I need to know how how to not alow the user to use task maniger.
do you have eny ideas ?

I have no idea what "tak maniger" is. Can you descirbe it for me?

Sorry. Why would you want to do this?

@ Xander314: Process Explorer does it, sort of, it overwrites the startup instructions anyway. I saw this post then read some of the others linked to his profile, this guys a prankster, he doesn't seem malicious. I have to say with rootkit.com being down for so long, thanks Anon, it's getting kind of tempting to start answering these questions.

Is rootkit.com a virus site? Or how to keep safe from rootkits?

To me, if you're trying to disable task manager then you're making something that is similar to a virus of some kind. I'm sure others think the same and might hesitate to help you.

P.S:
See this: http://www.spellcheck.net/speller/

That is not strictly true - in commercia/industrial l software where pc are running tailormade software - the default (autologon user) typically has restricted access rights.

Rootkit.com was a site by Greg Houghland (You remeber that guy who got in a dick swinging contest with Anonymous?) that would host material discussing exploits and such to subvert the Windows kernal. It used to be where I would go to have conversations about the security\insecurity of NTFS and such. Purley mental excersize on my part and most people there were showing off what they could do or writing pranks rather then collaborating to make the next super virus.

So the content that was there may have been presented in a malicious looking atmosphere but it honestly taught you just as much about how to keep safe from\remove rootkits as it would teach you how to make them. I'm an aspiring grey hat this isn't a secret, I don't discuss stuff like that on this forum which is why I didn't jump up and answer the OP's question.

EDIT: For anyone into this kind of stuff arstechnica had an amazingly detailed description of how Anonymous hacked this site. As much as I respect Mr. Houghland it is a truley awsome story.

The best way is to create a reg value at the key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System

then create a new DWORD value named DisableTaskMgr and set its value to 1.

To do this with c++/winapi, use the registry functions such as RegOpenKeyEx.

Another way is to make a loop which constantly looks for the task manager window (or any other window you want to disable) by doing:



or possibly move, delete taskmgr.exe? xD

Disabling task man won't exactly stop someone killing your "virus" though.. you can run things such as tasklist.exe and taskkill.exe from system32 folder in cmd. or someone might use another program like process explorer.

kaije wrote:
The best way is to create a reg value at the key:

... just ....


Moving on. You can't delete it. Not without deleting the copy that windows keeps. But That's just stupid, and don't do it.

If you want to bypass task manager, you can simply make a service. No typical windows user looks at services. However I would much rather have you do something useful...

I'm sorry to come in here and pseudo-troll at this point, but should we really be nurturing the next-gen script kiddies? Disabling certain programs has constructive value at times...but that's obviously not what the OP is considering. Personally, I've wanted to beat people with a stick that make this junk. It's one of my peeves.

I agree with Luc... Though it's not really trolling =)

in task manager you can look at services related to a process (only in vista/7?), and you can show none microsoft services in msconfig. or use services.msc to modify them.

the thing i always check last for viruses or annoying start up things is the task scheduler.. -.- located in start menu -> accessories -> system tools -> task scheduler, you can practically make processes run whenever you want, e.g. on start up, at certain days and times.

Not sure how you add schedules to it with code though.

That's cool I'll try that !