Malicious software has become smarter over the years and all kinds of ways have been invented so you can’t detect it while its running. There’s also a different approach which is to make it very difficult for the average user to manually stop the malicious process or disable it from starting with Windows. Because advanced users can remove suspicious or malicious programs using a combination of built in Windows tools, malware makers find ways to disable those programs so you can’t easily get at them making the malware more difficult to remove.
The easiest way to try and stop a process is from Windows Task Manager (Taskmgr.exe), an easy way to disable something from auto starting next time you boot Windows would be through the Registry (Regedit.exe) or the System Configuration Utility (Msconfig.exe). The Windows Command Prompt (Cmd.exe) is also is useful for repairing such things as file associations while Windows Explorer’s Folder Options are used to unhide hidden malicious executables and reveal any of your own files hidden by a virus.
You can of course try to re-enable those disabled tools but a resident malicious process needs to be stopped first or it will simply revert the restrictions back again.
Often the malicious program disables only the Windows built in tools from working, so as long as you can run other programs and the exe file type hasn’t been disabled, you can simply use an an alternative tool as a temporary replacement. For example, if Windows Task manager has been disabled use another task manager instead. Here we show you some replacement tools (and an alternative) that can be used instead, each is small and doesn’t need installation so can be stored on your hard drive or a USB flash drive.
1. Windows Task Manager (Taskmgr.exe) Replacement
An error that “Task Manager has been disabled by your administrator” and you can’t get to it via the task bar or Ctrl+Shift+Escape could mean malicious software has disabled Task Manager. Even legitimate security tools can cause this function to be disabled as well.
Process Explorer is a popular alternative to the Windows Task Manager and you can easily see if there are any processes which might be suspicious, and kill the offenders. Hovering over a process will tell you exactly where it’s being launched from, you can also send the executable file to VirusTotal for analysis. Process Explorer gives you huge amounts of information over and above what you’d normally see and is a good tool for geeks to run as a permanent replacement to the standard Task Manager.
Download Process Explorer (click “Run Process Explorer” to download a non zipped exe)
Alternative – Process Hacker
Process Hacker is a useful alternative to the Windows Task Manager because it includes plenty of functions and information that you don’t get from the Windows tool, like Process Explorer does. It also has a feature that tries to kill more stubborn processes that refuse to end when clicked on. Right click on the offending process and go to Miscellaneous > Terminator to then choose up to 17 different methods to forcefully close a rogue process.
2. Registry Editor (Regedit.exe) Replacement
If you have errors opening Regedit or a “Registry editing has been disabled by your administrator” message, then an alternative Registry editor could help.
A useful third party registry editor quite similar to Regedit and a good replacement for Regedit is RegAlyzer by Safer-Networking, these are the same people behind Spybot Search & Destroy. A good thing about this program is it has a bookmark system so you can store all your most used registry keys for quick access, several convenient locations are already provided. It also has a far better and more advanced search function than Regedit and a change log system which tracks previous changes you have made to registry keys.
Alternative – Aezay Registry Commander
Registry Commander is a little different to Regedit and RegAlyzer because it doesn’t work on a tree system down the left, everything works like drilling down into folders. It’s slightly awkward to get used to but works fine after a few minutes. A bookmarking system is supported for very quick access to important keys like all the Run or ShellNew entries. There’s also quite a powerful search function, the only slight drawback of Registry Commander is the portable executable is distributed in a RAR archive.
3. Command Prompt (Cmd.exe) Replacement
Command Prompt is a powerful command line tool which supports a lot of commands you can’t run on the desktop. If you try to run cmd and get the following message “The command prompt has been disabled by your administrator”, an alternate Command Prompt should work. When trying a replacement you have to make sure it’s a proper replacement and not an enhancement tool like Console 2 because it still relies on the Command Prompt to function.
Greg’s DOS Shell
Greg’s DOS Shell (GS.exe) not only looks better than Cmd in Windows with Aero Glass and better theming support, it also includes a better history and more useful editing functions, Ctrl+V to paste is possible for instance. Type Help for a list of all the commands supported by Greg’s DOS Shell, F1 will show you the specific hotkeys for the built in editing and history functions.
Alternative – CMD++
CMD++ was designed with the express purpose of having an accessible Command Prompt when the built in console isn’t available. As well as supporting all the standard commands you’d expect with Windows Command Prompt, CMD++ also has a few commands of its own, although they aren’t really that useful and mostly for configuring the ini settings file. Type $help for a list of the integrated commands or help for all the available Dos commands.
4. Run Dialog Box Replacement
Although the Run dialog isn’t as important as a command prompt console, it can still be a problem if for some reason this won’t work or has been disabled. Run is a tool of convenience more than an essential tool but can still allow you to run important commands quickly.
Run Dialog replacement v1.0 is a tiny portable Run box if yours isn’t working. In fact you would be hard pushed to tell it apart from the real Run dialog box if it wasn’t for its own process you can see in Task Manager! Apart from that, it looks and behaves exactly the same as the real Run dialog would.
Alternative – Run-Command
At only 100KB, Run-Command has quite a few useful functions built into a small package. Apart from running commands normally or as administrator, it also has a favorites system where you can store all your favorite commands, several are already included for various Windows tools and Control Panel components. You can also set up Run-Command to launch via a configurable combination of Left Winkey+R while the real Run dialog launches from Right Winkey+R. Separate 32/64 bit versions are available.
Note: Most Task Management tools including Windows Task Manager have their own Run dialog box to launch commands. For Windows Task Manager go to File > New Task (Run…), for Process Explorer and Process Hacker press Ctrl+R or go to File > Run.
5. System Configuration Utility (Msconfig.exe) Replacement
One of the first system tools an experienced user would call upon is Msconfig.exe, this can tell you which programs and also services are starting with Windows, and give you the option of disabling anything not required or suspicious. A message “Windows cannot find msconfig. Make sure you typed the name correctly, and then try again” means Msconfig could have been tampered with to stop you disabling a malicious process on boot.
The best alternative to Msconfig is probably Autoruns by Microsoft’s Sysinternals lab and also the authors of Process Explorer. It displays and allows you to disable or delete just about every startup entry available in Windows including logon startups, services, scheduled tasks, drivers, winsock, Internet Explorer extensions and objects, sidebar gadgets, multimedia codecs and printers. Unknown objects can be searched for online from the context menu.
Download Autoruns (click “Run Autoruns” to download a non zipped exe)
Alternative – WinPatrolToGo
The free and portable version of WinPatrol is a viable option if you can’t or don’t want to use Autoruns. The amount of information available is less than Autoruns but should make it easier to handle for general users. Startup items, IE Helpers, Services, Scheduled Tasks, Hidden files and Active task tabs are on hand to allow you to remove, disable or delete anything suspicious or stopping you running Windows properly.
6. Windows Explorer (Explorer.exe) Replacement
Malware can play havoc with Windows Explorer because it’s the main way you navigate around Windows. A favorite way is to block you from seeing hidden files and folders in Explorer’s Folder Options and then hide your files by setting the hidden and system attributes so you can’t find them. These tools will get around that easily.
Apart from being a very good and portable free file management utility, FreeCommander is ideal for our scenario because it defaults to showing all hidden files and folders in Windows and doesn’t rely at all on the Folder Options in Explorer like many other file managers. Another neat feature is the Attributes/Timestamp option (Shift+Enter) that will let you batch unhide your files if they have had their hidden and system attributes set by malware. FreeCommanderXE is a newer version but doesn’t show hidden and system files like the old version.
Alternative – Just Manager
There are many good and free portable file managers out there like Nexus File and Multi Commander to name just two. We’ve gone for Just Manager because it’s small and has everything you could need for general file operations. Another reason is like FreeCommander, Just Manager by default shows files with hidden and system attributes set regardless of the Windows settings, you can also easily unhide those files or folders from File > “Change attributes/timestamp…”. An advanced batch file renamer is also very useful (Ctrl+M).