Enable Run Command

I have seen on many forums people ask about how to enable the Run dialog box in the start menu which was disabled after a virus attack. Also pressing Windows Key + R gives a error message saying it is disabled by Administrator or some other message saying its been disabled. When this kind of virus infects your system all the system settings like Folder options, Registry editor and task manager all get disable. And you cannot access them as Run command also doesn't work.

Now to get the system back to normal, first scan your PC with a good anti virus software like ESET NOD32 or Kaspersky. You can download the trial versions from the links to get the job done.

Now to get the run command back

--- Go to the drive where windows is installed then go to this folder Windows/System 32.

--- Then find the file gpedit.msc in that folder.

--- You can also search for the file in your windows drive using the search option.

--- After you find it double click on it. This is the Local group policy editor.

--- Then in the left pane go to User Configurations --> Administrative Templates --> Start Menu and Taskbar.

--- Now in the right pane look for "Remove Run menu from Start Menu", double click on it.

--- In the setting tab, select disabled and click Apply and OK and exit the Group policy editor.

--- Log off or restart the system.

That's it the run command is active again. Now if your other settings are disabled then to get them back follow these instruction given to enable registry, task manager and hidden files option.

If you have any questions feel free to ask.

Remove regsvr.exe Virus

The regsvr.exe is most common virus for people who deal with transferring files across PC's using their Pen drives or USB drives. These are the main sources from where this virus travels. Most of the anti virus softwares should detect this virus and delete it but if your system gets infected for some reason get ready to clean it manually.

regsvr.exe virus first creates entries in the startup folders so that it will execute at every startup. It also creates entries in scheduled tasks so as to execute at a specific time and date. And finally it creates autorun.inf files in the root of all the drives, which prevent you from opening these drives.

Here are the steps to get this resvr.exe virus out of your computer.
--- If the virus disables your task manager and registry then you should consider the tips given here to get them back.

--- After that you need to get rid of the autorun.inf file. This file will be hidden so follow these tips here to delete these files.

--- Now type msconfig in start menu --> Run and press enter and uncheck the option that says regsvr. Press ok and dont restart yet.

--- Now go to ControlPanel --> Scheduled tasks and delete the entry At1 which is created by the virus.

--- Now go to registry editor by typing regedit in run dialog box and then to find menu in regedit and search for regsvr.exe and delete all entries except one that say "Explorer.exe regsvr.exe". You need to edit this entry to only remove the regsvr.exe part and leave the other part as it is.

--- Now search your entire system for regsvr.exe and delete any entries you find. Make sure you search within Hidden files & system files also.

--- Reboot your system for the changes to take effect and the virus is gone without any traces.

Enable Regedit

As said in the earlier post here is an alternate method to get the registry editor back after a virus infection. Do exactly as given below..

--- Open notepad.

--- Copy and Paste the code given below as it is.

[Version]
Signature="$Chicago$"
Provider=Symantec

[DefaultInstall]
AddReg=UnhookRegKey

[UnhookRegKey]
HKLM, Software\CLASSES\batfile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\comfile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\exefile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\piffile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\regfile\shell\open\command,,,"regedit.exe ""%1"""
HKLM, Software\CLASSES\scrfile\shell\open\command,,,"""%1"" %*"
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System,DisableRegistryTools,0x00000020,0


--- Then go to file menu in notepad and then save as. Save this file as repair.inf or any name but save it as a .inf extension.

--- After the file is saved, double click on it or right click on it and press install.

That's it you got the Regedit back.

Enable Registry Editor, Task Manager and Folder Options

Many of us see that when a virus infects our system, the first thing it does is Disable Registry Editor, Task Manager and Folder Options. As soon as you see these option disabled you have to know your system is infected.

If you press Ctrl+Alt+Del you ll get a dialog box saying "Task manager has been disabled by your Administrator" and the same thing comes up when you try to edit registry using regedit.

It is irritating that, you cannot remove this problem by going to registry and you cannot see the Folder options also so you will not be able to delete the hidden files.

Now to first enable the Task manager

--- Go to Start menu --> Run and type gpedit.msc and press enter

--- Now in the left pane select
User Configuration --> Administrative Templates --> System --> Ctrl+Alt+Delete options

--- In the right pane double click on Remove task manager and disable it and press Apply and then OK.

You got back your Task manager

The process to get back regedit is similar

--- Go to Start menu --> Run and type gpedit.msc and press enter

--- Now in the left pane select User Configuration --> Administrative Templates --> System

--- In the right pane double click on "Prevent access to registry editing tools"

--- Disable this option

Now your registry editor is back.

To get the Folder options

--- Go to gpedit as given earlier.

--- Then to
User Configuration --> Administrative Templates --> Windows Component --> Windows Explorer

--- In the right pane look for "Removes the Folder Options menu item from the Tools menu"

--- Double click on it then disable it to get folder options back.

There are alternate methods for getting these settings back which I will give in the next post.