Taskmgr being used by another program

By Gerard1970
Feb 28, 2007
Topic Status:
Not open for further replies.
  1. I can access taskmgr in safemode only. I have run avg and trendmicrosft virus and antispyware programs. In another post someone stated to another poster with same symptoms that it could be a backdoor virus. I am posting this from another computer. Enclosed is HJT log. Thanks for any assitance anyone can provide.
  2. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +19

    Hello and welcome to Techspot.

    Your system is infected with several nasties.

    Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

    If after reading the above, you wish to clean your system, do the following.

    Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

    Post fresh HJT and AVG Antispyware logs as attachments into this thread, only after doing the above.

    Regards Howard :wave: :wave:

    This thread is for the use of Gerard1970 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  3. Gerard1970

    Gerard1970 Newcomer, in training Topic Starter

    did almost everything

    I did everything and here are the results. I was unable to run virus scan in safe mode. I was only able to run in regular mode. When I tried it said there was a conflict and no network device found. I tried to run online virus scan in safe mode and it kept closing before it finished. I did all the other steps. Attached are both logs HJT and AVG. Thank you for taking the time to help.

    Now when I sart computer in regular mode I get an error that states Update.exe failed because System.dll was not found. Also Tend micro keeps quarentining BKDRV.BBOT.AC and sometimes DROPPER.FAT. I still cannot access taskmgr via control alt delete but have copied a link to my desktop and can access it in this way. I searched for taskmgr.exe and came up with 3 results. One opens task manager. One say task manager is being used by another program and the last states that windows cannot open this file. the targets are C:\i386\taskmgr.exe, C:\WINDOWS\system32\taskmgr.exe, and TASKMGR.EXE-06144C13.pf in the order I described.
  4. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +19

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

    Click start/run and type services.msc into the run box and press the enter key.

    When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

    Client IP-IPX

    Close the services window.

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    svchosts.exe<Not to be confused wit svchost.exe
    dllhost.exe

    Close task manager.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 201.37.42.93:6588<Fix this entry if you didn`t set this proxy yourself or don`t know what it is.

    O4 - Global Startup: dllhost.exe

    O9 - Extra button: (no name) - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file)

    O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - http://www.worldwinner.com/games/v48/pool/pool.cab

    O16 - DPF: {3730312D-0896-4BB9-9AA8-1D28D503E12E} (AXDownloaderCtl Class) - http://xplorstore.com/AXDownloader.dll

    O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab

    O23 - Service: Client IP-IPX - Unknown owner - ".exe (file missing)

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).

    C:\windows\system32\svchosts.exe<Not to be confused with svchost.exe.
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\dllhost.exe

    Reboot into normal mode and rehide your protected OS files.

    Post a fresh HJT log and let me know if you`re still having problems.

    Regards Howard :)

    This thread is for the use of Gerard1970 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  5. Gerard1970

    Gerard1970 Newcomer, in training Topic Starter

    Things seem betterthank you except I still have error upon startup that states update.exe failed because System.dll was not found
  6. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +19

    I did ask you to post a fresh HJT log. Please do so thanks.

    Regards Howard :)

    This thread is for the use of Gerard1970 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  7. Gerard1970

    Gerard1970 Newcomer, in training Topic Starter

    HJT log

    I'm sorry I thought I did.
  8. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +19

    Your HJT log is clean.

    Download the AVG Antirootkit programme. Disconnect from the net and install the programme, then restart your computer.

    Run the programme and click the click "Perform in-depth search." Allow AVG to complete the scan. The AVG scanner will give the "Rootkit path"
    * Select the Rootkit Driver by placing a checkmark against it and click "Remove selected items." Next, agree for the terms and conditions that is displayed by AVG and click "OK" to reboot the PC. Reconnect to the net.

    Download and run the Blacklight programme. Follow all the instructions carefully.

    Download the Autoruns programme from HERE. When the programme runs, click options and make sure the "Hide Microsoft Entries" is ticked. Click the file menu and select refresh. Click the save icon and save the Autoruns log to wherever you want.

    Attach the Autoruns log here.

    Let me know the results of the rootkit scans.

    Regards Howard :)

    This thread is for the use of Gerard1970 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  9. Gerard1970

    Gerard1970 Newcomer, in training Topic Starter

    no rootkits found. By the way what is a rootkit?

    I still have error at start Update.exe failed because system.dll was not found.

    And I must repeat thank you so much for your help.
  10. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +19

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.


    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    update.exe

    Close task manager.

    Locate and delete the following bold files and/or directories(if there).

    c:\program files\common files\{bcb1f20b-0746-1033-0814-060616060001}\update.exe<Delete the file and the entire folder.

    Reboot into normal mode and rehide your protected OS files.

    Let me know if that helps.

    BTW: A rootkit is a type of infection that operates at the kernel level and therefore hides from conventional antivirus/antispyware scanners.

    Regards Howard :)

    This thread is for the use of Gerard1970 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  11. Gerard1970

    Gerard1970 Newcomer, in training Topic Starter

    yes this error does not appear now. What was that file I deleted. Is there any way I can compensate you for your help.
     
  12. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +19

    That won`t be necessary mate, but thanks anyway.

    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of Gerard1970 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.