Invasion has locked me out of regedit and maybe taskmanager?

[***** charles]

Hi all,

I have been invaded from the Internet on an XP Pro machine.
The consequences are the when I try to start regedit I get the
following message: "Registry editing has been disabled by your
system administrator". At that point I am logged on as
Administrator in Safe mode. How do I get back my power
to do what I need? Is there a way to get into control panel
at the command prompt? Any other hints would be greatly
appreciated.

thanks,
charles......

 

[David H. Lipman]

From: "***** charles" <[email protected]>

| Hi all,
|
| I have been invaded from the Internet on an XP Pro machine.
| The consequences are the when I try to start regedit I get the
| following message: "Registry editing has been disabled by your
| system administrator". At that point I am logged on as
| Administrator in Safe mode. How do I get back my power
| to do what I need? Is there a way to get into control panel
| at the command prompt? Any other hints would be greatly
| appreciated.
|
| thanks,
| charles......
|

The following Multi AV Scanning Tool will correct modificatyions to local'group policies
that block Regedit and TaskManager as well as scan for additional malware.


Download MULTI_AV.EXE from the URL --
http://www.pctipp.ch/downloads/dl/35905.asp

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file.

Additional Instructions:
http://pcdid.com/Multi_AV.htm


* * * Please report back your results * * *

 

[Newell White]

Hi all,

I have been invaded from the Internet on an XP Pro machine.
The consequences are the when I try to start regedit I get the
following message: "Registry editing has been disabled by your
system administrator". At that point I am logged on as
Administrator in Safe mode. How do I get back my power
to do what I need? Is there a way to get into control panel
at the command prompt? Any other hints would be greatly
appreciated.

thanks,
charles......

You can recover the use of regedit.exe by the following dodge.

Copy regedit.exe (or regedit32.exe) from the Windows\system2 folder, and
paste it into C:\
Rename this file to myregedit.exe, copy it, and paste it back into
Windows\system32
Now it functions just as regedit, from Run command or double-cleck in
Explorer.

I do this as standard on my PCs at home when they come out of the box.

 

[***** charles]

wrote in message

You can recover the use of regedit.exe by the following dodge.

Copy regedit.exe (or regedit32.exe) from the Windows\system2 folder, and
paste it into C:\
Rename this file to myregedit.exe, copy it, and paste it back into
Windows\system32
Now it functions just as regedit, from Run command or double-cleck in
Explorer.

I do this as standard on my PCs at home when they come out of the box.

I still get the message registry editing has been disabled by the
administrator
and I am the administrator. Something from the Internet did this and I am
fighting it. Any other ideas? I have read that the policy editor can
potentially
fix this but it this point I am out of ideas. What if I can't even run the
group policies editor? don't know how at this point.

thanks,
charles.....

 

[David H. Lipman]

From: "***** charles" <[email protected]>


|
| I still get the message registry editing has been disabled by the
| administrator
| and I am the administrator. Something from the Internet did this and I am
| fighting it. Any other ideas? I have read that the policy editor can
| potentially
| fix this but it this point I am out of ideas. What if I can't even run the
| group policies editor? don't know how at this point.
|
| thanks,
| charles.....
|

The cause is from malware.
I won't repeat this again...

The following Multi AV Scanning Tool will correct modifications to local group policies
that block Regedit and TaskManager as well as scan for additional malware.

Download MULTI_AV.EXE from the URL --
http://www.pctipp.ch/downloads/dl/35905.asp

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file.

Additional Instructions:
http://pcdid.com/Multi_AV.htm

* * Please report back your results * *

 

[MAP]

The copying of regedit will not work for you because you are copying a
file already infected.
Your best bet is to follow David's advice, he has been doing this for
some time now and IS the "authority" on it.
http://www.dougknox.com/xp/utils/xp_emerutils.htm