Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus that blocks my task manager and cmd


  • This topic is locked This topic is locked
5 replies to this topic

#1 akaJohn

akaJohn

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:03 PM

Posted 21 May 2010 - 01:34 AM

Hi All,

I am new to this forum.

Hear is my problem. Looks like i am infected with some thing thats not allowing my task manager, command prompt to come up.
Also it does not allow firefox to open up. I can access IE but there is a default page that comes up //www.nuevaq.fm

I had run combo fix and looked like it fixed it. But after a restart it has reappeared.

I am using windows XP. Please let me know if you need any further details. Hope to here from you all.

Thanks

Edited by Budapest, 21 May 2010 - 01:45 AM.
Moved from XP ~BP


BC AdBot (Login to Remove)

 


#2 MendMyComputer

MendMyComputer

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:03 PM

Posted 21 May 2010 - 08:04 AM

Hello, try disabling your system restore before removing the infection again...

As infections can get into your recovery partition or even system restore files and re-infect upon restart...

To disable system restore....

start > right click my computer > properties > system restore tab > tick the disable system restore box > restart

#3 coxchris

coxchris

  • Members
  • 1,151 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Atwater
  • Local time:11:03 AM

Posted 21 May 2010 - 08:23 AM

hello aka John,

is the virus name trojan.startpage? in junction with mendmycomputer I have found a virus with your description please see http://comprolive.com/remove/harmful/exe/ssms-exe-cssrs-exe.

AA in Computer Networking Technology

BS in Information Technology 

Comptia A+, Project+, L+

Renewable:  N+,S+

CIW Web Design Specialist, JavaScript Specialist,  Database Design Specialist 

LPIC-1, SUSE 


#4 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,801 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:02:03 PM

Posted 21 May 2010 - 09:27 AM

Hello akaJohn,

I see that you have run ComboFix. Please read this topic: http://www.bleepingcomputer.com/forums/t/273628/combofix-usage-questions-help-look-here/ which discusses running ComboFix.

Please follow the instructions in ==>This Guide<== starting at step 6.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Since you have run ComboFix, please include the ComboFix log in the new topic.

If you cannot produce any of the other logs, then please create the new topic anyway, include the information that you were unable to produce the other logs and why and include the ComboFix log along with a description of your computer issues.

Hello, try disabling your system restore before removing the infection again...


Please DO NOT disable system restore. If you have already done so, please re-enable it. Disabling System Restore as the first step when attempting to clean a system or when scanning for malware is not advisable. Unfortunately, some anti-virus vendors still recommend doing this before attempting malware removal and many folks follow that advice. This is really not a good practice when dealing with infected computer systems. Turning System Restore off and then turning it back on has some risk associated with it since that feature does not always work as intended. Further, there is always a possibility of something going wrong during the malware removal process and you end up with more problems. If an incident renders your system problematic or unbootable, you can use System Restore to return it to a previous working state. Without a restore point to fall back on, you are left with a limited means of restoring your system to a usable condition. Disabling this feature could mean having to perform a repair install (or reformat in worst case scenarios) if you're unable to fix any problems which System Restore may be able to correct. Although System Restore is not always 100% guaranteed to work all the time, it at least gives you another option before resorting to more drastic measures.

"System Restore and malware removal - what is best practice?"
"Should I purge all my restore point BEFORE removing infection?"

Best practice is to purge the system restore after the infection is removed, and not by turning it off either. There is a better way.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#5 akaJohn

akaJohn
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:03 PM

Posted 22 May 2010 - 09:37 AM

Ok.

1. Have not disabled system restore yet.
2. Let me get the combo fix logs and post it here.

Thanks for helping me out and your patience.

#6 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,801 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:02:03 PM

Posted 22 May 2010 - 02:40 PM

Hello,

I'm glad you didn't able System Restore. :flowers: I see, however, that you missed the guide I linked you to. Oh, well. I have split off your ComboFix log and pasted in the information from your initial post into that post and moved it here: http://www.bleepingcomputer.com/forums/t/318430/virus-that-blocks-my-task-manager-and-cmd/ Please be sure to subscribe to that topic and enable instant e-mail notification so you can receive notifications when you get responses.

Now that you have posted a log, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users