Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus? Unable to Open Task Manager or Registry Editor


  • Please log in to reply
14 replies to this topic

#1 cgilbert

cgilbert

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:01 PM

Posted 13 September 2009 - 04:39 PM

I attempted to complete a request received by garmanma to remove Windows Police Pro from my initial post and was advised to post in this forum if I experienced problems.

I attempted to download fixtm.reg and received the following error:

Internet Explorer connot download fixtm.reg from download.bleepingcomputer.com Internet Explorer was not able to open this Internet Site. The requested site is either unavailable or cannot be found. Please try again later.

Clearly this virus has a stronghold on the pc please advise on next steps to address the issue.

Edit Data: Here is the information provided in the initial post -

The PC virus protection expired recently and before I addressed the renewal my children apparently found a virus using the computer online. I am not able to determine the source of the problem or investigate as I am unable to open task manager and many programs. When I attempt to open task manager via ctrl+alt+del I receive an error message that states: Task Manager has been disabled by your administrator. Problem is my log in is the administrator or was until this unsightly virus arrived. When I try to right click the task bar to access task manager the option is grey and therefore I am unable to select it. I also attempted to open regedit.exe to see if task manager was disabled and when I attempt to open a command window it instantly closes.

Other information that may be of importance is when I reboot the pc numerous command windows automatically open up and close rather quickly (approx. 20-30 different windows). I am not able to open ANY programs including Malwarebytes or Ad-Aware or even MS word etc when I attempt to open them a command window quickly opens and closes and nothing else occurs. I also opened the control panel for options and regardless of what I select I receive the following error: C:\Windows\System32\rundll32.exe The parameter is incorrect.

I have rebooted in safe mode to see if I can access task manager, command functions or programs from there and its the same outcome.

The only program I am able to use is internet explorer and I am able to access the internet currently posting this thread for help from the challenged pc.

Greatly appreciate any assistance provided for my situation.

Edited by cgilbert, 13 September 2009 - 04:41 PM.


BC AdBot (Login to Remove)

 


#2 cgilbert

cgilbert
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:01 PM

Posted 13 September 2009 - 05:08 PM

One more item that I noticed the date and time on the pc is way off back in 2003 when I clicked the clock to change the time and date a command screen opens and closes quickly. While it is open I noticed that the blue bar at the top of the box reads C:windows\system32\ntvdm.exe for a blink of an eye and then changes to C:windows\system32\desot.exe before closing. Whew took a fast trained eye to capture the data so I am hoping this offers some assistance into the problem. Thanks for your help.

#3 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:04:01 PM

Posted 13 September 2009 - 08:35 PM

You should have just posted back to your original thread

You need to run one or both of these:


Please download RootRepeal.zip and save it to your Desktop.
alternate download link 1
alternate download link 2
  • Unzip the file on your Desktop or create a new folder on the hard drive called RootRepeal (C:\RootRepeal) and extract it there.
    (click here if you're not sure how to do this. Vista users refer to these instructions.)
  • Disconnect from the Internet as your system will be unprotected while using this tool.
  • Close all programs and temporarily disable your anti-virus, Firewall and any anti-malware real-time protection before performing a scan.
    This will ensure more accurate results and avoid common issues that may cause false detections.
  • Click this link to see a list of such programs and how to disable them.
  • Open the RootRepeal folder and double-click on RootRepeal.exe to launch it. If using Vista, right-click and Run as Administrator...
  • Click on the Files tab, then click the Scan button.
  • In the Select Drives, dialog Please select drives to scan: select all drives showing, then click OK.
  • When the scan has completed, a list of files will be generated in the RootRepeal window.
  • Click on the Save Report button and save it as rootrepeal.txt to your desktop.
  • A copy of the report with the date (i.e. RootRepeal report 07-30-09 (17-35-54).txt) is also saved to the root of your system drive (usually C:\).
  • Open rootrepeal.txt in Notepad and copy/paste its contents in your next reply.
  • Exit RootRepeal and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
Note: If RootRepeal cannot complete a scan and results in a crash report, try repeating the scan in "safe mode".
-----------------------------------------


1. Download Win32kDiag from any of the following locations and save it to your Desktop

http://ad13.geekstogo.com/Win32kDiag.exe

http://download.bleepingcomputer.com/rootr.../Win32kDiag.exe

2. Double-click Win32kDiag.exe to run Win32kDiag and let it finish.
3. When it states "Finished! Press any key to exit...", press any key on your keyboard to close the program.
4. Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as a reply to this topic.
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#4 cgilbert

cgilbert
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:01 PM

Posted 13 September 2009 - 09:29 PM

I attempted to download both the rootrepeal and the win32kdiag.exe and received the same error message when attempting the download for Windows Police Pro which states:

Internet explorer cannot download..... Internet Explorer was not able to open this Internet Site... this is the message received when attempting all download links.

Please advise how to collect the data needed when such obstical exists.

#5 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:04:01 PM

Posted 14 September 2009 - 06:34 PM

Have you tried changing the name of Root Repeal.exe to Root Repeal .scr or .com
Same with the other tool

Try this tool:

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#6 cgilbert

cgilbert
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:01 PM

Posted 14 September 2009 - 06:42 PM

I am not sure how to change a download from exe to the other options provided. Also the additional link you provided was not successful. In short, when I click on the links (any link) it gives me the same standard message Internet explorer cannot download....... (as noted in above replies)

Also today when I logged in I there is protection system and windows sercurity alerts icons by the clock and an intrusion of pop up telling me I have viruses to purchase a removal kit or activate the software. I have not actioned these items and continue to X them out but this virus has a clear strong hold on the system.

Please let me know next steps to resolve and minimize the effects to get the data you need to assist.

#7 cgilbert

cgilbert
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:01 PM

Posted 14 September 2009 - 06:48 PM

Ok this is getting really weird....now there are icons on the desktop that are pornographic...How do I stop this?

#8 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:04:01 PM

Posted 15 September 2009 - 03:21 PM

When you download OTL.exe to your Desktop
Right-click on it and select Rename
Type, tater.scr
Then double-click on it to open and run it

Edited by garmanma, 15 September 2009 - 03:21 PM.

Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#9 cgilbert

cgilbert
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:01 PM

Posted 19 September 2009 - 11:14 AM

The computer will not let me download anything to my desktop it gives me the error listed above when attempting to download anything. Any suggestions on how to resolve this issue so that I can download the needed items to get the data you need to assist me?

#10 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:04:01 PM

Posted 19 September 2009 - 06:47 PM

Right-click on the Task Bar and open Task Manager
In the Applications window, end all running tasks
Start a new task and type explorer.exe
This should bring up the Desktop and you should be able to run some scans
-------------------------------

Also try safe mode w/networking:

Reboot the computer and after the initial screen, start tapping the F8 key and make your selection

--------------------------

If you have access to a non-infected computer, you can burn these tools to a CD or download to a flash drive
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#11 cgilbert

cgilbert
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:01 PM

Posted 19 September 2009 - 07:33 PM

Unfortunately I am not able to access the task manager please see the initial post on this thread for details on this problem. I have also logged into safe mode and the system will still not allow me to open task manager or run any programs. I do have access to another pc but I not sure that buring the items will benefit me until we are able to combat some of the restrictions on the troubled pc as it will not allow me to run any program regardless of where I attempt to access it. Any thoughts?

#12 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:04:01 PM

Posted 20 September 2009 - 04:08 PM

The only suggestion I can offer is to reformat and reinstall the operating system
Let me ask some people
EDIT: I have a few more things to try. Post back in a bit

Edited by garmanma, 20 September 2009 - 04:52 PM.

Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#13 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:04:01 PM

Posted 20 September 2009 - 04:54 PM

Go to Posted Image > Run..., then copy and paste this command into the open box: cmd
Click OK.
At the command prompt C:\>, copy and paste the following command and press Enter:

DIR /a/s %windir%\scecli.dll %windir%\netlogon.dll %windir%\eventlog.dll >Log.txt & START notepad Log.txt

A file called log.txt should be created on your Desktop.
Open that file and copy/paste the contents in your next reply.
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#14 cgilbert

cgilbert
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:01 PM

Posted 20 September 2009 - 05:21 PM

Well I am not able to achieve the last request as the command text box quickly opens and then shuts down before I am able to do anything. I think I need help dumping and reformatting the machine. I have all of my discs to reload the operating system and software just need help on how I can get the stuff off the pc so that I can start from scartch if that is my only option.

#15 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:01 PM

Posted 20 September 2009 - 09:17 PM

Try this.

Please download peek.bat and save it to your Desktop. Double-click on peek.bat to run it. A black Command Prompt window will appear indicating the program is running. Once it is finished, copy and paste the entire contents of the Log.txt file it creates in your next reply.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users