JVH Consulting's Blog

Came across this issue with a client a few days ago. They had a virus… or rather a few of them where one of the things it did was disable the taskmgr.exe so you couldn’t open it – even if you renamed it to taskmgr.com – all received the same error message.

A Bing search found a couple of solutions but this one stuck and resolved the issue:
The local group policy setting was changed for Taskmgr.exe :(..
To review/change this open up GPedit.msc from the Run line (Start -> Run -> Type: gpedit.msc

Navigate in the console under User Configuration > Administrative Templates > System > Ctrl+Alt+Del Options
In the right side of the screen verify that “Remove Task Manager” option is set to Disable or “Not Configured”
Close Gpedit console

Open cmd prompt and run: gpupdate /force

Other settings were found in the registry:
From Start > Run > type: Regedit.exe

Open these keys to determine if taskmgr.exe is set to disabled:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]”DisableTaskMgr”=dword:00000000
(Note if set to 1, then it would be disabled; Default setting should be 0)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalUser\Software\Microsoft\Windows\CurrentVersion\Policies\System]
“DisableTaskMgr”=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\]
“DisableTaskMgr”=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
“DisableCAD”=dword:00000000

After doing this you should have access to taskmgr again (if not a reboot will make it so).
If the virus is still around, Suggest using System Restore… and or other Cleaning Agents like Http://housecall.trendmicro.com to help clean out the riff-raff Virus or Trojan :).