Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Worm.win32.netsky/trojanSPM/LX


  • Please log in to reply
32 replies to this topic

#1 twinkies712

twinkies712

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:35 AM

Posted 20 December 2009 - 10:17 PM

Hi,
My windows XP has been devasted by worm.win32.netsky and trojanSPM/LX. I have all the typical pop-ups and changes, but have no idea how to save my computer. I cannot perform system recovery, do any regedit, and the computer will no longer open internet explorer. My computer has a hard time starting up, and will not start in safe mode. I am working from a laptop right now. How can I fix this mess?
Thanks!

BC AdBot (Login to Remove)

 


#2 MATTSPCHELP

MATTSPCHELP

  • Members
  • 196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Leicester, United kingdom
  • Local time:09:35 AM

Posted 20 December 2009 - 10:22 PM

Start up your PC as normal , open My computer and in address bar type C:\Windows\System32 copy taskmgr.exe to your my documents and rename it to explorer.exe , double click it to open it, look in there for programs that may look suspicious eg loads of numbers 2323214.exe or winlogon86.exe click theese once and click end process , then attempt to open internet explorer, let me know how things go
Microsoft Certified Desktop Support Technician

#3 twinkies712

twinkies712
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:35 AM

Posted 20 December 2009 - 10:50 PM

Thanks so much for your help! It took me forever to try to get my computer to start up, but I opened My Computer and I there is no address bar to type anything into. Is there another way?

#4 MATTSPCHELP

MATTSPCHELP

  • Members
  • 196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Leicester, United kingdom
  • Local time:09:35 AM

Posted 20 December 2009 - 10:57 PM

right click the grey area and click address bar
Microsoft Certified Desktop Support Technician

#5 twinkies712

twinkies712
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:35 AM

Posted 20 December 2009 - 11:08 PM

When I try to click the taskmgr (that I renamed), it says it has been disabled by the administator. I am on an administrator account.

#6 MATTSPCHELP

MATTSPCHELP

  • Members
  • 196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Leicester, United kingdom
  • Local time:09:35 AM

Posted 20 December 2009 - 11:14 PM

Here's How to re enable task manager:
Click Start
Click Run
Type REGEDIT
Click OK The Registry Editor will now open
Browse to the following key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\
CurrentVersion\Policies\system
In the right pane, look for the value: DisableTaskMgr
Right click DisableTaskMgr and select Delete. (When prompted with "Are you sure you want to delete this value", select Yes.
Now browse to the following key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\policies\system
In the right pane, look for the value: DisableTaskMgr
Right click DisableTaskMgr and select Delete. (When prompted with "Are you sure you want to delete this value", select Yes.
Close the Registry by choosing File | Exit
Microsoft Certified Desktop Support Technician

#7 twinkies712

twinkies712
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:35 AM

Posted 20 December 2009 - 11:18 PM

I truly appreciate all of your help. Unfortunately, typing REGEDIT into run pops the same error up, that registry editing has been disabled by the administrator.

#8 MATTSPCHELP

MATTSPCHELP

  • Members
  • 196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Leicester, United kingdom
  • Local time:09:35 AM

Posted 20 December 2009 - 11:20 PM

ere are the solutions for enabling the regedit again.

Use the gpedit.msc to enable the registry editor.
Step 1: Hit the window or click start button then press "r" or simply click the run

Step 2: type gpedit.msc

Step 3: Click on Administrative Templates

Step 4: Click the System and locate the Prevent access to registry editing tools and double click on it

Step 5: Select the enabled on the optionbutton the click apply.

This will make a policy to prevent access to the registry editing tools, The computer will automatically made the policy.

Step 6: After clicking on apply select the disabled in the option button then click the apply again then click ok button when finished.

The disabled button will make the policy into default, the computer will automatically configured it and becomes a default comfig which is the registry editor can be access by the user.
Microsoft Certified Desktop Support Technician

#9 twinkies712

twinkies712
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:35 AM

Posted 20 December 2009 - 11:23 PM

When I type "gpedit.msc" (and I tried typing it numerous times), it says that windows cannot find it.

#10 MATTSPCHELP

MATTSPCHELP

  • Members
  • 196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Leicester, United kingdom
  • Local time:09:35 AM

Posted 20 December 2009 - 11:26 PM

Ahhh windows XP home i take it , hmmmm , try start - Run - type msconfig and go to startup , list as many as you can before you get bored and post back :D
Microsoft Certified Desktop Support Technician

#11 twinkies712

twinkies712
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:35 AM

Posted 20 December 2009 - 11:34 PM

It is XP Home, sorry I should have been more specific. I am not easily bored! These are the ones with green checks:
hpha1mon
hpztsb12
hphupd07
hphmon07
IPHSend
SearchProtection
hphupd06
hpcmpmgr
hphmon06
mcagent
AppleSyncNotifier
qttask
iTunesHelper
ZuneLauncher
notepad
winupdate86
Rundll32
higubuli
msnmsgr
aim6
SearchProtection
ctfmon
GetModule36
_A00F3F51703
Core
ntload
xynna4
win
ghwrsysguard
richtx64
Adobe Reader Spe...
Event Reminder
HP Digital Imaging...
HP Image Zone Fas...
LUMIX Simple Viewer
NkbMonitor.exe
scandisk
scandisk

Here are the unchecked ones:
aim
rundll32
ccApp
RunDll32 cmicnfg
msmsgs
SNDMon
Microsoft Find Fast
Microsoft Works Ca...
Office Startup

#12 MATTSPCHELP

MATTSPCHELP

  • Members
  • 196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Leicester, United kingdom
  • Local time:09:35 AM

Posted 20 December 2009 - 11:37 PM

Richtx64 untick
ghwrsysguard untick
xynna4 untick
ntload untick
_A00F3F51703 untick
GetModule36 untick
winupdate86 untick
Microsoft Certified Desktop Support Technician

#13 twinkies712

twinkies712
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:35 AM

Posted 20 December 2009 - 11:53 PM

What should I do now? The same problems still arise when I try the previous steps you provided.

#14 MATTSPCHELP

MATTSPCHELP

  • Members
  • 196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Leicester, United kingdom
  • Local time:09:35 AM

Posted 20 December 2009 - 11:55 PM

The above programs i asked you to untick where virus programs , try and open internet explorer or taskmanager
Microsoft Certified Desktop Support Technician

#15 twinkies712

twinkies712
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:35 AM

Posted 21 December 2009 - 12:03 AM

Still no luck. It seems that "winupdate86" does not want to stay unchecked. Adminstrator problems again. Sorry this is so complicated!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users