task manager closes

[sidestitch]

Okay, first let me say I'm a real novice, so please be patient. When I ctrl-alt-del, the task manager window opens, but when I hit the "tasklist" button, it closes immediately. I have run Spybot, Adaware, and Webroot Spysweeper, as well as Symantec antivirus. Any advice on what I can try? Oh - I'm on a networked PC at my office.

 

[howard_hopkinso]

Hello and welcome to Techspot.

Let`s do a quick check for malware.

Go and read this thread HERE and post a HJT log as an attachment into this thread.

Regards Howard :wave: :wave:

 

[sidestitch]

okay, I hope this worked.

 

[howard_hopkinso]

Your HJT log is clean. However, something`s obviously not right.

Please go HERE and follow the instructions for AVG Antispyware and Combofix.

Post an AVG Antispyware and a Combofix log.

Regards Howard

 

[sidestitch]

just to be clear, should I follow all 13 steps, even though I just did the hjt log?

 

[howard_hopkinso]

I just wanted you to follow the instructions for the AVG Antispyware and Combofix. There`s no need to go through the whole instructions, unless you want to, in which case, please feel free.

Regards Howard

 

[sidestitch]

here is the combofix log

I am currently running th AVG scan and it is finding some threats. should I go ahead and have it fix them? or wait until you can see the logfile?

 

[howard_hopkinso]

Follow the instructions for running AVG Antispyware and make sure you set the programme to quarantine what it finds. Don`t worry if it deletes a load of tracking cookies, that`s quite normal.

Combofix has found a few nasties, so please do the following.

1. Please download The Avenger by Swandog46 from HERE. Save it to your Desktop and extract it.

2. Download the attached avengerscript.txt and save it to your desktop

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by double clicking on its icon on your desktop.

Under "Script file to execute" choose "Load script from file".
Now click on the folder icon which will open a new window titled "open Script File"
navigate to the file you have just downloaded, click on it and press open
Now click on the Green Light to begin execution of the script
Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

5. Please attach the content of c:\avenger.txt into your reply, as well as an AVG Antispyware log and a fresh Combofix log.

Regards Howard

This thread is for the use of sidestitch only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[sidestitch]

Okay, Howard. here are the three. Hopefully I did all this right.

 

[howard_hopkinso]

Delete all files in AVG Antispyware quarantine.

Your system now looks clean.

Let me know if you`re still having problems.

Regards Howard

This thread is for the use of sidestitch only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[sidestitch]

Yep, same problem still exists. I ctrl-alt-del, and the task manager appears, and when I click on "tasklist" it disappears automatically.

Could it have anything to do with processes running, or autostarting when windows starts? I see that the AVG has tabs that list those, even though I can't get that info through the task manager.

 

[howard_hopkinso]

Do a search of your system and let me know if you find any of the following files.

C:\WINDOWS\System32\MSDATA32.EXE
C:\WINDOWS\system32\CMD.COM
C:\WINDOWS\system32\netstat.com
C:\WINDOWS\system32\ping.com
C:\WINDOWS\system32\regedit.com
C:\WINDOWS\system32\msconfig.com
C:\WINDOWS\system32\tasklist.com
C:\WINDOWS\system32\taskkill.com
C:\WINDOWS\system32\taskmgr.com
C:\WINDOWS\system32\tracert.com

Regards Howard

This thread is for the use of sidestitch only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[sidestitch]

Okay, here's what I found:

in "C:\WINNT\system32" I found "netstat," "ping," "taskmgr," and "tracert." None of them showed up as having ".com" after them, though. I don't know if that makes a difference or not.

Also, in "C:\WINNT" I found "regedit" also with no ".com" after it.

I did this by searching with windows explorer serarch, one at a time, searching my C drive. First I searched with the ".com" after the names, and found nothing. Second I searched without the ".com" after the names, and came up with the results above.

Did I do it right?

 

[howard_hopkinso]

Ok, In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Now go directly into the system32 folder and check each file. See if it has a .com or .exe file and let me know. Do the same for the regedit file you found.

Regards Howard

 

[sidestitch]

none of them has an extension, but they are all called "application" by windows explorere.

On a side note, when I reboot now, it takes an extremely long time for my desktop icons to show up.

 

[howard_hopkinso]

Ok, try this. Open my computer and click Tools/folder options/view tab. Untick the box that says "Hide extensions for known file types". Click apply/ok and close my computer..

Now see if you can find the file extensions for the list of files I gave you.

Regards Howard

 

[sidestitch]

all are .exe files.

 

[Aolish]

damn howard is a machine! :knock: On a side note, I'm surprised how you don't offer remote assistance howard. Unless you want users to also learn as they go, which is great. :grinthumb

 

[howard_hopkinso]

In that case, I must admit I`m not sure what the problem is.

If it`s a malware problem, it isn`t showing up in your log files. Because some malware was found on your system, it`s time to follow all the instructions in this thread HERE and hope that something appears to fix your problem. Please post all the requested log files and let me know the results of the AVG Antirootkit scan.

I'm surprised how you don't offer remote assistance howard

To be quite honest mate, I really wouldn`t have the time lol.

Regards Howard

This thread is for the use of sidestitch only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[sidestitch]

thanks, howard, I'll give that a try tomorrow.

 

[Go Zags]

If I find these on my computer should I delete them. I am having the same problems as this guy was.

 

[evilfantasy]

Following advice given in other threads can be damaging.

Stick with your original post.

 

[Daveskater]

Go Zags, do not WHATEVER YO DO use the Avengerscript.txt given to the original poster, stick to the instructions that i have given you in your own thread, you have multiple trojans and they will need to be fixed