Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


TaskManager and RegEdit disabled, every AntiVirus process killed

  • Please log in to reply
1 reply to this topic

#1 cor_van_de_water


  • Members
  • 2 posts
  • Local time:12:48 AM

Posted 02 February 2009 - 03:28 AM

I received a Dell Inspiron 4000 laptop from a friend who indicated it had "issues".
So I put the simple virus scan/remove program Stinger on my USB stick, plus Search&Destroy and a few other tools,
switched the USB stick to LOCKED and plugged it into the laptop.
I had already tried to run RegEdit and TaskManager and both reported "disabled by Administrator"
which is a sure sign of infection, as I was logged in with Administrator rights.
Stinger found an abundance of W32/Sality worms and one occurrence of W32/Autorun.worm.gen!job
I had to delete all infected files as Stinger could not clean them.
I tried to install AntiVirus and Anti-malware programs like AntiVir and S&D
but each process with a common anti-virus name is immediately killed,
apparently by the still present virus.
I tried using a script to enable RegEdit but the registry is immediately switched back to disable it.
I rather not re-install this machine from scratch as I do not have the original (Dell)
CDs at hand and I know that the License won't work with a generic XP install, so then
I would not be able to pass Genuine Windows certification.
Any idea how to tackle this further?
BTW, it is a Windows XP Home version.

BC AdBot (Login to Remove)


#2 cor_van_de_water

  • Topic Starter

  • Members
  • 2 posts
  • Local time:12:48 AM

Posted 02 February 2009 - 01:36 PM

Never mind, I read a similar problem in another thread after more searching around and I used the recommmended combination of ATF-Cleaner, MalwareBytes-AntiMalware with the downloaded update (on a clean machine) all written to a USB stick, *locked* te stick and plugged into the infected machine.
Followed the instructions to run ATF-C, then MBAM installer, then update installer (All directly from the USB stick) and found 12 infections.
PC seems to be clean now.
Thanks for the help, even though it was addressed to someone else, it helped me too.
BTW, this is the helpful thread:

Edited by cor_van_de_water, 02 February 2009 - 01:41 PM.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users