Must Have Tools when Fixing a Computer Infected by Virus
When a good and powerful virus infects a computer, most likely it will disable you from running Task Manager (taskmgr.exe), Registry Editor (regedit.exe), Command Prompt (cmd.exe), System Configuration Utility (msconfig.exe), configuring Folder Options and hide the Run from Start Menu. Reason the virus does that is because most of the time it is “possible” for computer experts to remove the virus by using the built-in Windows programs without any third party tools.
But if you can’t run Task Manager, you cannot end the suspicious process. You could use the taskkill command in command prompt to kill the process but again you won’t be able to do that if CMD has been disabled. Perhaps you can run msconfig to stop the virus from auto startup but also cannot because of the virus. For advance computer users who has knowledge in registry and thought that they could manually remove the virus auto startup entries there, they too can’t do anything about it if regedit has been disabled. Disabling of Folder Options is to stop you from setting your computer to display hidden and system files. This way you can’t see the virus file and hence you won’t be able to delete them.
It is easy to re-enable all those tools back by modifying some values in your registry but if the is still virus active in your computer, the restrictions will be restored back. So for emergency cases, here are some replacement tools you can use to replace the disabled Windows tools.
1. Task Manager taskmgr.exe Replacement
- Task Manager is very important because that is where you get to see all the running processes and also the amount of memory and CPU usage. If you find anything suspicious there, you can try terminating it. If you cannot run Task Manager and get the error message “Task Manager has been disabled by your administrator”, you can try using Process Explorer. It is portable and you can save it in your USB flash drive.
2. Registry Editor regedit.exe Replacement
- Without the ability to access Windows registry, you cannot manually make any changes at all. You can however, import registry REG files. When a virus has disabled regedit, you should see the message “Registry editing has been disabled by your administrator” when you try to run it. A good regedit alternative is RegAlyzer, developed by the author of the famous SpyBot. RegAlyzer requires installation but you can copy the whole RegAlyzer folder to your USB flash drive and run it as portable application.
3. Command Prompt cmd.exe Replacement
- Command Prompt is a very powerful command line tool which supports a lot of commands when you find it impossible to do it in Windows. If you try to run cmd and get the following message “The command prompt has been disabled by your administrator. Press any key to continue”, you can try using GS. GS is a cmd replacement but it is a little old, dated back in year 2005. We’re not looking for a permanent replacement, so it is good enough as long as it can support some important command lines. Do take note that “Console2″, is an EXTENSION for command prompt. If cmd is disabled, Console2 won’t work. GS is small, free and portable.
4. Run Dialog Box Replacement
- Some virus will also remove the run command from your Start Menu and it is not easy to restore it back. Although this is not really important, but it could easily allow you to run important commands. Run dialog replacement v1.0 is small, only 48KB in size and portable. If you have Process Explorer, you can also access the run command from File > Run, or just hit CTRL+R.
5. System Configuration Utility msconfig.exe Replacement
- MSCONFIG is the first place that I will go to check if a computer has a virus. If you run msconfig and go to the Startup tab, it will list all programs that will start when Windows is booted up using the common startup method. Virus makers are aware of this and usually they will either delete your original msconfig.exe file or change the reference location in registry. You should get this message “Windows cannot find msconfig’. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click Search.” when type msconfig at the run dialog box. One very good msconfig alternative is definitely Autoruns, which is from the same author as Process Explorer. Autoruns has the most comprehensive knowledge of auto-starting locations of any startup monitor, shows you what programs are configured to run during system bootup or login.
6. Enable Show hidden files and protected operating system files
- I’ve tried many File Managers and most of them inherits the Show Hidden Files and Folders or Hide protected operating system files from Folder Options settings in Windows. If a virus is still active in memory, it will keep on changing the settings to disable you from viewing hidden and system files. I found one free file manager called FreeCommander which is able to show you all hidden files and folders as well as protected operating system files no matter what is the settings in Folder Options. It actually ignores the permission in Folder Options! It is portable, so you can also copy the whole extracted folder to your USB flash drive.