Welcome Guest.

2Answers

Windows xpopen task manager is what users do

Asked by: Shirley Thomas 200 views Software May 13, 2019

Windows xpopen task manager is what users do

2 Answers

  1. +6Votes  

    win2000/xp, run gpedit.msc->User Configuration->Administrative Template->System->Login/Logout->Disable Task Manager and select Disable.
    This will enable the Task Manager
    Task Manager is disabled:
    Method 1: Modify the registry. Open the registry, expand to:
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    Find "DisableTaskmgr"Set the dword value to 00000000
    Method 2:
    Open the note Ben, save the following content as a .reg file, then double-click to import and restore.
    REGEDIT4
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "DisableTaskmgr"=dword:00000000
    (The last line leaves a blank line)
    Method 3: Use Group Policy:
    Start/Run/gpedit.msc,
    In User Configuration – Administrative Templates – System – CTRL + ALT + DELE option, find “Delete Task Manager” on the left
    Double click to open, set to Not configured, or disabled.
    Method 4: Use small software:
    Put the following file, extract it and click “Task Manager Available” to solve it! !
    @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@
    Or:
    Task Manager is disabled by virus solution
    Task Manager is disabled by virus solution
    Recently, QQ virus has come out with new varieties, it is task manager Was disabled, so that you know that there is no way to turn off the virus process in the QQ virus. At first, the author changed the registry of the virus modification, but found that the virus that resided in the memory after modifying the saved registry modified it. What should I do? ……….
    Author: Yao Yao Ling
    occasionally return to the forum to see ~ N people have found the virus in the QQ ~ sympathy ING` ~
    so they easily found a Help paste, turn off the soft, and download the virus source program. dir, export the .exe and .dll files in the WINDOWS and system32 directories to the text. Then run the virus.
    Obviously The task manager is disabled. Open QQ will automatically send out information (this I already know. I certainly will not be stupid to talk to others Q.) In fact, after analysis. This is actually a Trojan. The stuff that is of interest to some virus makers will be sent to his mailbox by E-mail.
    The purpose of doing this is to make people unable to terminate the virus process.
    Then go to the registry to unlock. He did not disable the registry. Start thinking. This SB, actually do not disable the registry? Clearly can be changed back!
    find HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPolicies
    directly delete DisableTaskMgr.
    Reload the WINDOWS shell again. Found a problem…. The task manager still can’t open. Open the registry again. The key value of DisableTaskMgr is still there. Depressed. No wonder he does not disable the registry.
    In fact, it should be thought of. This should be a ghost of the virus program resident in memory. Once he detects that you have done to the registry Modification. He will automatically change it back.
    Okay. See which virus program is at the end.. Before running the virus program, I made a rough backup of the system file information. Then I dir Look at the exe and dll files under the WINDOWS and system32 directories. Still output to the text. Use fc.exe to compare it… I found that there is indeed a svohost.exe, in fact, he just wants to be confused with the svchost.exe system file. Only one letter. If you don’t carefully, you can’t find it.
    Next, start to solve.
    1. Open CMD. Enter the command tasklist and check it back.. I found this process: svohost.exe (although he disabled The task manager, but in the CMD with the tasklist command can still view the process information)
    2. Close him. Enter the command taskkill /f /im svohost.exe
    prompt success.
    3. Search for the svohost.exe file (also search for hidden files) Delete afterwards! There seem to be two. One is completely uppercase. One is completely lowercase. In fact, there is also a program called lsasa.exe that has to be deleted. He mimics the normal process of WINDOWS lsass.exe.
    4. I thought it was ok. Later I found a problem. He also modified a place in the registry so that the settings for hidden files in the folder options are always "not showing hidden files" The purpose is to let you find the virus source file with the hidden attribute set in the WINDOWS environment. But there are several ways to find him. 1. Search with WINDOWS. Just hide the " search in the advanced options. Files and folders can be found on the hook. 2. You can also view them in the command prompt with the dir /a command. The trouble is a bit. Because there are too many files in the WINDOWS and SYSTEM32 directories. When using the dir command. It is better to add a parameter .dir /a /p. It will be better.
    We will change it back to the normal state in the registry.
    Open the registry. Find HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderHiddenSHOWALL Look at the right side. Find a CheckedValue value. I noticed that this damn virus actually changed him to a string value. If you are not careful, you may think that it is useless to change it. Delete this value. Rebuild a DWORD The value is CheckedValue. Set his value to 1.

    saber- May 11, 2019 |

  2. +2Votes  

    the manager can switch

    saber- May 11, 2019 |