Spyware/malware problem--can't use regedit or taskmgr

[monger]

I've found a thread that has a similar problem:

(https://www.techspot.com/vb/all/win...k-manager-lost-in-use-by-another-program.html)

I've used hijack this and ewido, as it said in that thread. Can anyone help me out?

Thanks a lot,
-Monger

 

[fastco]

Read this:

https://www.techspot.com/vb/topic47776.html

 

[howard_hopkinso]

Hello and welcome to Techspot.

Your system is absolutely riddled with viruses/trojans etc.

Even if we could get your system cleaned up, it`s likely there`d be too much damage.

Your best course of action is to completely reformat and reinstall.

Regards Howard :wave: :wave:

 

[monger]

not what I wanted to hear...

Alright, well--I took fastco's advice and went through the taskmgr help...definitely working better.

While my system is working better, and I have access to taskmgr and regedit now...I would like to see if maybe there isn't something else I can do. I've posted a new log from hijack this...and I'm also noticing that spybot is continually denying various entries to my registry.

The "resident" pops up and says "resident denied the change of iywxui (category System Startup global entry) based on your black list. Same goes for eveyv, instead of iywxui.

Also, if reformatting is absolutely necessary, is there a good thread on the proper way of doing this (I've never had to reformat a computer before).

Please, any help would be appreciated,
Monger

 

[howard_hopkinso]

Ok lets see if we can clean your system. Whatever you have done, a lot of the nasty stuff appears to have gone. However, there are still some nasties left.

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.


Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

yrjku.exe
kmqnfpi.exe
ms033129363149.exe

Close task manager.

Run HJT with no other programmes open(except notepad). Have HJT fix the following, by placing a tick in the little box next to(if there).

F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\yrjku.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,kmqnfpi.exe

O4 - HKLM\..\Run: [ms033129363149] C:\WINDOWS\ms033129363149.exe

O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)

O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

C:\WINDOWS\ms033129363149.exe
C:\WINDOWS\SYSTEM32\Userinit.exe,kmqnfpi.exe
C:\WINDOWS\system32\yrjku.exe

Reboot into normal mode and turn system restore back on.

Get yourself some antivirus protection and a firewall.

AVG free and the free Zonealarm firewall are very good.

You can get them HERE and HERE.

Running without antivirus and firewall protection is foolish to say the least.

Regards Howard

 

[monger]

uh-oh

Well, I followed your advice...here's what happened:

yrjku.exe
kmqnfpi.exe
ms033129363149.exe
-none of these were running, so I didn't stop them

F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\yrjku.exe
- done

F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,kmqnfpi.exe
- did to userinit.exe, but there was no kmqnfpi.exe

O4 - HKLM\..\Run: [ms033129363149] C:\WINDOWS\ms033129363149.exe
- not there as well

O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
- done

O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
- done

O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
- not there

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
- not there

Here's where I think I may have made a fatal error:
Locate and delete the following bold files and/or directories(if there).

C:\WINDOWS\ms033129363149.exe
- could not find--found another file that resembled this and deleted it...could be a big mistake?
C:\WINDOWS\SYSTEM32\Userinit.exe,kmqnfpi.exe
- deleted userinit.exe, could not find kmqnfpi.exe
C:\WINDOWS\system32\yrjku.exe
- could not locate

So now what happens (no matter in safe mode or normal) is that it starts up, and only loads my background--no taskbar, no icons, no desktop...but I can hit ctrl+alt+del...and it will show me what processes are running and other info...but I can't do anything aside from that!

Sorry if I'm making this difficult...I should have followed your directions better I think...
-Monger

 

[howard_hopkinso]

Oh dear, looks like you`ve screwed Windows up. However, all may not be lost.

I think you will now need to do a Windows repair as per this thread HERE.

Once you have finished the repair, you will need to run the Windows updates again.

Then, post a fresh HJT log.

Don`t forget to get antivirus and firewall programmes.

Regards Howard

 

[monger]

might lord hopkinso, I thank you...

Thanks so much for your help--I will try that forthwith...if to no avail, I will repost again...

Thanks again,
-Monger