Task Manager and Regedit issues

[CandKG]

I was trying to help my girlfriend by finding a good virus scanner for her, and in the process, I got a couple viruses of my own. I started noticing that Internet Explorer kept opening on it's own. Nonstop windows of Internet Explorer kept opening with automatic downloads, saying I had spyware on my computer and that I had to download their product to remove it. Norton said it found a couple (not just one, I think it was 5-6) Trojan Droppers, and it didn't do anything, it left the files alone. So I spent 3 days searching for virus scanners, spyware removers, malware scanners, and whatnot. Spybot keeps finding this trojan called Hupigon13 and Windows Internet Explorer Security issues. And it keeps coming back after I fix the problem. AVG won't even scan my machine. After about 6 spyware/virus scanners into my search I found Trojan Remover, Dr. Web Antivirus and HiJackThis. I don't know how to read a HijackThis log and Dr. Web found about 6 trojans and downloaders on my machine. Trojan Remover finds a "Debugger" program every time it runs a scan and shows that this debugger program changes a registry value of "0" whenever Task Manager and Regedit.exe are executed. Which would explain why my regedit and task manager do not work, but I don't know how to fix it. At the moment IE stopped opening on it's own. But Task Manager and Regedit will not open. I have no screen that says it's been disabled by the administrator it just does not show up at all. Task manager does not show up even when I right click on the task bar and click task manager. When I try to open Regedit and Task Manager with the Run Command I get an error message saying "Windows cannot find 'regedit'. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click Search. The same applies for Task manager. I seriously have no idea how to fix this and I would really prefer not to have to reformat my machine. Anyone have any ideas on what I should do? I've attached my hijackthis log. Any help would be greatly appreciated.

 

[CCT]

There is a Preliminary Removal Instruction entry in this Spyware section- - follow those instructions.

https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/

 

[CandKG]

I did everything you asked, here's what came up, and I dunno if anything was supposed to change? But I still can't use my regedit or task manager. What should I do now?

 

[tw0rld]

Platform: Windows XP SP2 - Update to Sp3 http://Update.microsoft.com
MSIE: Internet Explorer v6 Update latest version http://www.microsoft.com/downloads/details.aspx?FamilyId=9AE91EBE-3385-447C-8A30-081805B2F90B&displaylang=en

Run HJT again and remove the following:

C:\Program Files\Viewpoint\Common\ViewpointService.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

when done post a new log.
You also need to remove one of your anti-virus programs. there should only be one installed at a time.

 

[xxdanielxx]

Platform: Windows XP SP2 - Update to Sp3 http://Update.microsoft.com
MSIE: Internet Explorer v6 Update latest version http://www.microsoft.com/downloads/details.aspx?FamilyId=9AE91EBE-3385-447C-8A30-081805B2F90B&displaylang=en

Run HJT again and remove the following:


when done post a new log.
You also need to remove one of your anti-virus programs. there should only be one installed at a time.

tw0rld why are you having them delete

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

do you know what that is? It is superantispyware where did you get your training to help people

looks like you need to run combofix some one should help you with that. Please do not try to run it on your own doing so can damage your OS

 

[tw0rld]

I know that it is SAS. What do you think, I'm Smart?
Maybe you'll see where I am coming from if you thought about it, but then again, I never make sense.

 

[CCT]

Assuming your comp is clean (running combofix cannot hurt btw), and the problem persists, run the regfix from Kelly's Korner line number 275 left side.

http://www.kellys-korner-xp.com/xp_tweaks.htm

 

[rf6647]

I know that it is SAS. What do you think, I'm Smart?
Maybe you'll see where I am coming from if you thought about it, but then again, I never make sense.

OK, I'll chew on this one! "o20 for SAS" was deleted, why?

BTW, since I began following malware postings, I seem to lose interest by the time it comes to the clean up. Is this part of the clean up?

As for malware removal training and participation , should we carry this discussion to "site feedback & suggestions"?

 

[tw0rld]

Originally Posted by rf6647
OK, I'll chew on this one! "o20 for SAS" was deleted, why?

Originally Posted by tw0rld
I know that it is SAS. What do you think, I'm Smart?
Maybe you'll see where I am coming from if you thought about it, but then again, I never make sense.

This is me making fun of myself. First of all I do not think that I am so "smart" (Criticizing myself keeps me humble) I've found that the more I learn the more I come to the realization that I know nothing. I wasn't try to make an argument that supports my error in judgment. I am willing to admit my mistakes, and I did make one. I''ll take this one. :blackeye:

P.S I did know that it was SAS though, must have fell a sleep.

 

[xxdanielxx]

the problem is that if you do not know what you are doing you can really damage someone's os

 

[tw0rld]

the problem is that if you do not know what you are doing you can really damage someone's os

yeah I know, but that would not have damaged anyone's system. I made an error. We are all prone to them, but you are right. Thanks for mentioning it.