TechSpot

Problem with Alcohol 120 + Task Manager -.-

By Jasio-
Sep 17, 2006
  1. I downloaded Alcohol 120% and it appears to have infected my system. It's late, im a retard, i ran it. Did some ****, now when i try getting into task manager it sais its been disabled my my administrator -.-. Any help with this, or anyone who knows how to remove the damage it caused i'll <3 you =]
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    I`ve edited your thread title and some of your post. That way we can stay within the rules of Techspot.

    Go HERE and follow all the instructions exactly.

    Post fresh HJT and Ewido logs as attachments into this thread, only after doing the above.

    Regards Howard :)

    This thread is for the use of Jasio- only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. Jasio-

    Jasio- TS Rookie Topic Starter Posts: 70

    I got rid of it. Durh =.= the craxxor <3 thanks

    I've also noticed it played with some of my IE settings, i use FF but would still appreciate access to IE =] It sais the sites unavailable regardless of the page
     
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    You should still follow the instructions, then post the logs I ask for.

    I can then see if your system is clean.

    Regards Howard :)
     
  5. Jasio-

    Jasio- TS Rookie Topic Starter Posts: 70

    HtJ <-------
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    scvhost.exe<not to be confused with svchost.exe which is legit.

    Close task manager.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\scvhost.exe

    F3 - REG:win.ini: load=C:\WINDOWS\system32\scvhost.exe

    F3 - REG:win.ini: run=C:\WINDOWS\system32\scvhost.exe

    O4 - HKLM\..\Run: [Generic Host Process] C:\WINDOWS\system32\scvhost.exe

    O4 - HKLM\..\RunServices: [Generic Host Process] C:\WINDOWS\system32\scvhost.exe

    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

    O17 - HKLM\System\CCS\Services\Tcpip\..\{4E3F379B-9414-4414-B745-4D7CA30C761B}: NameServer = 216.58.97.21,216.58.97.20<Only fix this, if it doesn`t belong to your isp.

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).

    C:\WINDOWS\system32\scvhost.exe<Not to be confused with svchost.exe

    Reboot into normal mode, turn system restore back on and rehide your protected OS files.

    Post a fresh HJT log and let me know how your system is running.


    Regards Howard :)

    This thread is for the use of Jasio- only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  7. Jasio-

    Jasio- TS Rookie Topic Starter Posts: 70

    Hey, thanks for the detailed instructions. Before i attempt, am i safe to restart? After installing Alcohol it told me to restart, but it never installed any files (nothing that i noticed.. Program Files or Start Menu..) So are you sure it'll boot correctly?

    Ack! I cant shut off System Restore.. i dont believe i'm signed in as an admin. I just have the main account that was always there when i got the computer.. but when i go to the System Properties the tab isnt there =[
     
  8. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    No, I`m not sure it`s safe to restart, but it`s something you have to do.

    Follow the instructions to the best of your ability.

    Regards Howard :)
     
  9. Jasio-

    Jasio- TS Rookie Topic Starter Posts: 70

    Howard =[ i know you </3 me but i have another one =] <3

    Command Prompt = blocked.

    I dont believe theres a registry key thats blocking it so im stumped already -.-
     
  10. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Post a fresh HJT log.

    Regards Howard :)

    This thread is for the use of Jasio- only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  11. Jasio-

    Jasio- TS Rookie Topic Starter Posts: 70

    Hi
    I'm HjT
    <3 Me?
     
  12. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your HJT log is clean.

    The command prompt blocked message means your administrator has blocked the use of the command prompt. I suggest you speak with the system admin.

    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of Jasio- only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  13. Jasio-

    Jasio- TS Rookie Topic Starter Posts: 70

    I don't have an administrative account. Do you have a link to a tutorial for unblocking it if i access the Admin account?. Like i said, i have the 'Owner' account that came with it, and that isn't giving me access. When i go into safe mode i have the option for administration. So through there how do i open up my command prompt.. i need it =[

    EDIT: Got it, it was a registry key =[ HKCU/Software/Policies/Microsoft/Windows/System/"DisableCMD" with the value 1
     
  14. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Glad you problem is solved.

    Regards Howard :)
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...