Virus Issue!

Anish · Nov 7, 2007

Okay, one of those amongst the zillion viruses patrolling our computer labs has hit my PC.

Avast has detected it party and cleaned it up, now the major damage is that it ha s blocked my task manager, and "run" command. Besides the "Folder Options" from Control Panel is missing.

Anyways I can save my install?

I'm running Vista x64 Ultimate btw, hardware specs in sig, all help will be very highly appreciated

Thanks!

Styx · Nov 7, 2007

look mate....just do a full system scan again to ensure there are no more infected files..
As for the disabled task manager and folder options this could work out for you:

Click Start, Run and type Regedit.exe
Navigate to the following branch:
HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies\ System

In the right-pane, delete the value named DisableTaskMgr
Close Regedit.exe

OTHER method
Using Group Policy Editor - for Windows XP Professional
Click Start, Run, type gpedit.msc and click OK.
Navigate to this branch:
User Configuration / Administrative Templates / System / Ctrl+Alt+Delete Options / Remove Task Manager

Double-click the Remove Task Manager option.
Set the policy to Not Configured.

NOW,for gettin the folder options back u can try this on...

1st try a system restore...n if that doest work out for you u can give a shot to this:

You will find this field in the infected computer at the following registry address:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
If "NoFolderOptions" field set to '1'...just delete it or
set the DWORD "NoFolderOptions" to 0.
u may get rid of the problem.

ok..now for getting back ur run command try this:
Open notepad through explorer or system folder and type the following:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoClose"=dword:0000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoLogOff"=dword:0000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoRun"=dword:00000000

Save the file as "delete.reg". Make sure to save it with the quotes. Close Notepad. Double click on the delete.reg file and choose Yes to merge/add it to the registry. You may delete the file afterwards.

Restart and see if the Run button is back...if so, restart again to be sure.

Best of luck mate...lemme know if anything works.

Styx · Nov 7, 2007

hey anish do let me know if uve solved the problem...

Anish · Nov 8, 2007

^ Hey audiophile2rock, thanks SO MUCH for the suggestions, haven't had time to check 'em out, been utterly tied down with Diwali preparation, will check it up and 110% post back.

Once again, a BIG THANK YOU

!

KingKrool · Nov 8, 2007

How on earth did that virus manage to get onto your x64 ultimate and do damage like that?

Did you switch off UAC? Or not pay attention to it?

Anish · Nov 8, 2007

^ Yup UAC turned off, its too annoying to keep on!

Okay, now I created the "delete.reg" file, but it very convieniently pops a message saying "Registry Editing has been Disabled by your Administrator" (My account is the Admin a/c), so I basically can't access my registry.

Will give it a shot in safe mode and try.

Styx · Nov 8, 2007

Okay, now I created the "delete.reg" file, but it very convieniently pops a message saying "Registry Editing has been Disabled by your Administrator" (My account is the Admin a/c), so I basically can't access my registry.

ok anish u can re-enable ur registry editor thru this:
using the Group Policy Editor, follow these steps:

Click Start, type gpedit.msc in the Search box, and press ENTER
Go to the following branch:
User Configuration>Administrative Templates >System

Double click prevent access to registry editing tools....
Set it as Not Configured...
If it's already set to not config..., set it to enabled and click apply. Then repeat the steps and revert the setting back to not configured.
This removes the registry based policy if set already......

hope this solves ur prob...

pratik · Nov 9, 2007

dude do nothing..just download RRT from www.seregiwa.com and ur pproblem will be solved

pratik · Nov 9, 2007

sorry...Sergiwa.com

Styx · Nov 10, 2007

ok anish u can re-enable ur registry editor thru this:
using the Group Policy Editor, follow these steps:

Click Start, type gpedit.msc in the Search box, and press ENTER
Go to the following branch:
User Configuration>Administrative Templates >System

Double click prevent access to registry editing tools....
Set it as Not Configured...
If it's already set to not config..., set it to enabled and click apply. Then repeat the steps and revert the setting back to not configured.
This removes the registry based policy if set already......

did it work for you?

Anish · Nov 10, 2007

^ Nope mate, I didn't manage to open gpedit.msc from the start menu search box.

Anyways, RRT from the link pratik gave me fixed ALL my issues, a BIG thank you to him, and one to audiiphile2rock as well for all his help, thanks mate

Reps to both btw

Styx · Nov 10, 2007

anyways..u solved the problem...good 4 u.!
thanx 4 the reps btw..

VaRz · Nov 10, 2007

thank god its solved, damn viruses change the whole mood of the person

btw, who all thinks that norton sux? cuz their anti-virus is crap

doesnt kill the trojans and the goodie viruses

tusharrastogi · Nov 10, 2007

just scan it with norton antivirus...it will delete it after detecting ...

Anish · Nov 11, 2007

VaRz said:
thank god its solved, damn viruses change the whole mood of the person
btw, who all thinks that norton sux? cuz their anti-virus is crap
doesnt kill the trojans and the goodie viruses

Seriously mate! Its really fookin annoying :|
and +1 to Norton being sucky