Get back the control of your registry from Trojans

Article Last Updated: 6th Apr 2009
Posted by Ruhani Rabin in Windows | View Comments |

windowsFew days before i was copying some files from my friends SONY M2 memory card and bam i've been hit by a Trojan, it was silently sitting on the memory card. the file name is Flash.exe and it creates a autorun.inf file in your memory card and any usb disk you put into your computer will be infected by it. It keeps running on the memory and it will disable your Task Manager, Command Prompt and Registry Editor. Well these are the tools you need to use to get rid of the trojan virus. I've cleaned my system with Kaspersky Antivirus Pro 7 and still i was not able to use command prompt or regedit. Here are the things you need to do after cleaning the Trojan Virus.

TO ENABLE COMMAND PROMPT USE ONE OF THE METHOD BELOW:

Message: "The command prompt has been disabled by your administrator"

When you attempt to run CMD.exe or a batch file, you may receive the message "The command prompt has been disabled by your administrator". This is caused by restrictions placed in Registry. DisableCMD value is set to 1 or via Group Policy. To enable Task Manager, try any of these methods:

Method 1: Using the console registry tool

  • Click Start, Run and type this command exactly as given below: (better – Copy and paste)
    REG add HKCUSoftwarePoliciesMicrosoftWindowsSystem /v DisableCMD /t REG_DWORD /d 0 /f

Method 2: Edit the registry directly

  • Open Registry Editor (Regedit.exe) and navigate to:

[HKEY_CURRENT_USERSoftwarePoliciesMicrosoftWindowsSystem]

  • In the right-pane, double-click DisableCMD and set it's data to 0
     

Method 3: Using Group Policy Editor in Windows XP Professional.

  • Click Start, Run, type gpedit.msc and click OK.

  • Navigate to User Configuration Administrative Templates System

  • Double-click the Prevent access to the command prompt

You can then disable or set the policy to Not Configured. Disabling or setting this policy to Not Configured should solve the problem.

TO ENABLE REGISTRY EDITING TOOLS USE ONE OF THE METHOD BELOW:

Registry Editing has been disabled by your administrator

This error occurs if the DisableRegistryTools Policy is enabled. With this policy enabled, you receive the following error message when you start the Registry Editor (regedit.exe)

For standalone Windows XP systems, perform the steps below to remove the registry editing restrictions.

Method 1: Using the REG.EXE console tool

  1. Click Start, Run and type this command:
    REG add HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem /v DisableRegistryTools /t REG_DWORD /d 0 /f

Method 2: Using the Group Policy Editor (Windows XP Professional only)

  • Click Start, Run and type gpedit.msc and press ENTER
  • Go to the following location:

User Configuration | Administrative Templates | System

  • Double-click Disable registry editing tools and set it to Not Configured
  • Exit the Group Policy Editor

Note: If the setting already reads Not Configured, set it to Enabled, and click Apply. Then revert it back to Not Configured. This ensures that the DisableRegistryTools registry value is removed successfully.

TO ENABLE TASK MANAGER USE ONE OF THE METHOD BELOW:

When you try to open Task Manager, the following error may occur:

Task Manager has been disabled by your administrator

This error is caused if the DisableTaskMgr restriction is enabled. To enable Task Manager, try one of these methods:

Method 1

  • Click Start, Run and type this command exactly as given below: (better – Copy and paste)
    REG add HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem /v DisableTaskMgr /t REG_DWORD /d 0 /f

Method 3

  • Click Start, Run and type Regedit.exe
  • Navigate to the following branch:

HKEY_CURRENT_USER Software Microsoft Windows CurrentVersion Policies System

  • In the right-pane, delete the value named DisableTaskMgr
  • Close Regedit.exe

Method 4:  Using Group Policy Editor – for Windows XP Professional

  • Click Start, Run, type gpedit.msc and click OK.
  • Navigate to this branch:

User Configuration / Administrative Templates / System / Ctrl+Alt+Delete Options / Remove Task Manager

  • Double-click the Remove Task Manager option.
  • Set the policy to Not Configured.

Hope it will help someone out there.

[tags]windows xp, virus, trojan, registry, command line, command prompt, ruhanirabin.com, task manager, articles, software, windows, enable, disable[/tags]
GD Star Rating
loading...
Get back the control of your registry from Trojans, 8.0 out of 10 based on 4 ratings

About Ruhani Rabin

Ruhani Rabin is the original owner and author of this blog. He also reviews web 2.0 startups at Tech2all.com. Largely interested in web 2.0 apps & Social Media. Currently the Vice President of MOL Access Portal (MOL is owner of Friendster.com). Also he is Web 2.0 & Social Media Researcher and a Total fun Geek!.. There you have it ;)

Twitter Profile: http://twitter.com/ruhanirabin

  • Thanks, I have installed anti-virus program on my laptop and its safe so far.
  • Great article! I have learned some computer skills from you:) Thank you!
  • Great post, what you said is really helpful to me. I can't agree with you anymore. I have been talking with my friend about this. Keep up with your good work, I would come back to you.
  • This is a great blog! I would really like to keep reading your blogs. Cant wait for the next post. Good blogs are hard to find!
  • Victor
    hello there
    Im having problems starting it on safe mode im not able to use the run option due to my computer crashing, although your information sounds helpful, unfortunately im not able to try it out cause im not able to get on the run option from the start menu, as im turning on my computer it shuts down and gives me a blink screen... are u able to help me out with any info on how to get pass the problem, I will appreciate any help.
  • chip
    so how to do those steps if Run has been disabled.probably because of virus. at first only Run and task manager has been disabled. then control panel too. after a lil' bit trying i'm able to enable control panel. cmd.exe is still there.but if i run it,it will off automatically in a few seconds. the same thing happen if i open control panel and c:\programfiles. my pendrive has been infected by Trojan horse TR/Autoit.SA as it said by Luke Filewalker. so,is there any other methods/tools or watsoever as long as i can clean up my pc w/out formatting. thanks.
  • XskyX
    Wow thanks, after i removed that nasty Trojan my task manager would no longer work, this information was great. I followed the instructions and it worked lovely. Thank you for having this great information on the net so we can fix this problem on our own. It's awesome!...= )
  • Norman Niel
    this is awesome, it helps me a lot....thank you so much...


    God Bless!!


    By:
    Nielcast
blog comments powered by Disqus
RuhaniRabin.com on Facebook

What the Heck is RSS?
Powered by Postrank

 

Suggested Products
graphicriverthemeforest
WooThemesElegant WordPress Themes
Affiliates

 
Premium Ads
Featured in Alltop

Last 10 posts in Windows

Random Selection

Awesome Sites

High Influence

Suggested

Members & Friends



Copyright © Ruhani Rabin | Privacy Policy   Internet Blogs - Blog Catalog Blog DirectoryFind the best blogs at Blogs.com. Protected by Copyscape plagiarism checker - duplicate content and unique article detection software.