Formerly: “How To Fix Your Start Menu and Bring Back Task Manager After Antivirus 2008 (or some other virus) removed it”
“Antivirus 2008″ a.k.a “Vista Antivirus 2008″ is actually a virus. When you boot up, it runs all kinds of stuff you don’t want in the background of your computer. One of the worst things it does is disable your ability to stop processes from running in the background.
You know you’re in trouble when you hit CTRL+ALT+DELETE and you get the message:
“Task Manager has been disabled by your Administrator”
LULZ! You can’t even get to your Task manager to stop who knows what from running in the background of your computer. Wow you really got owned this time.
BEFORE YOU START
- Boot into safe mode with networking and run Symantec’s Norton Antivirus or Avast (if you want a free one) from www.avast.com to make sure the virus isn’t running in the background anymore. You might have to download this from another computer or buy it from the store. Some viruses will even redirect you to their own web site when you try to go to symantec.com, trendmicro.com, etc.
- Don’t put credit card information into a computer that might have a virus. It’s better to download the trial or buy it in a store.
- Don’t use shady “virus scanners” like StopZilla or Viruses acting like anti-viruses such as “error cleaner” or “Vista Antivirus 2008″ etc.
- Make sure that you have the latest update of your virus scanning software. What makes you think it’s gonna find the virus if the software hasn’t been updated for weeks.
- Vista AntiVirus is probably running on every time your system boots up and it’s probably running as vav.exe. You might want to find and delete that file if your Antivirus program missed it for some reason. It’s probably under C:Program FilesVAV. You can’t delete it while it’s running, but you can rename it to novav.exe and delete the other files in this folder. When vav.exe can’t find the files, it will crash and you can then delete it. Also delete folders named “Antivirus 2008.”
- Run Trend Micro’s Hijackthis and remove malicious files from the system boot process. If you aren’t sure if the file is malicous or not, look to see when the file was last modified. If you got the virus recently, then that file may be one of the malicious ones. Look the filename up on google from another computer and see what people are saying about it. Watch out for .dll (especially random letters like c:WINDOWSxokvrpwg.dll) and .exe files. Also check for system policies like “DisableRegedit=1″. Viruses often change your desktop using Desktop component 0… file://somedirectoryindex.htm. Delete these.
- Continue with the rest of these instructions once you have scanned your computer and cleaned out the viruses.
Here’s how to fix your Task Manager:
- Don’t panic. Don’t download any more “error cleaners” or garbage that probably messed up your computer in the first place.
- Shut down your computer (by force if you have to) and boot it into safe mode.
(If you don’t know how to get to safe mode, all you have to do is hold down F8 during the boot up process). LOG IN AS ADMINISTRATOR. Don’t see Administrator as an option? Hit CTRL+ALT+DELETE and type Administrator.
- Once you’re LOGGED IN AS ADMINISTRATOR in SAFE MODE, click “Start”, then go to “Run”… Oh noez.. where’s run? Wow, you sure got owned this time. You can’t even get the run menu up in SAFE MODE. Don’t worry, you still don’t have to scrap everything and do a clean re-installation.
- Right click the task bar and go to “properties”.
- Click the “Start Menu” tab.
- Click the “Customize…” button.
- Click the “Advanced” tab.
- In the “Start menu items:” list, go through and click all the buttons that say “Display as a link”.
- Click “OK” after you are done clicking all the “Display as a link” buttons.
- Click “OK” again to get out of the “Taskbar and Start Menu Properties”.
- Now you should have your Start Menu back to normal. Try to find the “run” button. If you can’t see it, it’s probably because you’re in Safe Mode and it’s scrolling off the screen. Don’t panic, just hit the up arrow on your computer once. This should highlight the “shutdown” button. Hit the up arrow on your keyboard again and you will be at “Log Off”. If you don’t see “Log Off”, then you’re not logged in as Administrator and you need to go back to step 1. Hit the up arrow a third time and you will be at “run” (even though you can’t see it). Now hit enter.
- Now that you have the “run” menu up, type regedit in the “Open” box. and click “OK”.
- You probably will get a box that pops up saying “Registry editing has been disabled by your administrator” LULZ! You can’t even get to regedit? Wow, you sure got owned this time. Don’t panic.
- WINDOWS XP PROFESSIONAL: Go to Start, Run and type gpedit.msc and press ENTER. This should bring up a screen that says “Group Policy”.
- If that didn’t bring up “Group Policy” then you don’t have Windows XP Professional. I guess that means you’re not really much of a PC professional are you? That’s ok, you aren’t missing much.. you will have to type in this nice long command though:
REG add HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem /v DisableRegistryTools /t REG_DWORD /d 0 /f
- If you’re at the “Group Policy” screen, Click “User Configuration”, then click “Administrative Templates”, then click “System”. Double-click “Prevent Access to registry editing tools” and set it to “Disabled”.
Note: If the setting already reads “Not Configured”, set it to “Enabled”, and click “Apply”. Then revert it back to “Disabled”. This ensures that the “DisableRegistryTools” registry value is removed successfully.
Repeat this step for every item that says “Disable…” or “Prevent Access to…” (for example “Prevent Access to the command prompt”). Repeat this step for the CTRL+ALT+DEL options as well. This is where you can disable the policy of “Remove Task Manager”. When you’re finished, close the “Group Policy” screen.
- If you still don’t have regedit back, it’s possible that the virus may have put a regedit.com file in your windows directory. Windows chooses to open .com files before it opens .exe files. If you get something different when you run regedit.exe, then you should delete regedit.com from your windows directory. Do a file search for regedit* and see what comes up.