Ctrl + Alt + Delete been disable

Status
Not open for further replies.

isotopes

Posts: 14   +0
I have been runing the Viruses/Spyware/Malware, preliminary removal instructions.

The Ctrl + Alt + Delete has been disable. MSN not able to loging but strange I'm still able to loging to explorer.

However during the removal, I have problem running the Hijact This on safe mode as the icon is not in the desktop anymore.

No rootkit found form Panda.


The attached are the log files.

Kinda frustrated and can't find any solution.

Please let me know what other information you need.

Your help will be greatly appricatiated.


A million, zillion, thanks
 
that is weird...
unless the computer has been locked by main administrator..
or even. taskmgr.exe has been once removed by any virus...

have u check existence of taskmgr.exe at windows/system32?
and then i may suggest u to update your antivirus...

otherwise. get an antivirus cleaner (not a standalone antivirus for windows)
such as Avast Cleaner, McAfee Stinger, or even RemoveIT

all of them are not a substitute for full-antivirus product, so they should not cause interfere to your full antivirus program.
 
Also.. I keep on having this error message prompt up.. it says REG.exe Application Error, The application failed to initialize properly.

And whenever I scan with McAfee and remove the virus, it just come back after a while..

HELP....

I'm very sure it's malware infection...
(Moderator edit: Posts merged. Please use the edit button, rather than replying to your previous post where there are no other replies in between. If bumping the thread, please wait at least 24 hours for a reply.
 
-
Welcome to Tech Spot.

Lets see what we can do.

----------

Follow this link to download and run LSP-Fix

http://www.bleepingcomputer.com/tutorials/tutorial59.html#howto

The entries in LSP-Fix you are looking for is mshost.dll (there may be more than one)

If you are unsure of entries do not remove them

Use this link http://www.castlecops.com/LSPs.html to determine good, bad and unknown LSPs.

Once done come back and continue with the rest of the steps.

----------

* Download OTMoveIt.exe from here and place it on your desktop:
http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe

Don't run it yet we will use it later.

----------

Open HijackThis and select Do a system scan only and place a check mark next to:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [MSSC] C:\Program Files\Common Files\System\avupdate.exe
O4 - HKLM\..\Run: [ShowLOMControl] 
O4 - HKLM\..\Policies\Explorer\Run: [comrepl32] C:\windows\system32\com\comrepl32.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present


Close all windows except for HijackThis and click fix checked

----------

Double click OTMoveIt.exe to launch it.
Copy/Paste the contents of the box below into the left hand pane of OTMoveIt.

C:\Program Files\Common Files\System\avupdate.exe
C:\windows\system32\com\comrepl32.exe

Then click the MoveIt button.
* The list will be processed and the results will appear in the right hand pane.
* If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
* When finished click Exit to exit the program.
* A log C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log will be created (where mmddyyyy_hhmmss are numbers giving date and time the log was created).

Please save this log to attach later.

----------

Please download ATF Cleaner by Atribune. ATF Cleaner.exe

Make sure that all browser windows are closed.
* Double-click ATF-Cleaner.exe to run the program.
* Under Main choose: Select All and UNCHECK Cookies.
* Click the Empty Selected button.
If you use Firefox browser
* Click Firefox at the top and choose: Select All and UNCHECK Cookies.
* Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
* Click Opera at the top and choose: Select All and UNCHECK Cookies.
* Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main ATF Cleaner menu to close the program.

----------

Run this online scan

Requires Internet Explorer

Use the ESET Nod32 Online Scanner
1. Check the box next to YES, I accept the Terms of Use.
2. Click Start
3. When asked, allow the activex control to install
4. Click Start
5. Make sure that the option Remove found threats and the option Scan unwanted applications is check marked.
6. Click Scan
7. Wait for the scan to finish
8. Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
9. Attach the C:\Program Files\EsetOnlineScanner\log.txt log into your next reply

----------

Please download the trial version of SpySweeper (2 week trial)

* Run the installer. Choosing to only install SpySweeper
* It will prompt you to update to the latest definitions, choose Yes (recommended) and click Next
* Once the definitions are installed, click I accept the agreement and then Next
* Choose Typical Installation then click Next
* Enter your email address then click Next
Important Uncheck the box Install the Webroot Ask toolbar Search Assistant, I agree to the terms above before clicking Next
* Click Install.
* Choose Yes, restart my computer now (recommended) then click Finish (the computer will restart)

* Once restarted open SpySweeper.
* Click the Options tab. (lower left)
* Under Options > Sweep Tab > Sweep Type choose Full Sweep (Recommended)
* Click the Always Apply tab and use the dropdown menu to select Always Quarantine
* Click the Home tab and choose Start Full sweep

* When it's done scanning, Make sure everything has a check next to it, then click the Quarantine Selected button.
* It will quarantine all of the items found.
* Click View Session Log in the upper right corner.
* Click the Save To File button.
* Click Desktop for the location.
* Next to the Save as type: be sure it is set to Text Document (.txt) and then click Save
* Attach the SpySweeper Session Log in your next reply.

----------

Next post please attach:
OTMoveIt log
EsetOnlineScanner\log.txt
SpySweeper Session Log
NEW HijackThis log.
 
my HijackThis programme prompt me with out of memory message which I can't even open..

Another thing is that sometime my computer can react very slow.. and at the start up, it always says I have new programme install when it's all the already installed programme.

HELP...
 
Download OTMoveIt, ATF Cleaner and SpySweeper.

Then boot into safe mode, Run ATF Cleaner first and then do the HijackThis and the OTMoveIt steps.

Then run Spysweeper in safe mode also.

Copy the directions into notepad and save them to your desktop so you can view them in safe mode.

Starting your computer in safe mode

* If the computer is running, shut down Windows, and then turn off the power.
* Wait 30 seconds, and then turn the computer on.
* Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
* Ensure that the Safe Mode option is selected.
* Press Enter. The computer then begins to start in Safe mode.
* Login on your usual account.
 
These are the log file.

It seems like getting better...

Please let me know what shoud I do next..

And really really appricated your help.. and please do let me know if there is any way to let me show you my apprication from your help....

Anthing... :)
 
Open H8jackThis and select Do a system scan only and place a check mark next to:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

Next click Fix checked.

I want to run one more scan to be sure nothing else is hiding.

Download Superantispyware (SAS) SUPERAntispyware Free Edition

Install it and double-click the icon on your desktop to run it.
* It will ask if you want to Update the program definitions, click Yes.
* Under Configuration and Preferences, click the Preferences button.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked:
  • Close browsers before scanning
  • Scan for tracking cookies
  • Terminate memory threats before quarantining.
  • Please leave the others unchecked.
  • Click the Close button to leave the control center screen.
* On the main screen, under Scan for Harmful Software click Scan your computer.
* On the left check C:\Fixed Drive.
* On the right, under Complete Scan, choose Perform Complete Scan.
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK.
* Make sure everything in the white box has a check next to it, then click Next.
* It will quarantine what it found and if it asks if you want to reboot, click Yes.
* To retrieve the removal information please do the following:
  • After reboot, double-click the SUPERAntiSpyware icon on your desktop.
  • Click Preferences. Click the Statistics/Logs tab.
  • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
  • It will open in your default text editor (such as Notepad/Wordpad).
  • Save the notepad file to your desktop by clicking (in notepad) "File" "Save As"
* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.


* Please add the log as an attachment along with a new HijackThis log in the next post.
 
I have done the following.

Files are attached here..

Among so many antivurs and antispyware now in my computer, which one should I purchase or keep, to have maxmium protection?

Also how to check if my computer is totally clean,

Lastly.. how to thank you for your help?
:)

but now the ctrl + alt + delete still being lock.... and when I run through the virus scan by macfee still have virus infected.. and it just come back once the computer restert..

(Moderator edit: Posts merged. Please use the edit button, rather than replying to your previous post where there are no other replies in between. If bumping the thread, please wait at least 24 hours for a reply.
 
I am not sure why but HijackThis is showing
O4 - HKLM\..\Run: [Microsoft Installshield] rundll32.exe
O4 - HKLM\..\RunServices: [Microsoft Installshield] rundll32.exe

It is unknown why they are running there.
 
I'm not sure if I'm running the taskmanager process directly or downloading a program like Process Explorer. How to tell?

Anyway... whenever I do a virus scan or Spy Sweeper, it always shows the spy cookie present.

Should I redo all the test from the prelimiary removal till the last step in this message?


PLEASE HELP....
 
Run ATF Cleaner.

Delete the copy of Combofix you have and run a new scan and attach the log.

Please download Combofix by sUBs from either here or here

Save Combofix.exe to your your Desktop.

1. Double click combofix.exe & follow the prompts. (from the keyboard select 1 and press enter)
2. When finished, it will produce a log for you.
3. Attach that log in your next reply.

Note:
Do not mouseclick combofix's window while it's running. That may cause your computer to stall
 
isotopes said:
I'm not sure if I'm running the taskmanager process directly or downloading a program like Process Explorer. How to tell?

Anyway... whenever I do a virus scan or Spy Sweeper, it always shows the spy cookie present.

Should I redo all the test from the prelimiary removal till the last step in this message?


PLEASE HELP....

I meant, have you tried doing either. If you need to use the task manager (a reason for hitting ctrl-alt-del) you ought to be able to access the .exe directly, or you could use Processor Explorer for the same purpose. Usually, viruses do this so you can't ctrl-alt-del the processes to make cleaning them easier. That's why I suggested it.
 
We are still trying to figure out what process it is.

Start>Run>taskmgr.exe should bring up Task manager. But what are we looking for?
 
Please see HERE. It seems strangely similar; could be a new variant.

But I think we should wait for the ComboFix log before taking any action.

EDIT: Isotopes: have you read this thread?

Regards,
momok =)
 
Understood. I was just pointing out the fact that if you need to bring up task manager, or a more detailed version (i.e. Process Explorer) it is possible without hitting the ctrl-alt-del keystroke combo, which gets blocked by many viruses.
 
evilfantasy said:
Run ATF Cleaner.

Delete the copy of Combofix you have and run a new scan and attach the log.

Please download Combofix by sUBs from either here or here

Save Combofix.exe to your your Desktop.

1. Double click combofix.exe & follow the prompts. (from the keyboard select 1 and press enter)
2. When finished, it will produce a log for you.
3. Attach that log in your next reply.

Note:
Do not mouseclick combofix's window while it's running. That may cause your computer to stall

I'm back.. finally.. with my computer newly formatted. Sigh..
'
What happened is that when I proceed with combofix, maybe the online monitoring is still on, thus when the combofix finish its process, the spysweeper prompt a message that caused combofix to halt. Before the combofix half, it show up message that combofix will will reboot the system. I thought the combofix have completed its process, thus manually reboot the system.

Then.. each time when I reboot my system, before the window screen startup, it says registery error, dump phyisically file and make me no choice to reformatted my computer.

Of course, last but not least, I really truely appricated the help from all of yours. Any recommendation for antivirus or software to prevent the same incident happened? Or any page I can do some donation to show my appriciation.. Or anything that can thank you for your help :)
 
Hi,

I'm sorry to hear that.

Use one good strong antivirus such as AVG antivirus or Avast, coupled with SpyBot Search and Destroy, plus one good firewall such as Comodo, Kerio or Zonealarm.

Download and install CCleaner. Run it regularly.

Use either AVG Antispyware or Spywareblaster too.

Often times, an infection can occur again not due to the incompetence of programs, but because of user habits.
May I recommend you to read this article.
This can help to prevent future infections.

Regards,
momok =)
 
Status
Not open for further replies.
Back