TechSpot

Virus from AIM (Valentines day pics) now cant use regedit, msconfig,task manager

By UNCPSnookie
Feb 15, 2005
  1. I got a virus/trojan or something from a link in one of my buddys profiles, the link said something like "Valentines day pictures". it was making an away message with the link i clicked that gave me the virus pop up when i'd get online and would try to do it while i was offline but it couldnt. I finally ( i think) got rid of it, but now I cant get into my regedit, msconfig, or task manager...what do i do??I have Norton system works, mcafee (privacy and personal firewall plus), Ad-Aware SE Personal, and Microsoft anti-spyware.. help please.
     
  2. b4u8cake

    b4u8cake TS Rookie

    A possible fix

    A possible fx/workaround.

    We clicked on a AIM link about pictures about 5 days ago. Yesterday I tried to run RegEdit and it did not stay open. I read some posts here, and found that TaskMgr and msconfig also would not open.

    This is what I did, and now they stay open.
    ***Note I am not a computer expert nor do I play one a TV. But I do know enough to be dangerous.

    Bottom line, what I think fixed the problem was the deletion of files in winnt/prefetch. Files named something like RegEdit????.pf, TaskMgr???.pf and so on.

    Long Story,
    I followed most of the recommendations of another post by getting the latest definition files for AdAware, VX2 cleaner plug-in, Spybot, McAfee, and Stinger. I uninstalled AIM and other programs I was unsure about. Booted in Safe Mode, Ran Adaware, Spybot, Stinger and McAfee. Deleted what they found. This took quit a long time.

    Ran Regedit, yes it stays open in Safe Mode. Backed up
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.
    Then Removed entries like "WildTangent" and others I was un sure of.

    Booted to Normal mode. Regedit still would not stay open. Based on another post, I copied winnt\system32\taskmgr.exe to C:\MyStuff and renamed it to myTMrg.exe. I then deleted winnt\system32\taskmgr.exe. Opened C:\MyStuff\myTMrg.exe, and it stayed open. I sorted by User Name and ended processes that had my user name and looked suspicious after I searched for where the EXE file was and did a properties on. I searched the registry for these file names and deleted most of what I found. I deleted the file, too. This is when I found the prefetch files and deleted them too. I rebooted, and everything stayed open. I downloaded and ran "windows-xp-prefetch-clean-and-control.exe".

    Hope this helps someone.
     
  3. Tribal-Phoenix

    Tribal-Phoenix TS Rookie Posts: 118

    pfff do u know your virus name ?

    pfff do u know your virus name ?
    coz if u jsut go to symantec web site and get a removal tool, get a program from internet that shows u current processes then close the "virus" process irf u dont know which one it is jsut close all of em lol , for except explorer , and then try running regedit , if it doesnt work then u can get a registry editor , but it still doesnt feel liek u r working on good old windows so then just bacckp data and reinstall windows
     
  4. maXimus4444

    maXimus4444 TS Rookie Posts: 118

    I used to have the same sort of thing. I searched for a removal tool and found this one here .
     
  5. Mictlantecuhtli

    Mictlantecuhtli TS Evangelist Posts: 4,919   +9

    Ah, the good old Windows repairing method: complete reinstallation.

    But viruses can get backed up, too.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.