How to enable task manager and registry editor after malware attack

How to enable task manager and registry editor after malware attack

Quite often Task manager and Registry editor is disabled by Rogue antivirus programs to make their removal more difficult. Even if these tools can be replaced ( for example, Task manager can be replaced by Process explorer which is better tool), malware removal becomes more complex.
Malware can disable these programs either by monitoring their execution and blocking them (the message ” taskmgr.exe is infected…. “) or by disabling them in system registry.
In the first case you will have to make copies of taskmgr.exe (and regedit) and rename them to .com instead of .exe.
In second case you will have to modify registry.

For re-enabling task manager do following:
1. Start->Run (Bottom-left icon in on the screen, then choose/search for Run).
2. Copy this command :

REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f

For re-enabling regedit do following:
1. Start->Run (Bottom-left icon in on the screen, then choose/search for Run).
2. Copy these commands:

REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0
REG add HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0

You might need to confirm these actions by pressing Y after each of them

For re-enabling command prompt do following:

1. Start->Run (Bottom-left icon in on the screen, then choose/search for Run).
2. Copy this command:

REG add HKCU\Software\Policies\Microsoft\Windows\System /v DisableCMD /t REG_DWORD /d 0 /f

This should fix most common problems after malware infection.

30 responses to “How to enable task manager and registry editor after malware attack

  1. How do I do ANY of this since my START button at the bottom left of the screen doesn’t appear?

  2. press CTRL+shift+ESC. If task manager does not appear, then you will have to try rebooting into safe mode and doing system restore. If task manager appears, try launching from it explorer.exe (new task).

  3. Whagt do I do if I can’t access my tasklist after I execute the cmd prompt. I have already removed the hotfix.exe from the registry. Thanks

  4. What can I enter after I get to command prompt to get rid of this Think Point?
    Regardless of which safe mode I use, except safe mode with command prompt, the screen always changes to think point. The only thing I see in task manager to do is stop hotfix process, but that doesn’t help, and if I reboot. hotfix is back.

    Thanks,

    Dean

  5. When I type regedit in Run menu, then enter..registry editor only shortly blinking and disappeared.Same goes when I type gpedit.msc & cmd.What should I do to enable the regedit

  6. Hanes: In your case there is virus, that specifically blocks processes (registry editor and maybe others). You have to stop virus process before trying to run regedit.
    There are multiple choices how you might do that, using task manager, downloading and running process explorer, rkill, running Spyware Doctor, Hitman Pro, etc.

  7. Reboot into safe mode with networking, or try launching task manager right after boot. Try downloading some version of rkill – something will work.

  8. I have tried everything you have suggested but nothing works. I attempted several times to remove any thinkpoint process but my computer just automatically restarted and when I opened the task manager, the Programs were back again. My computer will not start in safe mode or anything! I don’t know what to do. Please help!

  9. Natalie : For thinkpoint, reboot into safe mode (not networking) and start task manager. Search for its files (hotfix.exe), should be under users… and delete or rename them. Rename them if you can not kill them and reboot.

  10. Ok so how is one supposed to enable command prompt through command prompt when they cannot enter command prompt? i am battling this menace as well and i cannot access anything including TaskMgr, Start menu, and Run? i can access TaskMgr trough safemode with command prompt, using the appropriate command, but that takes me as far as that goes seeing as it only shows the few minimum system processes. That is not including Hotfix.exe

  11. Alex: There are cases when you can RUN commands but not launch command prompt (cmd ) .
    In your case try to CD to your user accounts Application data subfolder (or AppData) and search for hotfix.exe . Delete it there.

  12. I was recently hit by Thinkpoint, and the techs at Microsoft said to access a restore point and reset. This worked, I was able to clear out the virus completely(well, by the looks of it anyway). My computer is running normally, internet is running normally. I ran a check on Avira after the system restore and everything checks out, I’m still a little concerned though thhat there may be spyware still embedded. Any suggestion on how to check it out?

  13. In most probability you are clean. Though I would run Spyware Doctor, Hitman Pro scans. Maybe malwarebytes. Do full system scans with SD and MBAM. Delete if they find somethibg.
    I would recommend asking under specific parasite.

  14. I cannot get rid of think point. I tried all suggestions , I can’t get pass that think point screen . Once I type in my password , Think points comes up on the screen. Task manager want open either. Please tell me how to get rid of this Think Point!

  15. I have been infected by thinkpoint!!! I’m a novice and I’ve tried to follow all i have read but now my computer won’t even boot regards of mode It gets to windows screen (with blue running ticker), seem like quick “blue screen of death” then restarts. Now What?

  16. Jon: read a guide on thinkpoint. You will likely need to use booting into safe mode with command prompt and fixing registry from there.

  17. If you can access taskmanager, then you can enable command prompt by selecting New Task then typing cmd. You will also be able to run the malicious software tool by typing in mrt. You can use your taskmanager like a command prompt.

  18. can i go under another user to acess the star-run option, every time i delte the hoti.exe it keeps coming back and i cant acess the command from the screen

  19. Debra: if you have another user account, the best way is to do full system scan from there with some decent anti-malware tool. you can also try doing system restore and then performing scan to delete leftovers.

  20. good morning! We also have think point. I have followed your instructions both using safe mode with networking and safe mode without. (We have XP) I am unable to get to any of the user accounts to type in the password as the mouse does not work. Please help.

  21. Karen: Try booting into safe mode with command prompt and modifying registry key mentioning hotfix.exe. This should fix login.
    perform this :
    1. Boot Into Safe Mode w/ command prompt and enter the following commands:
    CD Application Data
    del hotfix.exe
    del install
    del completescan
    regedit
    2. Update the following key with the following value >> [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] “Shell”=”Explorer.exe”
    3. Enter the following command into the command Prompt: Shutdown /r /t 1

    Then reboot, and do a followup scan.

  22. I cant start nothing no task manger no nothing i am running window vista i click all the buttons and the task manger still never pops up. >.>

  23. for those who unable to get into application data or appdata. Try this:
    Boot Into Safe Mode w/ command prompt and enter the following commands:
    regedit
    “hold CTRL + F” type in “hotfix.exe” – you should see where is your hotfix.exe located at. Mine is like C:\users\name\appdata\roaming\hotfix.exe. Once you got the hotfix.exe directory, then continue following steps that show by admin
    CD into the hotfix.exe directory
    del hotfix.exe
    del install
    del completescan
    regedit
    2. Update the following key with the following value >> [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] “Shell”=”Explorer.exe”
    3. Enter the following command into the command Prompt: Shutdown /r /t 1

  24. Hi. Will these instructions work for Windows Power Expansion?
    I believed I was fully protected with Macaffee, but it allowed WPE to infect my machine.
    When I called up to find out why and what could be done, Macaffee support said it would take only 30 minutes to remove but would cost me a one-off £179.99 plus VAT. That response is as annoying as Windows Power Expansion!!

  25. Tim: thats a twice or thrice amount you would pay for custom support to fix your PC from viruses. Typically, it is up to 100 USD.
    Generally, these instructions will work, but you might need to follow full removal instructions for Windows Power Expansion.

Leave a Reply

Your email address will not be published. Required fields are marked *

Recent Posts

Security Guides

Recent Comments