refuse to run task manager, registry edit and other common Windows
built-in application. After a full-scan of virus, trojan horse and
spyware, all detected problem had been removed.
However, those built-in application still refuse to run. I dive into
the system folder, Taskmgr.exe is there under c:\windows\system32\. I
double-click it and got no response. So, I try to copy it to the
desktop and run it, still no good. Rename the program, it runs happily.
So, what was the problem?
It’s an Image Hijack. If you try to run Autoruns from Sysinternals, you
will see something like the following picture. I had replaced my task
manager with Sysinternals Process Explorer. Just a couple of registry
tweak and you can accomplish the same. So, what really happen is that
the virus added a registry entry for those application to point to
itself. However, in most cases the virus was cleared but the registry