Well many times we when our computer starts lagging or we need to kill any task which is acting as a barrier for healthy computing,then we sneak in the taskmanager and kill the desired process(es).But sometimes what we see is the taskmanager is locked.The option which should look something fig 1. is now greyed out resembling fig 2.
( fig. 1 ) ( fig. 2 )
Then a beginner geek would think that "oh it's just the option which is greyed out i will go to c:/windows/system32 and then run the taskmgr directly but when you try to do that it shows a warning msg like this.
even when you are using the administrator account.So what's the problem well the problem is serious the computer is infected by a virus which prevents the user from using taskmanager(taskmgr.exe),and it does that to protect itself from being killed.
taskmanager is not the only thing which the virus(es) disables.Some of the viruses also ceases access to critical applications like registry editor(regdit.exe) and gpedit.msc, because they both can be used to restore the task manager.
You can get the help of any antivirus program to remove the virus but these programs usually just remove the viruses but don't reverse the actions of virus(es)..
It's because disabling the taskmanager,registry editor and gpedit.msc is a feature of the windows which prevents the unauthentic changes in pc's settings by other users. So, antivirus(es) can't do it but we can, which proves the superiority of men over the robots...
Ok we will be doing that with the help of yet another and very well known robot program,Command Prompt,That is cmd.exe
Note that,All the method mentioned below can only be used when cmd and/or other programs are accessible and is not blocked by the virus,but If it is check this post of mine.
windows 7 user should goto start>All Programs>Accessories. then right click on the command prompt icon and choose "Runs as administrator" from there, By now both users are viewing this screen
which means now you are free to use taskmanger.
Note : Some of the viruses disables cmd either and you get the screen as below in that case write these commands in plain text file then save it as anything.bat and run it as an administrator(This will only work when virus didn't disabled the command prompt script processing,If virus did that for u goto to this post,follow the mentioned steps to tell him(virus,personified) who you are and what you can do.)
We need admin cmd for this too,so open it up and type this..
And here is the gpedit.msc method
So here is the command for it,Wait,I think this command thing is getting boring now as basically all commands are the same, except the path of the registry. So let's ditch the cmd and do something new and interesting(As doing new stuffs enrich the brain and body both..) Basically this is also same as of cmd but its a more direct kind of method..
Goto %windir%/system32/ or more nobically c:/windows/system32/
Copy the reg.exe from there(don't forget to type reg for the ease of access) and paste it somewhere you want,say Desktop\Newfolder\.
Right click over that exe now and goto properties,then move to "Compatibility" Tab and here click on "Run this program as an administrator" now apply the settings.Hey look you have to do this on the pasted exe not on the original exe because original exe(which is present at system32) don't allows you to do that,and that's why we made a copy of that exe.
Now open that folder and on the address bar type " reg.exe add HKCU\Software\Policies\Microsoft\MMC\{8FC0B734-A0E1-11D1-A7D3-0000F87571E3} /v Restrict_Run /t REG_DWORD /d 0 /f " and hit Enter.Click on A window will spawn and vanish which means job is done
For this all you need to do is to move to HKEY_CURRENT_USER\Software\Policies\Microsoft\MMC\{8FC0B734-A0E1-11D1-A7D3-0000F87571E3}\ and set the data of Restrict_Run to 0,But if this registry value is not present there then you have to create a DWORD value with data 0
Then a beginner geek would think that "oh it's just the option which is greyed out i will go to c:/windows/system32 and then run the taskmgr directly but when you try to do that it shows a warning msg like this.
taskmanager is not the only thing which the virus(es) disables.Some of the viruses also ceases access to critical applications like registry editor(regdit.exe) and gpedit.msc, because they both can be used to restore the task manager.
You can get the help of any antivirus program to remove the virus but these programs usually just remove the viruses but don't reverse the actions of virus(es)..
It's because disabling the taskmanager,registry editor and gpedit.msc is a feature of the windows which prevents the unauthentic changes in pc's settings by other users. So, antivirus(es) can't do it but we can, which proves the superiority of men over the robots...
Ok we will be doing that with the help of yet another and very well known robot program,Command Prompt,That is cmd.exe
Note that,All the method mentioned below can only be used when cmd and/or other programs are accessible and is not blocked by the virus,but If it is check this post of mine.
Enabling Taskmanager (taskmgr.exe)
We need administrator privileged command prompt for our purpose..
So to open it up in windows 8 goto the bottom left of you screen right click there and then click on the command prompt(admin) option.windows 7 user should goto start>All Programs>Accessories. then right click on the command prompt icon and choose "Runs as administrator" from there, By now both users are viewing this screen
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f
After which command prompt will assure the success of the job by saying this..
which means now you are free to use taskmanger.
Note : Some of the viruses disables cmd either and you get the screen as below in that case write these commands in plain text file then save it as anything.bat and run it as an administrator(This will only work when virus didn't disabled the command prompt script processing,If virus did that for u goto to this post,follow the mentioned steps to tell him(virus,personified) who you are and what you can do.)
Enabling Registry Editor (regedit.exe)
There are two methods to enable the registry editor which includes the traditional cmd method and the use of gpedit.msc(group policy editor)We need admin cmd for this too,so open it up and type this..
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t Reg_dword /d 0 /f
and hit enterAnd here is the gpedit.msc method
- Press Win+R
- Type gpedit.msc and hit enter
- And navigate along User Configuration>Administrative Templates>All Settings
- Now goto "Prevent access to registry editing tools".(for the ease of access type "prevent " while focusing on any of the element in the list)
- Double click on that option or simply hit enter,and then click on disabled and finally on apply.
Enabling group policy editor (gpedit.msc)
Following are the ways which can be used to enable the gpedit.mscSo here is the command for it,Wait,I think this command thing is getting boring now as basically all commands are the same, except the path of the registry. So let's ditch the cmd and do something new and interesting(As doing new stuffs enrich the brain and body both..) Basically this is also same as of cmd but its a more direct kind of method..
For this all you need to do is to move to HKEY_CURRENT_USER\Software\Policies\Microsoft\MMC\{8FC0B734-A0E1-11D1-A7D3-0000F87571E3}\ and set the data of Restrict_Run to 0,But if this registry value is not present there then you have to create a DWORD value with data 0
Wow!!
ReplyDeleteThat's cool,simple and working...