Few days before i was copying some files from my friends SONY M2 memory card and bam i've been hit by a Trojan, it was silently sitting on the memory card. the file name is Flash.exe and it creates a autorun.inf file in your memory card and any usb disk you put into your computer will be infected by it. It keeps running on the memory and it will disable your Task Manager, Command Prompt and Registry Editor. Well these are the tools you need to use to get rid of the trojan virus. I've cleaned my system with Kaspersky Antivirus Pro 7 and still i was not able to use command prompt or regedit. Here are the things you need to do after cleaning the Trojan Virus.
TO ENABLE COMMAND PROMPT USE ONE OF THE METHOD BELOW:
Message: "The command prompt has been disabled by your administrator"
When you attempt to run CMD.exe or a batch file, you may receive the message "The command prompt has been disabled by your administrator". This is caused by restrictions placed in Registry. DisableCMD value is set to 1 or via Group Policy. To enable Task Manager, try any of these methods:
Method 1: Using the console registry tool
Click Start, Run and type this command exactly as given below: (better – Copy and paste)
REG add HKCUSoftwarePoliciesMicrosoftWindowsSystem /v DisableCMD /t REG_DWORD /d 0 /f
Method 2: Edit the registry directly
Open Registry Editor (Regedit.exe) and navigate to:
In the right-pane, double-click DisableCMD and set it's data to 0
Method 3: Using Group Policy Editor in Windows XP Professional.
Click Start, Run, type gpedit.msc and click OK.
Navigate to User Configuration Administrative Templates System
Double-click the Prevent access to the command prompt
You can then disable or set the policy to Not Configured. Disabling or setting this policy to Not Configured should solve the problem.
TO ENABLE REGISTRY EDITING TOOLS USE ONE OF THE METHOD BELOW:
Registry Editing has been disabled by your administrator
This error occurs if the DisableRegistryTools Policy is enabled. With this policy enabled, you receive the following error message when you start the Registry Editor (regedit.exe)
For standalone Windows XP systems, perform the steps below to remove the registry editing restrictions.
Method 1: Using the REG.EXE console tool
- Click Start, Run and type this command:
REG add HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem /v DisableRegistryTools /t REG_DWORD /d 0 /f
Method 2: Using the Group Policy Editor (Windows XP Professional only)
- Click Start, Run and type gpedit.msc and press ENTER
- Go to the following location:
User Configuration | Administrative Templates | System
- Double-click Disable registry editing tools and set it to Not Configured
- Exit the Group Policy Editor
Note: If the setting already reads Not Configured, set it to Enabled, and click Apply. Then revert it back to Not Configured. This ensures that the DisableRegistryTools registry value is removed successfully.
TO ENABLE TASK MANAGER USE ONE OF THE METHOD BELOW:
When you try to open Task Manager, the following error may occur:
Task Manager has been disabled by your administrator
This error is caused if the DisableTaskMgr restriction is enabled. To enable Task Manager, try one of these methods:
- Click Start, Run and type this command exactly as given below: (better – Copy and paste)
REG add HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem /v DisableTaskMgr /t REG_DWORD /d 0 /f
- Click Start, Run and type Regedit.exe
- Navigate to the following branch:
HKEY_CURRENT_USER Software Microsoft Windows CurrentVersion Policies System
- In the right-pane, delete the value named DisableTaskMgr
- Close Regedit.exe
Method 4: Using Group Policy Editor – for Windows XP Professional
- Click Start, Run, type gpedit.msc and click OK.
- Navigate to this branch:
User Configuration / Administrative Templates / System / Ctrl+Alt+Delete Options / Remove Task Manager
- Double-click the Remove Task Manager option.
- Set the policy to Not Configured.
Hope it will help someone out there.