Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

windows tool virus causing task manager to be disable even if log in as admin


  • Please log in to reply
4 replies to this topic

#1 accord04

accord04

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:18 PM

Posted 03 March 2011 - 10:52 AM

Hi everyone

yesterday I started up my laptop and when I went to log in this fake program popped up a disable task manager. every time i try to bring up task manager it display a message that says administrator has disable task manager and I have tried to log in as the admin and still have the same message. Also every time I try to log in it will bring up the safe mode screen and the fake program will start running in safe mode without me logging in safe mode. This virus some how has adapted to my computer and everything I have tried it has block, I can't run or install any other programs or anything is there away to get task manager running so I can stop the program from running to remove the virus.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:18 PM

Posted 03 March 2011 - 11:05 AM

Hello and welcome. I have moved you one forum down to Am I Infected.


Please follow our Removal Guide here Remove Windows Tool .
After reading how the malware is misleading you ...
You will move to the Automated Removal Instructions

After you completed that, post your scan log here,let me know how things are.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

Edited by boopme, 03 March 2011 - 03:26 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 accord04

accord04
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:18 PM

Posted 03 March 2011 - 01:08 PM

Hello and welcome. I have moved you one forum down to Am I Infected.


Please follow our Removal Guide here Remove Windows Tool .
After reading how the malware is misleading you ...
You will move to the Automated Removal Instructions

After you completed that, post your scan log here,let me know how things are.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.


Thank you for the quick response, i'm sorry that I posted in the wrong section, I have read the process on how to remove the virus and i have done it before when I got a different virus but my problem is when I log on in safe mode the virus pops up and tells me that the task manager is disable by the admin but when I long on I log on as the admin and their is nothing I can do, anytime I press a button the same message comes up, I read in another forum if I log in and hold the ctrl del and alt key fast enough I could bring up the task manager and stop some of the process but when I do that another message comes up saying that windows boot failure. Please let me know if there is any other anti virus program that would let me scan during the boot up process and be able to boot without win xp

Edited by boopme, 03 March 2011 - 03:27 PM.


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:18 PM

Posted 03 March 2011 - 03:22 PM

Can you log in from that admin account or a different user account and run (from Normal)
>>>> Download Shell.reg Download Link


>>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.

RKill....

Download and Run RKill
  • Please download RKill by Grinler from one of the 4 links below and save it to your desktop.

    Link 1
    Link 2
    Link 3
    Link 4

  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply

Do not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.


If you continue having problems running rkill.com, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.


Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1
Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Troubleshoot Malwarebytes' Anti-Malware



EDIT: If you still have Task manager issues.
This step involves making changes in the registry. Always back up your registry before making any changes.

Go to Start » Run and type: regedit
Click OK.
On the left side, click to highlight My Computer at the top.
Go up to File » Export
Make sure in that window there is a tick next to "All" under Export Branch.
Leave the "Save As Type" as "Registration Files".
Under "Filename" put RegBackup.
Choose to save it to C:\
Click save and then go to File » Exit.

Or you can download and use ERUNTwhich is an excellent free tool that allows you to to take a snapshot (backup) of your registry before making changes and restore it when needed.

Click on the link below:
http://www.kellys-korner-xp.com/xp_tweaks.htm
Scroll down to #275 and click "Lift Restrictions - TM, Regedit and CMD" in the left column. Go to File, choose "Save page as" All Files and save regtmcmdrestore.vbs to your desktop. Double-click on that file to allow the script to run and reboot when done. Since the script modifies certain registry settings your anti-virus package may warn you about it. Ignore the warning and allow it to run.

Edited by boopme, 03 March 2011 - 03:35 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 accord04

accord04
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:18 PM

Posted 04 March 2011 - 11:31 AM

Ok I finally got rid of the pest, This is what I did I log on in safe mode with command prompt. My task manager was disable so I had to use cmd.exe to go into the regedit to enable the task manager. Then on a clean computer I downloaded rkill.exe to my USB memory stick and used cmd.exe to run rkill after r kill was finish. Then I used cmd.exe to do regedit and manually removed all registry files associated with windows tool. Then I was able to use the crtl alt del to bring up task manager, and from there I ran the explore.exe and all my programs came back up
on my desktop when my avg9 antivirus program was and
did a scan. Once the scan finish and clean everything I did a reboot, and everything is fine, it turns out all this time when I was logging in as the current user it would be logging me in safe mode with no desktop icon making me think that I was in safe mode but I actually was not the virus or Trojan some how manage to change the desktop to make the user think that they are logging in safe mode. Thanks for all the advice from everyone who help I hope my post helps everyone who has encounter the same problems




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users