This is caused by a malware. It hurts you by running a simple program or two and using few wallpapers and modifying the registry so that you cannot change the desktop wallpaper and end process with Windows Task Manager.
The following hacks are for advanced users.
For you to be able to reverse the process you need to be able to view hidden files, system files and edit registry. [You may want to disable system restore to prevent restoring of files you modify.]
If you are able to view Hidden Files and System Files:
1. Delete %windir%\system\uos.exe ["%windir% = C:\windows", most of the time]
2. Delete %windir%\system32\VisLoader.exe
3. Edit C:\boot.ini to remove extra parameters after multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
If you are able to edit registry copy the following to a text document and save with the extension .reg and double click the .reg file to update the registry or edit the following entries in the hive:
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=dword:00000000
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispAppearancePage"=dword:00000000
"NoDispBackgroundPage"=dword:00000000
"NoDispScrSavPage"=dword:00000000
"NoDispSettingsPage"=dword:00000000
[HKEY_CURRENT_USER\Control Panel\International]
"sTimeFormat"="HH:mm:ss"
Other resources to follow:
Enabling Task Manager from Group Policy Editor
1. Run -> gpedit.msc
2. User Configuration -> Administrative Templates -> System -> Ctrl+Alt+Del Options
3. Set "Remove Task Manager" to "Disabled" or "Not Configured".
4. Close gpedit.msc
5. Run -> gpupdate /force
5 comments:
hey m facin this problem n i have tried the way u told but its not workin... plz help me
I have been able to successfully remove it from the system with the above procedure but please note that the desktop wallpaper remains until you change it.
umn.. now it's ok... thanx :)
thanxs xia, the procedures worked. but i still find (U.Z.A O/S) at the location where time is displayed.
The registry entry with time stamp format needs to be changed to remove the U.Z.A. O/S. The uos.exe modifies the registry value sTimeFormat to "U.Z.A. O/S HH:mm:ss". So please edit the registry and remove the "U.Z.A. O/S" text from the value. You many copy the following to a text file and save it with .reg extension and run the REG file to update the registry if you are able to edit the registry.
[HKEY_CURRENT_USER\Control Panel\International]
"sTimeFormat"="HH:mm:ss"
Thanks.
Post a Comment