Regedit and Task Manager problems

[Robert]

I cannot open regedit or task manager. I have seen
postings about a virus called cyberwolf but I have been
through my registry with a fine toothed comb and have
found nothing any of the postings talk about.

I have scanned with Norton's in safe mode and regular
mode, I have uninstalled reinstalled and updated the
definitions and scanned again, but nothing lets me run
taskman, renaming regedit.exe to regedit.com allows me to
get into the registry but that does not work on task
manager.

In safe mode everything works fine.

Does anyone have any ideas (other than always working in
safe mode... HAHA)?

Thanks in advance!

- Bob

 

[Gary Haugen]

I am also experiencing the same problem on my daughter's computer. It was
infected with the blaster worm, which I think I was able to get rid of.
(Hard to tell for sure not being able to open task manager.)

The system now runs very slowly, like what I believe is being described by
karthikkumar in the post below. On a machine with 128 megs of ram, less
than 8 megs are available with no major applications (e.g. Word, internet
explorer).

My guess is that some process is running that is using all the system
resources. I will try renaming task manager to a com extension and see what
processes are running. Like Robert, anti-virus not solving this issue.
Any other suggestions would be greatly appreciated.

 

[Robert]

Hey Maureen,

That fix was on Symantec first and I tried it a few days
ago... still nothing... Thanks for the help tho

 

[Doug Knox MS-MVP]

For Task Manager, open a Command Prompt window and type the following
command

COPY C:\Windows\System32\Taskmgr.exe C:\Windows\System32\Taskmgr1.exe

Then enter

C:\Windows\System32\Taskmgr1.exe

Task Manager should now run. Look in processes for anything you don't
recognize. Specifically WUAUMGR.EXE This is a known file name of the Spybot
virus, and its beginning to look like there's a new variant of it.

You can also look in the Registry in:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

for anything you don't recognize, or that contains the above file name. If
you find anything suspicious, please post back with the details.

 

[Kelly]

What fix, Robert?

/xp_tweaks.htm

Top 10 Frequently Asked Questions and Answers
http://www.kellys-korner-xp.com/top10faqs.htm

 

[Dala]

Hello, posting from a new user in the thread!

I've renamed both regedit.exe and taskmgr.exe and they both runs ok.
But I have not been able to find anything suspicious in the registry.
I have also done a virus scan both with my virus scanner on disk
aswell as from symantecs web page. I have tried a lot of .reg files
and tips for virus removal but have found nothing.

There is no suspicious entry among running tasks, I don't have the
WUAUMGR.EXE process and that file is not on disk either.

I dosen't have any suspicious entry in neither of the run keys in the
registry either. There is no load command, I have found nothing yet
that could cause this behavior.

Are there any additional info that could help me find what process
that's responsible for my problems.

///David

 

[Kelly]

Hi Dala,

Run the script on line 261 (Startup Programs...) and send Doug or myself
the log file via e-mail. http://www.kellys-korner-xp.com/xp_tweaks.htm

/xp_tweaks.htm

Top 10 Frequently Asked Questions and Answers
http://www.kellys-korner-xp.com/top10faqs.htm

 

[David]

Thanks to Kelly I managed to get rid of the malware, here's the
solution that worked for me:

Hi David,

Here is your problem: Get rid of these now:

Winsock2 driver WINLODR.SCR
winlodr.scr "C:\WINDOWS\System32\WINLODR.SCR" /S

Open the Task Manager and end process on:
winlodr.scr "C:\WINDOWS\System32\WINLODR.SCR" /S

Once done, go to Start/Run/Regedit:

HKEY_CURRENT_USER\Software\Microsoft\Windows\Current
Version\RunOnce

In the right pane, right click and delete Winsock2 driver WINLODR.SCR.

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Current
Version\Run

In the right pane, right click and delete Winsock2 driver WINLODR.SCR.

All the Best,
Kelly

MS-MVP Win98/XP
[AE-Windows® XP]

 

[Kelly]

You are very welcome, David. And thanks for the feedback, this will
hopefully help others. Glad to have helped.

/xp_tweaks.htm

Top 10 Frequently Asked Questions and Answers
http://www.kellys-korner-xp.com/top10faqs.htm

Thanks to Kelly I managed to get rid of the malware, here's the
solution that worked for me:

Hi David,

Here is your problem: Get rid of these now:

Winsock2 driver WINLODR.SCR
winlodr.scr "C:\WINDOWS\System32\WINLODR.SCR" /S

Open the Task Manager and end process on:
winlodr.scr "C:\WINDOWS\System32\WINLODR.SCR" /S

Once done, go to Start/Run/Regedit:

HKEY_CURRENT_USER\Software\Microsoft\Windows\Current
Version\RunOnce

In the right pane, right click and delete Winsock2 driver WINLODR.SCR.

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Current
Version\Run

In the right pane, right click and delete Winsock2 driver WINLODR.SCR.

All the Best,
Kelly

MS-MVP Win98/XP
[AE-Windows® XP]

Hi Dala,

Run the script on line 261 (Startup Programs...) and send Doug or myself
the log file via e-mail. http://www.kellys-korner-xp.com/xp_tweaks.htm