TechSpot

Task Manager Problem

By owlowl
Apr 16, 2007
  1. Hi there,

    Newbie onboard.

    I have a problem in which ctrl+alt+del failed to bringup the task manager. However, I can activate the program by right-clicking on the taskbar! I am using WinXP with SP2 installed (I just checked that no other critical microsoft updates are needed).

    Anyway, I did some complete scans using updated AVG virus scan, Trendmicro HouseCall online scanner, Kaspersky online scanner and Lavasoft Adware SE.

    All except Kaspersky gave my computer a clean health bill. Kaspersky's result showed 3 infected items.
    1. C:\WINDOWS\Downloaded Program Files\popcaploader.dll Infected: not-a-virus:Downloader.Win32.PopCap.b skipped
    2. C:\Documents and Settings\Owner\Local Settings\Temp\temp.fr8022 Infected: not-a-virus:Downloader.Win32.PopCap.b skipped
    3. D:\owl\visualC++\disk3\SAMPLES\VC98\SDK\SDKTOOLS\SPY\DLL\HOOK.DLL Infected: not-a-virus:Monitor.Win32.KeyLogger.30 skipped

    I have attached the result below (As a txt).

    I also performed a Hijackthis and included in the attachments.

    Any insights/help is greatly appreciated.

    Thx a million.
     
  2. momok

    momok TS Rookie Posts: 2,272

    Hi and welcome to techspot =)

    Your HijackThis log looks pretty clean to me. HijackThis is certainly useful but not a cure-all. =)

    Important: Please read this thread HERE before you decide whether to clean or reformat your system.

    Should you decide to clean your computer, please go ahead to Viruses/Spyware/Malware, preliminary removal instructions and follow the steps to cleaning your computer.
    Do follow all the instructions exactly.

    That being said, could you fix these entries in HijackThis if you do not recognise the URLs?
    O16 - DPF: {21F49842-BFA9-11D2-A89C-00104B62BDDA} (ChartFX Internet Control) - http://www.schaeffersresearch.com/download/CfxIEAx.cab
    O16 - DPF: {24BACF02-5676-11D3-B8DE-00105A17A9E6} (ChartFX Internet Financial Client 4.0) - http://www.schaeffersresearch.com/Download/Cfx4Financial.cab
    O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) - http://beta.moneycentral.msn.com/cabs/pmupd806.exe

    Thereafter, please post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread. Do not copy and paste if not it will be ignored and/or removed by the moderators.
    The logs will enable us to understand more about the problems on your system. (Since the steps you have undertaken have not detected the problem, we have to use those above as recommended. These steps will also provide information on other hidden running processes and files for us to remove the threat effectively.)


    Regards,
    Your friendly Momok =)
     
  3. owlowl

    owlowl TS Rookie Topic Starter

    interesting... task manager is back

    Hi momok...

    Thank you very much for your help. I was planning to act on what you have suggested but when i turned on my computer today since the last post and tried a ctrl+alt+del => the task manager returned! Last night it was still bleeping!!!

    Strange...
     
  4. momok

    momok TS Rookie Posts: 2,272

    Hi,

    Good for you. =)

    But should you have any further problems, please post in this thread.


    Regards,
    Your friendly Momok =)

    This thread is for the use of owlowl only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  5. owlowl

    owlowl TS Rookie Topic Starter

    Scanned....

    Hi Momok,

    Even though i got my system working, i decided to follow your advice and start on the LONG cleaning steps as posted.

    Well, to make a long story short, I found things that i do not know they exist before as this computer is kinda shared by a few people.

    Attached are all the necessary (as well as "unnecessary") logs. AVG Antirootkit scan found nothing on this computer.

    can you take a look and advise on the well-being of my computer?

    Cheers and thx
     
  6. momok

    momok TS Rookie Posts: 2,272

    Hi,

    You may wish to copy and paste these instructions on notepad for easier reference later.

    Download the Pocket Killbox from HERE. Extract it but don`t run it yet.

    Boot into safe mode under your normal user name. See how HERE

    Next turn on "Show all files and folders, including hidden and system". See how HERE

    Run the killbox program which you downloaded. When it loads type the full path to the file you would like to delete in the field and check the delete file on reboot button. press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, select no until you have finished inputting the files you want to delete, only then allow it to reboot and hopefully your files will now be deleted. (You can copy and paste the filepaths)

    C:\FOUND.008
    C:\WINDOWS\system32\swxcacls.exe
    C:\WINDOWS\system32\Process.exe
    C:\WINDOWS\system32\dumphive.exe
    C:\WINDOWS\system32\swsc.exe
    C:\WINDOWS\system32\SrchSTS.exe
    C:\WINDOWS\system32\swreg.exe
    C:\WINDOWS\system32\tmp.reg
    C:\FOUND.007

    Reboot into normal mode and rehide your protected OS files.

    Thereafter, please post a fresh HJT, Combofix and AVG Antispyware logs from normal mode as an attachment into this thread.

    PS: I notice that you are using a cracks and cdkey generators. This is against the rules of this forum. In fact some of those files contain trojans and malware which caused an infection on your system. Please remove all copies of ****** software.


    Regards,
    Your friendly Momok =)
     
  7. owlowl

    owlowl TS Rookie Topic Starter

    Logs after KillBox

    Hi ,

    Thank you very much for your help. I have removed the **** files previously obtained by my housemates.

    Posted are the required logs. Please help me to see if anything else is abnormal.

    Thank you again momok
     
  8. momok

    momok TS Rookie Posts: 2,272

    Hi,

    Nice to see a fellow sg here. ^^

    Anyway, your logs look clean now.

    Delete all the files in your AVG antispyware quarantined folder.

    Turn off system restore (XP/ME only). Learn how to do that HERE.

    This will remove all the remaining nasties from your old restore points.
    After that turn system restore back on.
    This would have created a new safe and clean restore point for your system.

    Often times, an infection can occur again not due to the incompetence of programs, but because of user habits.
    May I recommend you to read this article.
    This can help to prevent future infections.

    Should you have any further problems, please post in this thread.


    Regards,
    Your friendly Momok =)
     
  9. owlowl

    owlowl TS Rookie Topic Starter

    Thank you

    Hi Momok,

    Thanks alot for your time and help.

    owlowl

    PS - did not notice that you sg too. But from the time you post your replies, either you are really a late owl or presently not in town???
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.