Get back the control of your registry from Trojans
Ruhani Rabin
Few days before i was copying some files from my friends SONY M2 memory card and bam i've been hit by a Trojan, it was silently sitting on the memory card. the file name is Flash.exe and it creates a autorun.inf file in your memory card and any usb disk you put into your computer will be infected by it. It keeps running on the memory and it will disable your Task Manager, Command Prompt and Registry Editor. Well these are the tools you need to use to get rid of the trojan virus. I've cleaned my system with Kaspersky Antivirus Pro 7 and still i was not able to use command prompt or regedit. Here are the things you need to do after cleaning the Trojan Virus.
TO ENABLE COMMAND PROMPT USE ONE OF THE METHOD BELOW:
Message: "The command prompt has been disabled by your administrator"
When you attempt to run CMD.exe or a batch file, you may receive the message "The command prompt has been disabled by your administrator". This is caused by restrictions placed in Registry. DisableCMD value is set to 1 or via Group Policy. To enable Task Manager, try any of these methods:
Method 1: Using the console registry tool
-
Click Start, Run and type this command exactly as given below: (better - Copy and paste)
REG add HKCU\Software\Policies\Microsoft\Windows\System /v DisableCMD /t REG_DWORD /d 0 /f
Method 2: Edit the registry directly
-
Open Registry Editor (Regedit.exe) and navigate to:
[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System]
-
In the right-pane, double-click DisableCMD and set it's data to 0
Method 3: Using Group Policy Editor in Windows XP Professional.
-
Click Start, Run, type gpedit.msc and click OK.
-
Navigate to User Configuration \ Administrative Templates \ System
-
Double-click the Prevent access to the command prompt
You can then disable or set the policy to Not Configured. Disabling or setting this policy to Not Configured should solve the problem.
TO ENABLE REGISTRY EDITING TOOLS USE ONE OF THE METHOD BELOW:
Registry Editing has been disabled by your administrator
This error occurs if the DisableRegistryTools Policy is enabled. With this policy enabled, you receive the following error message when you start the Registry Editor (regedit.exe)
For standalone Windows XP systems, perform the steps below to remove the registry editing restrictions.
Method 1: Using the REG.EXE console tool
- Click Start, Run and type this command:
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f
Method 2: Using the Group Policy Editor (Windows XP Professional only)
- Click Start, Run and type gpedit.msc and press ENTER
- Go to the following location:
User Configuration | Administrative Templates | System
- Double-click Disable registry editing tools and set it to Not Configured
- Exit the Group Policy Editor
Note: If the setting already reads Not Configured, set it to Enabled, and click Apply. Then revert it back to Not Configured. This ensures that the DisableRegistryTools registry value is removed successfully.
TO ENABLE TASK MANAGER USE ONE OF THE METHOD BELOW:
When you try to open Task Manager, the following error may occur:
Task Manager has been disabled by your administrator
This error is caused if the DisableTaskMgr restriction is enabled. To enable Task Manager, try one of these methods:
Method 1
- Click Start, Run and type this command exactly as given below: (better - Copy and paste)
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f
Method 3
- Click Start, Run and type Regedit.exe
- Navigate to the following branch:
HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies\ System
- In the right-pane, delete the value named DisableTaskMgr
- Close Regedit.exe
Method 4: Using Group Policy Editor - for Windows XP Professional
- Click Start, Run, type gpedit.msc and click OK.
- Navigate to this branch:
User Configuration / Administrative Templates / System / Ctrl+Alt+Delete Options / Remove Task Manager
- Double-click the Remove Task Manager option.
- Set the policy to Not Configured.
Hope it will help someone out there.
| 2.5 |
Related Topics
Did you enjoy this post? Why not leave a comment below and continue the conversation, or subscribe to my feed and get articles like this delivered automatically to your feed reader.
Comments
Wow thanks, after i removed that nasty Trojan my task manager would no longer work, this information was great. I followed the instructions and it worked lovely. Thank you for having this great information on the net so we can fix this problem on our own. It’s awesome!…= )
|
|
2.5 |
XskyX (Who am I?) so how to do those steps if Run has been disabled.probably because of virus. at first only Run and task manager has been disabled. then control panel too. after a lil’ bit trying i’m able to enable control panel. cmd.exe is still there.but if i run it,it will off automatically in a few seconds. the same thing happen if i open control panel and c:\programfiles. my pendrive has been infected by Trojan horse TR/Autoit.SA as it said by Luke Filewalker. so,is there any other methods/tools or watsoever as long as i can clean up my pc w/out formatting. thanks.
|
|
2.5 |
chip (Who am I?) hello there
Im having problems starting it on safe mode im not able to use the run option due to my computer crashing, although your information sounds helpful, unfortunately im not able to try it out cause im not able to get on the run option from the start menu, as im turning on my computer it shuts down and gives me a blink screen… are u able to help me out with any info on how to get pass the problem, I will appreciate any help.
|
|
2.5 |
Victor (Who am I?) 
this is awesome, it helps me a lot….thank you so much…
God Bless!!
By:
Nielcast