Help
This topic is locked
This computer appears to be operating normally.
The other computers cannot open task manager or regedit: [process] has been disabled by your administrator.
As stated earlier in this thread, normal "fixes" for those problems have been attempted, but upon reboot, it reverts back to the same problem.
Forum Guidelines
Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help
Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient. DO NOT RUN ComboFix unless requested to. Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log. When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
ComboFix finds Bootkit TDL4, infected? tskmgr & regedit not allowed to open
Back to top
#17
- Member
-
- Group: Members
- Posts: 19
- Joined: 15-December 09
Posted 02 June 2011 - 05:57 PM
On one of the others, I re-ran Combofix, TDSKiller, and MBRCheck, all came back good (except CF with its TDL4 infection).
The workstation still CANNOT run TaskMgr or Regedit.
I installed our latest Symantec Endpoint Protection client on this one, and it popped up with a detection!
Scan type: Auto-Protect Scan
Event: Risk Found!
Security risk detected: W32.SillyDC
File: C:\WINDOWS\system32\gqcj38.dll
Location: C:\WINDOWS\system32
Computer: EASECLASS3
User: SYSTEM
Action taken: Pending Side Effects Analysis : Access denied
Date found: Thursday, June 02, 2011 4:51:02 PM
This was after running the latest ComboFix, TDSKiller, and MBRCheck
-----------
After a reboot, this was cleaned out, and now taskmgr and regedit work.
Is this something new that ComboFix doesn't know about?
The workstation still CANNOT run TaskMgr or Regedit.
I installed our latest Symantec Endpoint Protection client on this one, and it popped up with a detection!
Scan type: Auto-Protect Scan
Event: Risk Found!
Security risk detected: W32.SillyDC
File: C:\WINDOWS\system32\gqcj38.dll
Location: C:\WINDOWS\system32
Computer: EASECLASS3
User: SYSTEM
Action taken: Pending Side Effects Analysis : Access denied
Date found: Thursday, June 02, 2011 4:51:02 PM
This was after running the latest ComboFix, TDSKiller, and MBRCheck
-----------
After a reboot, this was cleaned out, and now taskmgr and regedit work.
Is this something new that ComboFix doesn't know about?
This post has been edited by jonas914: 02 June 2011 - 06:43 PM
#18
- Just Curious
-
- Group: Malware Response Instructor
- Posts: 17,815
- Joined: 08-December 07
- Gender:Male
- Location:The Netherlands
Posted 03 June 2011 - 01:09 AM
ComboFix didn't remove it, so it did not detect it.
You can run Malwarebytes on all of them.
If still there will be a problem you need to open a topic for each of them with the logs.
You can run Malwarebytes on all of them.
If still there will be a problem you need to open a topic for each of them with the logs.
#19
- Just Curious
-
- Group: Malware Response Instructor
- Posts: 17,815
- Joined: 08-December 07
- Gender:Male
- Location:The Netherlands
Posted 08 June 2011 - 07:06 PM
Can we round off?
#20
- Just Curious
-
- Group: Malware Response Instructor
- Posts: 17,815
- Joined: 08-December 07
- Gender:Male
- Location:The Netherlands
Posted 11 June 2011 - 07:45 PM
This thread will now be closed since the issue seems to be resolved.
If you need this topic reopened, please send me a PM and I will reopen it for you. If you should have a new issue, please start a new topic.
Every one else should start a new topic.
If you need this topic reopened, please send me a PM and I will reopen it for you. If you should have a new issue, please start a new topic.
Every one else should start a new topic.
