Task manager and regedit are being used by another file?

Status
Not open for further replies.
B

bluepopsicles

Posts: 16   +0
Yesterday, I started getting a problem...my icon tray (the thing next to the clock) wouldn't show any icons; the arrow was there but icons such as the volume and internet connection weren't there. I tried to fix this somehow and noticed that my task manager was being used by another file. I've been online trying to figure out how to fix my task manager and icons and everything and i have no idea. Also, Norton seems to say that HTTP Trojan Vundo Activity is going on. I have no idea what that means. I ran AVG several times and got rid of anything that came up but i'm still having a problem.
Help, please!
 
Are you able to open Task Manager (Ctrl + Alt + Delete)?

Following the instructions here, and attach the requested logs:)
 
I did the malware bytes anti malware stuff and it found some viruses and deleted them. it also said that some things could not be deleted and then told me to restart my computer and it would delete them that way. After restarting my computer, my system tray was working and so was task manager, etc.
I'm guessing that all the viruses are gone but I'm not sure so ill attach the log for it.
thanks so much!
=)
 

Attachments

  • mbam-log-8-4-2008 (17-35-15).txt
    3.8 KB · Views: 8
Glad to hear that :)

To make sure there aren't any infection left, please attach Hijackthis log for analysis.
 
Open HijackThis, place a checkmark next to these entries:

O4 - HKLM\..\Run: [ctfmona] C:\WINDOWS\system32\ctfmona.exe
O16 - DPF: {8FEED82A-42A6-4117-A803-7EC3EB9339E0} (ClientControl Class) - http://192.168.0.103:83/plugin/client.cab
and click "fix".

Delete this file: C:\WINDOWS\system32\ctfmona.exe

Your Java version is out of day, many types of malware like to exploit out of date Java versions!
Update your Java Runtime Environment:

  • Click Start -> Control Panel -> Double click Java
  • Select the Update Tab at the top of the Java console
  • Click the Check for Updates button at the bottom
  • When it finds the newer version - Follow the on screen instructions (uncheck the yahoo toolbar option)
  • After it installs the newest version Go back to Start -> Control Panel -> Add/remove programs (programs and features in vista)
  • Uninstall any older versions of Java except the most current update that you just installed

You've saved HJT in the wrong location, please follow these instructions to re-install it:
  • Make sure you have the LATEST version of HJT (currently v2.0.0.2) it can be downloaded from HERE
  • Run the HijackThis Installer and it will automatically place HJT in C:\Program Files\TrendMicro\HijackThis\HijackThis.exe.Please don't change the directory!.
  • After installing, the program launches automatically, select Scan now and save a log.


Post a fresh HJT log in your next reply:)
 
I did what all you said but when I went to delete C:\WINDOWS\system32\ctfmona.exe it wasnt there. I did a search for it and it said it wasnt found.
and a new HJT log is attached
thank you!
 

Attachments

  • hijackthis.log
    15.3 KB · Views: 8
ok, we will deal with it later, but first:

  • Please go to Jotti's malware scan
  • Copy and paste the following file path into the "File to upload & scan" box on the top of the page:
  • C:\WINDOWS\system32\MPK\MPK.exe
  • Click on the submit button
  • Post the result in your next reply
 
Scan taken on 05 Aug 2008 17:00:18 (GMT)
A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found nothing
Ikarus
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing


yay!
 
Good, now download Killbox and save it to your desktop.

Boot into safe mode, see how here
Turn on "Show all files and folders, including hidden and system". see how here

Double cilck Killbox.exe to run it, copy & paste C:\WINDOWS\system32\ctfmona.exe into the Full Path of File to Delete box, select Standard File Kill, and then click the Delete File button (looks like a red circle with a white X), your taskbar and desktop will disappear for a brief period which is normal.

After you've done that, rehide your protected OS files.

Post a fresh HJT log in your next reply:)
 
I did the kill box thing and it said that the file didn't exist.
and a new log is attached.
=)
 

Attachments

  • hijackthis2.txt
    15.4 KB · Views: 5
Good, but we are not done yet.

I see that you have two AVs programs installed, AVG8 & Norton AntiVirus, having two AVs programs can causes confiict and slow your computer dramatically, please uninstall one of them. If you decide to uninstall Norton Anti-virus, follow the full Removal Tool Instructions here

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
Did you set this on puropose? Or you used Spybots Home Page and Option Lock down features in the Mode -> Advanced Mode -> Tools -> IE Tweaks section.? If you aren't acknowlege any of this, fix it

Paste this into notepad

@echo off
sc stop "Viewpoint Corporation"
sc delete "Viewpoint Corporation"

save it as type "all files" and name "fixservice.cmd"

del service.cmd and exit
Click to expand...

Locate the file and double-click to run it

Post a fresh HJT log in your next reply.
 
I did all that you said but I have no idea what you're talking about with the pasting into note pad and deleting..im totally lost
new HJT is attached.
 
No problem, I'll walk you through it:)

First open Notepad, then copy the codes belows in the quote box:

@echo off
sc stop "Viewpoint Corporation"
sc delete "Viewpoint Corporation"
del service.cmd and exit
Click to expand...

then paste them into the notepad file, name the file fix.cmd and change the "Save as Type" to "All File", then save it to your desktop.

Locate the file you just created on the desktop, and double-click to run it.

Post a fresh log in your next reply.
 
Sorry, I think I've putted the wrong codes in the quote box :eek:, let's try this again:
  • First open Notepad, then copy the codes belows in the quote box:
@echo off
sc stop "Viewpoint Manager Service"
sc delete "Viewpoint Manager Service"
del service.cmd and exit
Click to expand...

  • then paste them into the notepad file, name the file service.cmd and change the "Save as Type" to "All File", then save it to your desktop.
  • Locate the file you just created on the desktop, and double-click to run it.
 
Very good, now you can delete that service.cmd file.
I recommend you keep MBAM as one of the protection programs, update/run it regularly.

Also:
Firewall :<= A firewall is definatley a must have. Two good free versions are Comodo and ZoneLabs


You are good to go, surf safely:)
 
just to make it nice and clean open hijackthis and remove the 2 items below if they are still there

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Amanullah Sajwani\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
 
Status
Not open for further replies.

Similar threads

midian182
Elon Musk denies claims that Starlink is being used by Russian forces
Replies
10
Views
264
loki1944
L
midian182
OneDrive users must justify why they are closing the app before exiting (Updated)
Replies
17
Views
537
Nobina
Nobina
Shawn Knight
NASA will need a miracle to fix glitched Voyager 1 probe
Replies
5
Views
209
BuckarooBonzaii
B

Latest posts

Back