Has your computer been infected with any type of malware before? Are you prompted to access and run important computer utilities and features such as regedit, task manager and command prompt? Has the malware infected your computer, in fact it can damage the control panel of your PC or laptop and prevent it from being logged off and shut down? This article can help explain how these malware can cause such destructive operations. It can also help you remove the content left by these malware after the antivirus application and program are removed.
Modern malware, such as Trojan horses, spyware, and viruses, is smarter and more efficient than their predecessors; they are complex, capable of running multiple coded instructions, and can detect defects and gaps that may exist in a computer system. Initially, they will first try to infiltrate the Windows system registry files, making important applications awkward and making your problem more cumbersome. They also fixed the regedit app, which caused you to have a lot of hard work when trying to fix regedit entries. Please note that many anti-virus solutions cannot treat any changes made to the list of registry keys as legitimate malware activity; therefore, many malware, especially newer and more complex malware, can't cause them at all Attention. You can undo the effects of these malware by performing operations such as backing up the system registry or running ".exe" files that resolve or clean corrupted entries. In both cases, performing a backup is the preferred method, but it is also a time consuming and memory intensive process because it typically generates new system registry entries each time a new program is installed. If you forget to back up after performing an important installation, the installed program may not work properly.
This article will provide you with the file values and paths used by the key registry files so that you can modify them and then allow those services to run. If you follow this article, you will be able to access the registry, Universal Serial Bus [USB] drives in Windows Vista, User Account Control [UAC], Computer Control Panel and Command Prompt, Windows Installer, Task Manager and Enabled Information you want to run or disable automatic updates. You can also undo the effects of deleted malware, such as activating and displaying the logout and close buttons, running disabled programs [such as Notepad and Firefox], and modifying file connections to their original associated programs [such as HTML pages run by Internet Explorer]. Allows you to change file connections and display folder options. You can even enable your antivirus application to further check your computer.
Here's what you can do to undo changes made by malware on your computer system. Please note that these modifications can only be made after restarting your computer.
To allow the Task Manager to run, search for the value "HKEY_LOCAL_MACHINE SOFTWARE Microsoft Windows CurrentVersion Policies System DisableTaskMgr". The important value must be set to 0 using the association type "REG_DWORD".
To run the registry tool, look for the "HKLM SOFTWARE Microsoft Windows CurrentVersion Policies System DisableRegistryTools" line. The important value should also be set to 0.
To enable the CMD or command prompt line, search for the value "HKCU Software Policies Microsoft Windows System DisableCMD". This important value should also be set to 0.
To allow storage and access to your computer's Universal Serial Bus [USB] drive, type "HKLM SYSTEM CurrentControlSet Control StorageDevicePolicies WriteProtect". As with the other major values, you must set it to 0.
To access the computer's control panel, search for the "HKLM SOFTWARE Microsoft Windows CurrentVersion Policies Explorer NoControlPanel" line. As with the previous values, set the primary value to 0.
To display the logout icon, search for the value "HKLM SOFTWARE MicrosoftWindows CurrentVersion Policies Explorer NoLogOff". As you did with the Shutdown icon, you can set the prime value to 0 or completely remove the registry.
To allow user-enabled changes to file connections, type the value "HKLM SOFTWARE Microsoft Windows CurrentVersion Policies Explorer NoFileAssociate". This value must be 0 and the association type is "REG_DWORD".
To display folder options so that you can view a hidden file that was once inactive by default but is currently disabled by a virus or malware, type the value "HKLM SOFTWARE Microsoft Windows CurrentVersion Policies Explorer NoFolderOptions "Set the value back to 0.
For computer users who have Windows Vista installed on their PC or laptop, you can run User Account Control [UAC] by typing "HKLM Software Microsoft Windows CurrentVersion Policies System EnableLUA". Change the prime value back to 1. Or you can try using the value "HKLM SOFTWARE Microsoft Windows CurrentVersion Policies System CurrentPromptBehaviorAdmin" and change the prime value back to 2.
If you see any error messages that alert you to any programs or applications that have been disabled by malware, you should check the entry "HKLM SOFTWARE Microsoft Windows CurrentVersion Policies Explorer DisallowRun". All listed values that are displayed in this registry key will be blocked from running.
Note that "HCKU" stands for "HKEY_CURRENT_USER" and "HKLM" stands for "HKEY_KOCAL_MACHINE". Any changes made in HCKU will affect the user who is currently using the computer, and HKLM will overwrite all users who use the computer. Users without administrator privileges cannot make any changes to the HKLM system registry.
If you think you are computer savvy or familiar with computer programs, you should only use the information provided in this article. Before performing these value changes, you should also run a good anti-virus program to check for any lingering traces of malware on your PC or laptop system.
Orignal From: Reversing the consequences of spyware, Trojan horses, viruses and malware infections
No comments:
Post a Comment