Task Manager Disabled by Administrator - Fixed BUT....

[t.cruise]

I did a Ctrl+Alt+Del, and got a message that said: Task Manager Disabled by Administrator.
I searched this group with Google (great for finding archived messages with key words and
phrases fast) and found the fix at:

http://www.theeldergeek.com/enable_disable_task_manager.htm

It was the simple registry edit:

[Start] [Run] [Regedit]
Registry Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
Modify/Create the Value Data Type(s) and Value Name(s) as detailed below.
Data Type: DWORD Value // Value Name: DisableTaskMgr
Setting for Value Data: [0 = Enabled (Default) / 1 = Disabled]
Exit Registry and Reboot

So, I changed the 1 to a zero, exited the registry and rebooted, and the problem was
fixed. BUT, this is what I do not understand. What caused this, and will there be any
other surprises? Is there a Trojan or something going around that causes this behavior?
I have a good firewall, I do not open email with anything other than a text email message
monitor. I scan my drive for adware/spyware/malware, have a good antivirus utility
updated and running, and do not accept anything from a web site but specific needed
cookies. I am the only person who uses this system. Any ideas?

T.C.

 

[Detlev Dreyer]

So, I changed the 1 to a zero, exited the registry and rebooted, and
the problem was fixed. BUT, this is what I do not understand. What
caused this,

This is usually caused by malware when installing with administrative
privileges.

and will there be any other surprises?

Most likely, yes. The question is if you will notice (stolen passwords,
logged keystrokes, mails being sent to a server etc.).

Is there a Trojan or something going around that causes this behavior?

There are many of them around. Some examples:
http://www.sophos.com/security/analyses/trojyahoospyc.html
http://www.sophos.com/security/analyses/trojnopira.html
http://www.symantec.com/security_response/writeup.jsp?docid=2005-062411-3253-99

I have a good firewall,

Any firewall is as good as its configuration. This is especially true
if the system is not fully patched. BTW, it's not the firewall's job
to avoid virulent infestation. Firewall toys monitoring the outgoing
traffic can be easily bypassed ("tunneling").

I do not open email with anything other than a text email message
monitor. I scan my drive for adware/spyware/malware, have a good
antivirus utility updated and running,

Apparently, some software managed to change these registry settings
since this does not come out of the blue. Note that today's malware
is capable to bypass any anti-virus at any time.