Enable Registry Editor, Task Manager and Folder Options

Many of us see that when a virus infects our system, the first thing it does is Disable Registry Editor, Task Manager and Folder Options. As soon as you see these option disabled you have to know your system is infected.

If you press Ctrl+Alt+Del you ll get a dialog box saying "Task manager has been disabled by your Administrator" and the same thing comes up when you try to edit registry using regedit.

It is irritating that, you cannot remove this problem by going to registry and you cannot see the Folder options also so you will not be able to delete the hidden files.

Now to first enable the Task manager

--- Go to Start menu --> Run and type gpedit.msc and press enter

--- Now in the left pane select

User Configuration --> Administrative Templates --> System --> Ctrl+Alt+Delete options

--- In the right pane double click on Remove task manager and disable it and press Apply and then OK.

You got back your Task manager

The process to get back regedit is similar

--- Go to Start menu --> Run and type gpedit.msc and press enter

--- Now in the left pane select User Configuration --> Administrative Templates --> System

--- In the right pane double click on "Prevent access to registry editing tools"

--- Disable this option

Now your registry editor is back.

To get the Folder options

--- Go to gpedit as given earlier.

--- Then to

User Configuration --> Administrative Templates --> Windows Component --> Windows Explorer

--- In the right pane look for "Removes the Folder Options menu item from the Tools menu"

--- Double click on it then disable it to get folder options back.

There are alternate methods for getting these settings back which I will give in the next post.

Remove regsvr.exe Virus

The regsvr.exe is most common virus for people who deal with transferring files across PC's using their Pen drives or USB drives. These are the main sources from where this virus travels. Most of the anti virus softwares should detect this virus and delete it but if your system gets infected for some reason get ready to clean it manually.

regsvr.exe virus first creates entries in the startup folders so that it will execute at every startup. It also creates entries in scheduled tasks so as to execute at a specific time and date. And finally it creates autorun.inf files in the root of all the drives, which prevent you from opening these drives.

Here are the steps to get this resvr.exe virus out of your computer.

--- If the virus disables your task manager and registry then you should consider the tips given here to get them back.

--- After that you need to get rid of the autorun.inf file. This file will be hidden so follow these tips here to delete these files.

--- Now type msconfig in start menu --> Run and press enter and uncheck the option that says regsvr. Press ok and dont restart yet.

--- Now go to ControlPanel --> Scheduled tasks and delete the entry At1 which is created by the virus.

--- Now go to registry editor by typing regedit in run dialog box and then to find menu in regedit and search for regsvr.exe and delete all entries except one that say "Explorer.exe regsvr.exe". You need to edit this entry to only remove the regsvr.exe part and leave the other part as it is.

--- Now search your entire system for regsvr.exe and delete any entries you find. Make sure you search within Hidden files & system files also.

--- Reboot your system for the changes to take effect and the virus is gone without any traces.