Friday, January 9, 2009

Task Manager and Regedit disabled in my computer

Many of you may have come across this problem where in your Task Manager is greyed out and you cannot open it. If you open the Registry Editor you cannot open it too. You get the error Registry editor has been disabled by your administrator. This happens when your computer is infected with W32.Imaut.A virus. Well, there is no need to panic as you can remove this virus and get the regedit and Task Manager accessible. Perform the steps given below

  1. Search for the file ssvichosst.exe in the computer and delete if found.
  2. Download UnHookExec.inf file from Symantec Website. Right-click on it and choose Install. Restart your computer and then try to open the Registry Editor.
  3. Now delete the value from the registry

    Important: It is recommended that you back up the registry before making any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify the specified subkeys only. For instructions refer to the document: How to make a backup of the Windows registry.

    1. Click Start > Run.
    2. Type regedit
    3. Click OK.

    Note: If the registry editor fails to open the threat may have modified the registry to prevent access to the registry editor. Security Response has developed a tool to resolve this problem. Download and run this tool, and then continue with the removal.

    4. Navigate to the subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

    5. In the right pane, delete the value:

    "Task Manager" = "%Windir%\svhost32.exe"

    6. Navigate to the subkey:

    HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel

    7. In the right pane, delete the value:

    "Homepage" = "1"

    8. Navigate to the subkey:

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System

    9. In the right pane, delete the values:

    "DisableTaskMgr" = "1"
    "DisableRegistryTools" = "1"

    10. Navigate to the subkey:

    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main

    11. In the right pane, delete the value:

    "Start Page" = "[http://]concerto4.net/[REMOVED]"

    12. Navigate to the subkey:

    HKEY_CURRENT_USER\Software\Yahoo\pager\View\YMSGR_buzz

    13. In the right pane, delete the value:

    "content url" = "[http://]concerto4.net/[REMOVED]"

    14. Navigate to the subkey:

    HKEY_CURRENT_USER\Software\Yahoo\pager\View\YMSGR_Launchcast

    15. In the right pane, delete the value:

    "content url" = "[http://]concerto4.net/[REMOVED]"

    16. Exit the Registry Editor.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)