TechSpot

Task manager+regedit is closed

By chrisredfield
Dec 30, 2008
Topic Status:
Not open for further replies.
  1. hello guys
    i have a big bad problem...i have a virus(trojan or a worm ) on my PC
    that it close task manager and regedit...it also when i re-install my windows come again for first booting up windows...anyway i cant find some files that cause that....i cant setup anti-viruses or anti trojans...but if i can setup...then i can use it:((
    for example when i setup nod 32 i cant use it & after 5min this virus remove nod 32 from my hard......what should i do?!plz help me to fix this proble...i think if i can run registry maybe can fix this problem
  2. BlkHeartWolf

    BlkHeartWolf Newcomer, in training Posts: 160

  3. chrisredfield

    chrisredfield Newcomer, in training Topic Starter

    this is the log file of hijackthis
    Logfile of Trend Micro HijackThis v2.0.2
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    G:\WINDOWS\System32\smss.exe
    G:\WINDOWS\system32\winlogon.exe
    G:\WINDOWS\system32\services.exe
    G:\WINDOWS\system32\lsass.exe
    G:\WINDOWS\System32\svchost.exe
    G:\WINDOWS\system32\svchost.exe
    G:\WINDOWS\system32\spoolsv.exe
    G:\WINDOWS\System32\svchost.exe
    G:\WINDOWS\system32\wscntfy.exe
    G:\WINDOWS\Explorer.EXE
    G:\Program Files\Internet Download Manager\IEMonitor.exe
    G:\DOCUME~1\CRF\LOCALS~1\Temp\winwaql.exe
    G:\DOCUME~1\CRF\LOCALS~1\Temp\winonmet.exe
    G:\DOCUME~1\CRF\LOCALS~1\Temp\winnxys.exe
    G:\Program Files\Internet Explorer\iexplore.exe
    G:\Program Files\Internet Download Manager\IDMan.exe
    G:\Program Files\Internet Explorer\iexplore.exe
    G:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - G:\Program Files\Internet Download Manager\IDMIECC.dll
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKCU\..\Run: [IDMan] G:\Program Files\Internet Download Manager\IDMan.exe /onboot
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O8 - Extra context menu item: Download all links with IDM - G:\Program Files\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: Download FLV video content with IDM - G:\Program Files\Internet Download Manager\IEGetVL.htm
    O8 - Extra context menu item: Download with IDM - G:\Program Files\Internet Download Manager\IEExt.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{307A288B-504B-49E1-8444-7C7C74DEE2FE}: NameServer = 89.165.40.13 4.2.2.4

    --
    End of file - 2297 bytes
  4. BlkHeartWolf

    BlkHeartWolf Newcomer, in training Posts: 160

    Run hijackthis and check this for fix
    G:\Program Files\Internet Download Manager\IEMonitor.exe
    G:\DOCUME~1\CRF\LOCALS~1\Temp\winwaql.exe
    G:\DOCUME~1\CRF\LOCALS~1\Temp\winonmet.exe
    G:\DOCUME~1\CRF\LOCALS~1\Temp\winnxys.exe
    G:\Program Files\Internet Download Manager\IDMan.exe
    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - G:\Program Files\Internet Download Manager\IDMIECC.dll

    O4 - HKCU\..\Run: [IDMan] G:\Program Files\Internet Download Manager\IDMan.exe /onboot
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O8 - Extra context menu item: Download all links with IDM - G:\Program Files\Internet Download Manager\IEGetAll.htm

    O8 - Extra context menu item: Download FLV video content with IDM - G:\Program Files\Internet Download Manager\IEGetVL.htm

    O8 - Extra context menu item: Download with IDM - G:\Program Files\Internet Download Manager\IEExt.htm

    if you have META Products read this for some conflict issues
    http://www.metaproducts.com/forum/Forums_Message.asp?id=62251&pg=0

    run hijack this and post a new log
  5. chrisredfield

    chrisredfield Newcomer, in training Topic Starter

    hijackthis-scan2

    i think i cant fix them...................after another fast scan.....it show this result
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O17 - HKLM\System\CCS\Services\Tcpip\..\{26CAB041-0D67-4949-A688-1E854A7CFF1C}: NameServer = 89.165.40.13 4.2.2.4
    O17 - HKLM\System\CS1\Services\Tcpip\..\{26CAB041-0D67-4949-A688-1E854A7CFF1C}: NameServer = 89.165.40.13 4.2.2.4
    the first line always be in results.........is there any way for changing value of reg files with dat files?!
  6. BlkHeartWolf

    BlkHeartWolf Newcomer, in training Posts: 160

    yes there is
    but if it comes back something must be changing it
    an incomplete log does not help
  7. chrisredfield

    chrisredfield Newcomer, in training Topic Starter

    ty anyway but after all my big problem is that i cant run my windows in safe mode..and when i try it ...system was rebooted......
  8. CCT

    CCT TechSpot Evangelist Posts: 3,556

    Download FixPolicies.exe by Bill Castner and save it to your desktop.

    http://downloads.malwareremoval.com/BillCastner/FixPolicies.exe

    Double click on FixPolicies.exe to run it.

    Click on Install. It will create a folder named FixPolicies on your desktop.

    Open the FixPolicies folder.

    Double click on Fix_policies.cmd to run it. Command Prompt will open and close quickly; this is normal.

    If that gets you operating, follow the 8 Step Virus Removal process.
  9. Darthvader101

    Darthvader101 Newcomer, in training

    Be careful with that. Download the malware thing the other guy recommended. Worked for me!
  10. BlkHeartWolf

    BlkHeartWolf Newcomer, in training Posts: 160

    Lets try this Disable All Protection software and un needed programs exit them.
    Download SMITFRAUD Then Dissconnect from your network
    Double-click SmitfraudFix.exe
    Select 1 and hit Enter to create a report of the infected files, usually at C:\rapport.txt
    Select 3 to remove trusted zones
    Select 5 to try and remove the DNS redirects

    Remember; Right Click on MyComputer icon and go to properties
    Turn Off system restore
    open IE and go to TOOLS OPTIONS delete temporary internet files and cookies
    do a disk cleanup in your Start/accessories/system tools/ Menu

    run hijackthis and malwarebytes at the same time
    select any files and or keys in I posted below in hijackthis {KEEP IN MIND the temp files will have new} but on both maiwarebytes and hijackthis click fix at the same time.
    then reboot immediatly.
    once complete, run hijack this and post your log here again

    G:\Program Files\Internet Download Manager\IEMonitor.exe
    G:\DOCUME~1\CRF\LOCALS~1\Temp\winwaql.exe
    G:\DOCUME~1\CRF\LOCALS~1\Temp\winonmet.exe
    G:\DOCUME~1\CRF\LOCALS~1\Temp\winnxys.exe
    G:\Program Files\Internet Download Manager\IDMan.exe
    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - G:\Program Files\Internet Download Manager\IDMIECC.dll

    O4 - HKCU\..\Run: [IDMan] G:\Program Files\Internet Download Manager\IDMan.exe /onboot
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O8 - Extra context menu item: Download all links with IDM - G:\Program Files\Internet Download Manager\IEGetAll.htm

    O8 - Extra context menu item: Download FLV video content with IDM - G:\Program Files\Internet Download Manager\IEGetVL.htm

    O8 - Extra context menu item: Download with IDM - G:\Program Files\Internet Download Manager\IEExt.htm
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O17 - HKLM\System\CCS\Services\Tcpip\..\{26CAB041-0D67-4949-A688-1E854A7CFF1C}: NameServer = 89.165.40.13 4.2.2.4
    O17 - HKLM\System\CS1\Services\Tcpip\..\{26CAB041-0D67-4949-A688-1E854A7CFF1C}: NameServer = 89.165.40.13 4.2.2.4
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.