsoft Windows CurrentVersion RunServices
  • HKEY_LOCAL_MACHINE Software Microsoft Windows CurrentVersion RunServicesOnce
  • HKEY_CURRENT_USER Software Microsoft Windows CurrentVersion Explorer Shell Folders
  • HKEY_CURRENT_USER Software Microsoft Windows CurrentVersion Explorer User Shell Folders
  • HKEY_LOCAL_MACHINE Software Microsoft Windows CurrentVersion explorer User Shell Folders
  • HKEY_LOCAL_MACHINE Software Microsoft Windows CurrentVersion explorer Shell Folders

If you find it difficult to delete registry keys or DWORD, etc., you can use Registry DeleteEx.

Use Registry Auditor for free

Use Registry Auditor to remove malware from the registry

Registry Auditor scans the Registry for adware, malware, and spyware entries – including trojans, and lets you know if specific objects are safe or harmful, via icons. color statue.

  • The green icon is Safe.
  • The yellow icon is Unknown.
  • Red icon for harmful items (Harmful).

Link to download Registry Auditor:

http://www.nsauditor.com/anti_adware_spyware_tools/registry_adware_spyware_scanner.html

See more:

  • Why is a second malware scan needed on the system?
1