6 Useful Replacement Windows Tools When Fixing an Infected Computer
Malicious software has become smarter over the years and all kinds of ways have been invented so you can’t detect it while its running. There’s also a different approach which is to make it very difficult for the average user to manually stop the malicious process or disable it from starting with Windows. Because advanced users can remove suspicious or malicious programs using a combination of built in Windows tools, malware makers find ways to disable those programs so you can’t easily get at them making the malware more difficult to remove.
The easiest way to try and stop a process is from Windows Task Manager (Taskmgr.exe), an easy way to disable something from auto starting next time you boot Windows would be through the Registry (Regedit.exe) or the System Configuration Utility (Msconfig.exe). The Windows Command Prompt (Cmd.exe) is also is useful for repairing such things as file associations while Windows Explorer’s Folder Options are used to unhide hidden malicious executables and reveal any of your own files hidden by a virus.
You can of course try to re-enable those disabled tools but a resident malicious process needs to be stopped first or it will simply revert the restrictions back again.
Often the malicious program disables only the Windows built in tools from working, so as long as you can run other programs and the exe file type hasn’t been disabled, you can simply use an an alternative tool as a temporary replacement. For example, if Windows Task manager has been disabled use another task manager instead. Here we show you some replacement tools (and an alternative) that can be used instead, each is small and doesn’t need installation so can be stored on your hard drive or a USB flash drive.
1. Windows Task Manager (Taskmgr.exe) Replacement
An error that “Task Manager has been disabled by your administrator” and you can’t get to it via the task bar or Ctrl+Shift+Escape could mean malicious software has disabled Task Manager. Even legitimate security tools can cause this function to be disabled as well.
Process Explorer
Process Explorer is a popular alternative to the Windows Task Manager and you can easily see if there are any processes which might be suspicious, and kill the offenders. Hovering over a process will tell you exactly where it’s being launched from, you can also send the executable file to VirusTotal for analysis. Process Explorer gives you huge amounts of information over and above what you’d normally see and is a good tool for geeks to run as a permanent replacement to the standard Task Manager.
Download Process Explorer (click “Run Process Explorer” to download a non zipped exe)
Alternative – Process Hacker
Process Hacker is a useful alternative to the Windows Task Manager because it includes plenty of functions and information that you don’t get from the Windows tool, like Process Explorer does. It also has a feature that tries to kill more stubborn processes that refuse to end when clicked on. Right click on the offending process and go to Miscellaneous > Terminator to then choose up to 17 different methods to forcefully close a rogue process.
2. Registry Editor (Regedit.exe) Replacement
If you have errors opening Regedit or a “Registry editing has been disabled by your administrator” message, then an alternative Registry editor could help.
RegAlyzer
A useful third party registry editor quite similar to Regedit and a good replacement for Regedit is RegAlyzer by Safer-Networking, these are the same people behind Spybot Search & Destroy. A good thing about this program is it has a bookmark system so you can store all your most used registry keys for quick access, several convenient locations are already provided. It also has a far better and more advanced search function than Regedit and a change log system which tracks previous changes you have made to registry keys.
Download RegAlyzer (The portable version is available from portableapps.com)
Alternative – Aezay Registry Commander
Registry Commander is a little different to Regedit and RegAlyzer because it doesn’t work on a tree system down the left, everything works like drilling down into folders. It’s slightly awkward to get used to but works fine after a few minutes. A bookmarking system is supported for very quick access to important keys like all the Run or ShellNew entries. There’s also quite a powerful search function, the only slight drawback of Registry Commander is the portable executable is distributed in a RAR archive.
Download Aezay Registry Commander
3. Command Prompt (Cmd.exe) Replacement
Command Prompt is a powerful command line tool which supports a lot of commands you can’t run on the desktop. If you try to run cmd and get the following message “The command prompt has been disabled by your administrator”, an alternate Command Prompt should work. When trying a replacement you have to make sure it’s a proper replacement and not an enhancement tool like Console 2 because it still relies on the Command Prompt to function.
Greg’s DOS Shell
Greg’s DOS Shell (GS.exe) not only looks better than Cmd in Windows with Aero Glass and better theming support, it also includes a better history and more useful editing functions, Ctrl+V to paste is possible for instance. Type Help for a list of all the commands supported by Greg’s DOS Shell, F1 will show you the specific hotkeys for the built in editing and history functions.
Alternative – CMD++
CMD++ was designed with the express purpose of having an accessible Command Prompt when the built in console isn’t available. As well as supporting all the standard commands you’d expect with Windows Command Prompt, CMD++ also has a few commands of its own, although they aren’t really that useful and mostly for configuring the ini settings file. Type $help for a list of the integrated commands or help for all the available Dos commands.
4. Run Dialog Box Replacement
Although the Run dialog isn’t as important as a command prompt console, it can still be a problem if for some reason this won’t work or has been disabled. Run is a tool of convenience more than an essential tool but can still allow you to run important commands quickly.
Run Dialog replacement v1.0 is a tiny portable Run box if yours isn’t working. In fact you would be hard pushed to tell it apart from the real Run dialog box if it wasn’t for its own process you can see in Task Manager! Apart from that, it looks and behaves exactly the same as the real Run dialog would.
Download Run Dialog Replacement 1.0
Alternative – Run-Command
At only 100KB, Run-Command has quite a few useful functions built into a small package. Apart from running commands normally or as administrator, it also has a favorites system where you can store all your favorite commands, several are already included for various Windows tools and Control Panel components. You can also set up Run-Command to launch via a configurable combination of Left Winkey+R while the real Run dialog launches from Right Winkey+R. Separate 32/64 bit versions are available.
Note: Most Task Management tools including Windows Task Manager have their own Run dialog box to launch commands. For Windows Task Manager go to File > New Task (Run…), for Process Explorer and Process Hacker press Ctrl+R or go to File > Run.
5. System Configuration Utility (Msconfig.exe) Replacement
One of the first system tools an experienced user would call upon is Msconfig.exe, this can tell you which programs and also services are starting with Windows, and give you the option of disabling anything not required or suspicious. A message “Windows cannot find msconfig. Make sure you typed the name correctly, and then try again” means Msconfig could have been tampered with to stop you disabling a malicious process on boot.
Autoruns
The best alternative to Msconfig is probably Autoruns by Microsoft’s Sysinternals lab and also the authors of Process Explorer. It displays and allows you to disable or delete just about every startup entry available in Windows including logon startups, services, scheduled tasks, drivers, winsock, Internet Explorer extensions and objects, sidebar gadgets, multimedia codecs and printers. Unknown objects can be searched for online from the context menu.
Download Autoruns (click “Run Autoruns” to download a non zipped exe)
Alternative – WinPatrolToGo
The free and portable version of WinPatrol is a viable option if you can’t or don’t want to use Autoruns. The amount of information available is less than Autoruns but should make it easier to handle for general users. Startup items, IE Helpers, Services, Scheduled Tasks, Hidden files and Active task tabs are on hand to allow you to remove, disable or delete anything suspicious or stopping you running Windows properly.
6. Windows Explorer (Explorer.exe) Replacement
Malware can play havoc with Windows Explorer because it’s the main way you navigate around Windows. A favorite way is to block you from seeing hidden files and folders in Explorer’s Folder Options and then hide your files by setting the hidden and system attributes so you can’t find them. These tools will get around that easily.
FreeCommander
Apart from being a very good and portable free file management utility, FreeCommander is ideal for our scenario because it defaults to showing all hidden files and folders in Windows and doesn’t rely at all on the Folder Options in Explorer like many other file managers. Another neat feature is the Attributes/Timestamp option (Shift+Enter) that will let you batch unhide your files if they have had their hidden and system attributes set by malware. FreeCommanderXE is a newer version but doesn’t show hidden and system files like the old version.
Alternative – Just Manager
There are many good and free portable file managers out there like Nexus File and Multi Commander to name just two. We’ve gone for Just Manager because it’s small and has everything you could need for general file operations. Another reason is like FreeCommander, Just Manager by default shows files with hidden and system attributes set regardless of the Windows settings, you can also easily unhide those files or folders from File > “Change attributes/timestamp…”. An advanced batch file renamer is also very useful (Ctrl+M).
Ha, what a coincidence! If anybody would ask me about alternatives, I’d recommend these tools :) Not only for repair. Well, for explorer.exe I’d say XYPlorer Free (freeware, but for commercial use as well) and msconfig… Well, these are the replacements for autostart manager from msconfig.
For other alternatives please check software from NirSoft. They are (he is?) specializing in freeware replacements. Very simple graphically, doing its job great. Mostly for power users. Some apps allows remote repair.
Nice…been looking for awhile for some decent tools to overcome some of these parasitic viruses…thanks…
Thank Raymond. Nothing can be replaced your blog.
Thanks. You don’t know how helpful this post has been. Been a living hell trying to get rid of a virus from my computer.
Lovely work you’re doing here.
Thanks for all your posts.
I wonder where you get the energy to do all of this.
Nice gift you have.
Keep up the good work and thanks for sharing.
Regarding the cmd.exe bit, these tools are most likely invaluable for 32-bit/64-bit Windows servers and 64-bit client machines. However, 32-bit Windows XP still has command.com from the MS-DOS days. Because it is a DOS application, it has no knowledge of advanced security permissions – only file attributes such as read-only, system file, etc. As a result, secured files and directories using NT security permissions will be inaccessible, but you can still access things like you would using cmd.exe, bypassing the Group Policy/Registry issue. In this way, you could access things.
regedt32 is also in Windows XP as a remnant of the Windows NT days. In Windows XP, it simply runs regedit, but using such a program to launch it rather than trying to run it directly might circumvent the issue.
Thanks a lot!!! Really useful! I like it! ;)
Thanks so much for this very informative post among many others I have benefited from. I look forward to that newsletter always and save every one of them!
Great info Raymond! Thanks a lot!
wow, this is so good and a real must to have
thanks a lot
Thanks for these replacement tools. It’s much faster now to fix or remove spywares and viruses from my customers’ computer.
Even though you manage to reactivate the disabled tools you’ll be in situation when the computer might not even boot up probably and have to boot up in safe mode where the tools might be deactivated or out of function.
Probably the worst kind of viruses or spywares in my case might be the ones who can infect other computers through the network…now that would take time to fix
Thanks
Invaluable tips! Will save the rookie administrator tons of time. I am going to take all these tools, put it in USB drives and make them standard issue for IT admins in my organization.
Thanks.
Thanks Raymond! This is another useful tools!
Thanks !
it will be useful!
Sweet
Ray,
Great tips! Thanks.
I think there is no replacement for your blog.Thanks a lot for useful articles.
Thanks, Ray :-)
I guess it is enough to have those utilities in zip format – perhaps on another drive – and only install them in case of a virus infection.