Tuesday, July 29, 2008
My way of restoring Regedit, Task Manager, Search functions disabled by nasty virus/trojan
There have been quite of a number of computers in the organization where the Registry edit, Task Manager and even Search function got disabled by a nasy trojan or virus which I'm still unable to tell due to the stupid McAfee AV is not picking up any detection so far...
Since I can't tell which variant of trojan/virus struck the computers, i relied on my own methods after studying methods use by various netizens, here i compiled the steps in search for a cleaner systems.
1. Scan your system for virus/trojan
In this case, I opted for the online scan due to the antivirus installed on those machines are not detecting anything. I chose Pandasoft Free Online ActiveScan from http://www.pandasecurity.com/homeusers/solutions/activescan/ You're need to register a FREE account in order to clean the detected malware (low risk cookies cannot be disinfected by using the free account but that's OK) Disinfect whatever that got detected by Pandasoft.
2. Scan the processes running on the system
This is rather technical and meant for those who knows what they're doing only. Download Hijack This (FREE) from http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis or AnVir Task Manager Pro (20-Days trial) http://www.anvir.com/products.htm and carefully scrutinize and delete/quarantine the high risk processes off your system (AnVir Task Manager Pro can identify which of those consider high risk)
3. Bringing Regedit, Task Manager, Msconfig and etc Back
There are a few ways to do it actually, some running VB script or a cracked regedit.exe but the easiest one would be running this little app RRT With Removable Media Malware from http://en.sergiwa.com/modules/mydownloads/ Although it's not a freeware but it allows the features to bring back all the blocked functions mentioned here.
Good Luck.
references:
http://www.techspot.com/vb/topic18950.html
http://www.troublefixers.com/folder-options-disabled-by-virus-trojan/
http://www.wareprise.com/2006/12/21/how-to-delete-virus-that-disables-task-manager-regedit-from-launching/
http://www.viprasys.com/vb/f82/restore-task-manager-regedit-folder-options-disabled-virus-18301/
Since I can't tell which variant of trojan/virus struck the computers, i relied on my own methods after studying methods use by various netizens, here i compiled the steps in search for a cleaner systems.
1. Scan your system for virus/trojan
In this case, I opted for the online scan due to the antivirus installed on those machines are not detecting anything. I chose Pandasoft Free Online ActiveScan from http://www.pandasecurity.com/homeusers/solutions/activescan/ You're need to register a FREE account in order to clean the detected malware (low risk cookies cannot be disinfected by using the free account but that's OK) Disinfect whatever that got detected by Pandasoft.
2. Scan the processes running on the system
This is rather technical and meant for those who knows what they're doing only. Download Hijack This (FREE) from http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis or AnVir Task Manager Pro (20-Days trial) http://www.anvir.com/products.htm and carefully scrutinize and delete/quarantine the high risk processes off your system (AnVir Task Manager Pro can identify which of those consider high risk)
3. Bringing Regedit, Task Manager, Msconfig and etc Back
There are a few ways to do it actually, some running VB script or a cracked regedit.exe but the easiest one would be running this little app RRT With Removable Media Malware from http://en.sergiwa.com/modules/mydownloads/ Although it's not a freeware but it allows the features to bring back all the blocked functions mentioned here.
Good Luck.
references:
http://www.techspot.com/vb/topic18950.html
http://www.troublefixers.com/folder-options-disabled-by-virus-trojan/
http://www.wareprise.com/2006/12/21/how-to-delete-virus-that-disables-task-manager-regedit-from-launching/
http://www.viprasys.com/vb/f82/restore-task-manager-regedit-folder-options-disabled-virus-18301/
Labels: disable, disabled, disables, Edit, function, nasty, Regedit, Registry, Search, Task Manager, trojan, virus, Windows, XP
Subscribe to Posts [Atom]