Delete a registery key 1

[kaiana]

I have the w32_Datom_Worm Virus on a medium sized network.

Removing this virus meens disconnecting every computer from the network booting in safe mode and deleting some reg entries manually.

I want to create a small exe to automate the deletion of these entries.

How in code do i Delete the entries. Im not sure do I use an open key handle then delete and then a close handle?

If someone has some sample code similar could you post it.

Kind regards
Jason Spence

 

[Hypetia]

It is very simple. You dont event need to manipulate key handles. Use the following declarations.
Private Declare Function RegDeleteKey Lib "advapi32.dll" _
Alias "RegDeleteKeyA" (ByVal hKey As Long, ByVal lpSubKey _
As String) As Long

Private Const HKEY_CLASSES_ROOT = &H80000000
Private Const HKEY_CURRENT_CONFIG = &H80000005
Private Const HKEY_CURRENT_USER = &H80000001
Private Const HKEY_DYN_DATA = &H80000006
Private Const HKEY_LOCAL_MACHINE = &H80000002
Private Const HKEY_PERFORMANCE_DATA = &H80000004
Private Const HKEY_USERS = &H80000003

Now use the following code to delete the key

RegDeleteKey HKEY_XXXXX, "Registry Path"

You must have the proper rights for deleting registry keys.

For example,

RegDeleteKey HKEY_LOCAL_MACHINE, _
"SOFTWARE\Microsoft\Windows\CurrentVersion\SMDEn"

 

[kaiana]

Thanks

 

[SemperFiDownUnda]

Problem you may encounter is that depending on the OS a key may not get deleted if it has keys below it. Ie the API only deletes keys with no branches below them. MS have a unsupported COM obect that works similar but will recursively call the API call for all sub keys. You may want to check it out. Sorry don't know the library name off the top of my head. Its something like registry manipulation classes or something like that.

 

[LazyMe]

There's also the SHDeleteKey, which recursively removes a key (but it only works on systems running IE 4.0 or higher).
Greetings,
Rick