Re: Help, possible virus disabled taskmanager and regedit on server.

---

• From: "Merv Porter [SBS-MVP]" <mwport@xxxxxxxxxxxxxxxxxxx>
• Date: Thu, 18 Dec 2008 08:28:27 -0500

---

The following may get you past the disabled Task Manager (you may need to
create the DisableTaskMgr key) and Regedit isuues, but your systems have
been compromised. Best practice is generally to do a wipe and restore from
backup.

TUTORIAL: Task Manager, Regedit, etc won't open (Part 1)
http://www.ozzu.com/windows-tutorials/tutorial-task-manager-regedit-etc-won-open-part-t44857.html
-----------------------------------------
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\
System]
Value Name: DisableTaskMgr
Data Type: REG_DWORD (DWORD Value)
Value Data: (0 = default, 1 = disable Task Manager)

If the value is set to 1 Task Manager will be disabled. By returning it to
it's default value of 0 it can be re-enabled (although doesn't "fix" the
root cause, i.e. trojan removal). If regedit is also not working, you can
make a copy of regedit.exe and rename the copy regedit.com and at a run
command prompt you can type in regedit.com instead of plain old regedit and
it should work.
-----------------------------------------

--
Merv Porter [SBS-MVP]
============================


"David" <david@xxxxxxxxxx> wrote in message
news:aMq2l.27034$Iz4.3007@xxxxxxxxxxxxxxxx

Hi All
Fairly new to SBS 2003.I have my server set up to download latest MS
patches automatically. I run AVG virus scanner, ISA2004 is running.
Trouble is I think a virus has got in from somewhere. It has disabled task
mananger and regedit on the server and has done the same for all clients.
( I can't re-enable task manager using gpedit.msc either).
Virus scans of hard disks dont pick anything up. Everything is running
fairlly normally apart from this. Any help that doesn't involve a
reinstall appreciated or its going to be a sleepless Christmass!)
Cheers, David (UK)

.

---

• Follow-Ups:
  • Re: Help, possible virus disabled taskmanager and regedit on server.
    • From: David
  • Re: Help, possible virus disabled taskmanager and regedit on server.
    • From: Jim Behning SBS MVP

• References:
  • Help, possible virus disabled taskmanager and regedit on server.
    • From: David

• Prev by Date: RE: Email Issue
• Next by Date: Re: OT: all systems on network slow for last week or so
• Previous by thread: Re: Help, possible virus disabled taskmanager and regedit on server.
• Next by thread: Re: Help, possible virus disabled taskmanager and regedit on server.
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: MMC Consoles will not stay open! NONE of them! grrrrrrrr ... Have you ran a virus scan on this computer? ... Task manager and regedit not opening is one of the symptoms of the swen ... > Viewer, Services, AD Admin, Server Admin, NONE OF THEM ... (microsoft.public.win2000.advanced_server) Re: Cannot run programs in the "RUN" window ... I tried the copies of Task Manager, Regedit and msconfig. ... | This behavior can be caused by a virus. ... (microsoft.public.windowsxp.general) Re: unable to access task manager and regedit ... It would help me make the utility work better. ... >i have already run many virus checkers, ... >>Creates usable copies of REGEDIT, ... >>> I am unable to access task manager and regedit. ... (microsoft.public.windowsxp.security_admin) Re: unable to access task manager and regedit ... one of the spybot worm variants. ... >i have already run many virus checkers, all say I have no> virus. ... the dougknox.com utility errored out on me but I> copied the files and renamed them and can now run both> task manager and regedit. ... (microsoft.public.windowsxp.security_admin) Re: regedit disappears after 15-20 seconds ... Emergency Msconfig, Regedit, Task Manager ... This behavior can be caused by a virus. ... (microsoft.public.windowsxp.general)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Windows  > microsoft.public.windows.server.sbs  > 2008-12