'Virus Alert!' and task manager disabled

Posted on 2008-10-07
Last Modified: 2013-12-06
I have a severe virus on an xp laptop.
- Task Manager disabled
- Start>Run disabled
- My Computer disabled
- Regedit disabled
-'Virus Alert!' appears in task bar where system clock should be.
- tries to launch 'player.exe' from user%\application data (i've deleted this file)

so far i have taken the following steps:
- booted up in safe mode
- turned off system restore
- ran ccleaner
- ran adaware
- ran spybot s&d
- ran Malwarebytes' Anti-Malware
- ran Super Anti-Spyware
- browsed folders and registry for related 'xp antivirus' and 'micro antivirus 2008' files
- checked regkey to restore time format tpo hh:mm:ss

this has removed a lot of the spyware but not any of the above symptoms.

grateful for any help as i really dont want to have to rebuild teh machine.


Question by:Rockstar_North
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 2
  • +5

Expert Comment

ID: 22661705
I had a similar issue recently that I resolved by running Malwarebytes from

Assisted Solution

Grizzly072000 earned 40 total points
ID: 22661713
Post a HJT (TrendMicro HijackThis) log (Attach File)
LVL 18

Assisted Solution

sk_raja_raja earned 50 total points
ID: 22661719
would recommend scanning with Malwarebytes' Antimalware:

Download the trial version, update it fully, then click on "Perform a quick scan".  Show results then click on "remove selected". Post the log here.

I would also run Smitfraudfix:

Run option 2 in safe mode.  Post the log.

If you still have problems after that, download and run SDFix:

It would also be a good idea to reset your hosts file:

A Hijackthis log would also be helpful to see what is happening on your pc:

Download the installer, install the program. Check "Do a systyem scan and save a logfile". Post the scan log here
When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

LVL 18

Expert Comment

ID: 22661755
1.This should fix the problem: Click the Start button, and then Run (alternatively startkey+r). Copy and paste "REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f" without the quotations, click OK,

2.This is a trojan that has attacked your system.
You can find the removal instructions here

3.Click Start, Run and type Command
Type the following and then press Enter after typing each one:

copy regedit.exe
start  [or]

Navigate to and select the following key:

Double-click the (Default) value in the right pane.
Delete the current value data, and then type: "%1" %* [with quotes]
(ie., quote-percent-one-quote-space-percent-asterisk.)

Exit the Registry Editor and restart Windows

4.Download .exe File association fix from here:
[To run the .reg files, again you will need to rename regedit.exe to and run the REG file using " filename.reg" parameter]

NOTE: Once set, update the definition files for your anti-virus software and scan the system for viruses


Download and right click the following file > Then select Install

Related Microsoft Knowledgebase articles:

You receive an error message when you try to start a program that has an .exe file name extension: [New]

You Are Unable to Start a Program with an .exe File Extension:

You Cannot Start Programs (.exe Files) When Your Computer Is Infected with the SirCam Virus:


Assisted Solution

Grizzly072000 earned 40 total points
ID: 22661767
LVL 31

Assisted Solution

Frosty555 earned 20 total points
ID: 22661776
You have almost the exact problem I had. Part of your problem is that the virus may be gone, but the group policy modifications it left behind (to disable things like My Computer and Task Manager) are still there.

See the solutions to the question posted here:
LVL 17

Assisted Solution

houssam_ballout earned 20 total points
ID: 22661928
Check the file attached, it will reapply the policies in your comptuer.
make sure to change the file extension to .inf

LVL 47

Assisted Solution

rpggamergirl earned 100 total points
ID: 22664232
You can download this zipfile, extract it, then rightclick on the "VArestorepolicies.inf" and select Install.
That should take care of the disabled task manager, regedit, run, My computer, and etc.

If problem persists, can we look at the MalwareBytes log please?
Hijackthis log as already suggested should also tell us if there are other infections present in the system.

Download Hijackthis: 
Open Hijackthis, click "Do a system scan and save a logfile" don't fix anything yet.
Paste the log in the "Code Snippet" or "Attach File" window.
LVL 23

Expert Comment

ID: 22667036

I have no objection to you quoting me.  However, if you are going to copy/paste a large chunk of what I wrote (in fact an entire post to someone else' question) it would be polite to acknowledge the quote and attribute it accordingly. Otherwise it looks as if you are the author of what you posted, and that is not correct.

Please do not do this again.  Thanks.


Author Comment

ID: 22677120
please see my hijack this log attached:

i will try all the above recommendations.

LVL 47

Assisted Solution

rpggamergirl earned 100 total points
ID: 22677282
What scanners have you run so far?
There's a vundo there, run combofix.
Please download ComboFix by sUBs:

You must download it to and run it from your Desktop

Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log and attach it in your next reply by pasting it in the "Code Snippet" or "Attach File" window.
Re-enable all the programs that were disabled during the running of ComboFix..

Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Author Comment

ID: 22677310
sorry guys, how do i apply the VArestorepolicies.inf?

when i run it, it just opens a text file?

how do i run it to reset my reg keys and policies?

LVL 47

Expert Comment

ID: 22677626
>>> when i run it, it just opens a text file?<<<
After you've downloaded the zip file, you rightclick on it and click "extract here"
VArestorepolicies.inf will be created on your desktop, you then rightclick on the VArestorepolicies.inf and click "Install"

LVL 47

Expert Comment

ID: 22677657
OR: you can also rightclick on the zip file and click "Extract Files", a VArestorepolicies folder will be created on the desktop, doubleclick on the folder to open and rightclick on the VArestorepolicies.inf and click "Install" either way works.

Author Comment

ID: 22677899
LVL 47

Expert Comment

ID: 22678109
If it does what it says then good.
Or you can also use this.
Please download FixPolicies.exe by Bill Castner and save it to your desktop.

Double click on FixPolicies.exe to run it.
Click on Install. It will create a folder named FixPolicies on your desktop.
Open the FixPolicies folder.
Double click on Fix_policies.cmd to run it. Command Prompt will open and close quickly; this is normal.  

Accepted Solution

Rockstar_North earned 0 total points
ID: 22709892
still couldnt restore the chnages that the virus had made. the virus is gone but task manager and my computer are disabled. i've had to recreate the users profile. this was a workaround to fix the problem.

Featured Post

Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It is only natural that we all want our PCs to be in good working order, improved system performance, so that is exactly how programs are advertised to entice. They say things like:            •      PC crashes? Get registry cleaner to repair it!    …
Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

615 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question