Jump to content

Locked task manager, registry editor and so on.

TheNikita
 Share
Go to solution Solved by Marcos,

Recommended Posts

TheNikita

TheNikita 6

Posted
Posted

Hello! I have a little question. Does ESET fix problems like locked task manager, disabled registry editor, changed WinLogon and so on? For example, Kaspersky Lab products have a special tool that fixes all this. The product from Dr.Web fixes it during a scan (if it finds it). Does ESET fix similar problems? Thank you in advance!

Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 4,694

Posted
  • Administrators
Posted

The System cleaner should restore most of system settings modified by malware:

image.png

Link to comment
Share on other sites
Dmitry228

Dmitry228 1

Posted
Posted
Just now, Marcos said:

Очиститель системы должен восстановить большинство системных настроек, измененных вредоносным ПО:

image.png

I had the task manager disabled, but ESET did not find it and did not restore it

Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 4,694

Posted
  • Administrators
Posted
33 minutes ago, Dmitry228 said:

I had the task manager disabled, but ESET did not find it and did not restore it

Ok, you're right. We'll add support for cleaning it via a module update soon.

Quote

Another thing I checked: when you change WinLogon (namely "Shell" and "Userinit") ESET also does not see anything and does not fix it.

I've tested it with eicar by replacing the default "explorer.exe" value and it was cleaned alright upon detection and cleaning of the eicar file.

Link to comment
Share on other sites
TheNikita

TheNikita 6

Posted
  • Author
Posted
5 minutes ago, Marcos said:

I've tested it with eicar by replacing the default "explorer.exe" value and it was cleaned alright upon detection and cleaning of the eicar file.

Shouldn't ESET restore the default value whenever "Shell" is changed? For example, if you change "Shell" from "explorer.exe" to "notepad.exe", there must be some reaction to the change of "Shell", right? When I change "Shell", ESET does not react in any way. 

Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 4,694

Posted
  • Administrators
Posted

"Shell" is an autostart location which is cleaned when malware is registered there.

Link to comment
Share on other sites
TheNikita

TheNikita 6

Posted
  • Author
Posted (edited)

If I understood you correctly, this is when a malware known to ESET is registered in "Shell". What if the "Shell" contains some malware that is not yet known to ESET? Or, for example, if some program purposely changes the value of "Shell" to, for example, the same "notepad.exe"? In these cases, ESET will simply keep silent, even though it is supposed to restore the default "Shell" value, just like other antiviruses do.

Edited by TheNikita
Link to comment
Share on other sites
  • Administrators
  • Solution
Marcos

Marcos 4,694

Posted
  • Administrators
  • Solution
Posted

If a program changes the value and thus makes the system malfunction, it should be detected as malware. Once such threat is recognized, it will be cleaned from the registry too.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...