Go Premium for a chance to win a PS4. Enter to Win


'Virus Alert!' and task manager disabled

Posted on 2008-10-07
Medium Priority
Last Modified: 2013-12-06
I have a severe virus on an xp laptop.
- Task Manager disabled
- Start>Run disabled
- My Computer disabled
- Regedit disabled
-'Virus Alert!' appears in task bar where system clock should be.
- tries to launch 'player.exe' from user%\application data (i've deleted this file)

so far i have taken the following steps:
- booted up in safe mode
- turned off system restore
- ran ccleaner
- ran adaware
- ran spybot s&d
- ran Malwarebytes' Anti-Malware
- ran Super Anti-Spyware
- browsed folders and registry for related 'xp antivirus' and 'micro antivirus 2008' files
- checked regkey to restore time format tpo hh:mm:ss

this has removed a lot of the spyware but not any of the above symptoms.

grateful for any help as i really dont want to have to rebuild teh machine.


Question by:Rockstar_North
  • 5
  • 4
  • 2
  • +5

Expert Comment

ID: 22661705
I had a similar issue recently that I resolved by running Malwarebytes from www.Malwarebytes.org.

Assisted Solution

Grizzly072000 earned 160 total points
ID: 22661713
Post a HJT (TrendMicro HijackThis) log (Attach File)
LVL 18

Assisted Solution

sk_raja_raja earned 200 total points
ID: 22661719
would recommend scanning with Malwarebytes' Antimalware:


Download the trial version, update it fully, then click on "Perform a quick scan".  Show results then click on "remove selected". Post the log here.

I would also run Smitfraudfix:


Run option 2 in safe mode.  Post the log.

If you still have problems after that, download and run SDFix:


It would also be a good idea to reset your hosts file:


A Hijackthis log would also be helpful to see what is happening on your pc:


Download the installer, install the program. Check "Do a systyem scan and save a logfile". Post the scan log here
Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

LVL 18

Expert Comment

ID: 22661755
1.This should fix the problem: Click the Start button, and then Run (alternatively startkey+r). Copy and paste "REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f" without the quotations, click OK,

2.This is a trojan that has attacked your system.
You can find the removal instructions here

3.Click Start, Run and type Command
Type the following and then press Enter after typing each one:

copy regedit.exe regedit.com
start regedit.com  [or regedit.com]

Navigate to and select the following key:

Double-click the (Default) value in the right pane.
Delete the current value data, and then type: "%1" %* [with quotes]
(ie., quote-percent-one-quote-space-percent-asterisk.)

Exit the Registry Editor and restart Windows

4.Download .exe File association fix from here:
[To run the .reg files, again you will need to rename regedit.exe to regedit.com and run the REG file using "regedit.com filename.reg" parameter]

NOTE: Once set, update the definition files for your anti-virus software and scan the system for viruses

5.From http://home.earthlink.net/~rmbox/Reticulated/4IE_Only/--ReadMe.txt

Download and right click the following file > Then select Install

Related Microsoft Knowledgebase articles:

You receive an error message when you try to start a program that has an .exe file name extension:
http://support.microsoft.com/?kbid=837334 [New]

You Are Unable to Start a Program with an .exe File Extension:

You Cannot Start Programs (.exe Files) When Your Computer Is Infected with the SirCam Virus:


Assisted Solution

Grizzly072000 earned 160 total points
ID: 22661767
LVL 31

Assisted Solution

Frosty555 earned 80 total points
ID: 22661776
You have almost the exact problem I had. Part of your problem is that the virus may be gone, but the group policy modifications it left behind (to disable things like My Computer and Task Manager) are still there.

See the solutions to the question posted here:
LVL 17

Assisted Solution

houssam_ballout earned 80 total points
ID: 22661928
Check the file attached, it will reapply the policies in your comptuer.
make sure to change the file extension to .inf

LVL 47

Assisted Solution

rpggamergirl earned 400 total points
ID: 22664232
You can download this zipfile, extract it, then rightclick on the "VArestorepolicies.inf" and select Install.
That should take care of the disabled task manager, regedit, run, My computer, and etc.

If problem persists, can we look at the MalwareBytes log please?
Hijackthis log as already suggested should also tell us if there are other infections present in the system.

Download Hijackthis:
Open Hijackthis, click "Do a system scan and save a logfile" don't fix anything yet.
Paste the log in the "Code Snippet" or "Attach File" window.
LVL 23

Expert Comment

ID: 22667036

I have no objection to you quoting me.  However, if you are going to copy/paste a large chunk of what I wrote (in fact an entire post to someone else' question) it would be polite to acknowledge the quote and attribute it accordingly. Otherwise it looks as if you are the author of what you posted, and that is not correct.

Please do not do this again.  Thanks.


Author Comment

ID: 22677120
please see my hijack this log attached:

i will try all the above recommendations.

LVL 47

Assisted Solution

rpggamergirl earned 400 total points
ID: 22677282
What scanners have you run so far?
There's a vundo there, run combofix.
Please download ComboFix by sUBs:

You must download it to and run it from your Desktop

Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log and attach it in your next reply by pasting it in the "Code Snippet" or "Attach File" window.
Re-enable all the programs that were disabled during the running of ComboFix..

Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Author Comment

ID: 22677310
sorry guys, how do i apply the VArestorepolicies.inf?

when i run it, it just opens a text file?

how do i run it to reset my reg keys and policies?

LVL 47

Expert Comment

ID: 22677626
>>> when i run it, it just opens a text file?<<<
After you've downloaded the zip file, you rightclick on it and click "extract here"
VArestorepolicies.inf will be created on your desktop, you then rightclick on the VArestorepolicies.inf and click "Install"

LVL 47

Expert Comment

ID: 22677657
OR: you can also rightclick on the zip file and click "Extract Files", a VArestorepolicies folder will be created on the desktop, doubleclick on the folder to open and rightclick on the VArestorepolicies.inf and click "Install" either way works.

Author Comment

ID: 22677899
LVL 47

Expert Comment

ID: 22678109
If it does what it says then good.
Or you can also use this.
Please download FixPolicies.exe by Bill Castner and save it to your desktop.

Double click on FixPolicies.exe to run it.
Click on Install. It will create a folder named FixPolicies on your desktop.
Open the FixPolicies folder.
Double click on Fix_policies.cmd to run it. Command Prompt will open and close quickly; this is normal.  

Accepted Solution

Rockstar_North earned 0 total points
ID: 22709892
still couldnt restore the chnages that the virus had made. the virus is gone but task manager and my computer are disabled. i've had to recreate the users profile. this was a workaround to fix the problem.

Featured Post

New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Step by step guide to Clean and Sort your windows registry! Introduction: Always remember: A Clean registry = Better performance = Save your invaluable time In this article we're going to clear our registry manually! Yes, manually! The e…
Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

971 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question