i can't find the task manager ( vista ) !!!

i have vista sp2 and i was infected by a virus ( one of that come from the flash drives ) then i used avira to remove it and now its very good an normal except i can't find the task manager , how i can i get it again ??

 

Or;
Start -> Run -> taskmgr.exe (Enter)

 

How about:
Launch regedit as an admin.
Check HKLM/Software/Microsoft/Windows/CurrentVersion/Policies/System

Any key in there that says DisableTaskMgr? If there it, it needs to be set to 0 or deleted.

 

Good call

Check here, too:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies

 

Any virus that goes so far as to disable TaskManager, and the antivirus repair didn't restore it, would trigger that little voice in my head that says "can you REALLY trust your virus removal tools". The answer to which is always a resounding no freakin' way.

If I were the OP I would not worry about trying to get task manager running again, I would be going to my most recent un-infected backup and restoring from it. Anything else would leave me with that queasy feeling of am I REALLY uninfected now.

On the rare occasion that I have ever been infected, I have ALWAYS resorted to a restore from a backup. (Not even a System Restore would satisfy my fears.)

Gary

 

That's totally true. Once an installation's been infected, it just cannot be fully relied on anymore (almost none of us would be proficient enough to go back in and double-check the A/V product's work to make sure it did what it was supposed to do); only a proper reinstallation can restore that reliability.

 

Well, I think that kind of depends.

I have rarely come across a computer that MUST be reinstalled. Any virus that can installed, can be uninstalled. The task manager block is a simple group policy that can applied by the simplest of viruses written by a 9 year old script kiddie.

Like other things in life, it's a trade off--how much time do you want to dedicate to cleaning your computer up vs. how much time do you want to dedicate to reinstalling?

Also, are there any other benefits or trade offs to be realized from a reinstall vs a cleaning?

Personally, a clean machine is so much snappier than one that has had several hundred programs and beta applications installed and uninstalled for the past year--but sometimes you just don't want to take the time reinstalling the OS and a half dozen or so core programs.

(which is why I image my core machine and just reinstall that, but some people may not have the foresight to do that)

 

I also should say that disabling the task manager is cake, and you can also disable the Run dialog from the same place. AV software will not touch those settings because they are used by some admins to secure public computers.

While I'm more than happy to repeat aphorisms such as "you can never be truely safe", there are only so many ways to auto-execute programs in Windows. After you check out those places, delete recently installed malware files, removed references to said files in the registry, run sfc /scannow, verified the HOSTS file integrity and location, and run a rootkit detector, the machine is pretty much safe unless you overlooked something that the logs showed.

It also seems somewhat weak to start off with the assumption that your anti-malware programs don't work. A). Why do you run them then, and B). If you take the assumption as true, it must be possible that your backups are infected as well.

There are, of course, some infections in which removal takes longer than reinstalling the OS. And on some OEM machines, the line between trialware and malware gets pretty thin and hazy...

 

Y'know what, it's a heck of a lot simpler, and wastes a lot less time, to either drop in a copy of the system image you were smart enough to take after a clean install, or heck, just doing a straight clean install, than running through all of those steps to verify that everything got cleaned out.

Now, I will grant that, in general, when an A/V product cleans up, it cleans up properly; however, as all of us have had experiences with even innocuous stuff that just doesn't get cleaned out properly when we uninstall it, I would think that the risk that your A/V product missed something, possibly something important, is a non-negligible, material risk.

Furthermore, it may very well be script-kiddie stuff to just disable the task manager, or the Run dialogue, but you really don't have any way of knowing that to any degree of likelihood unless you have the full malware package in hand, and have either (a) determined that it really is just a one-off script-kiddie package, or (b) fully disassembled it, put it through its paces, and verified that it did nothing more than disable the task manager and/or the Run dialogue. All in all, those are pretty hard criteria to satisfy when all you know is (i) your A/V triggered and went haywire over something ugly, (ii) your system started acting up, and (iii) it took a while for your A/V package to rip the whole thing out.

So, unless you've the know-how and the time to either verify that it was just script-kiddie stuff, or double-check the work of your A/V product, you really don't have the basis for determining whether or not your system is still reliable post-cleaning and, therefore, if you are generally risk-averse, the simplest, quickest, most effective means of restoring your system's reliability is to reinstall or clone back from a known-good image.

 

If the malware protection program was so good, how is it that the OP got infected in the first place? To quote the Saturday Night Live news team "Reeeeeeally?" It just let the simplest of script kiddie handiwork disable Task Manager. "Reeeeeeally?" And now, are you REALLY going to then trust it to clean up the mess that it just allowed to occur? Not me, sorry. My statement still stands, if my machine were to become infected, while running some antimalware app, I would NOT trust that app to remove the infection. I'd go to my last known good backup or bite the bullet and reinstall. My banking information and other passwords are just a tad bit important to me, thank you very much.

Gary

 

Well, in defense of Relativity, and I guess myself since we are coming from the same camp, he never said that he was going to trust his malware program to clean up the mess left by whatever defeated it in the first place.

He quite clearly stated the manual procedure he was going to follow to clean things up.

Using your procedure, he is simply going to reinstall and in all liklihood, be right back where he started from the next time he gets infected.

Listen, I am not arguing that reinstalling an OS WILL ensure that you are TEMPORARILY safe again. But, if you accept the premise that no malware protection scheme is 100 percent guaranteed, than you have to recognize that any malware infection is a warning you are not doing something right.

Reinstalling isn't going to fix that.

Learning HOW you were infected and cleaning it up will teach you a lot more than dropping in a OS installation disc.

 

Indeed, and most of that involves either (a) not turning off the built-in protective measures, such as UAC, (b) not visiting "funky" websites without having your defenses turned up to high, and (c) not sticking strange USB sticks, or anything with autorun enabled, into your system.

None of those have anything to do with whether you drill down in the file system to manually verify what the A/V did, or if you simply go back to square one with a clean reinstallation.

I'm not arguing against doing the manual thing - I like learning about the innards of my systems - but that's different from just wanting to get your system back to a reliable state, which can more simply be accomplished by doing a clean reinstallation.

Both points of view are useful within their appropriate contexts.

 

You are assuming that you can find out all the nooks and crannies where the infection might reside. Good luck with that. I never suggested that a clean install would do ANYTHING to prevent a future infection. That would be a ridiculous suggestion. I said a clean install (or preferably a restore from a known good image) would insure that all traces of the infection are removed, no more, no less. Manual removal is a "cross-fingers and hope" exercise, you can really NEVER know if you got everything because you might have contracted some variant of the infection that has some new nefarious way of keeping itself alive.

I don't really buy the notion that a manual cleanup teaches you HOW you were infected. It only teaches you how to manually clean up the portions of the mess that you can find. Besides who really wants tot take the time to do this? In less than 20 minutes I can restore from a known good image and be on with the reason I have a laptop, which is not to learn about infection vectors.

Gary

 

And even if you do the manual thing, you can never be certain that you removed all traces. I would hope folks would not have to resort to a clean install, but would have an image available to use instead. I keep a history of two itterations of images on a separate partition on my laptop. And that same set plus another four or five on external media. (Yes, I am a packrat!)

Gary

 

Gary,

We are kind of getting off track here. Yes, you keep an image. The OP in all likelihood, did not. Heck, I'd be willing to bet that you have not had an infection in years so the image is more for convenience sake than as an anti malware measure.

I also never said you thought a clean install would grant some sort of immunity to future infections. I simply said that it is no guarantee the OP would not be infected in the future.

I run into dozens of people who are infected. These are people without images or restore disks or even original Windows installation disks. They don't have program installation disks. They don't have contingency plans for reinstalling from scratch.

Any system that was infected can be disinfected.

Is every simple piece of the infection clean? Probably not. You can uninstall any program and it will leave pieces behind. That is Windows.

I can guarantee when I am done cleaning a machine, that it is clean--meaning that anything that remains is inert. Rootkits aside, it's not hard to know where an infection is--the difficult part is stopping it from running and killing it so it will not run again.

Once you do that, cleaning the leftovers is either easy or irrelevent.


The key is not to remove every single registry settings or file--they key is to remove anything that starts the program or prevents other programs from killing cleaning the inert stuff.

Even if some inert registry setting remains, it is no more harmful than a thumbnail image of some bare-breasted babe buried in your temporary internet cache.

 

Maybe not but the implication was there.

And these are the very same people who don't have the skills to manually seek out and remove infections.

There is no doubt in my mind about that. But I don't think the same can be said for those folks who don't have images, backup plans, install disks etc.


Gary