Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Taskmgr wont open, rename it, opens fine


  • Please log in to reply
5 replies to this topic

#1 Modify

Modify

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 24 September 2009 - 08:32 AM

Hey guys, brand new to the fourm, and I'm well was infected. I got rid of all my trojans and rogue viruses, but the after math, well thats the aggravating part. The taskmgr.exe is being blocked from being used. I can rename it, and it will open, but leaving it as taskmgr.exe I only get a hour glass for a second with no error message of any kind. I'm trying to figure out how to fix this in the registry, before I just rename the taskmgr for good or download an alternative one.

Edited by Modify, 24 September 2009 - 08:33 AM.


BC AdBot (Login to Remove)

 


#2 gully786

gully786

  • Members
  • 186 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:13 AM

Posted 24 September 2009 - 08:46 AM

This worked for me when i was infected
http://download.cnet.com/Task-Manager-Fix/....html?tag=mncol

#3 Modify

Modify
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 24 September 2009 - 09:51 AM

This worked for me when i was infected
http://download.cnet.com/Task-Manager-Fix/....html?tag=mncol

Thanks for the link, not sure if it would have fixed my issue, but I did figured it out by doing some more research. I compared two XP regirsties, and noticed the infected had a extra key.
[HKey Local_Machine\...Windows NT\CurrentVersion\Image File Execution Option\taskmgr.exe]
"Debugger"="Svchost.exe"
I deleted it, and rebooted, and task manager was back.

Now a new problem, everything seems to be working, I ran HighJack This this just to make sure my Hosts file was not highjacked, and yet, it found many entries in my hosts file. It said there were so many I needed to just delete the hosts file. There were about 50 or more IP's, only two IPS, just repeated multiple times:
74.125.45.100 (6 of these)
206.53.61.77 (Theses were referenced to www.Google.*, had about 50 of theses)

Anyway, went to system32\drivers\etc, and opened the hosts file, I only seen the first 6 that HiJackThis listed, the Google entries were not there. I scrolled all the way down, nothing. I deleted them, saved it, ran highjack again, and it still reported the same thing. So I went back to the hosts file, it was empty, so I'm curious were HiJackThis is finding them. They are definitely there, becuase, I still can not go to Google in IE, it redirects me to one of those www.google.* websites, which are infected websites.


I'm not sure how to fix this, I mean I deleted the hosts file, and yet there still there or somewhere. Could I have multiple hosts file, I mean how does this work?

Edited by Modify, 24 September 2009 - 09:52 AM.


#4 Modify

Modify
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 24 September 2009 - 10:04 AM

k, I just learned from futher reading that HighJack This has a Hosts File Manager, I used it, and opend the hosts file via notepad within HighJack and seen all the entries. I deleted all of them, and clicked saved, and got a error.
Cannot create the c:\Windows\System32\Drivers\Etc\hosts file.
Make sure that the path and filename are correct.

#5 Modify

Modify
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 24 September 2009 - 11:21 AM

I figured it out, the real HOSTS file security had the administrator removed from it. I added it back, and now have access to read and write to the file. Those bad entries are long gone now.

#6 gully786

gully786

  • Members
  • 186 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:13 AM

Posted 25 September 2009 - 10:27 AM

lol seems 2 me u hunted it down and killed it,

Thanks for the update




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users