How to fix a new style taskman/registry/msconfig disabler

  • Gearu
  • Novice
  • Novice
  • User avatar
  • Posts: 24

Post 3+ Months Ago

I was recently hit with the usual virus package that disables taskmanager, the registry and msconfig utilities and a few extra bits and pieces, After getting into the registry via making a .com extension copy of it, I discovered that the familiar taskmanager disabler thread in 'policies' was not there, I came across this site whilst trying to fix it (fabulous site by the way), but couldn't find the solution, I did, however find out how to fix it myself.

For those of you who have a similar problem to what I had, In the registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
In about half the folders in there, there was a thread called 'Debugger' and its value was pointed to a legitimate windows program, wscntfy.exe (windows notification center, which does nothing when you open it - at least on my machine).
This results in wscntfy.exe opening, but it closes so fast you don't see it appear when you do things like ctrl+alt+del, I found this out while I had my process monitor open, and holding ctrl+alt+del resulted in lots of wscntfy.exe processes appearing in the list and disappearing a couple seconds after, I was puzzled for a while, But I then figured to use 'find' in the registry to search for all things related to wscntfy and came across all the redirecting/debugger threads.

Destroying this thread in the taskmanager folder brought it back, I then went about deleting all these debugger threads in each folder of this group, including the msconfig and regedit ones, they were all pointed to wscntfy.exe, and now they all work again.
Hope you find this useful
  • Anonymous
  • Bot
  • No Avatar
  • Posts: ?
  • Loc: Ozzuland
  • Status: Online

Post 3+ Months Ago

  • Don2007
  • Web Master
  • Web Master
  • Don2007
  • Posts: 4924
  • Loc: NY

Post 3+ Months Ago

That's very useful and it's good to see someone else who is not afraid to make registry changes. People seem to shy away from them.

Post Information

  • Total Posts in this topic: 2 posts
  • Users browsing this forum: No registered users and 92 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.