Method 1: Modify the registry. Open the registry, expand to: [HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System] Find "DisableTaskmgr" Set the dword value to 00000000 Method 2: Open Notepad and save the following as a .reg file. Then double-click Import to restore. REGEDIT4 [HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System] "DisableTaskmgr"=dword:00000000 (The last line leaves a blank line) Method 3: Use Group Policy: Start /Run /gpedit.msc, in User Configuration - Administrative Template - System - CTRL + ALT + DELE option, found on the left "Delete Task Manager" Double-click to open, set to not configured, or disabled. Method 4: Use small software: Decompress the following files, click “> Task Manager Available” to solve! ! @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ Or: The task manager is disabled by the virus. The task manager is disabled by the virus. Recently, the QQ virus has come out with a new variety. The task manager is disabled, so that you know that there is no way to shut down the QQ virus. The virus process was changed. At first, the author changed the registry of the virus modification, but found that the virus that resided in the memory after modifying the saved registry modified it. What should I do? .......... Author: Yao Yao Ling occasionally return to the forum to see ~ N people are found in the QQ virus sympathy ING` ~ ~ So they easily found a help paste, the soft kill off, Download the virus source program. dir, output the .exe and .dll files in the WINDOWS and system32 directories to the text. Then run the virus. Obviously, the task manager is disabled. Open QQ will automatically Send out the information (I have known this for a long time. Hey. Of course I will not be stupid to talk to others about Q.) In fact, after analysis, this is actually a Trojan. It will pass the interest of some virus makers. E-mail sent to his mailbox. The purpose of doing this is to make people unable to terminate the virus process. Then go to the registry to unlock. He did not disable the registry. Start thinking. This SB, actually does not disable registration Table? Clearly can be changed back! Find HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPolicies Delete DisableTaskMgr directly. Reload the WINDOWS shell. But found a problem.... Task Manager still can't open. Open the registry again. Found DisableTaskMgr key The value still exists. Depressed. No wonder he does not disable the registry. In fact, it should be thought of. This should be a ghost of the virus program resident in memory. Once he detects the changes you made to the registry, he will automatically change Come back. Ok. See which virus program is at the end.. Before running the virus program, I made a rough backup of the system file information. Then I dir the exe and dll under the WINDOWS and system32 directories. File. Still output to the text. Use fc.exe to compare it... I found that there is indeed a svohost.exe. In fact, he just wants to be confused with the system file svchost.exe. It is only one letter. No. Next, start to solve. 1. Open CMD. Enter the command tasklist and check it back.. Surely found this process: svohost.exe (although he disabled the task manager, but can use the tasklist command in CMD can still view Process information) 2. Turn off him. Enter the command taskkill /f /im svohost.exe prompt success. 3. Search svohost.exe this file (also search for hidden files). Search and delete! There seem to be two. One is completely Written. One is completely lowercase. In fact, there is also a program called lsasa.exe also has to be deleted. He imitates the normal process of WINDOWS lsass.exe. 4. I thought it was ok. Later I found a problem. He also modified a place in the registry so that the settings for hidden files in the folder options are always "do not show hidden files", the main purpose of doing this is to make you unable to find hidden in the WINDOWS environment. The virus source file for the property. But there are several ways to find him. 1. Search with WINDOWS. Just search for the hidden file and folder in the advanced options and you can find it. In the command prompt, you can also view it with the dir /a command. The trouble is a bit. Because there are too many files in the WINDOWS and SYSTEM32 directories. When using the dir command, it is better to add a parameter. dir /a /p will be more Ok. Let's go to the registry and change him back to normal. Open the registry. Find the HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderHiddenSHOWALL key. Look right. Find a CheckedValue value. I noticed This damn virus actually changed him to a string value. If you are not careful, you may think that it is useless to change it. Delete this value. Rebuild the value of a DWORD to CheckedValue. Set his value to 1. Basically I got it. At first I just wanted to figure out how he is a principle. In fact, I believe everyone should also see it. If your anti-virus virus database is new enough, you can kill the virus source. All you need to do is fix the related items in the registry. Here is also a DIY solution to the problem. Maybe the virus source file is not the same. Everyone follows the actual situation. Follow the above method. Friendly Tip: Send on QQ Files that come over. Don't be random if you don't confirm it. Maybe you accidentally got it. PS: Something you have to say: I found that many people misunderstood me. This post~ In fact, I just want to tell Everyone has a way. I found that many netizens searched for svohost.exe and lsasa.exe on the computer. In fact, there are many kinds of viruses, and the source files are also ever-changing. As long as there is a virus running, then there must be a virus process `I think there are still few hidden process viruses. Look carefully, you can always find the source file ~ maybe the same as the system file name but the path is different ~ for example in different There are svchost.exe, rundll32.exe, etc. under the path ~ For the average user, it is best to use powerful anti-virus software to kill. As for manual removal. We also have a lot of ways to check ~ the general virus, will be set to self-starting ~ then, you can go to the registry to find some places to start. Such as RUN, SHELL, etc. ~ related articles you can go online to find, some viruses will register services, start in the form of services ~ you can open services.msc to view. Many viruses like the fake service process. Here I check the svchost.exe in the process for example. In the CMD, enter the command: tasklist /svc Enter ~ you can see the service represented by the svchost.exe process. The picture below is mine: You can see that there are four svchost.exe, then, what are we looking at under the tasklist? It is also four ~ to prove that these four svchost.exe are normal (except for the virus loaded in the service state) If there are 5 svchost.exe in the above picture? this means. That extra svchost.exe is definitely a problem. Then we can search svchost.exe in the C drive to see a few, the svchost.exe under the non-system32 directory must be a virus ~ You can first put all the applications, some know the background process except the system process Close, narrow the scope of the search, what is needed is experience. In fact, WINDOWS provides a lot of small tools to help you solve problems, such as system information query tool, msconfig, serveicse.msc, tasklist.exe and other gadgets, as long as these gadgets are used well, I want to remove the virus is not too much Big difficulty! Still suggest that you can install a better killing soft. If you are in trouble, I think I can kill the virus myself. It is a very happy thing. I recommend everyone to use Longhorn's task manager! Longhorn's task manager can right-click directly in the process to open the folder where the application is located. This is very useful for checking viruses. For users who have disabled the task manager, you can use a third-party task manager, such as WINDOWS. Optimization master's own process management is good, you can directly see the path of the application, saving a lot of time