Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firewall, Regeditor, Task Manager getting disabled


  • This topic is locked This topic is locked
4 replies to this topic

#1 sparr0w21

sparr0w21

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:00 AM

Posted 15 October 2010 - 01:44 AM

Hi, sorry if I started another topic but it seems no one was able to reply in my previous topic so I thought I might post up a new one, I hope it's alright. Here's my problem.

I've got something that keeps disabling my task manager, registry editor, Windows Firewall and the Safeboot mode. I already tried running SuperAntiSpyware and MBAM in normal and safe mode but it keeps coming back.

This is an office computer and we have files here that I don't want to mess up, so I hope I don't get to do a full reformat.

Here's the description of the computer:

Windows XP
Professional
Version 2002
Service Pack 3

Btw I don't have internet connection prior to the problem at hand in this computer so I'm using another PC to connect here.

Here's a summary of what happened:

It all started when I enabled the File and Printer Sharing for Microsoft Network and access a shared folder. Then that's where I noticed that the Task manager, Regeditor and Firewall got disabled. I run a full scan using SuperAntiSpyware, and AVG 9.0 and was able to get results. I got a Sality_Y/X (not sure if it was Y or X) during the AVG scan, I searched it and found out that it's very nasty.

Run HJT and getting the result of disabled Regedit. I tried fixing that but it still keeps coming back.

I got it to boot in Safe Mode and I had AVG scan it, but I cut that scan short coz I was asked to do something on the computer, I stopped the scan, reboot it to normal mode and got the blue screen error, it was a Page_fault something error. I was able to fix it by switching the RAMs. Now after that here's what I did:

-Did a system restore
-Disabled system restore
-Uninstalled AVG (I thought that was the one causing the problem coz I stopped the scan and maybe that got messed up)
-Uninstall/Installed SAS again
-Installed MBAM
-Did a scan both on Normal and Safe Mode using SAS & MBAM

Now aside from the disabled Task manager, Regeditor, Firewall and Safeboot mode, I can't seem to install AVG, getting a registry error during installation.

Also getting Runtime Error when running CCleaner, saying floating point support not loaded.

And lastly, getting autorun.inf and some .exe and .pif files that re-creates after deletion on both the C and E drive.

I hope someone can help me fix this, thanks!

Jake

BC AdBot (Login to Remove)

 


#2 LLC NinjaCow

LLC NinjaCow

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:00 PM

Posted 15 October 2010 - 04:47 AM

http://www.softpedia.com/get/System/System...-Explorer.shtml
http://www.softpedia.com/get/Security/Secu...ions-Tool.shtml
http://www.softpedia.com/get/Internet/Popu...ijackThis.shtml

ProcessExplorer is a tool that is similar to windows task manager. Process Explorer will show you information about which handles and DLLs processes have opened or loaded.

RRT (Remove Ristrictions Tool) - A tool to re-enable Ctrl+Alt+Del, Folder Options and Registry tools

HijackThis is a general homepage hijacker detector and remover that targets the methods used by the most common hijackers

This seems to be the description of your virus!!!
I got the information from "http://hubpages.com/hub/how-to-remove-virus-that-disables-task-manager"
Hope your PC gets Better!!!!! :D

#3 sparr0w21

sparr0w21
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:00 AM

Posted 15 October 2010 - 11:04 AM

Thanks for replying but unfortunately I've already tried RRT and HJT but it's still the same, the malware keeps coming back.

#4 sparr0w21

sparr0w21
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:00 AM

Posted 15 October 2010 - 11:05 AM

Thanks for replying but unfortunately I've already tried RRT and HJT and it's still the same, the malware keeps coming back.

#5 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,947 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:02:00 AM

Posted 15 October 2010 - 11:19 AM

Hello sparr0w21,

I've moved your first topic to the appropriate forum here: http://www.bleepingcomputer.com/forums/topic353377.html

Because you have posted a log, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users