How to Get my Shutdown button back

Well about a month ago I clean installed windows xp mce and a few days later managed to get a virus. It deleted my shutdown button and the virus is now gone. Is there any way to get it back without reformatting?

 

What brand of notebook do you have?

 

Dell inspiron 1505

 

take a peek at ur group policy/windows setting

cheers ...

 

ghn is right...I was thinking about power button on the outside of the notebook and not the shutdown button in the start menu

go there:
http://support.microsoft.com/?scid=kb;en-us;555449&x=24&y=13

 

I unfortunately don't have a run button either

 

wheres that

 

see post#5 from John B

cheers ...

 

same as above

cheers ...

 

"RESOLUTION
To resolve the issue, perform the following:

Click Start, Run.
Type gpedit.msc and click OK."

 

???

Complete all the steps:
RESOLUTION
To resolve the issue, perform the following:

Click Start, Run.
Type gpedit.msc and click OK.
Navigate to the following path:

User Configuration\Administrative Templates\Start Menu and Taskbar

Double-click "Remove and Prevent Access to the Shut Down command"
Select "Not configured" or "Disabled"
Close Group Policy window.

 

as I said, I do not have a run button either

 

Try opening your Task Manager(CTRL+ALT+DEL) and going to to File-New Task. You should be able to access the run menu from there.



Also, i recommend that you start all over(format and re-install OS).

 

The only option I have under File is exit task manager

 

this looks bad, i agree with kdawgca on a re.install - too much tinkering about is a bad sign

cheers ...

 

Something had its way with your system. Reformat. I know it's a nightmare, but you really have little choice.

That said, read on:

I did some searching online about your problem(s). One thread I found details how to get your shutdown button back. You'll have to manually open regedit.exe from your C:\Windows\ folder. Once there, perform the edit described.

Don't leave regedit yet, because you can now also get your run button back. Look through this Microsoft KB Article and modify your registry accordingly. Be careful doing so, because one wrong move could kill things for good.

Let me know how it works.

-Peter

 

to get the run window press ''r'' & the windows key at the same time.

 

I had a virus that did similar things long ago, it even removed right-click, regedit,etc.

The way I found in this case was to create a .reg to apply changes to the registry

 

Ok so I tried the go into windows folder and found regedit and double click it and get the message that I do not have the privileges to do this. I did the hold windows and R and got the same results.
John B- Could you elaborate a little bit on what exactly you did?

Thanks a lot guys

 

I had this - it's awful!!

Go to google and search for spybot, and download the file from download.com . Install all of the updates and run it. Credit for this goes to
charlton3k at http://forums.techguy.org/all-other-software/502322-solved-shut-down-buttons-gone.html

Press DENY if you get any messages like:
command /c del "c:\windows\system32\drivers\core.cache.dsk"

-----section start -------------------------------------------------------------------------------
I didn't need to do this one, but someone else posted this if you can't access regedit.

Click Here http://www.kellys-korner-xp.com/xp_tweaks.htm to open a Kelly's Korner page.

Scroll down to line 275 and in the left-hand column, click on "Life Restrctions - TM, Regedit and CMD" to download a .vbs file. TM (Task Manager) and the command line are often restricted by the same malware leftovers that restrict regedit.

Directions for using the file are on the top of the Kelly's Korner page. It can't hurt to run it and it usually fixes the problem.

-----section end -----------------------------------------------------------------------

You may also need to do this:

1) Boot into Safe Mode http://www.pchell.com/support/safemode.shtml
2) Click on Start, Search, and choose All Files and Folders
3) In the all or part of file name box, type the following

core.sys

4) In the Look In box, choose local hard drives and click Search
5) When core.sys is found in the c:\windows\system32\drivers directory, right-click on it and choose Delete
6) Repeat steps 2-5 for the file core.cache.dsk
7) Close the Search box
8) Click on Start, Run and type REGEDIT and press Enter
9) Click on the Plus sign (+) next to HKEY_LOCAL_MACHINE
10) Click the plus next to SYSTEM
11) Click the plus next to CurrentControlSet
12) Click the plus next to Services
13) Find the folder called CORE and right-click on it and choose Delete

*** WARNING *** If the folder CORE does not exist, dont do anything

14) Close the Registry Editor by clicking on the X in the right-hand corner of the window

15) Reboot your computer in Normal mode
16) Once the computer is rebooted, open your web browser and go to Kaspersky Online Scanner by clicking on the link below.

If this doesn't work, try : www.superantispyware.com
You need to set it to close all browser windows before it scans, and
to remove programs from memory before cleaning
these are in one of the configurations tabs.
sorry, I lost the source page for this, so haven't got all of the details.

It deletes core.sys. You should then be able to delete core.cache.dsk manually
--------
The .reg file that John B speaks of would look something like:

In case you get a message like registry editing tools has been disabled, open notepad and save the following code :

save the file as "EnableRegistry.reg", include the the quotes, or notepad may append the .txt suffix without you realising. Then double click on the reg file and to run it.

Source: http://www.techtalkz.com/windows-98...my-windows-xp-start-shutdown-button-gone.html
----
Download pc tools spyware doctor. If it says that you still have xpdx then download rustbfix.exe

Download
http://www.uploads.ejvindh.net/rustbfix.exe
...and save it to your desktop.

Double click on rustbfix.exe to run the tool. If a Rustock.b-infection is found, you will be asked to reboot the computer. The reboot will probably take quite a while, and perhaps 2 reboots will be needed. But this will happen automatically. After the reboot 2 logfiles will open (%root%\avenger.txt & %root%\rustbfix\pelog.txt). Post the content of these logfiles.

if you have spybot installed, make sure you allow the reg changes that rustbfix.exe needs.

source: http://forums.techguy.org/windows-nt-2000-xp/588055-help-removing-trojan-othes-tried.html
---------
Sorry for the poor formatting, but it's been a stressful evening trying to sort this out and I just wanted to get the info down! Maybe if someone gets this working they can tidy this up a little in a new post?

 

wilsoff is right about the Enableregistry.reg thing...that's similar to what I was talking about

It permits to import stuff into the registry without the usual tools

 

OK, I know I'm new to the forum.. And thanks to all you guys ya helped me figure out the problems Want your buttons all back and fully functional? I figured it out!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! WOOO!!! Anyhow.. If anyone has ever had this problem its a real simple fix. Copy and Paste this into a notepad file. THEN SAVE IT AS A .VBS INSTEAD OF TXT (for noobs just put .vbs at the end of whatever you name the file) And pay absolutely no attention to www.serial99.com..but copy it all. Thats where i got this nasty little virus from.. and its not a virus just a simple registry edit script. and after you save it just double click it. Its pretty easy and straight forward after that. oh.. And reboot your comp afterwards. when it restarts all will be normal.


Copy below line but not the line!
-------------------------------------------------------------------

wscript.echo "Dereks repair system!"
itemtype = "REG_DWORD"
mustboot = "www.serial99.com"
jobfunc = "CRACKED!"
t = "Successfull!"
Mybox = MsgBox(jobfunc & disab & vbCR & mustboot, 4096, t)
Set LDANN = WScript.CreateObject("WScript.Shell")
LDANN.RegWrite "HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page", "www.google.com","REG_SZ"
LDANN.RegWrite "HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Window Title", "Google","REG_SZ"
LDANN.RegWrite "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\www","Google.cokm","REG_SZ"
LDANN.RegWrite "HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel\\HomePage","00000000","REG_DWORD"
LDANN.RegWrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\\HomePage","00000000","REG_DWORD"
LDANN.RegWrite "HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page", "http://www.serial99.com/?a","REG_SZ"
LDANN.RegWrite "HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page", "http://www.serial99.com/?a","REG_SZ"
LDANN.RegWrite "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\\DisableTaskMgr", "00000000","REG_DWORD"
LDANN.RegWrite "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoRun", "00000000","REG_DWORD"
LDANN.RegWrite "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLogOff", "00000000","REG_DWORD"
LDANN.RegWrite "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFind", "00000000","REG_DWORD"
LDANN.RegWrite "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoRecentDocsMenu", "00000000","REG_DWORD"
LDANN.RegWrite "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoClose", "00000000","REG_DWORD"
LDANN.RegWrite "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\HideFileExt","00000000","REG_DWORD"

 

Assclownz, I registered just to thank you for your script.

I also visited serial99.com after I googled whatever it was I was looking to download at the time and ended up with: 1) no ALT+CTRL+DEL capability 2) no Turn off Computer on my start menu 3) when I went to Start/Run an error message came up saying something to effect that it wasn't available due to restrictions on my system and I need to contact my administrator, so I had no regedit. After I did a virus scan, deleted the culprit, restored a registry backup from like a month ago and rebooted, for some reason I had no Firefox, as well.

Your fix solved it all. And better yet, whenever someone googles these symptoms I experienced, they'll find and run your script and it'll help them too.

 

Hey thanks man this link helped me to because I had a virus just like that. I also fixed my task manager. Because the virus blokked it to.I still have a problem. The virus created an Administrative user. And I cant seem to get rid of the account. Tried creating a new Administrative account to delete the one created by the virus but I couldn't go to User in the controll pannel. It said someting about an error in the page. Your help on this would realy be appreciated. Thanks.