“Enable Task Manager or Regedit Disabled by Virus”
If you happen to encounter a task Manager like the image above or when you try to enter “taskmgr” at run and you are prompted by this, then do this process (just be patient coz it really works)
Most of the time the reason behind this is trojan called “rvhost.exe”
What is RVHOST.EXE?
-most of the antivirus identify this process as a malware or worm. It’s estimated to be 60% plus dangerous since it runs from the background without knowing its been there in you computer.
-this process is responsible for disabled task manager or worst is the regedit.
pen cmd and type “tasklist” and if you happen to see rvhost.exe in the process, there you go.
How to Enable Task Manager disabled by RVHOST.EXE?
-there are a lot of solutions on how to enabled task manager disabled by this worm, some uses a third party software but doesn’t work and most of the time tutorials requires you to open the Registry to delete some files.
-But most of the time Computer Registry is disabled by rvhost.exe so you need to enable it first.
How to Enable regedit disabled by RVHOST.EXE?
steps:
1. First you open cmd and type “tasklist”.
2. Look for rvhost.exe and kill the process using PID.
3. Enter this command Taskkill /T /IM “RVHOST.EXE” or this “taskkill /pid 1234 -f ” (replace 1234 with the correct process id/pid).
4.Go to C:/Windows/System32 and look for “regedit.exe”.
5.Duplicate regedit.exe and rename it to “anything.exe” and delete the original regedit.exe.
6.Delete this files:
-C:\WINDOWS\SYSTEM32\RVHOST.exe
-C:\windows\rvhost.exe -C:\Windows\Tasks\At1.job +plus Delete all “New Folder.exe” in all directories if you can find any.
7.Try opening “anything.exe” the new regedit and see if you can already open it. (it must be open)
– (skip this if you can open registry)
-if still you can see this error “Registry editing has been disabled by your administrator.”
—–in notepad paste these lines below
[CODE]
On Error Resume Next
Set shl = CreateObject(“WScript.Shell”)
Set fso = CreateObject(“scripting.FileSystemObject”)
shl.RegDelete “HKEY_CURRENT_USER\Software\Microsoft\Windows\Curr entVersion\Policies\System\DisableRegistryTools”
shl.RegDelete “HKEY_CURRENT_USER\Software\Microsoft\Windows\Curr entVersion\Policies\System\DisableTaskMgr”
shl.RegDelete
[/CODE]
—-save the notepad as “anything.vbs” and the change the file type to “All”
—–double click “anything.vbs”
8.If you can now open the registry. navigate to this: its the most delicate part be sure to follow!
HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Run
then locate and delete “RVHOST.exe” in Yahoo Messengger = “%System%\RVHOST.exe”
9. HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Policies/Explorer
delete the entry: “NofolderOptions = 1″ (to restore from the modified entries of the registry)
10.HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Winlogon
locate the entry: Shell = “Explorer.exe RVHOST.exe” and delete “RVHOST.exe”
note: only delete rvhost.exe and don’t delete the “explorer.exe”
11.HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/Schedule
locate the entry: NextAtJobId = “2” and change the value to “1” ..
12. Close the registry and your done…
//thank me when it works (Y)
