No luck even with 8 steps, task manager won't open and desktop can't be changed

Status
Not open for further replies.

intense

Posts: 22   +0
I did the 8 steps and I still can't open task manager or change my desktop. I believe the trojan is a fake antivirus malware that wants me to install their program and pay them to delete it. I've scanned with lavasoft adware, spybot search and destroy, and anti-malware before bumping onto this forum and I've removed the majority of the trojan. Yet I still can't use my task manager nor change my desktop background. I keep on scanning my computer and trojan.fakealert keeps on coming up on anti-malware program (specifically, userinit.exe)

Please take a look into my logs and see what the problem is.

Thanks in advance,
Michael
 

Attachments

  • hijackthis.log
    10.6 KB · Views: 6
hey, maybe these 2 from HJT looks suspicious.

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

but just wait for someone to confirm this and they will guide you through using combofix and sdfix. :)
 
You had TDSSserv infection. There is a thread here concerning its removal: https://www.techspot.com/vb/topic116603.html
But basically just do this:
Start->Run-> CMD
on the command line type:
sc stop TDSSserv.sys
And then press enter
sc delete TDSSserv.sys
And then press enter

It is possible that SuperAntiSpyware has already successfully removed it though

I notice that you have Trend installed
Obviously it has not protected you, and you highly likely still have more infections present (pretty sure positive)

Uninstall Trend from Add\Remove Programs
If it does not uninstall normally (ie corrupted due to Virus\Malware activity) do this:

*Start->Run-> C:\Program Files\Trend Micro\Internet Security 12\TISSuprt.exe
The Trend Micro Diagnostic Toolkit window will appear. Click on the Uninstall tab
Click on the Un-install button
Click on the Un-install button again when asked if you want to continue with the un-installation
Restart your computer

* Note: If the Trend Micro Diagnostic Toolkit window does not appear
Run: C:\Program Files\Trend Micro\Internet Security 12\PCCTool.exe

Or read here for more info: http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1036064&id=EN-1036064

------------------

Once Trend is fully uninstalled, and you have then restarted
Install Avira free AntiVirus

Start up Malwarebytes again; Update it; then run a full scan (remove all found Malwares)
You need to run this multiple times, until all hidden Malwares are uncovered and removed
Save the new Malwarebytes log as an attachment to a new reply

Then Restart, and run HijackThis Scan and log and also attach this to a new reply
 
Thanks for the tips! here are the logs. I rescanned with anti-malware 2 times and uninstalled trend micro.
 
Well done :)

Well Ad-aware and SuperAntispyware can be uninstalled (seeming both have multiple slow down startups happening)

Download Combofix
Lots of info on its use h e r e
Direct download h e r e

Locate the downloaded Combofix. Double click on it to run, answering any prompts along the way
Note: during Combofix scan (lasting up to 10mins) your Desktop and clock may reset (all normal)
ComboFix will also restart your computer (eventually) and then (eventually) create a log

Save this log file to be attached to a new reply

Also do another scan with HJT (scan and log file) and attach this to a new reply as well
 
alrighty all done. also just to tell you, i'm running all these scans on another account which can change background pictures and open up taskmanager. I'm scared of trying to load my account up because it might reload all that malware stuff. also, it seems as if explorer.exe is not loading up on its own (i have to go into taskmanager and run explorer.exe)
 
Well done (and well worth it, seeming it fixed the fault)

You need to uninstall eMule (right now would be good) before you get re-infected
Normally I don't even look at threads that have file sharing programs installed (there's no use really, as re-infection is imminent)

You may as well uninstall Ad-aware as well, I don't use it, and the programs we advise here, will clear up any issues totally, especially Malwarebytes

Anyway, do that, and restart, and report how it's going
 
hey thanks for all the help once again! I restarted my computer and logged onto my account but I still cannot access taskmanager and now explorer.exe won't load so I have to restart my computer by clicking on the power off button instead of via windows.
 
I booted into safe mode with networking but whenever I try to load up task manager it still gives me something along these lines "Cannot open task manager, your administrator has disabled it." Also, the xp_fixlogon just gives me default gina in use. dll in use: MSGINA.DLL (standard).
 
And the other program? RatsCheddar?
Did you enable all options, and apply?

I've noticed from doing this, that one member needed to restart (normally though) twice
 
yeah that one worked after i restarted but only for the account i applied it to so it still doesn't work for my account
 
Oh

If you run it on the Administrator account it is suppose to affect all accounts
Were you logged into the Administrator account? (you may have had to logoff first, in Safe Mode, then log back on)

Maybe run it in all the accounts in Safe Mode ;)
 
hey so I tried it once again on administrator account in safemode but it still doesn't work. i'm not sure if this is relevant but explorer.exe doesn't load up in safemode either. I have to ctrl-alt-del to open taskmanager and then run explorer.exe. so basically I can't fix my taskmanager problem (in my account) because explorer.exe won't load up.
 
OK I went and confirmed the exact registry entries

Please go to:
Start->Run-> Regedit

And then expand:
HKEY_LOCAL_MACHINE
SOFTWARE
Microsoft
Windows NT
CurrentVersion
Winlogon

Once you click on Winlogon (the last one expanded above), confirm these two exist:

"Shell"="Explorer.exe"
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
 
I re-read the thread again
Pretty sure you still have Malware present, lets deal with that first ;)

Please download and run SDFix (I'm sorry, but I must refer you to t h i s tutorial on its use, scroll down to "SDFix Instructions")

Download, and run the "RunThis.bat" in Safe Mode, as advised
Then attach the log and a new HJT log
Oh by the way, it says that it may take 20mins to scan! (Mine took over an hour to complete!)
 
Well I suppose Explorer is still not starting (obviously)

Please go to Windows update and install SP3
Now I know this is a tad different to removing Malware. But I can't see any Malware !
 
:eek: that's weird, I still have malware installed. well i'm installing sp3 right now. thanks for the help hopefully this will fix my explorer issue =]

edit: just kidding i didn't install sp3 yet. my computer decided to download it but not install it when i restarted the computer!
 
thanks so much kimsland! explorer did load and I was able to fix my taskmanager and background! only problem now is that my taskbar is stuck in the classic windows mode. any suggestions on how to change it? (ive tried everything with the display window (changing themes, changing appearances, etc))
 
Well that's the quickfix out of the way ;)

Please try this one

Start->Run-> SFC /ScanNow

You may need your Windows CD whilst it scans (and repairs) Windows system files
No data is hurt
 
Status
Not open for further replies.
Back