Sign in to follow this  
shanenin

Delete A Registry Value

Recommended Posts

I am just lost trying to follow this guide. I want to delete a value for a registry key. The syntax for the method is winapi32.RegDeleteValue(key, value)

value is a string, which is the name of the value. That part is easy. I don't understand the key argument. Below is what I am referencing

http://aspn.activestate.com/ASPN/docs/Acti...Value_meth.html

Any suggestions woudl be appreciated, thanks.

edit added later//

This seems to be working

import win32apiimport win32con
key = win32api.RegCreateKey( win32con.HKEY_LOCAL_MACHINE, "SOFTWARE\Microsoft\Windows\CurrentVersion\Run" )win32api.RegDeleteValue(key, "value_name")
Edited by shanenin

Share this post


Link to post
Share on other sites

does python have the ability to create reg files? If so, you could have it create a reg file, merge it with the registry, then delete the reg file. That's how EpolvyFix works. :)

Matt

Share this post


Link to post
Share on other sites

yes python can create a registry key or value

Why does it have to create a registry value, doen't it just have to delete the value that the trojan created? I don't think I am following you totally.

Share this post


Link to post
Share on other sites

He's talking about using .reg files to patch the registry. Export your changes into a .reg file, then import it into the registry. The moral equivalent to editing a file by generating a diff and using the patch utility to apply the changes. IOW, doing it the hard way :)

Edited by jcl

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this