No luck even with 8 steps, task manager won't open and desktop can't be changed

By intense
Feb 21, 2009
Topic Status:
Not open for further replies.
  1. I did the 8 steps and I still can't open task manager or change my desktop. I believe the trojan is a fake antivirus malware that wants me to install their program and pay them to delete it. I've scanned with lavasoft adware, spybot search and destroy, and anti-malware before bumping onto this forum and I've removed the majority of the trojan. Yet I still can't use my task manager nor change my desktop background. I keep on scanning my computer and trojan.fakealert keeps on coming up on anti-malware program (specifically, userinit.exe)

    Please take a look into my logs and see what the problem is.

    Thanks in advance,
    Michael

    Attached Files:

  2. cubyong

    cubyong Newcomer, in training Posts: 45

    hey, maybe these 2 from HJT looks suspicious.

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

    but just wait for someone to confirm this and they will guide you through using combofix and sdfix. :)
  3. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    You had TDSSserv infection. There is a thread here concerning its removal: http://www.techspot.com/vb/topic116603.html
    But basically just do this:
    Start->Run-> CMD
    on the command line type:
    sc stop TDSSserv.sys
    And then press enter
    sc delete TDSSserv.sys
    And then press enter

    It is possible that SuperAntiSpyware has already successfully removed it though

    I notice that you have Trend installed
    Obviously it has not protected you, and you highly likely still have more infections present (pretty sure positive)

    Uninstall Trend from Add\Remove Programs
    If it does not uninstall normally (ie corrupted due to Virus\Malware activity) do this:

    *Start->Run-> C:\Program Files\Trend Micro\Internet Security 12\TISSuprt.exe
    The Trend Micro Diagnostic Toolkit window will appear. Click on the Uninstall tab
    Click on the Un-install button
    Click on the Un-install button again when asked if you want to continue with the un-installation
    Restart your computer

    * Note: If the Trend Micro Diagnostic Toolkit window does not appear
    Run: C:\Program Files\Trend Micro\Internet Security 12\PCCTool.exe

    Or read here for more info: http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1036064&id=EN-1036064

    ------------------

    Once Trend is fully uninstalled, and you have then restarted
    Install Avira free AntiVirus

    Start up Malwarebytes again; Update it; then run a full scan (remove all found Malwares)
    You need to run this multiple times, until all hidden Malwares are uncovered and removed
    Save the new Malwarebytes log as an attachment to a new reply

    Then Restart, and run HijackThis Scan and log and also attach this to a new reply
  4. intense

    intense Newcomer, in training Topic Starter Posts: 22

    Thanks for the tips! here are the logs. I rescanned with anti-malware 2 times and uninstalled trend micro.
  5. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    Well done :)

    Well Ad-aware and SuperAntispyware can be uninstalled (seeming both have multiple slow down startups happening)

    Download Combofix
    Lots of info on its use h e r e
    Direct download h e r e

    Locate the downloaded Combofix. Double click on it to run, answering any prompts along the way
    Note: during Combofix scan (lasting up to 10mins) your Desktop and clock may reset (all normal)
    ComboFix will also restart your computer (eventually) and then (eventually) create a log

    Save this log file to be attached to a new reply

    Also do another scan with HJT (scan and log file) and attach this to a new reply as well
  6. intense

    intense Newcomer, in training Topic Starter Posts: 22

    alrighty all done. also just to tell you, i'm running all these scans on another account which can change background pictures and open up taskmanager. I'm scared of trying to load my account up because it might reload all that malware stuff. also, it seems as if explorer.exe is not loading up on its own (i have to go into taskmanager and run explorer.exe)
  7. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    Well done (and well worth it, seeming it fixed the fault)

    You need to uninstall eMule (right now would be good) before you get re-infected
    Normally I don't even look at threads that have file sharing programs installed (there's no use really, as re-infection is imminent)

    You may as well uninstall Ad-aware as well, I don't use it, and the programs we advise here, will clear up any issues totally, especially Malwarebytes

    Anyway, do that, and restart, and report how it's going
  8. intense

    intense Newcomer, in training Topic Starter Posts: 22

    hey thanks for all the help once again! I restarted my computer and logged onto my account but I still cannot access taskmanager and now explorer.exe won't load so I have to restart my computer by clicking on the power off button instead of via windows.
  9. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

  10. intense

    intense Newcomer, in training Topic Starter Posts: 22

    I booted into safe mode with networking but whenever I try to load up task manager it still gives me something along these lines "Cannot open task manager, your administrator has disabled it." Also, the xp_fixlogon just gives me default gina in use. dll in use: MSGINA.DLL (standard).
  11. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    And the other program? RatsCheddar?
    Did you enable all options, and apply?

    I've noticed from doing this, that one member needed to restart (normally though) twice
  12. intense

    intense Newcomer, in training Topic Starter Posts: 22

    yeah that one worked after i restarted but only for the account i applied it to so it still doesn't work for my account
  13. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    Oh

    If you run it on the Administrator account it is suppose to affect all accounts
    Were you logged into the Administrator account? (you may have had to logoff first, in Safe Mode, then log back on)

    Maybe run it in all the accounts in Safe Mode ;)
     
  14. intense

    intense Newcomer, in training Topic Starter Posts: 22

    hey so I tried it once again on administrator account in safemode but it still doesn't work. i'm not sure if this is relevant but explorer.exe doesn't load up in safemode either. I have to ctrl-alt-del to open taskmanager and then run explorer.exe. so basically I can't fix my taskmanager problem (in my account) because explorer.exe won't load up.
  15. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    OK I went and confirmed the exact registry entries

    Please go to:
    Start->Run-> Regedit

    And then expand:
    HKEY_LOCAL_MACHINE
    SOFTWARE
    Microsoft
    Windows NT
    CurrentVersion
    Winlogon

    Once you click on Winlogon (the last one expanded above), confirm these two exist:

    "Shell"="Explorer.exe"
    "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
  16. intense

    intense Newcomer, in training Topic Starter Posts: 22

    yup i have those two registries
  17. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    I re-read the thread again
    Pretty sure you still have Malware present, lets deal with that first ;)

    Please download and run SDFix (I'm sorry, but I must refer you to t h i s tutorial on its use, scroll down to "SDFix Instructions")

    Download, and run the "RunThis.bat" in Safe Mode, as advised
    Then attach the log and a new HJT log
    Oh by the way, it says that it may take 20mins to scan! (Mine took over an hour to complete!)
  18. intense

    intense Newcomer, in training Topic Starter Posts: 22

    alright finished the scan and it looks like everything is fine but of course i'm no expert haha.
  19. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    Well I suppose Explorer is still not starting (obviously)

    Please go to Windows update and install SP3
    Now I know this is a tad different to removing Malware. But I can't see any Malware !
  20. intense

    intense Newcomer, in training Topic Starter Posts: 22

    :eek: that's weird, I still have malware installed. well i'm installing sp3 right now. thanks for the help hopefully this will fix my explorer issue =]

    edit: just kidding i didn't install sp3 yet. my computer decided to download it but not install it when i restarted the computer!
  21. intense

    intense Newcomer, in training Topic Starter Posts: 22

    thanks so much kimsland! explorer did load and I was able to fix my taskmanager and background! only problem now is that my taskbar is stuck in the classic windows mode. any suggestions on how to change it? (ive tried everything with the display window (changing themes, changing appearances, etc))
  22. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

  23. intense

    intense Newcomer, in training Topic Starter Posts: 22

    that didn't work =[
  24. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    Well that's the quickfix out of the way ;)

    Please try this one

    Start->Run-> SFC /ScanNow

    You may need your Windows CD whilst it scans (and repairs) Windows system files
    No data is hurt
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.