[KB721] An infiltration is blocking access to the Control Panel, Task Manager, Registry Editor, and Command Prompt—what should I do?

Solution

Some malware is designed to block access to system tools in Microsoft Windows such as the Control Panel, Task Manager, Registry Editor, and Command Prompt. This is done by modifying the security policy settings of the operating system. These changes can be reversed using the Registry Editor, but if the Registry Editor has been disabled, the following alternative methods can be used. 

WARNING

Although generally safe, the methods below carry some risk for data loss. Before proceeding, we recommend backing up any important or valuable files on your computer. If you are not familiar with these tools, or you are experiencing other symptoms of malware, visit the following ESET Knowledgebase article:

Using the REG command

This option can be used only if the Command Prompt window (Start → Run type cmd, click OK) is available. The parameters of the REG command can be displayed by typing REG /? and pressing ENTER.

The parameter ADD adds new registry entries or modifies existing ones. For example:

* Activation of Control Panel: modify the 'NoControlPanel' key in the section
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionpoliciesExplorer

Command:
REG ADD HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem /v NoControlPanel /t reg_dword /d 0

* Activation of Task Manager: modify the 'DisableTaskMgr' key in the section
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem

Command:
REG ADD HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem /v DisableTaskMgr /t reg_dword /d 0

* Activation of Registry Editor: modify the 'DisableRegistryTools' key in the section
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem

Command:
REG ADD HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem /v DisableRegistryTools /t reg_dword /d 0


Using Group Policy

Click Start → Run. The Run window will be displayed. Type gpedit.msc and click OK (Windows Vista users: Click Start, type gpedit.msc and press ENTER). Re-enable the Windows system tools by following the instructions below.

To enable the Control Panel:

  1. Open User Configuration Administrative Templates Control Panel

  2. Set the value of the Prohibit Access to the Control Panel option to Not configured or Enabled.

  3. Click OK.

To enable the Task Manager:

  1. Open User Configuration Administrative Templates System Ctrl+Alt+Del Options

  2. Set the value of the Remove Task Manager option to Not configured or Enabled.

  3. Click OK.

To enable the Registry Editor: 

  1. Open User Configuration → Administrative Templates  System.

  2. Set the value of the Prevent access to registry editing tools option to Not configured or Enabled.

  3. Click OK

To enable the Command Prompt:

  1. Open User Configuration → Administrative Templates  System.

  2. Set the value of the Prevent access to the command prompt option to Not configured or Enabled.

  3. Click OK.

Need further assistance? Contact ESET Technical Support.