allen2 Posted July 26, 2009 Posted July 26, 2009 Hi,I'm looking for a tool to take ownership a registry key. I tried setacl, subinacl and regacl and none of them can do it (at least i didn't found how). The targeted reg key was set by a virus and it set only the full control for the system. I would like to remove this reg key with a script but the administrator don't have the rights on it.Also i can do it without taking ownership with regedit but it would take a long time to do it this way.
Colonel O'Neill Posted July 26, 2009 Posted July 26, 2009 I'd just take ownership of the whole hive and propagate permissions through the entire hive (probably not really a smart idea).Maybe this will help?http://support.microsoft.com/kb/245031
CoffeeFiend Posted July 26, 2009 Posted July 26, 2009 I would like to remove this reg key with a script but the administrator don't have the rights on it.Chances are that those tools would actually work, but that the key contains embedded nulls, causing them to fail (usually with a permission-related error message). Regedit can't touch those either. That's one of the tricks malware makers tend to use (you can't remove them using Windows API calls either! A malware maker's dream!) I'd give RegDelNull a try (yet another sysinternals gem)Then again, maybe it's just a plain old permission issue.
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now