Problem with Alcohol 120 + Task Manager -.-

[Jasio-]

I downloaded Alcohol 120% and it appears to have infected my system. It's late, im a retard, i ran it. Did some ****, now when i try getting into task manager it sais its been disabled my my administrator -.-. Any help with this, or anyone who knows how to remove the damage it caused i'll <3 you =]

 

[howard_hopkinso]

I`ve edited your thread title and some of your post. That way we can stay within the rules of Techspot.

Go HERE and follow all the instructions exactly.

Post fresh HJT and Ewido logs as attachments into this thread, only after doing the above.

Regards Howard

This thread is for the use of Jasio- only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[Jasio-]

I got rid of it. Durh =.= the craxxor <3 thanks

I've also noticed it played with some of my IE settings, i use FF but would still appreciate access to IE =] It sais the sites unavailable regardless of the page

 

[howard_hopkinso]

You should still follow the instructions, then post the logs I ask for.

I can then see if your system is clean.

Regards Howard

 

[Jasio-]

HtJ <-------

 

[howard_hopkinso]

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

scvhost.exe<not to be confused with svchost.exe which is legit.

Close task manager.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\scvhost.exe

F3 - REG:win.ini: load=C:\WINDOWS\system32\scvhost.exe

F3 - REG:win.ini: run=C:\WINDOWS\system32\scvhost.exe

O4 - HKLM\..\Run: [Generic Host Process] C:\WINDOWS\system32\scvhost.exe

O4 - HKLM\..\RunServices: [Generic Host Process] C:\WINDOWS\system32\scvhost.exe

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O17 - HKLM\System\CCS\Services\Tcpip\..\{4E3F379B-9414-4414-B745-4D7CA30C761B}: NameServer = 216.58.97.21,216.58.97.20<Only fix this, if it doesn`t belong to your isp.

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

C:\WINDOWS\system32\scvhost.exe<Not to be confused with svchost.exe

Reboot into normal mode, turn system restore back on and rehide your protected OS files.

Post a fresh HJT log and let me know how your system is running.


Regards Howard

This thread is for the use of Jasio- only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[Jasio-]

Hey, thanks for the detailed instructions. Before i attempt, am i safe to restart? After installing Alcohol it told me to restart, but it never installed any files (nothing that i noticed.. Program Files or Start Menu..) So are you sure it'll boot correctly?

Ack! I cant shut off System Restore.. i dont believe i'm signed in as an admin. I just have the main account that was always there when i got the computer.. but when i go to the System Properties the tab isnt there =[

 

[howard_hopkinso]

No, I`m not sure it`s safe to restart, but it`s something you have to do.

Follow the instructions to the best of your ability.

Regards Howard

 

[Jasio-]

Howard =[ i know you </3 me but i have another one =] <3

Command Prompt = blocked.

I dont believe theres a registry key thats blocking it so im stumped already -.-

 

[howard_hopkinso]

Post a fresh HJT log.

Regards Howard

This thread is for the use of Jasio- only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[Jasio-]

Hi
I'm HjT
<3 Me?

 

[howard_hopkinso]

Your HJT log is clean.

The command prompt blocked message means your administrator has blocked the use of the command prompt. I suggest you speak with the system admin.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard

This thread is for the use of Jasio- only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[Jasio-]

I don't have an administrative account. Do you have a link to a tutorial for unblocking it if i access the Admin account?. Like i said, i have the 'Owner' account that came with it, and that isn't giving me access. When i go into safe mode i have the option for administration. So through there how do i open up my command prompt.. i need it =[

EDIT: Got it, it was a registry key =[ HKCU/Software/Policies/Microsoft/Windows/System/"DisableCMD" with the value 1

 

[howard_hopkinso]

Glad you problem is solved.

Regards Howard