task manger is closed

[SajidArain]

Hello Every body. there
a few days ago, got troubled.
the problem is that when ever i try to run some apllication. its .exe file is cut paste from its installation folder to folder from i am trying to open that program's file. and then i'm not able to open that file from any other location.

E.g.
if i wana open a .doc file from C:\myfiles\something.doc, then word.exe will be cut paste to c:\myfiles\ all file in this directory will open but not from any other location. same case with most of the applications.
i even can't run task manger

i had scaned my system with the latest version of AVG Anti virus Free Edition but nothing is found on any of my drives.

I have reinstalling windows and again scan with AVG but nothing found and task manger not running still.
{but somtimes it runs but most of , i say all the times i starts and closes with a just splash on the screen,some times does not even splahes.}

I'm using Windows XP sp2

any help
thanks all in anticipation

 

[howard_hopkinso]

Hello and welcome to Techspot.

Go and read this thread HERE and post a HJT log as an attachment into this thread.

Regards Howard :wave: :wave:

This thread is for the use of SajidArain only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[SajidArain]

log file

here is log file.
.
i would like to tell that mymanager.exe is renamed taskmgr.exe

and would like describe an other situation:
there were mulitple instances of some applications.
cmd.exe
net.exe
net1.exe
siteAdv.exe
and may others also

total processes 450+ and were increasing
commit charge 825M/ 921M
i have 256M of ram
and cpu was 100%

and response was much slow.
and after a while i have to switch off.

 

[howard_hopkinso]

Your system is infected with malware.

It also appears you`re running two antivirus programmes, Trend and McAfee. This is not recommended, will slow your system down and can cause serious conflicts. You need to uninstall one of your antivirus programmes.

Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

If after reading the above, you wish to clean your system, do the following.

Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.

Also, let me know the results of the AVG Antirootkit scan.

Regards Howard

This thread is for the use of SajidArain only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[SajidArain]

detailed logs

these are the logs attached.
is there any thing missing.

thanks for your reply.

 

[howard_hopkinso]

You didn`t attach the Combofix log as requested. Please do so in your next reply.

You`re still running two antivirus programmes. You must uninstall one of your antivirus programmes.

Download WinSock XP Fix 1.2 and save it to your desktop. Double click the file to run it. Instructions can be found HERE.

Post the Combofix log as well as a fresh HJT log after running Combofix.

Regards Howard

This thread is for the use of SajidArain only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[SajidArain]

the problem is that the executables of the programmes are moved from their installation folder.

C:\Program Files\GRISOFT\AVG Anti-Rootkit Beta\antiRootkit.exe
was moved to :
C:\WINDOWS\system32\drivers\antiRootkit.exe.exe

C:\Program Files\GRISOFT\AVG Anti-Spyware 7.5\avgas.exe
was moved to:
C:\Documents and settings\Sajid Nazir\avgas.exe.exe


C:\WINDOWS\system32\swreg.exe
was not found by combofix so i searched for it found it here
C:\Documents and Settings\Sajid Nazir\Desktop\SmitfraudFix\swreg.exe
then placed it in system32 folder ,and it worked
attached log and error files that were generated.

 

[howard_hopkinso]

The Combofix log you posted is not correct. Also, you must uninstall one antivirus programme, then do the following.

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

ncscv32.exe

Close task manager.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O4 - HKCU\..\Run: [nvscv32] C:\WINDOWS\system32\drivers\ncscv32.exe

O4 - HKUS\S-1-5-18\..\Run: [nvscv32] C:\WINDOWS\system32\drivers\ncscv32.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [nvscv32] C:\WINDOWS\system32\drivers\ncscv32.exe (User 'Default user')

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

C:\WINDOWS\system32\drivers\ncscv32.exe

Reboot into normal mode and rehide your protected OS files.

Post a fresh HJT log as well as a Combofix log.

Regards Howard

Instructions edited.

This thread is for the use of SajidArain only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[SajidArain]

actually i wasn't even able to uninstall the softwares.
then i left with only choice to delete the files of antivirus ,but may be it is using from programm files/common/ bt i also then removed from there.

when i boot in safe mode i am not able to run antivirus.
can not run task manager by ctrl + alt+del .
it just appears and closes.

mymanager.exe is taskmgr.exe file i have renamed it. i can open taskmanager by run -> mymanager. command.

also not able to change folder's view settings.
the changes are not reflected. on eihter normal or safe mode.

 

[howard_hopkinso]

Sorry, I had forgotten you`d renamed taskmanager.

Follow as many of the instructions above as you can and post the requested log files.

Regards Howard

 

[SajidArain]

first of all i would like thank you for your great help.

and sorry for two posts.

the combofix does not runs properly it gives
'nircmd' is not recognised as internal or external command
and also some other error, as application close soon so not able to read what exactly it has..

some times it goes to disclaimer screen.
after entering 1.

scaning for infeted files
..... one or two line here

and application closes


once again thanks a lot

 

[howard_hopkinso]

Please post a fresh HJT log from normal mode.

Also, please can you tell me exactly which version of McAfee you`re running?

Regards Howard

This thread is for the use of SajidArain only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.