Hey ATNO,

I really appreciate you doing things. These questions were getting out of hand.

Thanks, again.

One thing I experienced but that is not answered by Symantec Knowledgebase and also by this forum.
I had some malware installed few months ago.It not only disabled but damaged my taskmgr.exe file.
Task Manager would not run and the icon of the file became like that of MS-DOS application(COM) files.

I just left no popular antispy or antivirus(Norton,MSAntiSpy,CWShredder,Spybot,Ad-Aware,Sysclean), online security checks to scan both normally and in safe mode the whole system.
I posted HijackThis to 5 forums and expert sites but none found to be something running in background.

When the suspected malware was opened it disabled Norton AntiVirus and did something more. After scanning by AVG right then nothing was found and Norton repeatedly raised "internal program error" message and asked to reinstall. After a restart all got back properly but not the task manager.

Well, this is a strange incident I have ever heard. All is now normal after a clean reinstallation of XP.
But there may be something against it. Is there?

Well, on two occasions now, I have had to reinstall Symantec afterwards in order to get it to run correctly. I have yet heard of any virus or trojan actually damaging Task Manager to where it wouldn't run because of being damaged or corrupt.

I have since writing this portion of the tute learned the registry key which controls whether task manager is enabled or disabled.

User Key: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\
System]
System Key: [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\
System]
Value Name: DisableTaskMgr
Data Type: REG_DWORD (DWORD Value)
Value Data: (0 = default, 1 = disable Task Manager)

If the value is set to 1 Task Manager will be disabled. By returning it to it's default value of 0 it can be re-enabled (although doesn't "fix" the root cause, i.e. trojan removal). If regedit is also not working, you can make a copy of regedit.exe and rename the copy regedit.com and at a run command prompt you can type in regedit.com instead of plain old regedit and it should work.

If taskmgr.exe is damaged you should be able to simple copy it over from a good machine and replace the damaged file with a good copy.

I knew those and did that too. May I have at that time something very much unknown ❗.

I changed the name of taskmgr.exe to taskmgr.com but nothing new happened, I used to get a cmd window that perhaps was going to show the task list but disappeared instantly. I copied that infected file to another directory but the same incident there. Though the idea of replacing a good copy did not come to my mind in that embarrassing situation. Now I have made the backup of taskmgr, msconfig and regedit.

Well, handy too and I am quite comfortable to go to the regedit and do that manually. I did that too and theres not much difference in that, but the event was that it did not work.

Ladies and Gentz,

Seems like a very comprehensive forum here--glad to have joined up; found this stickie searching for answers to my problem. In my case, regedit won't run from the run dialog box, but if I type in "regedit.exe" it will open the editor. Furthermore, both taskmanager and msconfig do work. I did have some trojans I believe, but I modified registry as I always do to monitor startup programs and keep the startup list clean. Anybody have an idea why the prototypical regedit won't work? I have cleaned everything, run a few online scans--nothing more...like I said, msconfig and taskmanager both are operable--no other symptomatology at this time.

-V

Right click My Computer and select Properties. Click the Advanced Tab and at the bottom of the Dialog box Select Environment Variables. Scroll down and find the variable PATHEXT. Ensure that .EXE is included, if not add it via the edit option. The default variable value should look roughly like this (give or take):

.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

I can almost be certain the reason you have to type the regedit.exe is because .exe is not included in the PATHEXT environment variable.

edit//you may need to reboot for the change to take affect.

ATNO/TW,

Thanks man, I did check that, but no dice; .exe is in there.....I'm open to anything and everything. As mentioned here and on other boards, the symptom is as follows:

when I type "regedit" in the run dialog box, I get the quick popup and nothing more. However, if I type "regedit.exe" the editor does appear. As with before, both task manager and msconfig are fine; additionally, dxdiag is; as are other 'run' commands.........

Perhaps a file is corrupt? I don't sense anything else is amiss with my system at this point, although this little issue will drive me up a wall.......I think this trojan? came vis a vis a Bearshare dl, but not sure; at any rate, I'll await further commentary......thanks again.

V-

Hi vain68, the reason you canopen regedit by typing "regedit.exe" and not regedit alone, is because some worms create a new file called "regedt.com" in your system (this will execute first than the .exe). Follow this instructions to remove all this files.

• Download Killbox by Option^Explicit.
• Extract the program to your desktop and double-click on its folder, then double-click on Killbox.exe to start the program.
• In the killbox program, select the Delete on Reboot option.
• Copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\Program Files\MsConfigs\MsConfigs.exe
C:\WINDOWS\system32\p2pnetwork.exe
C:\WINDOWS\system32\CMD.COM
C:\WINDOWS\system32\netstat.com
C:\WINDOWS\system32\ping.com
C:\WINDOWS\system32\regedit.com
C:\WINDOWS\system32\tasklist.com
C:\WINDOWS\system32\taskkill.com
C:\WINDOWS\system32\taskmgr.com
C:\WINDOWS\system32\tracert.com

• Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
• Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

After the reboot regedit should work again.

Labrego,
This took care of business, I can't thank you enough; I got a few general questions as I am always trying to acquire new knowledge about all aspects of XP based systems and vulnerabilities.

1) After I got rid of the programs that loaded on startup by editing the registry, did these .com files remain as orphans left behind? The reason I ask is b/c a general windows search would not reveal these files? Also, I noted that when I pasted these files into Killbox, not every single one was in there (perhaps I could manually do one at time---but my issues is solved, I just want to be sure no traces of any of these .com files are left on board). Or on the other hand, does Killbox automatically detect which ones the system needs to delete?

2) In my search on the web, I found the worm to be one of the following (perhaps):
w32.Spybot
w32.HLLW.Cydog@mm
W32.HLLW.Kefy
Worm/Klez.h
W32.Erkez.B@mm
Worm_Mugly.I

However, aside from "moderate" threat, I couldn't get much more information....are these worms, in fact, serious problems?

Thanks again man, a pleasure to learn new things from thick brains.

Vv

I am having trouble with this procedure. Will Killbox only let you do one file at a time. I can only paste one file in the box. Will it delete the file if it is marked archived?

Mortek

Ok I got rid of those files and regedit works for me now. However, I have several dos based or windows based programs that access dos and they give me the same message system not suitable for running msdos or window applications. Any more ideas.

mortek

I found that info on microsofts site. I followed their instructions and all my programs are working again. My only though was that even though you can use regedit, you probably lost the autoexec.nt file also which will prevent you from using dos files. Back up and running again and happy about it.

Thanks for the help

Regedit, msconfig & task manager wont open

I also found that I was unable to update my NAV definitions or even uninstall/reinstall NAV.

This is how I resolved it.

1. Bought a new HDD for £30
2. After installing windows, I installed NAV 2004 Pro, Spybot & Adaware.
3. Ran live update and updated all definitions for all programs.
4. Slaved the problem drive
5. Scanned the drive with NAV, Spybot & Adaware.
6. NAV found & removed the following viruses:
   ---w32.Netsky.P@mm
   ---w32.Mydoom.BU@mm
   I can now open & use regedit, msconfig & task manager

Also, I now have a spare backup drive!

Took about 3 hours in total - and most of that was installing windows & running the scans!

Oh, and I could now update my definitions too!

Hello everyone,

After a big headache and many hours of not sleeping, I found out that the problem resides on a worm virus called W32/Rbot-ANK.

It places a file on C:\Windows\System named mswinsck.exe and it is hidden.

What I did, (And really worked) was:

1. Created a Restore Point
2. Downloaded PROCESS EXPLORER freeware to see what processes were running
3. Found the process "mswinsck.exe"
4. Killed the process and immediately was able to use Task Manager, cmd, Msconfig, regedit, etc.
5. I deleted the file "mswinsck.exe" located in C:\Windows\System (Remember, it is a hidden file, so set up your windows explorer)
6. The following registry entries are modified by the worm to execute the file at logon, so I had to delete them.

   HKCU\Software\Microsoft\Windows\CurrentVersion\Run
   Microsoft Winsock
   mswinsck.exe
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
   Microsoft Winsock
   mswinsck.exe
   HKLM\SYSTEM\CurrentControlSet\Control\Lsa
   Microsoft Winsock
   mswinsck.exe
   HKCU\Software\Microsoft\OLE
   Microsoft Winsock
   mswinsck.exe
   

7. I rebooted and my computer seems to work fine.

8. Scanned the computer, no virus or spyware found

Hello again,

I forgot to tell you that the worm modifies your HOSTS file and you won't be able to access some webpages related to security (i.e. symantec, panda, f-serve, trend micro, etc.)

To resolve this issue do the following:

1.- Open your windows explorer and go to c:\windows\system32\drivers\etc
2.- Backup the file "hosts" it does not have an extention
3.- Open the file hosts with your notepad
4.- Don't delete the line 127.0.0.1 localhost
5.- Delete every line after the 127.0.0.1 (including the 127.0.0.1) that has addresses you want to access.

That's it

Hope you find it useful

ZsaZsa

It is also suggested to introduce entries after 127.0.0.1 but that is to get rid of web ads so I don't find that necessary to post in this topic.

https://winhelp2002.mvps.org/hosts.htm

Hosts file will be like this:

https://winhelp2002.mvps.org/hosts.txt

someone tell me how to use the killbox because i press paste from clipboard and nothing happen...someone can explain me here how you got it.

sorry for my bad english xD

thanks

What do you try to paste there? You can't copy a file and paste in the box. You have to give the full file path there. Like if you have a file file.txt in C:\folder1\folder2 directory you have to type there C:\folder1\folder2\file.txt. You can copy-paste only when you have this file-path written anywhere.
After giving the file path press the red button that looks like 'stop' in the browser, to delete that file. If Killbox is not able to kill that at that instant it will ask whether to delete the file at next reboot during startup so that the process that is blocking that to be deleted cannot start before deletion attempt.

KILLDISK?

If I kill my regedit, does windows autimatically repair or rebuild it?

Do I paste the list of files from the previous posts >>> as follows, do I need to kill all these files if I am only having trouble with regedit?

C:\Program Files\MsConfigs\MsConfigs.exe
C:\WINDOWS\system32\p2pnetwork.exe
C:\WINDOWS\system32\CMD.COM
C:\WINDOWS\system32\netstat.com
C:\WINDOWS\system32\ping.com
C:\WINDOWS\system32\regedit.com
C:\WINDOWS\system32\tasklist.com
C:\WINDOWS\system32\taskkill.com
C:\WINDOWS\system32\taskmgr.com
C:\WINDOWS\system32\tracert.com

NOVIce here with the regedit won't start problem. virus. Now cleaned. 2 x full scan came clean. but damage to registry done.

question I download Killbox and kill the list you sent

C:\Program Files\MsConfigs\MsConfigs.exe
C:\WINDOWS\system32\p2pnetwork.exe
C:\WINDOWS\system32\CMD.COM
C:\WINDOWS\system32\netstat.com
C:\WINDOWS\system32\ping.com
C:\WINDOWS\system32\regedit.com
C:\WINDOWS\system32\tasklist.com
C:\WINDOWS\system32\taskkill.com
C:\WINDOWS\system32\taskmgr.com
C:\WINDOWS\system32\tracert.com

..... does windows reinstall or repair those files when I reboot.
I appreciate the help. ty.

I hope this is the right place to post this question - please jump over it if it isn't. I was reading that bit about Norton up there, so...
I've had something messing up my computer, which was stopping me accessing merchant sites. I downloaded spybot to clear it, but it made me realise I don't understand my security systems (windows and Norton). Now, when I go online, windows security pops up and tells me Norton's switched off - which it doesn't appear to be, or sometimes windows pops up with its own firewall or virus detection switched off. I goes to switch them on again, but in the panel, they say they are on. What's 'appening?

I am not able to run the task manager.NAV says i have no virus plz help !

I'm having the same problem. I had a dell tech do a bunch of stuff and he couldn't figure out why the taskmgr wouldn't load.

There's one in C:\windows\system32 that does nothing but say it is already being used even though it isn't.

He made a new one, but the taskmanager won't load when I hit CTRL ALT DELETE.

Any idea what the problem could be? He said there was a virus. 😟
I'm downloading the updates to Stopzilla 4.4 right now.

Hello guys.

I need help please. Can you please tell me how to easily enable the "Run" option in my Windows XP. I just had a virus and I have already cleaned it and everything but the Run Option disappeared from the Start button. I do hope you can give me clear procedure or a tool will be great.

Thanks.

😳 ok i too had the problem with the task manager, ipconfig, msconfig among other things that was disabled by the administrator.....here is a script that works to change your settings so they will enable the task manager and such.....now when you copy this..you have to :

1. copy to notepad.
2. save it as anythingyouwant.vbs
3. save as ALL FILES

when you do this save to your desktop....you will see it is in the form of a script.

go to the saved file and double click on it.....it will take a second literally to run...when it says finished...thats it....you functions will work!

i did this and it worked....and it will work for you too...thank you 😉

copy and paste this to notepad:

Set WshShell = WScript.CreateObject("WScript.Shell")
With WScript.CreateObject("WScript.Shell")
On Error Resume Next
.RegDelete "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools"
.RegDelete "HKCU\Software\Policies\Microsoft\Windows\System\DisableCMD"
.RegDelete "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr"
.RegDelete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\DisableTaskMgr"
End With
Mybox = MsgBox(jobfunc & enab & vbCR & "Finished!", 4096, t)

Thank you ATNO, your a savior(is that how to spell saviour) anyways i had this virus or malware attack! i call it attack because i couldnt do alot of things, and it disabled my task manager making panic so much. But luckily i stumbled on this forum and found your advice very useful. (Of course i went online after running a full virusscan using PANDA and deleting the virus)

Well, on two occasions now, I have had to reinstall Symantec afterwards in order to get it to run correctly. I have yet heard of any virus or trojan actually damaging Task Manager to where it wouldn't run because of being damaged or corrupt.

I have since writing this portion of the tute learned the registry key which controls whether task manager is enabled or disabled.

User Key: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\
System]
System Key: [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\
System]
Value Name: DisableTaskMgr
Data Type: REG_DWORD (DWORD Value)
Value Data: (0 = default, 1 = disable Task Manager)

If the value is set to 1 Task Manager will be disabled. By returning it to it's default value of 0 it can be re-enabled (although doesn't "fix" the root cause, i.e. trojan removal). If regedit is also not working, you can make a copy of regedit.exe and rename the copy regedit.com and at a run command prompt you can type in regedit.com instead of plain old regedit and it should work.

If taskmgr.exe is damaged you should be able to simple copy it over from a good machine and replace the damaged file with a good copy.

I had this prob stated in my laptop since I inserted my bros flash drive. It had a virus ending in '.exe'
Its name similar to other folders in the flash drive(when I inserted it into my home pc, McAfee warned me of some 'w32... ' virus which replicates itself.)

The prob. is that my taskmngr, regedit, msconfig are disabled as well as 'folder options' is missing. Moreover, even in safe mode, m unable to start regedit ......as well system restore is not taking place

I fixed(deleted)reg value for system policy/disable taskmngr='1'(which should hav been changed to '0')

Pls help me to remove this virus.

and correct my reg entries

try to download NOD32 anti-virus and download fix task manager tools may be it can help because i've encountered that problem u had right now

I have two questions:

OS: Windows 2000 SP4 IBM Thinkpad T20 Model 2647-95U with 256 MB of RAM

1. My Task Manager does not start up on boot and does not run after CTRL-ALT-DELETE. I tried the regedit but did not find any DisableTaskManager variable under HKEY_LOCAL_USER ...../policies or HKEY_LOCAL_MACHINE..../policies. So I am assuming the default of 0 is still good.

2. I have a lot of FOUND. folders with .CHK files from previous crashes. I have done a successful chkdsk /r /f since the last crash and also defragmented hard drive a couple of times. Would it be ok to now delete all the FOUND folders.

Thx.

Mike M.

Was able to start Task Manager in Safe Mode and it now works after ctrl-alt-del in regular mode. But the icon does not show up in System Tray upon boot-up. Is this not supposed to show up at all times in System tray ? [ Or is it only when Task Manager is manually opened up ..?]

Mike M.

Task Manager is not supposed to be in your system tray unless it is running.

another solution is
open Run box and type "cmd"
and then type "reg delete hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\explorer" this is the simplest solution

before u type this registry delete
u can make query reg query hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\explorere
u will see
DisableTaskMgr value is changed to 1

For all of you still unable to open task manager, registry, and msconfig please consider the solution that worked for me.

I was recently hit with the usual virus package that disables taskmanager, the registry and msconfig utilities and a few extra bits and pieces, After getting into the registry via making a .com extension copy of it, I discovered that the familiar taskmanager disabler thread in policies was not there, I came across this site whilst trying to fix it, but couldn't find the solution, I did, however, find out how to fix it myself.

For those of you who have a similar problem to what I had, In the registry:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options

In about half the folders in there, there was a thread called Debugger and its value was pointed to a legitimate windows program, wscntfy.exe (windows notification center, which does nothing when you open it - at least on my machine).

This results in wscntfy.exe opening, but it closes so fast you don't see it appear when you do things like ctrl+alt+del, I found this out while I had my process monitor open, and holding ctrl+alt+del resulted in lots of wscntfy.exe processes appearing in the list and disappearing a couple of seconds after, I was puzzled for a while, But I then figured to use 'find' in the registry to search for all things related to wscntfy and came across all the redirecting/debugger threads.

Destroying this thread in the taskmanager folder brought it back, I then went about deleting all these debugger threads in each folder of this group, including the msconfig and regedit ones, they were all pointed to wscntfy.exe, and now they all work again!

i tried all the procedures u said but none of them work . when i try to take the task manager , msconfig it says " disabled by the administrator " pls tell me wht to do ? its urgent !!!

maybe you're on a domain and the administrator has it disabled?

I'm a real novice when it comes to registry issues and can't afford to buy anything right now (protection-side note_I did download Cyberdefend: it's one of those "scan/pay for removal software recommended by another forum), so could you tell me how do I open the file using Notepad? I've never used Notepad for anything, hence, the ignorance (if it's something obvious like using the clipboard; Ctrl C automatically saving to the clipboard by default type of thing).

"This file is located in c:\WINDOWS\system32\drivers\etc. or c:\WINNT\system32\drivers\etc (depending on what version of Windows you use) and does not include a file extension. In order to open and edit it, you can use Notepad, but to see it, you must select "all files" from the dropdown menu instead of text .txt files. If this file contains anything other than 127.0.0.1 Localhost that you didn't add there yourself, then delete the additional entries and save the file (be sure to scroll all the way down as some viruses add their entries with many spaces below the valid ones.) When you save, select File and Save."