Virus

Discussion in 'NZ Computing' started by Craig Shore, Dec 11, 2006.

  1. Craig Shore

    Craig Shore Guest

    I'm after a bit of help here. My wife wanted a file from a place that
    she thought might have been a bit dodgy. She downloaded it anyway,
    and scanned it with Avast. It scanned clean, so she ran it. As soon
    as she did that it installed a heap of trojans through the system.
    The firewall immediatly came up saying programs were trying to access
    the net etc.

    I'm going to reinstall the machine, which I was intending to do soon
    anyway as the Windows partition ran out of space a while back, but
    want to get the system working well enough to move data off the HD
    onto another one.

    At the moment the virus has locked the task manager from access. I've
    tried the registry change to re-enable it but it doesn't work.
    A boottime scan by Avast removes a heap of files, but doesn't get them
    all.
    Removing anything that could be dodgy starting at boottime with
    msconfig doesn't seem to stick either, they still come back in there
    after rebooting.

    Any ideas how I can regain access to the task manager?

    TIA
     
    Craig Shore, Dec 11, 2006
    #1
    1. Advertising

  2. Craig Shore wrote:
    > I'm after a bit of help here. My wife wanted a file from a place that
    > she thought might have been a bit dodgy. She downloaded it anyway,
    > and scanned it with Avast. It scanned clean, so she ran it. As soon
    > as she did that it installed a heap of trojans through the system.
    > The firewall immediatly came up saying programs were trying to access
    > the net etc.
    >
    > I'm going to reinstall the machine, which I was intending to do soon
    > anyway as the Windows partition ran out of space a while back, but
    > want to get the system working well enough to move data off the HD
    > onto another one.
    >
    > At the moment the virus has locked the task manager from access. I've
    > tried the registry change to re-enable it but it doesn't work.
    > A boottime scan by Avast removes a heap of files, but doesn't get them
    > all.
    > Removing anything that could be dodgy starting at boottime with
    > msconfig doesn't seem to stick either, they still come back in there
    > after rebooting.
    >
    > Any ideas how I can regain access to the task manager?
    >
    > TIA


    You could try system restore - to a checkpoint before the install of the
    file
     
    Andrew Lambert, Dec 11, 2006
    #2
    1. Advertising

  3. Craig Shore

    Ross Guest

    On Tue, 12 Dec 2006 08:09:31 +1300, Craig Shore
    <> wrote:

    >I'm after a bit of help here. My wife wanted a file from a place that
    >she thought might have been a bit dodgy. She downloaded it anyway,
    >and scanned it with Avast. It scanned clean, so she ran it. As soon
    >as she did that it installed a heap of trojans through the system.
    >The firewall immediatly came up saying programs were trying to access
    >the net etc.
    >
    >I'm going to reinstall the machine, which I was intending to do soon
    >anyway as the Windows partition ran out of space a while back, but
    >want to get the system working well enough to move data off the HD
    >onto another one.
    >
    >At the moment the virus has locked the task manager from access. I've
    >tried the registry change to re-enable it but it doesn't work.
    >A boottime scan by Avast removes a heap of files, but doesn't get them
    >all.
    >Removing anything that could be dodgy starting at boottime with
    >msconfig doesn't seem to stick either, they still come back in there
    >after rebooting.
    >
    >Any ideas how I can regain access to the task manager?
    >
    >TIA


    I use Enditall2 to kill processes on Win98, 2000, XP.
    It is small and free.
     
    Ross, Dec 11, 2006
    #3
  4. Craig Shore

    impossible Guest

    "Craig Shore" <> wrote in message
    news:...
    > I'm after a bit of help here. My wife wanted a file from a place
    > that
    > she thought might have been a bit dodgy. She downloaded it anyway,
    > and scanned it with Avast. It scanned clean, so she ran it. As soon
    > as she did that it installed a heap of trojans through the system.
    > The firewall immediatly came up saying programs were trying to
    > access
    > the net etc.
    >
    > I'm going to reinstall the machine, which I was intending to do soon
    > anyway as the Windows partition ran out of space a while back, but
    > want to get the system working well enough to move data off the HD
    > onto another one.
    >
    > At the moment the virus has locked the task manager from access.
    > I've
    > tried the registry change to re-enable it but it doesn't work.
    > A boottime scan by Avast removes a heap of files, but doesn't get
    > them
    > all.
    > Removing anything that could be dodgy starting at boottime with
    > msconfig doesn't seem to stick either, they still come back in there
    > after rebooting.
    >
    > Any ideas how I can regain access to the task manager?
    >



    There are actually a few different ways that the task manager can be
    disabled. You don't say exactly what "registry change' you tried, but
    here's a link that shows you some alternatives. You might try them
    all.

    http://windowsxp.mvps.org/Taskmanager_error.htm

    If none of these work, maybe you can simply open a command prompt and
    xcopy the data you need to save elsewhere.
     
    impossible, Dec 11, 2006
    #4
  5. Craig Shore

    Miguel Guest

    Miguel, Dec 11, 2006
    #5
  6. Craig Shore

    E. Scrooge Guest

    "Craig Shore" <> wrote in message
    news:...
    > I'm after a bit of help here. My wife wanted a file from a place that
    > she thought might have been a bit dodgy. She downloaded it anyway,
    > and scanned it with Avast. It scanned clean, so she ran it. As soon
    > as she did that it installed a heap of trojans through the system.
    > The firewall immediatly came up saying programs were trying to access
    > the net etc.
    >
    > I'm going to reinstall the machine, which I was intending to do soon
    > anyway as the Windows partition ran out of space a while back, but
    > want to get the system working well enough to move data off the HD
    > onto another one.
    >
    > At the moment the virus has locked the task manager from access. I've
    > tried the registry change to re-enable it but it doesn't work.
    > A boottime scan by Avast removes a heap of files, but doesn't get them
    > all.
    > Removing anything that could be dodgy starting at boottime with
    > msconfig doesn't seem to stick either, they still come back in there
    > after rebooting.
    >
    > Any ideas how I can regain access to the task manager?
    >
    > TIA


    Do a search on the name of the program that your wife installed. You might
    find a way of removing it, and some real info about it.
    If in doubt of any program you should find out what you can about it.

    You could start in safe mode.
    Also roll back XP to a date before the program was installed.

    After you've tried the easier options then you can look at a re-install.

    E. Scrooge
     
    E. Scrooge, Dec 11, 2006
    #6
  7. Craig Shore

    Miguel Guest

    Miguel, Dec 11, 2006
    #7
  8. Craig Shore

    Jonno Guest

    "Craig Shore" <> wrote in message
    news:...
    > I'm after a bit of help here. My wife wanted a file from a place that
    > she thought might have been a bit dodgy. She downloaded it anyway,
    > and scanned it with Avast. It scanned clean, so she ran it. As soon
    > as she did that it installed a heap of trojans through the system.
    > The firewall immediatly came up saying programs were trying to access
    > the net etc.
    >
    > I'm going to reinstall the machine, which I was intending to do soon
    > anyway as the Windows partition ran out of space a while back, but
    > want to get the system working well enough to move data off the HD
    > onto another one.
    >
    > At the moment the virus has locked the task manager from access. I've
    > tried the registry change to re-enable it but it doesn't work.
    > A boottime scan by Avast removes a heap of files, but doesn't get them
    > all.
    > Removing anything that could be dodgy starting at boottime with
    > msconfig doesn't seem to stick either, they still come back in there
    > after rebooting.
    >
    > Any ideas how I can regain access to the task manager?
    >
    > TIA


    First you have to stop the process that is running it all.

    Download Unlocker from here:
    http://ccollomb.free.fr/unlocker/
    This will enable you to stop and delete any running files

    Then get Process Explorer from here :
    http://www.microsoft.com/technet/sysinternals/ProcessesAndThreads/ProcessExplorer.mspx
    This will enable you to check for and identify and stop any processes that
    shouldn't be running and delete them.

    After that run HiJackThis from here or Google
    http://www.tomcoyote.org/hjt/
    http://www.snapfiles.com/download/dlhijackthis.html
    http://www.majorgeeks.com/download3155.html
    and read the tutorial here:
    http://www.bleepingcomputer.com/tutorials/tutorial42.html

    You may not be able to run HiJackThis before stopping whatever process is
    running virus as some viruses stop HiJackThis from running. Some also try to
    turn your antivirus off.

    Do not turn off your System Restore until after you have cleaned out the
    virus. That way you can always go back even if still infected.

    You need to find out what .exe is restarting the virus. Look for stray files
    in Program Files folder, Program Files\ Common Files Folder and the System32
    folder. Check their names on Google before deleting.

    Also run AVG Spyware Download and update free from AVG site
    and SpyBot Search and Destroy free from their site (update both before
    running)

    Good luck.
     
    Jonno, Dec 11, 2006
    #8
  9. Craig Shore

    Mark C Guest

    Mark C, Dec 11, 2006
    #9
  10. Craig Shore

    Mike Dee Guest

    Mike Dee, Dec 12, 2006
    #10
  11. Craig Shore

    Dave Taylor Guest

    Craig Shore <> wrote in
    news::

    >
    > Any ideas how I can regain access to the task manager?
    >
    > TIA
    >


    Use UBCD4Win or physically pull out the drive and mount it in a known, safe
    machine. Knoppix will work too.

    --
    Ciao, Dave
     
    Dave Taylor, Dec 12, 2006
    #11
  12. Craig Shore

    Mike Dee Guest

    Craig Shore wrote:

    > I'm after a bit of help here. My wife wanted a file from a place that
    > she thought might have been a bit dodgy. She downloaded it anyway,


    What was the actual file name that was downloaded and installed?

    --
    dee
     
    Mike Dee, Dec 12, 2006
    #12
  13. Craig Shore

    E. Scrooge Guest

    "Mike Dee" <> wrote in message
    news:...
    > Craig Shore wrote:
    >
    >> I'm after a bit of help here. My wife wanted a file from a place that
    >> she thought might have been a bit dodgy. She downloaded it anyway,

    >
    > What was the actual file name that was downloaded and installed?
    >
    > --
    > dee


    xtra setup.exe would be my guess.

    E. Scrooge
     
    E. Scrooge, Dec 12, 2006
    #13
  14. Craig Shore

    Miguel Guest

    Miguel, Dec 12, 2006
    #14
  15. Craig Shore

    Craig Shore Guest

    On Tue, 12 Dec 2006 08:39:04 +1300, Andrew Lambert
    <> wrote:

    >You could try system restore - to a checkpoint before the install of the
    >file


    It's inserted trojans into the restore files too. Avast picks up on
    that.
     
    Craig Shore, Dec 12, 2006
    #15
  16. On Tue, 12 Dec 2006 08:09:31 +1300, Craig Shore wrote:

    > Any ideas how I can regain access to the task manager?


    If all you're wanting to do is to transfer data of that M$ box so that you
    can reformat and start all over again, then why don't you use a Live CD,
    mount your HDD, copy the data off, and then away ya go.


    Aquilegia Alyssum

    --
    "The only way Vista client and Longhorn server would make sense
    would be if [the] company was doing a 'forklift upgrade' on its
    entire client-server infrastructure."
     
    Aquilegia Alyssum, Dec 12, 2006
    #16
  17. Craig Shore

    Craig Shore Guest

    On Tue, 12 Dec 2006 18:49:47 +1300, Aquilegia Alyssum
    <> wrote:

    >On Tue, 12 Dec 2006 08:09:31 +1300, Craig Shore wrote:
    >
    >> Any ideas how I can regain access to the task manager?

    >
    >If all you're wanting to do is to transfer data of that M$ box so that you
    >can reformat and start all over again, then why don't you use a Live CD,
    >mount your HDD, copy the data off, and then away ya go.


    Could do that on this laptop running XP too, but....some of the data I
    want to grab off is on a pair of Raid drives in Raid-0 so I think it
    needs to be running Win on that machine as set up.
    Restoring from backups is an option, but seeing as we're talking
    160gigs off those drives, and about another 60 off another normal
    drive, doing a HD to HD copy seems the easier way.
     
    Craig Shore, Dec 12, 2006
    #17
  18. Craig Shore

    Craig Shore Guest

    I believe I have it all sorted now using a few of the tools suggested
    here.

    The knowledge shared in this group is pretty awesome at times.

    Thanks guys.
     
    Craig Shore, Dec 12, 2006
    #18
  19. Craig Shore

    Mike Dee Guest

    "E. Scrooge" <scrooge@*shot.co.nz (*sling)> wrote in
    news:1165892462.750416@ftpsrv1:

    > "Mike Dee" <> wrote:


    >> What was the actual file name that was downloaded and installed?

    >
    > xtra setup.exe would be my guess.


    Heh! Cute, but not quite the reply I'd hope for :)

    --
    dee
     
    Mike Dee, Dec 12, 2006
    #19
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Phil B

    Virus, Virus, Virus.....

    Phil B, Sep 22, 2003, in forum: Computer Support
    Replies:
    2
    Views:
    620
    DaveW
    Sep 22, 2003
  2. DS

    Virus in virus?

    DS, Feb 8, 2004, in forum: Computer Support
    Replies:
    3
    Views:
    543
  3. Dangermouse

    virus or not virus

    Dangermouse, Oct 12, 2005, in forum: Computer Support
    Replies:
    5
    Views:
    564
    ellis_jay
    Oct 13, 2005
  4. Peter Maurice Cram

    Norton virus protection shutsdown - virus?

    Peter Maurice Cram, Sep 11, 2004, in forum: Computer Information
    Replies:
    2
    Views:
    654
    WebWalker
    Sep 12, 2004
  5. brenda

    Virus Virus

    brenda, Oct 15, 2007, in forum: Computer Support
    Replies:
    11
    Views:
    1,014
    Desk Rabbit
    Oct 16, 2007
Loading...

Share This Page