Sysinternals Process Explorer

Discussion in 'other software & services' started by Infected, Jul 23, 2018.

  1. Infected

    Infected Registered Member

    Joined:
    Feb 9, 2015
    Posts:
    1,134
    How do you un-replace task manager? Every time i tap replace task manager, it doesn't switch to undo.
     
  2. __Nikopol

    __Nikopol Registered Member

    Joined:
    Aug 13, 2008
    Posts:
    630
    Location:
    Germany
    Check with Process Monitor what it tries to change (Probably a reg-key) and then look in the security tab of it if you have write rights or change it yourself. :)
     
  3. guest

    guest Guest

    There are specific locations in the registry. Navigate to them and delete the "Debugger" key which is stored there.
    Code:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe
    
    Or the easy way is to launch AutoRuns (with administrator privileges) and go to the section "Image Hijacks".
    From there you can simply (a) untick the "taskmgr.exe" entry (if you want to switch back to Process Explorer at a later time) or you can (b) delete the "taskmgr.exe" entry.
    AutoRuns_Image Hijacks.png
     
  4. lofac

    lofac Registered Member

    Joined:
    Jan 18, 2018
    Posts:
    125
    Location:
    .
    Run Process Explorer as admin
     
  5. __Nikopol

    __Nikopol Registered Member

    Joined:
    Aug 13, 2008
    Posts:
    630
    Location:
    Germany
    I definitely don't know enough yet. Very good suggestions from you two! :thumb::D
     
  6. Infected

    Infected Registered Member

    Joined:
    Feb 9, 2015
    Posts:
    1,134
    Thanks for all of your help. I found out it wasn't working with process explorer64. When i started up process explorer, non 64, i was able to switch back.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.