TechSpot

Taskmgr regedit cmd ipconfig not working help please

By chaoticjunk
Mar 23, 2006
Topic Status:
Not open for further replies.
  1. just recently my computer started getting lots of random popups then later on my ctrl alt del stopped bringing up taskmgr.

    I have tried to run it with the run command and also trie using the alternative ctrl shift esc but it still doesn't work.
    The same goes for cmd, regedit and ipconfig... they won't show up.

    When I ran HijackThis here's what I got



    Can anyone help me solve this problem.. I think my computer is seriously infected. :(
  2. mark16_15

    mark16_15 TS Rookie

    You've got Spyware

    I had it and it was a killer.
    this line from your HJT dump shows it
    O4 - HKLM\..\Run: [rmalt] C:\Program Files\Update06\Setup.exe

    I removed mine manually using xsetup pro to enable regedit but I found this link on Sophos that might work for you.

    * Windows 2000/XP/2003
    1. Download an emergency copy of SAV32CLI http://www.sophos.com/tools/sav32sfx.exe . On an uninfected Windows computer, run this file to extract the contents into a SAV32CLI folder on a medium that can be write-protected. Add any relevant IDEs to this folder and write-protect the disk (on a CD/R or CD/RW close the session).
    2. Restart the computer in Safe Mode. Go to Start|Shut Down. Select 'Restart' from the dropdown list and click 'OK'. Windows will restart. Press F8 when you see the following text at the bottom of the screen "For troubleshooting and advanced startup options for Windows 2000, press F8". In the Windows 2000 Advanced Options Menu, select the third option 'Safe Mode with Command Prompt'.
    3. At the infected computer, place the CD in the CD drive (D: in this example).
    At the command prompt type

    D:
    to access the CD drive. Type:

    CD SAV32CLI
    Then type:

    SAV32CLI -REMOVE -P=C:\LOGFILE.TXT
    to remove the Trojan.
    4. Before leaving Safe Mode, edit any registry entries mentioned in the Trojan analysis recovery instructions.
    5. If problems persist, contact support.

    I didn't try this but Sophos is reliable so it should work.
  3. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    Hello and welcome to Techspot.

    Go HERE and follow the instructions for running Ewido.

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html

    Go to add remove programmes in your control panel and uninstall anything to do with(if there).

    Update06

    Close control panel.

    Open your task manager(if you can), by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    Setup.exe

    Close task manager.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    R3 - Default URLSearchHook is missing

    O4 - HKLM\..\Run: [rmalt] C:\Program Files\Update06\Setup.exe Unknown

    O16 - DPF: {1319E67B-06AD-4C4B-9D85-9FEF7EDF7098} (NateOnMMSAtx Class) - http://web-color.nate.com/nateon_ocx...teOnMMSAtx.cab

    O16 - DPF: {5CA5E00D-80A8-475A-BF08-816FD56DBC38} (KTCtrl Class) - http://support.kornet.net/sw5/order/...eedNewCtrl.cab

    O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} (XecureWeb 4.0 Client Control) - http://css.hanaro.com/XecureObject/xw_install.cab

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).

    C:\Program Files\Update06

    Reboot into normal mode and turn system restore back on.

    Post a fresh HJT log as an attachment into this thread. See HERE for instructions.

    Regards Howard :wave: :wave:

    This thread is for the use of chaoticjunk only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.