I cannot access the task manager

Status
Not open for further replies.
merryjoulton

merryjoulton

Posts: 13   +0
Now the task manager is the least of my problems

Here is my Hijackthis log-file.
 

Attachments

  • hijackthis.txt
    4.4 KB · Views: 30
Hello and welcome to Techspot.

Your version of Hijackthis is out of date. Therefore that is not a full log.

Go HERE and follow the instructions carefully. especially about updating and Hjackthis placement. print them out if you can.

Then post a new Hijackthis log.

Regards Howard :wave: :wave:
 
Thank you for the extremely quick reply! :giddy: I updated and here is my new log:
 

Attachments

  • hijackthis.txt
    6.3 KB · Views: 15
You are infected by the gaobot bc worm(winupdates.exe)

Go HERE for removal instructions.

When you have done that, Go to my previous post and follow the instructions in the link I provided.

Regards Howard ;)
 
I went to that link and performed everything up to the
2. Run a full system scan.
3. If any files are detected as W32.HLLW.Gaobot.BC, click Delete.
Click to expand...
At which point the only file that was detected was called WxBug.EXE.
 
I just now went onto the next step that involves "regedit." I typed regedit into "run..." and the black screen popped up for about 2 seconds then disapeared and nothing else happened.
 
Ok, I'll do that now. I didn't think I had to be in safe mode due to these instructions:
3. Restarting the computer in Safe mode or ending the Trojan process

Windows 95/98/Me
Restart the computer in Safe mode. All the Windows 32-bit operating systems, except for Windows NT, can be restarted in Safe mode. For instructions, read the document, "How to start the computer in Safe Mode."

Windows NT/2000/XP
To end the Trojan process:
1. Press Ctrl+Alt+Delete once.
2. Click Task Manager.
3. Click the Processes tab.
4. Double-click the Image Name column header to alphabetically sort the processes.
5. Scroll through the list and look for Winupdates.exe.
6. If you find the file, click it, and then click End Process.
7. Exit the Task Manager.
Click to expand...
 
I just came back from safe mode, and now I have an entirely new (or so it seems) problem. Right when my desktop appeared an IE pop-up window popped up, and I have a new icon in the taskbar called "180 search assistant". I have no idea where this came from.

Now, my other problem is while I was in safe mode, I typed "regedit" again and a box popped up that said
C:\WINDOWS|system32\regetit.com
The NTVDM CPU encountered an illegal instruction.
CS:053d IP:ffe4 OP:feff Id 09e9 choose "close" to terminate the application.
Click to expand...

To top it all off, as I was typing this reply, my Spybot S&D has been going crazy telling me about changes to my registry and process that are parts of malicious software. The one currently up is ap9h4wmo.exe "ShopAtHome".
 
God! That problem of yours sounds terrible! How did u get that 180 spyware onto your pc? Dosen't your Spybot detect & delete or quarantine it?
Sypware really gets to me. I ran a search through Ad aware on my wifes sisters pc last weekend & it found 185 infected files! Thats just from her general browsing & shes only had her laptop for 1 month! Stupid advertisment!

How about u save all of your stuff, format & start fresh?

Don't listen to me though ... im currently in training!!!
 
mikescorpio81 said:
God! That problem of yours sounds terrible! How did u get that 180 spyware onto your pc? Dosen't your Spybot detect & delete or quarantine it?
Sypware really gets to me. I ran a search through Ad aware on my wifes sisters pc last weekend & it found 185 infected files! Thats just from her general browsing & shes only had her laptop for 1 month! Stupid advertisment!

How about u save all of your stuff, format & start fresh?

Don't listen to me though ... im currently in training!!!
Click to expand...
Formatting is a serious consideration in the back of my mind right now. As long as I'm getting help in this thread, I have hope that I won't have to do that, though.
 
Now go to my original post in this thread, and follow all the instructions I linked.

Including downloading the required programmes etc.

Once and only once you have done that, post another HJT log.

Regards Howard :cool:
 
I had this problem on a friends PC, turns out the sneaky buggers had created a 'regedit.com' file in the system32 directory, amongst others such as 'ping.com', 'cmd.com' etc overwriting the windows versions. For whatever reason regedit.com takes priority over regedit.exe and will run if you type 'regedit' in the run box. If you type 'regedit.exe' then you should get the registry editor.

Once you've done all that you'll want to clean out the bogus files. Browse to the c:\windows\system32 folder and make sure you are showing all hidden & system files (tools -> folder options -> View -> select 'Show hidden files' and untick 'hide protected operating system files')
Then change the view to 'Details', sort by file type and scroll down till you get to 'MS-DOS Application' You'll see the virus files are very small in size, I think they were all 1kb and the genuine Microsoft files should be much bigger.

The next step is to move the files out of the system32 folder somewhere, Windows should then automatically replace them with the correct files from the dll cache, unless you switched off system restore. If so you can either copy the files from another XP box, restore them from an XP CD or ask someone very nicely to email you the files ;)

Let us know how you get on!
 
OK! Here is the new HJT log after everything suggested.

edit: hold on there were a few steps I skipped, I'll re-post shortly.
 
Ok here's an updated HJT log. For what it's worth, my computer is acting/appearing to act normally again right now.
 
Let HJT fix the following.

O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} -
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} -

Once that`s done your system looks clean.

Turn on system restore.

Regards Howard :) :)
 
rubjonny said:
... For whatever reason regedit.com takes priority over regedit.exe and will run if you type 'regedit' in the run box. If you type 'regedit.exe' then you should get the registry editor.
Click to expand...
Quite simple Windows goes through the possible extensions alphabetically. .com comes before .exe. Therefore if you just type calc in the Run box Windows will run calc.exe unless of course someone stuck a prog named calc.com in which case this would be executed.
 
Hey guys, I have the exact same problem as merryjoulton. Regedit won't open but regedit.exe does, task manager won't open at all, only in safe mode. I've tried HijackThis, not really sure what to fix.
 
Hello and welcome to techspot.

I cant see your HJT log, and your link doesn`t work.

Before posting your HJT log go to my first post in this thread and follow the instructions carefully.

Regards Howard :wave: :wave:
 
Status
Not open for further replies.

Similar threads

S
Unsolicited settings change
Replies
2
Views
285
Sebastian42
S
pcnthuziast
W11 start menu bug
Replies
0
Views
412
pcnthuziast
pcnthuziast
Daniel Sims
Windows 11 Insider preview gives Task Manager a search function
Replies
12
Views
1K
Bullwinkle M
B

Latest posts

Back