I cannot access the task manager

By merryjoulton
Jun 15, 2005
Topic Status:
Not open for further replies.
  1. Now the task manager is the least of my problems

    Here is my Hijackthis log-file.

    Attached Files:

  2. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +19

    Hello and welcome to Techspot.

    Your version of Hijackthis is out of date. Therefore that is not a full log.

    Go HERE and follow the instructions carefully. especially about updating and Hjackthis placement. print them out if you can.

    Then post a new Hijackthis log.

    Regards Howard :wave: :wave:
  3. merryjoulton

    merryjoulton Newcomer, in training Topic Starter

    Thank you for the extremely quick reply! :giddy: I updated and here is my new log:

    Attached Files:

  4. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +19

    You are infected by the gaobot bc worm(winupdates.exe)

    Go HERE for removal instructions.

    When you have done that, Go to my previous post and follow the instructions in the link I provided.

    Regards Howard ;)
  5. merryjoulton

    merryjoulton Newcomer, in training Topic Starter

    Thank you for the help, this is taking a while to do but I will let you know how everything goes.
  6. merryjoulton

    merryjoulton Newcomer, in training Topic Starter

    I went to that link and performed everything up to the
    At which point the only file that was detected was called WxBug.EXE.
  7. merryjoulton

    merryjoulton Newcomer, in training Topic Starter

    I just now went onto the next step that involves "regedit." I typed regedit into "run..." and the black screen popped up for about 2 seconds then disapeared and nothing else happened.
  8. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +19

    Have tried to open the task manager and stopped the process winupdates.exe?

    Regards Howard :cool:
  9. merryjoulton

    merryjoulton Newcomer, in training Topic Starter

    Yes, I did everything in that link up to the "regedit" part at this point.
  10. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +19

    Is your computer in safe mode? If not it needs to be. Also don`t forget to turn off system restore.

    Regards Howard :cool:
  11. merryjoulton

    merryjoulton Newcomer, in training Topic Starter

    Ok, I'll do that now. I didn't think I had to be in safe mode due to these instructions:
     
  12. merryjoulton

    merryjoulton Newcomer, in training Topic Starter

    I just came back from safe mode, and now I have an entirely new (or so it seems) problem. Right when my desktop appeared an IE pop-up window popped up, and I have a new icon in the taskbar called "180 search assistant". I have no idea where this came from.

    Now, my other problem is while I was in safe mode, I typed "regedit" again and a box popped up that said
    To top it all off, as I was typing this reply, my Spybot S&D has been going crazy telling me about changes to my registry and process that are parts of malicious software. The one currently up is ap9h4wmo.exe "ShopAtHome".
  13. mikescorpio81

    mikescorpio81 Newcomer, in training Posts: 574

    God! That problem of yours sounds terrible! How did u get that 180 spyware onto your pc? Dosen't your Spybot detect & delete or quarantine it?
    Sypware really gets to me. I ran a search through Ad aware on my wifes sisters pc last weekend & it found 185 infected files! Thats just from her general browsing & shes only had her laptop for 1 month! Stupid advertisment!

    How about u save all of your stuff, format & start fresh?

    Don't listen to me though ... im currently in training!!!
  14. merryjoulton

    merryjoulton Newcomer, in training Topic Starter

    Formatting is a serious consideration in the back of my mind right now. As long as I'm getting help in this thread, I have hope that I won't have to do that, though.
  15. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +19

    Now go to my original post in this thread, and follow all the instructions I linked.

    Including downloading the required programmes etc.

    Once and only once you have done that, post another HJT log.

    Regards Howard :cool:
  16. rubjonny

    rubjonny Newcomer, in training Posts: 19

    I had this problem on a friends PC, turns out the sneaky buggers had created a 'regedit.com' file in the system32 directory, amongst others such as 'ping.com', 'cmd.com' etc overwriting the windows versions. For whatever reason regedit.com takes priority over regedit.exe and will run if you type 'regedit' in the run box. If you type 'regedit.exe' then you should get the registry editor.

    Once you've done all that you'll want to clean out the bogus files. Browse to the c:\windows\system32 folder and make sure you are showing all hidden & system files (tools -> folder options -> View -> select 'Show hidden files' and untick 'hide protected operating system files')
    Then change the view to 'Details', sort by file type and scroll down till you get to 'MS-DOS Application' You'll see the virus files are very small in size, I think they were all 1kb and the genuine Microsoft files should be much bigger.

    The next step is to move the files out of the system32 folder somewhere, Windows should then automatically replace them with the correct files from the dll cache, unless you switched off system restore. If so you can either copy the files from another XP box, restore them from an XP CD or ask someone very nicely to email you the files ;)

    Let us know how you get on!
  17. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +19

    Nice bit of info there rubjonny.

    Regards Howard :grinthumb
  18. merryjoulton

    merryjoulton Newcomer, in training Topic Starter

    OK! Here is the new HJT log after everything suggested.

    edit: hold on there were a few steps I skipped, I'll re-post shortly.
     
  19. merryjoulton

    merryjoulton Newcomer, in training Topic Starter

    Ok here's an updated HJT log. For what it's worth, my computer is acting/appearing to act normally again right now.
  20. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +19

    Let HJT fix the following.

    O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} -
    O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} -

    Once that`s done your system looks clean.

    Turn on system restore.

    Regards Howard :) :)
  21. IronDuke

    IronDuke Newcomer, in training Posts: 1,267

    Quite simple Windows goes through the possible extensions alphabetically. .com comes before .exe. Therefore if you just type calc in the Run box Windows will run calc.exe unless of course someone stuck a prog named calc.com in which case this would be executed.
  22. merryjoulton

    merryjoulton Newcomer, in training Topic Starter

    Thank you everyone for the invaluable help.
  23. blah3

    blah3 Newcomer, in training Posts: 22

    Hey guys, I have the exact same problem as merryjoulton. Regedit won't open but regedit.exe does, task manager won't open at all, only in safe mode. I've tried HijackThis, not really sure what to fix.
  24. blah3

    blah3 Newcomer, in training Posts: 22

  25. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +19

    Hello and welcome to techspot.

    I cant see your HJT log, and your link doesn`t work.

    Before posting your HJT log go to my first post in this thread and follow the instructions carefully.

    Regards Howard :wave: :wave:
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.