Is this registry key hidden? I can't find anything like this in either HKCU or HKUsers...
However, the file "taskman.exe" shows, both in Explorer and from a "dir" command. However, if in Explorer I double-click the file icon, I get the "file not found" error pop-up. I'm about to do some deeper scans, but perhaps those could be aborted if it were simply a matter of whacking that registry entry. Thanks! -- Richard D. McClary Systems Administrator, Information Technology Group ASPCA® 1717 S. Philo Rd, Ste 36 Urbana, IL 61802 [email protected] P: 217-337-9761 C: 217-417-1182 F: 217-337-9761 www.aspca.org The information contained in this e-mail, and any attachments hereto, is from The American Society for the Prevention of Cruelty to Animals® (ASPCA ®) and is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution, copying or use of the contents of this e-mail, and any attachments hereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify me by reply email and permanently delete the original and any copy of this e-mail and any printout thereof. Jeff Bunting <[email protected]> wrote on 09/08/2009 10:59:48 AM: > Richard, > > There was a thread last week about a fake antivirus that disabled > task manager. It apparently disabled it via a registry key: > > [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] > "DisableTaskMgr" > > Jeff > On Tue, Sep 8, 2009 at 11:42 AM, <[email protected]> wrote: > > I have a desktop machine doing something troubling... > > It's a Dell PWS-380, WinXP-Pro SP2. > In an remote desktop session, I was wanting to see if a specific > process was running, so I right-clicked the task bar and chose > TaskManager. I got the hour glass icon for about a second, then > nothing - for quite a long time. > > I went to the desk and logged in locally. Same thing. I did a > "chkdsk /f" command and rebooted. > > Logging back in (locally) I did see a gray icon for VIPRE > Enterprise. Its agent version and definitions were current. I > initiated a deep scan. (Hopefully, none of this is relevent, but > VIPRE/SBamSvc was the process for which I was originally hunting.) > So far, VIPRE has not detected any malware (yet!). > > I still cannot run Task Manager on this machine - either by right- > clicking the task bar and selecting it, or by Ctrl-Alt-Del and > clicking the Task Manager button. > > SO, I go to the machine and run "taskmgr.exe". To that I get a > response - the file is not there. > > Any ideas as to what could have whacked that file? Thanks! > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
