A lot of times many viruses/Malwares/Adwares and Spywares hits the system and leave the system with some changes to the system restrictions in order to hide itself from easy detection.
The most commonly seen virus called “Brontok”.
Brontok virus will make some changes to the system restrictions in order to hide itself from easy detection and also from easy cleaning.
These restrictions are most often:
1 – Disable Folder Options >> so the user can’t set the option to show hidden files!
2 – Disable Registry Tools >> so the user can’t see what is going on during system startup!
3 – Disable Ctrl+Alt+Del >> so the user can’t see the virus and the other applications running!
4 – Disable Show hidden files & folders >> so the user can’t see the malware bodies which always come with hidden attribute set to true!
5 – Disable Run Command >> so the user can’t use it to run some tools to track the virus activites of remove it.
6 – Disable Windows Firewall (SharedAccess) >> so the virus can send & receive any data through the network without the attention of the user!
7 – Disable Windows Firewall (Wscsvc) >> so the virus can send & receive any data through the network without the attention of the user!
8 – Disable Windows Firewall (Wuauserv) >> so the virus can send & receive any data through the network without the attention of the user!
9 – Restrict Internet Explorer Home Page Changing >> so the user can’t change the malicious web page set by the malware!
10 – Restrict Internet Explorer Closing >> so the user can’t close the pops up windows that appear when visiting the malicious web page or any other website!
11 – Hide Internet Options >> so the user can’t change any setting set by the malware!
12 – Hide Internet Explorer Address Bar >> so the user can’t see what web page being visited and what scripts being executed!
13 – Restrict Internet Explorer Right Click >> so the user can’t view the source of the page being visited and other useful things.
14 – Hide Internet Explorer Navigation Buttons >> so the user will be forced to user the keyboard shortcuts to navigate through the web sites!
15 – Hide Internet Explorer Context Menu >> so the user can’t access this menu which make him able to select some useful settings.
16 – Hide Internet Explorer Toolbar >> so the user can’t use it to remove some unwanted toolbars made by the malware.
17 – Disable Command Prompt (cmd.exe) >> so the user cannot run any console programs like command prompt removal tools…
18 – Disable Control Panel >> so the user cannot use the control panel applets.
19 – Hide system files/folders >> so the user can’t see the malware bodies which usually come with system attribute set to true!
20 – Change Show Hidden files option button >> So even if you select “Show hidden files and folders from folder options these files & folder will not be shown!
21 – Disable Show System files check box >> So even if you unchecked “Hide protected operating system files” these files & folder will not be shown!
22 – Disable Show all files/folders check >> So changing this from folder options will be ignored!
23 – Hide Desktop items to prevent the user from accessing My Computer and other desktop shortcuts!
24 – Hide files extensions: This is commonly used by malware to trick the user. By hiding file extension, a user doesn’t know whether a file with folder icon is an exe file or just an ordinary folder.
25 – Disable File Extentions Check >> So changing this from folder options will be ignored!
26 – Restrict Windows Update >> So the user cannot download security patches from Microsoft.
27 – Disable Shut Down Command >> So the user cannot shut down the system normally.
28 – Restrict Settings Folders >> Just imagine when you all items under Start menu>Settings wont run!
29 – Disable Taskbar context menu >> You right click your taskbar.. Oops; nothing happens!
30 – Disable Logoff Command >> So the user cannot logoff and use another profile.
31 – Hide Start Menu Logoff >> So the user cannot use this shortcut to logoff!
32 – Restrict Add/Remove Programs >> So the user cannot see what applications and windows components are installed or uninstall/reinstall any application.
Unfortunately, AV Software doesn’t really care about these restrictions and do nothing to re-enable them!
Until AV software comes up with such a tool in their future versions, sergiwa.com have created a very small tool for you that does just that! It re-enables all what the virus had previously disabled, and gives you back the control over your own computer. they called it Remove Restrictions Tool (RRT).
Hope this helps!