[Uncurable]Task manager, virus related

[AcaNbg]

Ok, so i was watching a show that i downloaded earlier in win media player, and it started to freeze from time to time, then it froze up completely. When i tried to run the Task manager, it said that it had been disabled by a administrator. So i started up my nod32(it was of for 3 days) and it started to pop out these messages about some Sality.NET Virus, and it quarantined about 70 items, form ffd show somethings, to ggl chrome setup file... It was every were, in system files, in a game executable, in microsoft office... An when i ran a complete system check, it found 9 infections beside these. Some Trojan linked to jar_cache(bunch of numbers).tmp was found to. And then when i tried to start up my Task manager, it gives me this error message now: taskmgr.exe - Unable to locate component
This application has failed to start because .dll was not found. Re-installing the application may fix the problem. It says just that, nothing else. I ran the virus check again, nothing, regedit works fine, but i can't use it to make my taskmgr work.

 

[Bobbye]

Bad news! If you have the Sality virus family, it's going to mean a reformat/reinstall.This is the exploit of the shortcut .ink files.

Sality is a family of file infecting viruses that spread by infecting exe and scr files. The virus also includes an autorun worm component that allows it to spread to any removable or discoverable drive. In addition, Sality includes a downloader trojan component that installs additional malware via the Web.

I'd like you to run the 2 following programs:

Malwarebytes' Anti-Malware

• Please download Malwarebytes' Anti-Malware from from HERE
• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to
  [o] Update Malwarebytes' Anti-Malware
  [o] and Launch Malwarebytes' Anti-Malware
• then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform Quick scan, then click Scan.
  * When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. please attach this log with your reply
  [o] If you accidentally close it, the log file is saved here and will be named like this:
  [o] C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

========================

Run Eset NOD32 Online AntiVirus scan HEREhttp://www.eset.eu/online-scanner

1. Tick the box next to YES, I accept the Terms of Use.
2. Click Start
3. When asked, allow the Active X control to install
4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
5. Click Start
6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
7. Click Scan
8. Wait for the scan to finish
9. Re-enable your Antivirus software.
10. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

If we see either 'Saility' or the Worm Win32/Stuxnet.A, it will be in your best interest-and safety- to reformat/reinstall. I'll know more after I see the logs.

 

[AcaNbg]

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

01. 01. 03 0:49:18
mbam-log-2003-01-01 (00-49-18).txt

Scan type: Flash scan
Objects scanned: 83306
Time elapsed: 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


I'll run the nod32 online now. Malware found nothing.

 

[AcaNbg]

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=9dd3632af3860b47b3e338e485f2e3d1
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-09-25 01:16:03
# local_time=2010-09-25 03:16:03 (+0100, Central Europe Daylight Time)
# country="Serbia and Montenegro"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=8199 39157157 100 100 11369 15921811 0 0
# scanned=80424
# found=0
# cleaned=0
# scan_time=4128
# nod_component=V3 Build:0x30000000

This is it, no virus, no nothing... And still, the task manager is not working

 

[AcaNbg]

Any solutions?
Here is an Print screen of what the error msg says http://img844.imageshack.us/img844/933/taskg.jpg

 

[Bobbye]

Sorry crunchie- we must have been posting at the same time.

AcaNbg, you give the perfect reasons why you should reformat and reinstall:

When i tried to run the Task manager, it said that it had been disabled by a administrator. So i started up my nod32(it was of for 3 days) and it started to pop out these messages about some Sality.NET Virus, and it quarantined about 70 items, form ffd show somethings, to ggl chrome setup file... It was every were, in system files, in a game executable, in microsoft office... An when i ran a complete system check, it found 9 infections beside these. Some Trojan linked to jar_cache(bunch of numbers).tmp was found to. And then when i tried to start up my Task manager, it gives me this error message now: taskmgr.exe - Unable to locate component
This application has failed to start because .dll was not found. Re-installing the application may fix the problem.

The Taskmanager has mostl likely been corrupted by Sailty We recently had a disscusion about Sailty and I am going to quote this source:

Best bet with these is to format/reinstall for 2 main reasons:

1) File infector's such as Sailty or Virut can cause the system to become unbootable, better to backup and format before it's too late.


2) Once they infect a legitimate file, they will invalidate that file's digital signature.

That means that ANY program file on this machine will NOT verify as signed my microsoft after a sality infection.

With any Backdoor Trojan:
If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infections can be identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with these type of trojans, the best course of action would be a reformat and reinstall of the OS.

Courtesy Blind Dragon: http://www.tech-101.com/system-security/1482-security-threats-evolving-breakneck-pace.html

You will find excellent reformat/reinstall instructions here:
http://www.tech-101.com/tutorials/356-tutorial-windows-install-repair-xp-vista.html

 

[AcaNbg]

Ok, thanks for the effort, I'll get down to reinstalling right away.

 

[Bobbye]

You're welcome. Sorry it isn't better news.