TechSpot

Registry and task manager disabled cant change file attribs autorun.inf help!!!!

Inactive
By Willie Gonzales
Sep 12, 2012
  1. Hi im kinda new here:)
    I've been struggling in removing this pestering thing in my PC for 2 days

    I noticed my task manager and regedit are disabled I searched for ways in restoring them
    but all the methods I tried only works temporarily eventually after opening something a folder, a .exe I mean anything will disable them again also I had some files that were not hidden suddenly became hidden and even though I select the show hidden files I cant see the files. so I searched again I saw this rrt thing lets you restore task manager regedit and lets me see the hidden files. after I ran rrt I saw some autorun.inf that creates .exe, shortcuts in my three local disk with weird names like qwswlls and some gibberish stuff. saw my files but cant change its attribute. I tried autoruneater another problem occured (nodisk virus) tried the regsvr method it doesn't show in my msconfig tried rkill doesnt detect any malware processes, tried hijack this it detects the disablregistrytools line remove it came back after restart. scanned with malwarebytes detects the line in the registry disableregistrytools and disablefirewall and other disables when I remove it, after restart it just keeps coming back as a result I reformatted my pc but after watching in youtube I noticed that regedit and taskmanager are disabled again so im kinda going a lil bit crazy now please help.. thnx in advance

    btw im using avg 2013 scanned didnt detect anything either
  2. Willie Gonzales

    Willie Gonzales TS Rookie Topic Starter

    Malwarebytes Anti-Malware (PRO) 1.65.0.1400
    www.malwarebytes.org

    Database version: v2012.09.07.13

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 8.0.7601.17514
    gilas :: GILAS-PC [administrator]

    Protection: Disabled

    9/5/2012 1:21:13 PM
    mbam-log-2012-09-05 (13-21-13).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 192590
    Time elapsed: 1 minute(s), 18 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 5
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools (PUM.Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
    HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
    HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
    HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\cxvr.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

    (end)
  3. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello, and welcome to TechSpot.

    Alrighty, let's get right to the main problem here...

    Since the security center result stays the same, it means that Security software, like Symantec or AVG, will disable or modify Security Center. It does this because it has its own security center, so using Windows Security Center would be pointless. Malwarebytes' Anti-Malware continually detects it, but can be ignored. To stop getting warnings like this, open MBAM, go to the Settings tab... hit the Scanner settings tab, select the dropdown for "Action for potentially unwanted modifications (PUM)" and then select Do not show in results list.
  4. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello. Are you still with us?

    Your thread has been marked as "Inactive" because of your lack of reply. Please let us know how your computer is running, or if you want to continue in this topic.

    Thanks.
  5. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hi! This is the last check-in for you. Please update us on your situation here. We'd love to help!


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.