Why you might need to unblock Task Manager? This Windows utility helps to monitor and lets to stop any application or the process that is running or stop responding and hangs. Since Task Manager can also help forcefully stop malicious program running on the users’ machine, these programs often are trying to defend themselves by blocking user’s access to the Task Manager. Some of malicious programs might block the access to Task Manager in real time with the monitoring processes and some might replace the original Task Manager with a malicious replica that is controlled by the malware.
If your Task Manager is blocked, your attempt to start it might end in the error message
“Task Manager has been disabled by your administrator”.
It means that the malicious program changed settings in the “Group Policy” system administration service on your computer.
To get an access to your Task Manager click on Start.
- For Windows XP: find and click Run menu option to bring up the command prompt window, type gpedit.msc and hit Enter, or click OK button.
- For Windows 7 and Vista: type gpedit.msc in the “Search programs and files” box and click link in the box that will appear at the top of the main menu.
After “Group Policy” Editor windows opens, expand “User Configuration”, “Administrative Templates”, and “System” folders in the tree view on the left side. Then double click on “Ctrl+Alt+Del Options”.
Double click on “Remove Task Manager” in the list on the right to open “Remove Task Manager” window. If this service is “Enabled”, than you Task Manager is DISABLED by the malware. To enable Task Manager change this option to Disabled. Click OK button and close all the opened windows.
Try to start Task Manager with Ctrl+Alt+Del or type Taskmgr.exe command in Search or Command box (depend on OS) as you did when you started Group Policy manger. Now, it should work, and you can investigate running processes looking for the malicious one.
Note: If you cannot start Task Manager while it is enabled, than repeat above procedure and check if the settings you made are still safe. If they changed, then the malicious program monitors administration services and prevents you from starting Task Manager. It is also possible that Task Manager wasn’t even blocked with Group Policy service utility, but it cannot be started. This means that the malware monitors and blocks Task Manager without the use of administrative tools.
If this is the case, then try following:
- Open C:\WINDOWS\System32 folder and find taskmgr.exe
- Copy this file and paste it somewhere else.
- Rename this file and place it back into system32 folder, and start it.
- Now your new Task Manager should run.
If your Task Manager still is not running, then try to reboot the system in the Safe Mode and repeat this procedure. Windows won’t run malware in the Safe Mode, and you can start Task Manager even if it is traced and blocked in real time process.
Note: It is also possible that your normal Task Manager was replaced by a malicious replica that resembles a normal Task Manager. It is a sneaky way to mislead you in unblocking wrong Task Manager, and if you can make the renamed copy of this utility from a computer that is not infected, then use this way instead of unblocking replicated malicious Task Manager installed on infected computer.
The worst scenario for your system is being infected with a rootkit that will start itself even in the Safe Mode and use all other tricky means for its own protection. If the steps above don’t help, then you can try to download and run free Pocket KillBox program specially designed to unblock Windows system tools blocked by rootkits.
Back to List of resent malware threats