Tackling Side Effects

IV. A. Tackling Side Effects – Disabled Command Prompt

• gpedit.msc > User Configuration > Administrative Templates > System > “Prevent access to the command prompt” > “Disabled”

IV. B. Tackling Side Effects – Disabled Task Manager

• gpedit.msc > User Configuration > Administrative Templates > System > Ctrl + Alt + Del Options > “Remove Task Manager” > “Disabled”
• cmd > “reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f

IV. C. Tackling Side Effects – Disabled Registry Editor

• gpedit.msc > User Configuration > Administrative Templates > System > “Prevent access to registry editing tools” > “Disabled”
• cmd > “reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f

IV. D. Tackling Side Effects – Missing “Folder Options”

• gpedit.msc > User Configuration > Administrative Templates > Windows Components > Windows Explorer > “Removes the Folder Options menu item from the Tools menu” > “Disabled”

IV. E. Tackling Side Effects – Shutdown on “cmd”

• C:\Windows\regedit.exe
• HKLM\Software\Microsoft\Command Processor > “AutoRun” > delete value (will usually contain “pc-off.bat”
• After the above, you can now use your command prompt.
• cmd > search for “pc-off.bat” and delete the file

IV. F. Tackling Side Effects – Traces of “autorun.inf”

Search every drive and every folder for instances of “autorun.inf” including normal, hidden, and system file attributes. Malicious “autorun.inf” files are usually found in root drives other than Drive C: and have hidden and/or system file attributes by nature. Don’t delete all the “autorun.inf” files you see because there are legitimate programs that use this file for automatically running upon detection (like the Microsoft Office CD, for example).

IV. G. Tackilng Side Effects – Suspicious Processes in the Task Manager