Reversing the Aftermath of Spyware, Trojan, Virus, and Malware Infection
Has your computer been infected by any kind of malware before? Are you prevented from accessing and running critical computer utilities and functions such as regedit, Task Manager, and command prompt? Has that malware so infected your computer that it practically crippled the control panel of your PC or laptop and rendered it unable to log off and shut down? This article can help explain how these malware can cause such destructive actions. It can also help you clean up what these malware leave behind after antivirus applications and programs have removed them.
Modern malware such as Trojans, spyware, and viruses are smarter and more potent than their predecessors; They are so complicated that they are capable of running multiple coded instructions and they can detect flaws and gaps that might exist within your computer system. Initially, they would first try to infiltrate the Windows system registry file to paralyze important applications, making it more troublesome for you to resolve the problem. They also immobilize the regedit application, leaving you with the burdensome chore of trying to fix the regedit entries. Be advised that many antivirus solutions are unable to regard any changes made to the registry key listing as likely malware activity; as such, many malware, especially the newer and more sophisticated ones, escape their attention altogether. You can undo the effects of these malware by doing such actions as backing up the system registry or running ".exe" files that can resolve or clean up the compromised entries. Of these two, performing a back-up is the preferable way but it is also a long and memory-intensive process because every time you install a new program, it normally produces new system registry entries. If you forget to back up after doing a significant installation, the installed program might not run very well.
This article will provide you with the file values and paths that are used by critical registry files so you can modify them and thus allow these services to run. If you follow this article, you can do the following, namely, it will allow you to access regedit, information in Universal Serial Bus (USB) DRIVES, User Account Control (UAC) in Windows Vista, the computer Control Panel and command prompt, Windows Installer, Task Manager, and enable you to run or disable automatic updating. You can also reverse the effects of removed malware such as activating and displaying the log-off and shutdown button, running disabled programs such as Notepad and Firefox, modifying file connections to their original associated programs such as HTML pages that are run by the Internet Explorer browser, allowing for changes to file connections, and displaying folder options. You can even enable antivirus applications to do further examination of your computer.
The following are actions that you can perform to undo the changes that were made by malware in your computer system. Note that these modifications will only take after you reboot your computer.
To allow Task Manager to run, search for the value "HKEY_LOCAL_MACHINE SOFTWARE Microsoft Windows CurrentVersion Policies System DisableTaskMgr." The important value must be set to 0 with the associated type "REG_DWORD."
To run Registry Tools, look up for the line "HKLM SOFTWARE Microsoft Windows CurrentVersion Policies System DisableRegistryTools." The important value should also be set to 0.
To enable the CMD or Command Prompt line, search for the value "HKCU Software Policies Microsoft Windows System DisableCMD." This important value should also be set to 0.
To allow for storage and access to your computer's Universal Serial Bus (USB) drive, type in "HKLM SYSTEM CurrentControlSet Control StorageDevicePolicies WriteProtect." As with the other main values, you must set it to 0.
To gain access to your computer's Control Panel, search for the line "HKLM SOFTWARE Microsoft Windows CurrentVersion Policies Explorer NoControlPanel." As with the previous values, set the main value to 0.
To display the log-off icon, search for the value "HKLM SOFTWARE MicrosoftWindows CurrentVersion Policies Explorer NoLogOff." Just as what you did with the Shutdown icon, you can either set back the prime value to 0 or remove the registry entirely.
To allow for user-enabled changes on file connections, key in the value "HKLM SOFTWARE Microsoft Windows CurrentVersion Policies Explorer NoFileAssociate." The value must be 0 with the associated type "REG_DWORD."
To display folder options that will allow you to see once-hidden files that are once active by default but are currently disabled by the virus or malware, type in the value "HKLM SOFTWARE Microsoft Windows CurrentVersion Policies Explorer NoFolderOptions "and set the value back to 0.
For computer users that have Windows Vista installed in their PC or laptop, you can run the User Account Control (UAC) by typing in the line "HKLM Software Microsoft Windows CurrentVersion Policies System EnableLUA." Modify the prime value back to 1. Or you can try the value "HKLM SOFTWARE Microsoft Windows CurrentVersion Policies System CurrentPromptBehaviorAdmin" and modify the prime value back to 2.
And if you are seeing any error messages that would alert you to any program or application that has been disabled by the malware, you should check for the entry "HKLM SOFTWARE Microsoft Windows CurrentVersion Policies Explorer DisallowRun." All the listed values that are presented in this registry key will be prevented from being run.
Notice that "HCKU" stands for "HKEY_CURRENT_USER" while "HKLM" stands for "HKEY_KOCAL_MACHINE." Any changes made in HCKU would affect the user who is presently using the computer while HKLM would cover all users who use the computer. Users who don't possess administrator privileges are unable to make any changes to the HKLM system registry.
You should only use the information that is presented in this article if you consider yourself computer-savvy or knowledgeable towards computer programs. You should also run a good antivirus program to check for any lingering traces of malware in your PC or laptop's system before you execute these value changes.