Virus disables task manager and regedit

You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser. Nasty Trojan disables regedit, msconfig, antivirus, firewall, task manager, etc. Status Not open for further replies. I never thought it would happen to me As I have just contracted a nasty piece of uber-malware that whipped through NAV as if it weren't there, I thought I would post a compilation of what I have learnt through personal experience and on this and other forums.

I have noticed that about 4 people have complained about this beast in the last couple of days in different places, so I thought I would post what I have learnt. It's a bit rough, but it's a start.

For the record, my security tools are: 1 Ad-Adware Professional, with Adwatch running constantly. I do a full scan each start-up 2 Norton Anti-Virus, with definitions updated as of Thursday, Dec 30, , system is scanned weekly 3 Fully updated XP patches through Microsoft Automatic Update 4 SP2 firewall, plus hardware firewall on my Cisco router I have no idea how I got infected — I became aware of it when I noticed the Adwatch icon flashing in the start-up menu and found that 4 attempts or so per minute were being made to modify the registry files.

I then noticed that NAV was inactive no icon present and that the Microsoft security icon was flashing for my attention. However, each time I attempted to open it, the window shut immediately. Safe mode changed nothing — NAV was still unable to open. I was able to access and run the Trendmicro scan by accessing it through their European page but the scan found nothing. One program — Registrar Lite — allowed registry access. However, editing the registry without killing the main process meant that registry edits were immediately restored.

It revealed an instance of Kazaa. World running, which is strange because I have never installed Kazaa before. Although the Kazaa process was fixed by spybot, it reoccurred on follow-up searches and so I suspect it is part of, or responsible for the Trojan.

I put a call in to my ISP to let them know I had this Trojan and to ask if they could monitor my account for any untoward activity. They were friendly enough, but I spent several hours on the phone with different techs to no avail. However, as I have found five almost identical reports of this behavior in the last five days, I thought it might be useful to pool the information learned.

However, research suggests that these two programs could not be responsible for all of the symptoms. The only way it seems possible to regain control of your machine is to find a registry editing program that the Trojan does not block, install it and end the malware process. I used Uniblue WinTasks Pro 5 application to finally access the processes.

I was also able to open the registry using a program called Registrar Lite. The descriptions I have read of the problem each differ on which process to kill. You might look for: 1 chkinit. Spybot13 reported in a HijackThis log. Logfile of Trend Micro HijackThis v2. Please Print or Save to Notepad all instructions and please follow them carefully and if there's something you don't understand or that will not work please let me know and we will go through it together. I will post back as soon as I have decided on the best course of action to take with your malware issues.

Thankyou for your patience, K NOTE: If MBAM encounters a file that is hard to remove it will prompt for a delete on reboot, answer yes to this and once rebooted please run another scan and post that scan's log results along with the log results from before reboot which can be found under the LOGS tab of Malwarebytes.

I need to see some additional information about what is happening in your machine. Please perform the following scan:. Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection.

Motherboard: Dell Inc. NET Framework 1. The file version of the bad file is 5. The file version of the bad file is unknown The specific error code is 0xb [No signature was present in the subject. EXE svchost. DLL Notify: igfxcui - igfxdev.

Logfile of Trend Micro HijackThis v2. O4 - HKLM.. Trusted Domains: musicmatch. Trusted Domains: mcafee. File not found. NET Framework 1. Next go to the side of the Search box and select All files and folders. Go down to More advanced options. January 06, Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read. Search Ask Leo! Do this: Subscribe to Confident Computing! I'll see you there! There are times you may want to force the issue to ensure your machine is as up to date as possible. My Email Disappeared While Composing.

Can I Get it Back? Here's how that happens and a few ways to avoid it. Backup and Restore the Registry Using System Restore - In my opinion, System Restore is good for exactly one thing: backing up and restoring the registry. In Search of Perfect Security - Perfect security is a myth.

So what can you do? The solution is as simple as realizing that all security is a trade-off, and paying attention to the trade-offs you make. Thanks, you are the only guy that give solution to my problem, as soon as i download the taskmanager fix it automatically fix the task manager and enable it at once, Thanks Reply.

Thanks Reggie Reply. HiLeo, Im again. If any advice for me, great thank you again,,, your site is very good Reply. Good stuff, as always Leo.

The help is appreciated. Because i tried that and didnt work, what do i put in? N Reply. Actually ur system is affected with new folder. This guide helped me a lot thanks. You were running without anti-virus protection? My guess is that your system is messed up pretty bad. Yes, we could spend a lot of time trying various approached, but … in reality, a reformat and reinstall will at this point likely be much quicker.

Hey guys, My system was infected by virus virus IM-Worm. Method 3 helped me recover my problems well… Thanx a lot guys for the work. Watch out for WindowsXP Police. Kindly suggest a way out… Reply. Task manager is back Thanks for your help Reply. How do i fix it, virus is removed i believe… thanks leo Reply. Thanks in advance Reply. Thanks a lot Reply. Janice in Florida Reply. Your machine is likely still infected with the virus that caused the problem in the first place.

Try running an up-to-date virus scan, perhaps after booting into safe mode. Both Task manager and Regedit has been disabled… I am the One and only user of it… gpedit. The Task manager is enabled and disabled within a minute. BUT, still appearing that. I cannot run regedit??? Any ideas. Thanks alot, I have done it but I made some slight changes to your procedure… Instead of selecting Not Configure option in gpedit.

Thanks John Reply. Thank you so much i got my task manager back and up anad running Reply. Thanks for making this easy to find! But the damage of not being able to run Task Manager was still here until I found this article.

And then I could see nothing strage was running. Or so I think at this point! Thanks again! Very helpful, instructions were clear and coherent and it fixed the problem straight away! Thanks very much!