TechSpot

Task Manager and regedit not working

By Thatone
Aug 10, 2008
  1. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Yes, he must have had a previous Haxdoor infection, clean it, then used an infected System restore point and reinfected the system!
     
  2. Blind Dragon

    Blind Dragon TS Evangelist Posts: 4,048

    possibly - it could also be a legit file

    I also would like you to navigate to the file C:\WINDOWS\system32\cssdll32.dll -> right click it -> select properties and see who the company is - let us know who the company that signed it is if any
     
  3. Thatone

    Thatone TS Rookie Topic Starter Posts: 19

    OTMoveIt2 log attached
     
  4. Thatone

    Thatone TS Rookie Topic Starter Posts: 19

    attached Haxfix log
     

    Attached Files:

  5. Thatone

    Thatone TS Rookie Topic Starter Posts: 19

    C:\WINDOWS\system32\cssdll32.dll - not found on system
     
  6. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,214

    cssdll32.dll is Win32.X trojan
     
  7. Thatone

    Thatone TS Rookie Topic Starter Posts: 19

    have done a new hijack log aswell
     

    Attached Files:

  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Please see:
    http://www.what-is-exe.com/filenames/cssdll32-dll.html
     
  9. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,214

    But does he have comodo if not then it can be related to malware I have not look at his log just because this is not my battle.
     
  10. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,214

  11. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    c:\windows\system32\cssdll32.dll moved successfully

    I believe it is now gone

    Edit:

    Hold that thought!

    The latest HJT log shows C:\WINDOWS\system32\cssdll32.dll
    :(
     
     
  12. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Daniel, see my post #23. It will show you how this process played out. I "assumed" that because he did a System Restore, that he had reinfected the system> However, since the Haxdor program is clean and since Comodo is now on the system, it appears it my be from Comodo,

    Is that exactly how it is written, because that is new.

    The FULL HijackLog entry is:
     
  13. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,214

    the thing is the very first log show comodo installed and does not have that so to me it looks like it is bad but I would say do what BD said check the properties for the company that made the file
     
  14. Thatone

    Thatone TS Rookie Topic Starter Posts: 19

    yes i have comodo installed

    when searching for that file it is not there.

    i have connected pc to the internet now :( only site come to is this one)

    run a virus scan (avg8)there is win32/tanatos.m virus popping up on my c and d drive. 270 events
    also alot of tracking cookies
     
  15. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,214

    please download the program below and attach the main and extra

    Please download Deckard's System Scanner (DSS) and save it to your Desktop.
    • Close all other windows before proceeding.
    • Double-click on dss.exe and follow the prompts.
    • When it has finished, dss will open two Notepads main.txt and extra.txt -- please attach both in your next reply
     
  16. Thatone

    Thatone TS Rookie Topic Starter Posts: 19

    that link does not go anywhere
     
  17. Thatone

    Thatone TS Rookie Topic Starter Posts: 19

    have got a copy and have attached the txt files
     
  18. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

  19. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,214

    yes but he does not have a rootkit and if so since we already ran dss please remove it.

    Thanks Kim
     
  20. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,214

  21. Thatone

    Thatone TS Rookie Topic Starter Posts: 19

    ran bit defender, could not access other two

    c:\program files\online services\btyahoo\hppre05.msi=>[embeded... detected with
    c:\program files\online services\btyahoo\hppre05.msi=>[embeded... disenfectection failed
    c:\program files\online services\btyahoo\hppre05.msi=>[embeded... deleted
    c:\program files\online services\btyahoo\hppre05.msi=>[embeded... update failed


    thats all i could see the log file just came up blank
     
  22. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,214

    Update your AV and run a full scan post the result here also the location of the threats
     
  23. Thatone

    Thatone TS Rookie Topic Starter Posts: 19

    avg reported nothing all clear :)
     
  24. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,214

    Ok let start the cleaning process it can be something in the system restore that is being detected. What version of AVG do you have

    OTCleanit! by Oldtimer

    • Download OTCleanIt
    • Click the CleanUp! button.
      (It will go thorugh the list & remove all of the tools it finds and then delete itself) Requiring a reboot

    ======================================

    Now we need to create a new System Restore point.

    Click Start Menu > Run > type (or copy and paste)

    %SystemRoot%\System32\restore\rstrui.exe

    Press OK. Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

    Next goto Start Menu > Run > type

    cleanmgr

    Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

    To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.

    ================================

    The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.
    1. Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
    2. AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
    3. SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
    4. SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
    5. IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
    6. ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
    7. Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
    8. Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
    9. Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
    xxdanielxx

    Once all this is done try running that online scan again to see if anything comes up
     
  25. egydarceyes

    egydarceyes TS Rookie

    Hello guys,

    I have read this thread and the problem the thread maker has is pretty similar to the problem I'm facing, hence why I wanted to post in here.


    I own an HP DV6626us that came with Vista Home Premium installed, I've had some issues, some ups and downs. About a week ago, I decided that it's time for me to downgrade, one of my friends told me that it's quite easy and it's less headache.

    I have downgraded to XP professional SP2, I had to do some tweaks to install it and get it past Vista SATA driver.

    Now I'm just realizing that none of my essentials things are working.
    Command prompt, msconfig, regedit... all aren't working.

    It's been really bugging me lately and I need to find a solution which is how I got led to this forum. I do not have any Anti Virus, so I installed AVG this morning and I got a couple of screenshots I'll be including for you guys to see if it's similar to what the thread creator has.

    I have been keeping up with the Windows Update.. and actually it's asking me to upgrade to SP3 which is what I'm in the process of doing right now.

    Here are the couple of shots that I have taken after running a complete computer scan.

    This last pic popped up right after I had to restart when the scan was over.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.