Gpedit problems:

There are two problems most common with gpedit

1. Gpedit.msc missing

Microsoft don't gpedit with it’s home edition OS of windows. So you have to manually download it form Microsoft site

Download it from here

2. You will be presented with a message that setup failed to initialize...

This is when this key %SystemRoot%\System32\Wbem is missing from the path field in the environmental variables.

To do this open system properties and point to advance tab. Look up for environmental variable tab.

Click on it and in the presented windows look for system variables on the downward side. Then look for path variables under it. Double click on it and append this key %SystemRoot%\System32\Wbem in the variable value field. Click OK to all the windows and you will be now be able to run it.

Enable registry

Enabling registry:

Thorugh gpedit.msc

-Type gpedit.msc at run and it will open.

-Now at the left side look for a key called user configuration

-Under that point to administrative templates and click it

-Now click on the system tab

-On the right hand side look for this “Prevent acesses to registry editing tools”

-Double click it and firstly enable it. Click ok and now try to run taks manager. It will not run because you have diabled it yourself. This gives virus an impression that there is no need to disable virus because it is already disabled!!

-Thus it releases it’s control over task manager

-Now to enable it just disbale/not conigured the setting in “Prevent acesses to registry editing tools”.

-This method works with viruses.

If all these methods fail look here for a particular method through process explorer

Enable task manager

Enabling task manager:

If you are reviving a message when you try to run task manager( by typing taskmgr.exe at run) and you are greeted with a message like “ task manager has been disabled by your administrator” then probably the virus has disabled your task manger.

To restore accesses you have two methods to do so and if one fails try the other

1. Through gpedit.msc

Type gpedit.msc at run and it will open.

Now at the left side look for a key called user configuration

Under that point to administrative templates and click it

Now click on the system tab

On the right hand side look for this “ctrl+alt+del options”

Find for this key under it “Remove task manger”

Double click it and firstly enable it. Click OK and now try to run task manager. It will not run because you have disabled it yourself. This gives virus an impression that there is no need to disable virus because it is already disabled!!

Thus it releases it’s control over task manager

Now to enable it just disable/not configured the setting in “Remove task manger”.

This method works with viruses.

2. Through registry

1. Click Start
2. Click Run
3. Type REGEDIT
4. Click OK The Registry Editor will now open
5. Browse to the following key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\
CurrentVersion\Policies\system
6. In the right pane, look for the value: DisableTaskMgr
7. Right click DisableTaskMgr and select Delete. (When prompted with "Are you sure you want to delete this value", select Yes.
8. Now browse to the following key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\policies\system
9. In the right pane, look for the value: DisableTaskMgr
10. Right click DisableTaskMgr and select Delete. (When prompted with "Are you sure you want to delete this value", select Yes.
11. Close the Registry by choosing File | Exit
12. You should now be able to access Task Manager. If not, reboot into Safe Mode and repeat the steps outlined above. Safe Mode and repeat the steps outlined above.

The basic tools

Now the next step is to look at some simple tools needed for successful removal of virus.

1. Windows command processor:

This is commonly known as cmd. It is a dos shell interference in windows which is a very powerful interference. You can do anything with this small program. If you want to look at the different commands available in dos type help in cmd and you will be presented with a list of commands. Then if you want to look at a specific command type the name of the command followed by /?

For eg. to look up for attrib command type attrib /? And you will be shown a list of available commands.

Alternatively if you want to look at the web check out the Microsoft MSDN site here as it contains some more good commands as well.

For list of commands refer here http://technet.microsoft.com/en-au/library/bb490890.aspx

If you are having a problem like command not found click here.

2. Windows task manager:

Now you will be certainly aware of this small app. It is used to check out the current process running + to end certain processes. There are also some other functions. It will be used to check for certain type of viruses and end there key processes. This is then followed by deleting the corresponding file associated with the virus.

If virus has disabled ur command prompt look here on hoe to enable it.

3. Windows registry:

You must be knowing the function of registry. It is the brain of computers and the most powerful component of windows. Type regedit.exe at run prompt and you will be presented with window registry. Now registry is a very complex structure and to explain it’s various functions a whole lots of books has been written. We will use registry here only to delete the registry keys that certain virus write for their successful operation

If virus has disable your registry the look here on how to enable it.

4. Windows group policy editor

Now this is a bit like registry but is used to control how a program acts to a particular user. We use this small app in windows to basically restore accesses to task manager and registry.

The command is gpedit.msc

If you are having problems like gpedit missing or some loading problem refer here for solutions.

5. Process explorer

This component is not shipped with the original windows installation but you have to download it separately from the Microsoft site.

Download it from here.

This APP helps if the virus is a severe one and by and means accesses can’t be given to the task manager or registry. Sometimes it happens that you can’t restore access to cmd or and other app.

To do this just run process explorer and look for malicious process and end task them.

So when you have taken a look at these small programs and played with some of them we are no ready to play with them.

First Steps

Well i have been looking at the net for pass months to find the art to remove the viruses manually. But when i googled virus the links that I got were all related to antiviurses.But gradually after serching various forums and sites I got some good methods and practices followed by various hackers. And in this blog i will transmit my knowledge to you so be sure to check out the blog every week. If response is good I will launch a full fledged website for the same.

So lets get started. First of all what is a virus? You should probably look an wiki http://en.wikipedia.org/wiki/Computer_virus

Scroll down to the bottom page and u will see two lame methods to remove.

Also look at this page for the type of viruses common on windows pcs

Now the next step is to look at some simple tools needed for sucessful removal of virus.