# Task Manager, Regedit, etc won't open (Part 1)

(This is part one of a multi-part tutorial.)

Having problems with Task Manager, Regedit, Msconfig, etc not opening? Can't run a virus scan or update your .dat files? Seems to be a fairly common problem these days. There could be a variety of explanations, but most likely you have a virus/trojan infecting your machine. Many viruses/trojans/malware attempt to circumvent the tools to find and remove them. This is now your problem.

(*note – Before proceeding (provided you are not reading this from the infected computer), disconnect all internet connections, particularly if you are on broadband or DSL. An active connection may allow a malicious user to do additional damage to your machine while you are reading. Reconnect only when instructed to do so. In fact it is a best practice, to immediately disconnect your computer from the internet any time you suspect or determine that you have a virus until you can get it cleaned or get advice from an expert.)

How can I avoid this? (Top dozen)

1. If you don't have one already, install and religiously use a good Anti-Virus program such as Symantec's Norton or McAfee. Religiously update the dat files and run scheduled weekly (or daily) scans.
2. Make sure Realtime scanning is enabled. A Firewall is a definite plus.
3. If you can't afford a cost effective virus protection then use some free online tools like TrendMicro or AVG on a regular basis.
4. Don't trust pop-ups that tell you that you may have spyware on your machine. Most of these are money-making schemes designed to get you to buy their removal product, which in some cases also contain adware and spyware. For a list of those to avoid see here: http://www.spywarewarrior.com/rogue_anti-spyware.htm
5. Make back-ups of your most essential files frequently by whatever means you have available, i.e. Tape, CD, DVD, USB Drives, Ghost programs, etc. You never know when you'll have to reformat and start from scratch and without current backups of your essential files, you're basically screwed. You can always reformat and reinstall programs, but you cannot replace your data if you haven't made backups.
6. Be careful where you "surf". If you know you are going to click a site that is questionable, then at least be intelligent enough to disable JavaScript, java, ActiveX installations, etc... You "surf" these sites at your own risk and don't come crying to mama when you get burned.
7. Uninstall and quit using P2P networking proggies like Kazaa and Limewire. These are your most likely weakest links if you're using them. Primarily most stuff transferred is illegally obtained and if you won't give it up -- suck it up and pay the consequences.
8. Install and regularly use anti-spyware removal tools such as Adaware and Spybot S&D
9. Don't give access to your computer to friends / family who appear to be clueless about what they are doing. Otherwise, you'll come home from school / work one day and your computer will be trashed.
10. Many "free" online games come bundled with adware / spyware and simply won't work without them. If you have Wild Tangent installed on your computer you are already a victim.
11. Don't install Weather Bug. If you want a free weather service install the Weather Channel version instead.
12. When in doubt -- don't download it and don't install it until you've researched it. You are always welcome to ask OZZU about questionable programs for advice.

Back to the topic at hand.

I can't run Virus scans or do Updates

By editing this file (without rebooting - rebooting may cause the file to be overwritten again by the virus), there is a possibility that you could now update your virus protection files or at least run online scans. It doesn't completely fix the problem but at least it's a start. Your best practice is to attempt to get a dat update for your Virus protection and then reboot to safemode and run your virus protection in safemode. If you have configuration options available, configure your virus protection to first "clean" infected files, and as a second option "delete". In my opinion, Quarantine is useless. Why would you want to leave a virus on your machine? Get rid of it from the start. Your virus protection may or may not find anything, depending on how current the virus is, and how up-to-date your anti-virus definition files are.

I've edited my Hosts file, but my virus protection still won't run.

Many users today are running their computers on a home network. If your computer is networked with others, then you may have some easier solutions than others. One of the benefits of being networked is that you can connect to your problem machine from another unaffected computer on the network and run virus scans via the clean machine. For those of you who are experienced with networking, simply map a drive to the administrative share (c$) on the infected computer and use your virus scanner to scan the mapped drive. If you already know how to do this, then skip the next part of these instructions. If you are clueless about what I just said, read on. Being networked allows you to share files and view files and directories between machines. Windows NT, Windows 2000 and Windows XP come with a built in "Administrative Share" for each drive you have on the machine. Here's how to connect from one machine to another if you don't know how. Make sure both machines are booted to Windows and you are logged in as Administrator. You will need to know the Computer Name of the infected computer. If you don't know the name, right click My Computer and select Properties. Go to the Computer Name tab and note the Full Computer Name. If you have disconnected your network from internet access as previously instructed, temporarily reconnect and update the virus definition files on the uninfected machine you are going to use. Then disconnect from the internet again. Open Windows Explorer and Select Tools | Map Network Drive. In the dialog box, uncheck reconnect at next logon. Choose whatever drive letter you would like to use and in the folder section type \machinename\c$ (Replace "machinename" with the name of your infected computer. Select the link "Connect using a different user name". In the username box type in machinename\username (Replace "machinename" with the name of the infected computer and replace "username" with an administrative user on the infected computer). For password type in the password of the administrative user. Click OK. Click Connect. This should open an Explorer Window showing the contents of the C drive on the infected computer.

Open your virus scan program on the clean computer and run a full scan on the drive letter you chose for the mapped drive. Run the scan (if possible) choosing the option to delete infected files. This will scan the infected computer and work just as if you were running the virus scan on the machine itself. This should find any existing viruses just as if you were running it on the machine itself. Delete any virus files the scan detects.

Reboot the infected machine. Hopefully this has solved the bulk of your problems. If not (or if you are not networked and can't follow these steps) head on to part two.

This concludes part one of this tutorial. You'll have to forgive me, but given time constraints it may take me a few days before I can finish part two. Hopefully, this section will be enough to at least get you closer to having a working computer again. If you need additional assistance please post for help in this board.

Please feel welcome to reply with feedback on this tutorial or questions if something is not clear, and I'll do my best to update it accordingly. Please do not post your problems in this thread. Create a new top level post to describe your problems.

## Contributing Authors

0

• Oldest
• Latest
Commented

Hey ATNO,

I really appreciate you doing things. These questions were getting out of hand.

Thanks, again.

0
Commented

One thing I experienced but that is not answered by Symantec Knowledgebase and also by this forum.
I had some malware installed few months ago.It not only disabled but damaged my taskmgr.exe file.
Task Manager would not run and the icon of the file became like that of MS-DOS application(COM) files.

I just left no popular antispy or antivirus(Norton,MSAntiSpy,CWShredder,Spybot,Ad-Aware,Sysclean), online security checks to scan both normally and in safe mode the whole system.
I posted HijackThis to 5 forums and expert sites but none found to be something running in background.

When the suspected malware was opened it disabled Norton AntiVirus and did something more. After scanning by AVG right then nothing was found and Norton repeatedly raised "internal program error" message and asked to reinstall. After a restart all got back properly but not the task manager.

Well, this is a strange incident I have ever heard. All is now normal after a clean reinstallation of XP.
But there may be something against it. Is there?

0
Commented

Well, on two occasions now, I have had to reinstall Symantec afterwards in order to get it to run correctly. I have yet heard of any virus or trojan actually damaging Task Manager to where it wouldn't run because of being damaged or corrupt.

I have since writing this portion of the tute learned the registry key which controls whether task manager is enabled or disabled.

User Key: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\
System]
System Key: [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\
System]
Data Type: REG_DWORD (DWORD Value)
Value Data: (0 = default, 1 = disable Task Manager)

If the value is set to 1 Task Manager will be disabled. By returning it to it's default value of 0 it can be re-enabled (although doesn't "fix" the root cause, i.e. trojan removal). If regedit is also not working, you can make a copy of regedit.exe and rename the copy regedit.com and at a run command prompt you can type in regedit.com instead of plain old regedit and it should work.

If taskmgr.exe is damaged you should be able to simple copy it over from a good machine and replace the damaged file with a good copy.

0
Commented
Updated

I knew those and did that too. May I have at that time something very much unknown ❗.

I changed the name of taskmgr.exe to taskmgr.com but nothing new happened, I used to get a cmd window that perhaps was going to show the task list but disappeared instantly. I copied that infected file to another directory but the same incident there. Though the idea of replacing a good copy did not come to my mind in that embarrassing situation. Now I have made the backup of taskmgr, msconfig and regedit.

0
Commented

Well, handy too and I am quite comfortable to go to the regedit and do that manually. I did that too and theres not much difference in that, but the event was that it did not work.

0
Commented

Seems like a very comprehensive forum here--glad to have joined up; found this stickie searching for answers to my problem. In my case, regedit won't run from the run dialog box, but if I type in "regedit.exe" it will open the editor. Furthermore, both taskmanager and msconfig do work. I did have some trojans I believe, but I modified registry as I always do to monitor startup programs and keep the startup list clean. Anybody have an idea why the prototypical regedit won't work? I have cleaned everything, run a few online scans--nothing more...like I said, msconfig and taskmanager both are operable--no other symptomatology at this time.

-V

0
Commented

Right click My Computer and select Properties. Click the Advanced Tab and at the bottom of the Dialog box Select Environment Variables. Scroll down and find the variable PATHEXT. Ensure that .EXE is included, if not add it via the edit option. The default variable value should look roughly like this (give or take):

.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH


I can almost be certain the reason you have to type the regedit.exe is because .exe is not included in the PATHEXT environment variable.

edit//you may need to reboot for the change to take affect.

0
Commented

ATNO/TW,

Thanks man, I did check that, but no dice; .exe is in there.....I'm open to anything and everything. As mentioned here and on other boards, the symptom is as follows:

when I type "regedit" in the run dialog box, I get the quick popup and nothing more. However, if I type "regedit.exe" the editor does appear. As with before, both task manager and msconfig are fine; additionally, dxdiag is; as are other 'run' commands.........

Perhaps a file is corrupt? I don't sense anything else is amiss with my system at this point, although this little issue will drive me up a wall.......I think this trojan? came vis a vis a Bearshare dl, but not sure; at any rate, I'll await further commentary......thanks again.

V-

0
Commented
Updated

Hi vain68, the reason you canopen regedit by typing "regedit.exe" and not regedit alone, is because some worms create a new file called "regedt.com" in your system (this will execute first than the .exe). Follow this instructions to remove all this files.

• Extract the program to your desktop and double-click on its folder, then double-click on Killbox.exe to start the program.
• In the killbox program, select the Delete on Reboot option.
• Copy the file names below to the clipboard by highlighting them and pressing Control-C:
C:\Program Files\MsConfigs\MsConfigs.exe
C:\WINDOWS\system32\p2pnetwork.exe
C:\WINDOWS\system32\CMD.COM
C:\WINDOWS\system32\netstat.com
C:\WINDOWS\system32\ping.com
C:\WINDOWS\system32\regedit.com
C:\WINDOWS\system32\tracert.com

• Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

After the reboot regedit should work again.

0
Commented

Labrego,
This took care of business, I can't thank you enough; I got a few general questions as I am always trying to acquire new knowledge about all aspects of XP based systems and vulnerabilities.

1) After I got rid of the programs that loaded on startup by editing the registry, did these .com files remain as orphans left behind? The reason I ask is b/c a general windows search would not reveal these files? Also, I noted that when I pasted these files into Killbox, not every single one was in there (perhaps I could manually do one at time---but my issues is solved, I just want to be sure no traces of any of these .com files are left on board). Or on the other hand, does Killbox automatically detect which ones the system needs to delete?

2) In my search on the web, I found the worm to be one of the following (perhaps):
w32.Spybot
w32.HLLW.Cydog@mm
W32.HLLW.Kefy
Worm/Klez.h
W32.Erkez.B@mm
Worm_Mugly.I

However, aside from "moderate" threat, I couldn't get much more information....are these worms, in fact, serious problems?

Thanks again man, a pleasure to learn new things from thick brains.

Vv

0
Commented

I am having trouble with this procedure. Will Killbox only let you do one file at a time. I can only paste one file in the box. Will it delete the file if it is marked archived?

Mortek

0
Commented

Ok I got rid of those files and regedit works for me now. However, I have several dos based or windows based programs that access dos and they give me the same message system not suitable for running msdos or window applications. Any more ideas.

mortek

0
Commented
Updated

Labrego,
This took care of business, I can't thank you enough; I got a few general questions as I am always trying to acquire new knowledge about all aspects of XP based systems and vulnerabilities.

1) After I got rid of the programs that loaded on startup by editing the registry, did these .com files remain as orphans left behind? The reason I ask is b/c a general windows search would not reveal these files? Also, I noted that when I pasted these files into Killbox, not every single one was in there (perhaps I could manually do one at time---but my issues is solved, I just want to be sure no traces of any of these .com files are left on board). Or on the other hand, does Killbox automatically detect which ones the system needs to delete?

2) In my search on the web, I found the worm to be one of the following (perhaps):
w32.Spybot
w32.HLLW.Cydog@mm
W32.HLLW.Kefy
Worm/Klez.h
W32.Erkez.B@mm
Worm_Mugly.I

However, aside from "moderate" threat, I couldn't get much more information....are these worms, in fact, serious problems?

Thanks again man, a pleasure to learn new things from thick brains.

Vv

Hi vain68, yes, those files were left orphans in your system but don't worry, if you had one of these worms it doesn't mean you have all the files there. These worms are not a "serious" problem, it'll only give you some headaches if your system starts to fail, I have seen people with this worms who never noticed them until their systems started to slow down.

Ok I got rid of those files and regedit works for me now. However, I have several dos based or windows based programs that access dos and they give me the same message system not suitable for running msdos or window applications. Any more ideas.

Hi Mortek, it seems your problem is related with your Autoexec.net file, check this post to see if it helps:

https://www.ozzu.com/forum/148270/autoexecnt

0
Commented

I found that info on microsofts site. I followed their instructions and all my programs are working again. My only though was that even though you can use regedit, you probably lost the autoexec.nt file also which will prevent you from using dos files. Back up and running again and happy about it.

Thanks for the help

0
Commented
Updated

Regedit, msconfig & task manager wont open

I also found that I was unable to update my NAV definitions or even uninstall/reinstall NAV.

This is how I resolved it.

1. Bought a new HDD for £30
2. After installing windows, I installed NAV 2004 Pro, Spybot & Adaware.
3. Ran live update and updated all definitions for all programs.
4. Slaved the problem drive
5. Scanned the drive with NAV, Spybot & Adaware.
6. NAV found & removed the following viruses:
---w32.Netsky.P@mm
---w32.Mydoom.BU@mm
I can now open & use regedit, msconfig & task manager

Also I now have a spare backup drive!

Took about 3 hours in total - and most of that was installing windows & running the scans!

0
Commented

Oh, and I could now update my definitions too!

0
Commented
Updated

Hello everyone,

After a big headache and many hours of not sleeping, I found out that the problem resides on a worm virus called W32/Rbot-ANK.

It places a file on C:\Windows\System named mswinsck.exe and it is hidden.

What I did, (And really worked) was:

1. Created a Restore Point
3. Found the process "mswinsck.exe"
4. Killed the process and immediately was able to use Task Manager, cmd, Msconfig, regedit, etc.
5. I deleted the file "mswinsck.exe" located in C:\Windows\System (Remember, it is a hidden file, so set up your windows explorer)
6. The following registry entries are modified by the worm to execute the file at logon, so I had to delete them.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Microsoft Winsock
mswinsck.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
Microsoft Winsock
mswinsck.exe
HKLM\SYSTEM\CurrentControlSet\Control\Lsa
Microsoft Winsock
mswinsck.exe
HKCU\Software\Microsoft\OLE
Microsoft Winsock
mswinsck.exe

7. I rebooted and my computer seems to work fine.

8. Scanned the computer, no virus or spyware found

0
Commented

Hello again,

I forgot to tell you that the worm modifies your HOSTS file and you won't be able to access some webpages related to security (i.e. symantec, panda, f-serve, trend micro, etc.)

To resolve this issue do the following:

1.- Open your windows explorer and go to c:\windows\system32\drivers\etc
2.- Backup the file "hosts" it does not have an extention
4.- Don't delete the line 127.0.0.1 localhost
5.- Delete every line after the 127.0.0.1 (including the 127.0.0.1) that has addresses you want to access.

That's it

Hope you find it useful

ZsaZsa

0
Commented

someone tell me how to use the killbox because i press paste from clipboard and nothing happen...someone can explain me here how you got it.

sorry for my bad english xD

thanks

0
Commented

What do you try to paste there? You can't copy a file and paste in the box. You have to give the full file path there. Like if you have a file file.txt in C:\folder1\folder2 directory you have to type there C:\folder1\folder2\file.txt. You can copy-paste only when you have this file-path written anywhere.
After giving the file path press the red button that looks like 'stop' in the browser, to delete that file. If Killbox is not able to kill that at that instant it will ask whether to delete the file at next reboot during startup so that the process that is blocking that to be deleted cannot start before deletion attempt.

0
Commented

KILLDISK?

If I kill my regedit, does windows autimatically repair or rebuild it?

Do I paste the list of files from the previous posts >>> as follows, do I need to kill all these files if I am only having trouble with regedit?

C:\Program Files\MsConfigs\MsConfigs.exe
C:\WINDOWS\system32\p2pnetwork.exe
C:\WINDOWS\system32\CMD.COM
C:\WINDOWS\system32\netstat.com
C:\WINDOWS\system32\ping.com
C:\WINDOWS\system32\regedit.com
C:\WINDOWS\system32\tracert.com

0
Commented

NOVIce here with the regedit won't start problem. virus. Now cleaned. 2 x full scan came clean. but damage to registry done.

C:\Program Files\MsConfigs\MsConfigs.exe
C:\WINDOWS\system32\p2pnetwork.exe
C:\WINDOWS\system32\CMD.COM
C:\WINDOWS\system32\netstat.com
C:\WINDOWS\system32\ping.com
C:\WINDOWS\system32\regedit.com
C:\WINDOWS\system32\tracert.com

..... does windows reinstall or repair those files when I reboot.
I appreciate the help. ty.

0
Commented

NOVIce here with the regedit won't start problem. virus. Now cleaned. 2 x full scan came clean. but damage to registry done.

C:\Program Files\MsConfigs\MsConfigs.exe
C:\WINDOWS\system32\p2pnetwork.exe
C:\WINDOWS\system32\CMD.COM
C:\WINDOWS\system32\netstat.com
C:\WINDOWS\system32\ping.com
C:\WINDOWS\system32\regedit.com
C:\WINDOWS\system32\tracert.com

..... does windows reinstall or repair those files when I reboot.
I appreciate the help. ty.

What damage has been done to your registry? If your registry is that damaged you will probably be better off formatting and re-installing Windows. Windows, to my knowledge, does not repair the registry automatically.

0
Commented

I hope this is the right place to post this question - please jump over it if it isn't. I was reading that bit about Norton up there, so...
I've had something messing up my computer, which was stopping me accessing merchant sites. I downloaded spybot to clear it, but it made me realise I don't understand my security systems (windows and Norton). Now, when I go online, windows security pops up and tells me Norton's switched off - which it doesn't appear to be, or sometimes windows pops up with its own firewall or virus detection switched off. I goes to switch them on again, but in the panel, they say they are on. What's 'appening?

0
Commented

I am not able to run the task manager.NAV says i have no virus plz help !

0
Commented

I'm having the same problem. I had a dell tech do a bunch of stuff and he couldn't figure out why the taskmgr wouldn't load.

There's one in C:\windows\system32 that does nothing but say it is already being used even though it isn't.

Any idea what the problem could be? He said there was a virus. 😟

0
Commented

Hello guys.

I need help please. Can you please tell me how to easily enable the "Run" option in my Windows XP. I just had a virus and I have already cleaned it and everything but the Run Option disappeared from the Start button. I do hope you can give me clear procedure or a tool will be great.

Thanks.

0
Commented

😳 ok i too had the problem with the task manager, ipconfig, msconfig among other things that was disabled by the administrator.....here is a script that works to change your settings so they will enable the task manager and such.....now when you copy this..you have to :

2. save it as anythingyouwant.vbs
3. save as ALL FILES

when you do this save to your desktop....you will see it is in the form of a script.

go to the saved file and double click on it.....it will take a second literally to run...when it says finished...thats it....you functions will work!

i did this and it worked....and it will work for you too...thank you 😉

copy and paste this to notepad:

Set WshShell = WScript.CreateObject("WScript.Shell")
With WScript.CreateObject("WScript.Shell")
On Error Resume Next
.RegDelete "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools"
.RegDelete "HKCU\Software\Policies\Microsoft\Windows\System\DisableCMD"
End With
Mybox = MsgBox(jobfunc & enab & vbCR & "Finished!", 4096, t)

0
Commented

Thank you ATNO, your a savior(is that how to spell saviour) anyways i had this virus or malware attack! i call it attack because i couldnt do alot of things, and it disabled my task manager making panic so much. But luckily i stumbled on this forum and found your advice very useful. (Of course i went online after running a full virusscan using PANDA and deleting the virus)

Well, on two occasions now, I have had to reinstall Symantec afterwards in order to get it to run correctly. I have yet heard of any virus or trojan actually damaging Task Manager to where it wouldn't run because of being damaged or corrupt.

I have since writing this portion of the tute learned the registry key which controls whether task manager is enabled or disabled.

User Key: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\
System]
System Key: [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\
System]
Data Type: REG_DWORD (DWORD Value)
Value Data: (0 = default, 1 = disable Task Manager)

If the value is set to 1 Task Manager will be disabled. By returning it to it's default value of 0 it can be re-enabled (although doesn't "fix" the root cause, i.e. trojan removal). If regedit is also not working, you can make a copy of regedit.exe and rename the copy regedit.com and at a run command prompt you can type in regedit.com instead of plain old regedit and it should work.

If taskmgr.exe is damaged you should be able to simple copy it over from a good machine and replace the damaged file with a good copy.

0
Commented

I had this prob stated in my laptop since I inserted my bros flash drive. It had a virus ending in '.exe'
Its name similar to other folders in the flash drive(when I inserted it into my home pc, McAfee warned me of some 'w32... ' virus which replicates itself.)

The prob. is that my taskmngr, regedit, msconfig are disabled as well as 'folder options' is missing. Moreover, even in safe mode, m unable to start regedit ......as well system restore is not taking place

I fixed(deleted)reg value for system policy/disable taskmngr='1'(which should hav been changed to '0')

Pls help me to remove this virus.

and correct my reg entries

0
Commented

0
Commented

I have two questions:

OS: Windows 2000 SP4 IBM Thinkpad T20 Model 2647-95U with 256 MB of RAM

1. My Task Manager does not start up on boot and does not run after CTRL-ALT-DELETE. I tried the regedit but did not find any DisableTaskManager variable under HKEY_LOCAL_USER ...../policies or HKEY_LOCAL_MACHINE..../policies. So I am assuming the default of 0 is still good.

2. I have a lot of FOUND. folders with .CHK files from previous crashes. I have done a successful chkdsk /r /f since the last crash and also defragmented hard drive a couple of times. Would it be ok to now delete all the FOUND folders.

Thx.

Mike M.

0
Commented

Was able to start Task Manager in Safe Mode and it now works after ctrl-alt-del in regular mode. But the icon does not show up in System Tray upon boot-up. Is this not supposed to show up at all times in System tray ? [ Or is it only when Task Manager is manually opened up ..?]

Mike M.

0
Commented

Task Manager is not supposed to be in your system tray unless it is running.

0
Commented

another solution is
open Run box and type "cmd"
and then type "reg delete hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\explorer" this is the simplest solution

before u type this registry delete
u can make query reg query hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\explorere
u will see
DisableTaskMgr value is changed to 1

0
Commented

i tried all the procedures u said but none of them work . when i try to take the task manager , msconfig it says " disabled by the administrator " pls tell me wht to do ? its urgent !!!

0
Commented

maybe you're on a domain and the administrator has it disabled?