Windows Registry is one of the most sensitive parts of a Windows computer that takes care of every operation that occurs. It’s not unusual to encounter registry malware on your Windows 11/10 computer, which results in system hack or failure of resources. In this post, we will walk you through the manual procedure to check and remove malware from the registry in Windows 11/10.
How to check Registry for malware in Windows 11/10
It is not easy to tell if your PC is infected with any of such registry malware. Fileless Malware sometimes may also hide in Rootkits or the Windows Registry. However, if you doubt malware has infected your machine, you may either remove it or have antimalware do it for you.
Once the malware infects the system registry, it hijacks the command center, which may result in system and data collapse that sometimes is beyond recovery.
To check and manually remove malware from the registry in Windows 11/10, do the following:
Since this is a registry operation, it is recommended that you back up the registry or create a system restore point as necessary precautionary measures. Once done, you can proceed as follows:
- Press Windows key + R to invoke the Run dialog.
- In the Run dialog box, type
regeditand hit Enter to open Registry Editor. - Navigate or jump to the registry key path below:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
- At the location, on the left pane, scroll down to locate folders starting with Run.
You may find one to up to six of such folders depending on your computer.
- Now, click on each of these Run folders, which contain a list of programs that your computer is programmed to run automatically as soon as you boot the machine.
It is important you pay extra attention to the entries as many malware programs may be there with misspelled names or they may look unfamiliar to you. If you find any such name, you can search for it on Google or any search engine and research. As soon as you’re satisfied that the entry is not legit and may be malware, right-click the entry, and choose delete.
- Once you’ve deleted the suspected entry, you’ve possibly removed a registry malware.
Other common Registry keys that malware uses
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\User Shell Folders
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\Shell Folders
If you find it difficult to delete locked Registry Keys or DWORDS. etc, you may use Registry DeleteEx.
Read: Malware Removal Guide & Tools for Beginners.
Use free Registry Auditor
Registry Auditor scans your registry for Adware, malware and spyware entries – including parasites and trojans, and tells you by colored icons whether specific Objects are known to be safe or harmful –
- Green icon stands for Safe,
- Yellow icon for Unknown and
- Red icon for Harmful entries.
You can download it here.
Related read: Clean up a ransomware-infected Registry using Kaspersky WindowsUnlocker.
That’s it!
