Thursday, March 13, 2008

Disabled Netwrk drive etc in tools Menu - System.exe Virus

Symptoms

It creates a file hidden system.exe in the Windows directory. McAfee can detect it, but cannot remove because it could not stop it from running, so permission denied.

Folder options are disabled, the tools menu in the explorer is simply filled with stuff like "disable networkd drive" etc.. but no folder options so one cannot view the hidden files...
if you try to run the folder options from Help and suport center, you get the message "The current settings of windows forbid this application..." blah blah...

Task manager is disabled. If you press ctr+alt+del, you get "task manager is disabled..." etc. nothign happens when you run TASKMAN from windows folder....

RUN has been deleted from start menu.

Command prompt (cmd.exe) has been disabled...

Solution

firstly use hijack this to remove all suspesious viruses/worms frm ur system also do a scan wid bitdefender or kaspersky.
---------------
for enabling folder options:
Fire up Group Policy Editor. (Start->Run->"gpedit.msc")

On the left, go to User Configuration.
Then, go to Administrative Templates.
Then, go to Windows Components.
Then, go to Windows Explorer.
Finally, on the right desable the option of "Remove the Folder Options menu item from the Tools Menu".

------------------------
to enable cmd
Open Registry Editor (Regedit.exe) and navigate to:

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System]

In the right-pane, double-click DisableCMD and set it's data to 0
------------------------
To enable task manager
Click Start, Run and type this command exactly as given below: (better - Copy and paste)

REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f
-------------------------
To enable Regedit

Click Start, Run and type this command exactly as given below: (better - Copy and paste)

REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f
----------------
preferably do all the above thing in safe mode.
now remove system.exe
Use Windows Task Manager to Remove system.exe Processes


To open the Windows Task Manager, use the combination of CTRL+ALT+DEL or CTRL+SHIFT+ESC.
Click on the "Image Name" button to search for " system.exe" process by name.
Select the " system.exe" process and click on the "End Process" button to kill it.

------------------------------
Use Windows File Search Tool to Find system.exe Path


Go to Start > Search > All Files or Folders.
In the "All or part of the the file name" section, type in " system.exe" file name(s).
To get better results, select "Look in: Local Hard Drives" or "Look in: My Computer" and then click "Search" button.
When Windows finishes your search, hover over the "In Folder" of " system.exe", highlight the file and copy/paste the path into the address bar. Save the file's path on your clipboard because you'll need the file path to delete system.exe in the following manual removal steps.

----------------------------
Detect and Delete Other system.exe Files

To open the Windows Command Prompt, go to Start > Run > cmd and then press the "OK" button.
Type in "dir /A name_of_the_folder" (for example, C:\Spyware-folder), which will display the folder's content even the hidden files.
To change directory, type in "cd name_of_the_folder".
Once you have the file you're looking for type in del "name_of_the_file".
To delete a file in folder, type in "del name_of_the_file".
To delete the entire folder, type in "rmdir /S name_of_the_folder".
Select the " system.exe" process and click on the "End Process" button to kill it.

No comments: