Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Virus Problem

Created: 10 Aug 2012 • Updated: 24 Oct 2012 | 7 comments
This issue has been solved. See solution.

Hi Guys,

Some viruses are attacked on network & we cleaned that but the problem is virus disabled the task manager & regedit.

Comments 7 CommentsJump to latest comment

Mithun Sanghavi's picture

Hello,

Try Unhookexec.inf, which may help, check this link below:

http://www.symantec.com/security_response/writeup.jsp?docid=2004-050614-0532-99

You could also perform the changes on the GPO, which may assist with the same. ( I would recommend you to create a case with Microsoft).

Secondly, There are many tools to fix this however the cause for this issue a Malware that is blocking all these. So make sure you update your SEP client with latest definitions and run full scan in safe mode.

OR scan using Symantec Power Eraser.

However you should also submit the suspicious files to symantec security response so that they can create defs. that will catch these threats. 

Using Symantec Support Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.

Here's a good tool -

https://www-secure.symantec.com/connect/downloads/simple-utility-reset-folder-options-show-all-hidden-enable-registry-editing-enable-task-ma

NOTE: This tool is not provided neither supported by Symantec.

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

Swapnil khare's picture

What was the infection name which had occured ?

Check thread below there are many tools from Symantec which can be used to restore access to registry , taskmgr etc , however it truly depends on what kind of infection was it

You may like to try tools below on some Client machines first might help

https://www-secure.symantec.com/connect/forums/cannot-access-regedit-task-manager-and-msconfig

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

Greet9's picture

Hi Sonday,

Please download this file unhookexec.inf and run infected system.

http://www.symantec.com/security_response/writeup.jsp?docid=2004-050614-0532-99

SOLUTION
cus000's picture

You'll need to clear back the registry entries... are you managed to get the threat/virus name?

You may try ctrl-alt-del and use the function "run" .....from here try run your regedit...

.Brian's picture

Download regalyzer:

http://www.safer-networking.org/dl/products/regaly...

Restore Task Manager:

http://ask-leo.com/why_is_my_task_manager_disabled...

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Fabiano.Pessoa's picture

Good morning,

Use the tool Re-Enable 2.0
And to scan your PC, use the scan in safe mode, I am amazed how people do not warn about it.

hugs

Fabiano Pessoa

Systems Analyst - Forensic Expert