Task manager has been disabled by your administrator!

[aElien]

Damn how do i stop this. This problem has been plaguing me for a while. usually i goto dos prompt and add the reg entry to manually enable Task Manager. But that dont seem to work anymore.

"Windows cannot find regedit" ...

file extensions are hidden.

im using an updated NOD32 v.2.70.32

I think this usually comes from pendrives(autorun.inf spawn.exe etc) and stuff and i cant be around my computer everytime to make sure people do it safe, pendrive use is heavy out here.

Any hotfix or something permanent i can do ? i tried many Task manager enabling tools, none of them seem to work

 

[Blade_Runner]

Seems like you're PC is infected with Ravmon. Once the system is free of the virus you can revert back to default windows settings. Try this tool and report back.

 

[WingZero]

use RRT-restriction removal tool by isergiwa....

 

[aElien]

None of the above two work.
I tried them all, restarted PC after running them - no working

I also tried this CaSIR tool from sergiwa, one of the b**chiest and most irritating tools ever. Iit detects Ttrojan small.wv and asks too buy the proggy to remove it andopen up a webpage and goes into an infinte loop - WHILE MY TASK MANAGER IS DISABLED

 

[aElien]

killed it with sysinternals procesxp ofcourse

 

[DanDroiD]

you may have disabled it by mistake... if you are in xp pro type gpedit.msc in the run bar. You will have to dig around for it, but my guess is that it has been disabled, I ran into something similar before... but with another windows proggy.

 

[aElien]

noooo

id have deleted my regedit.exe too ?

Actually regedit.exe is there on my system. but when i type regedit in the wnindows run box, it says "windows cant find regedit ... "

i have a few things in mind, will try them. i remember reading something similar on MS site.

 

[DanDroiD]

If you have not disabled it, then it is likely a permission issue.. I had to reset al of my permissions once, it was a royal pain in the ass. The only way I was able to do this was to call Microsoft support and have them walk me through it.

 

[aElien]

:ashamed: jeez that will be a pain in the ass

okay i searched for regedit.exe - ran it
identified a few registry entries which wont change its value

HKEY_USERS\S-1-5-21-448539723-507921405-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Policies\System
"DisableTaskMgr" = REG_DWORD = 0000001

and

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
"DisableTaskMgr" = REG_DWORD = 0000001

I could change permission to modify the reg entries, gave myself full access, but still when i change the value to 0, turn around the value again reverts to 1

:huh:

 

[aElien]

another thing

when i add this entryy through registry through the run box
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f

there is no response from system

but when i go to command prompt and paste run it, "The operation completed successfully" and right click on taskbar reveals Task Manager as accessible. But ofcourse when i click on it, im again beeped off saying "TaskMmanager is disabled by your administrator" AND the Task Manager text again becomes greyed out

Sso this points again to what the MS article was saying about the RUN BOX getting crapped/path edited by the virus
that should explain why it cant find regedit.exe and wont run the registry entry.

 

[andrew327]

I always use Tweaking Toolbox XP for enabling [Task Manager, ReGedit, Folder Option etc.......] after the PC has been affected with some Virus.
Works without any problems. You can use any other Tweaking software. But this one is always on my 32 MB Pen Drive With other Virus Removal software's as the PEN DRIVE has a Read-Only Switch [And which has saved me a lot of time].

 

[Naga]

Seems u're still infected. Try using sdfix.

Download Link

 

[Yo93sh]

if u search on google there is a tool called task manager fix, i have used it n it works.. i can mail it if u want

 

[WingZero]

prolly u theres a virus u havent got rid off...which makes ur task manager disabled again...

 

[montylee]

i had faced similar problems few days ago. I think i used the registry entry and task manager fix to get the stuff working. Then i installed AVG Antivirus and removed the virus. My PC is functioning well now.

 

[medpal]

i researched a little and found some info.

trying to compile it here. confirm you find anythign like this or helped with it.

Step 1: look for any of the following files.

C:\Program Files\MsConfigs\MsConfigs.exe
C:\WINDOWS\system32\p2pnetwork.exe
C:\WINDOWS\system32\CMD.COM
C:\WINDOWS\system32\netstat.com
C:\WINDOWS\system32\ping.com
C:\WINDOWS\system32\regedit.com
C:\WINDOWS\system32\tasklist.com
C:\WINDOWS\system32\taskkill.com
C:\WINDOWS\system32\taskmgr.com
C:\WINDOWS\system32\tracert.com

step 2:
if you find any of them, then download a utility called Killbox from here

step 3:
run killbox.exe program
select the option DELETE on REBOOT
Then type the names of any of the above file found in the box at killbox
click delete button
click yes on delete on reboot option
click no at pending options

then reboot you should recover taskmanager and regedit.
if the above method does not work then
another option is

1.- Created a Restore Point

2.-Downloaded PROCESS EXPLORER freeware to see what processes were running

(http://www.sysinternals.com/Utilities/ProcessExplorer.html)

3.- Found the process “mswinsck.exe”

4.- Killed the process and immediately was able to use Task Manager, cmd, Msconfig, regedit, etc.

5.-I deleted the file “mswinsck.exe” located in C:\Windows\System (Remember, it is a hidden file, so set up your windows explorer)

6.- The following registry entries are modified by the worm to execute the file at logon, so I had to delete them.

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Microsoft Winsock

mswinsck.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Microsoft Winsock

mswinsck.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

Microsoft Winsock

mswinsck.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

Microsoft Winsock

mswinsck.exe
HKCU\SYSTEM\CurrentControlSet\Control\Lsa

Microsoft Winsock

mswinsck.exe
HKLM\SYSTEM\CurrentControlSet\Control\Lsa

Microsoft Winsock

mswinsck.exe
HKCU\Software\Microsoft\OLE

Microsoft Winsock

mswinsck.exe
HKLM\SOFTWARE\Microsoft\Ole

Microsoft Winsock
8.- I rebooted and my computer seems to work fine.
9.- Scanned the computer, no virus or spyware found

after this you need to edit your hosts file with notepad

1.- Open your windows explorer and go to c:\windows\system32\drivers\etc

2.- Backup the file "hosts" it does not have an extention

3.- Open the file hosts with your notepad

4.- Don't delete the line 127.0.0.1 localhost

5.- Delete every line after the 127.0.0.1 (including the 127.0.0.1) that has addresses you want to access.

If still problem persisting then there is one more method

1. copy to notepad.

2. save it as anythingyouwant.vbs

3.save as ALL FILES
when you do this save to your desktop....you will see it is in the form of a script.
go to the saved file and double click on it.....it will take a second literally to run...when it says finished...thats it....you functions will work!
i did this and it worked....and it will work for you too...thank you

copy and paste this to notepad:
Set WshShell = WScript.CreateObject("WScript.Shell")

With WScript.CreateObject("WScript.Shell")

On Error Resume Next

.RegDelete "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\Disabl eRegistryTools"

.RegDelete "HKCU\Software\Policies\Microsoft\Windows\System\DisableCMD"

.RegDelete "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\Disabl eTaskMgr"

.RegDelete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\Disabl eTaskMgr"

End With

Mybox = MsgBox(jobfunc & enab & vbCR & "Finished!", 4096, t)

i found this info from here
and still if this does not help then download and run Processexplorer from sysinternals websites and post the findings of it here.

also download trendmicro`s hijackthis and run a scan and paste your logfile here.

hope it helps.

 

[aElien]

Thanks Medpal.

But ive fixed this by first using Spyware Doctor to remove the trojans.

Killing monit.exe though the sysinternals Processexp.

copying regedit.exe back to the system32 folder

Enabling task manager manually in the registry

System working fine now! There are other symptoms as well which i did not find on the internet like the virus tends to install a keylogger of somesort on the system which makes the response of the keyboard real slow. Ill write about it on my blog soon, cos this problem is on almost every comp in my college

Thanks again guys.