Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot Open Task-manager ... very suspicious


  • Please log in to reply
6 replies to this topic

#1 wonderson

wonderson

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:46 AM

Posted 21 September 2010 - 05:51 PM

A game I was playing crashed and I used CTRL-ALT-DEL to get back to the desk top.

When I got there the 'resource monitor' was displayed, but it was was not in a windows frame which is odd.

Normally I would expect to see the task manager, and the resource monitor would just be a tab there.

I explored to taskmgr.exe in the system32 folder and started it. I got the same thing, a modal panel with resource monitor in it, but not the full task manager.

I suspect that a malware app has hijacked or redirected my task-manager and am not sure what else it is doing.

System Info:

OS Name: Microsoft Windows XP Professional
OS Version: 5.1.2600 Service Pack 3 Build 2600

I have anti-vir up to date and running at all times. It indicates it did a system scan yesterday.

I have spy-bot installed. I ran it last week.

I am running Malwarebytes now.

There was a forum web post on how to re-enable task-manager if disabled by virus posing as an admin. It didn't seem to apply to my problem but I tried to follow the instructions on group policy manager. I could not complete it because, for me apparently, there was no path to drill down to the CTR-ALT_DEL setting in the gpedit tree.

I have not been able to find anything on the net specific to my problem. Please help, thank you.

BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:46 AM

Posted 21 September 2010 - 06:08 PM

Download Fix Task Manager
  • Save it to your desktop.
  • Unzip it and double click the FixMu.reg file and allow it to enter into the registry.
  • Reboot and let me know if Task Manager is now restored.

Posted Image
m0le is a proud member of UNITE

#3 wonderson

wonderson
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:46 AM

Posted 22 September 2010 - 01:51 AM

Thank you for your assistance.

Unfortunately running that app and rebooting did not restore task manager.

As indicated above I ran MalwareBytes. It found a virus in an archive, which has already been quarantined by antivir, along with two unrelated registry errors but no active malware.

I have added a screen shot of what comes up with a CTL-ALT-DEL, along with a look at the taskmgr.exe file properties.

Attached File  example.JPG   366.44KB   7 downloads

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:46 AM

Posted 22 September 2010 - 05:16 AM

Backup Your Registry with ERUNT
  • Please use the following link and scroll down to ERUNT and download it.
    http://aumha.org/freeware/freeware.php
  • For version with the Installer:
    Use the setup program to install ERUNT on your computer
  • For the zipped version:
    Unzip all the files into a folder of your choice.
Click Erunt.exe to backup your registry to the folder of your choice.

Note: to restore your registry, go to the folder and start ERDNT.exe

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it to your desktop (click file, save as) as fixit.reg In the same open notepad, in the line below select Any for File Type.

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=dword:00000000

NOTICE: This file was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Locate fixit.reg on your Desktop and double-click on it.
You will receive a prompt similar to: "Do you wish to merge the information into the registry?".
Answer "Yes" and wait for a message to appear similar to "Merged Successfully".

Please reply back letting me know if it merged correctly.

That fix should work on a clean PC. It might be wise, if this does not solve the problem, to take it to the Am I Infected forum where they can run some scans and you can post some logs to help the process.
Posted Image
m0le is a proud member of UNITE

#5 joseibarra

joseibarra

  • Members
  • 1,083 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Downstairs
  • Local time:04:46 AM

Posted 22 September 2010 - 05:23 AM

It sounds like you are running Task Manager in tiny/small footprint mode.

If you double click the empty space around the border of the TM display it will switch back to regular mode and then you should see the tabs you are used to seeing. This happens by accident of course.

You can read about it here:

http://www.broadbandreports.com/faq/6905

Those "other" fixes are for when malware changes your registry so that TM will not run and you see a message like:

Task Manager has been disabled by your Administrator...

That is something different. If you had that problem, you would not get as far as you are getting.

Edited by joseibarra, 22 September 2010 - 05:26 AM.

The mediocre teacher tells. The good teacher explains. The superior teacher demonstrates.


#6 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:08:46 AM

Posted 22 September 2010 - 08:54 AM

Jose has the right idea, I did this once and thought I was doomed only to find out that I had to doubleclick any unused area on the task manager screen.

#7 wonderson

wonderson
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:46 AM

Posted 22 September 2010 - 02:48 PM

Praise be to bill gates, Jose was right.

It was only running in small footprint mode.

If I might suggest; If this is controlled by a register entry it could be incorporated into the 'Fix Task Manager' script from the earlier post.

Thank you for recognizing the issue.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users