Run, Registry and Task Manager disabled

[winsleyb4u]

Hi,

I have a system with windows xp pro sp2 in my office (connected to
LAN). I guess my system is affected my a virus.

1. Run is not showing up
2. Task manager is disabled. On pressing ctrl+shift+esc it says "Task
manager has been disabled by your administrator".
3. Registry is disabled. When i double click regedit.exe, it says
"Registry editing has been disabled by your administrator".
4. Whenever i open IE, the home page is "http://quicknews.info/' (even
if i delete it from the home page).

I saw a few threads reg the same problem but it doesnt seem to work
for me. I dont know if its because that im in a network. Can somebody
please help me out coz im a pure novice here.

 

[Malke]

Hi,

I have a system with windows xp pro sp2 in my office (connected to
LAN). I guess my system is affected my a virus.

1. Run is not showing up
2. Task manager is disabled. On pressing ctrl+shift+esc it says "Task
manager has been disabled by your administrator".
3. Registry is disabled. When i double click regedit.exe, it says
"Registry editing has been disabled by your administrator".
4. Whenever i open IE, the home page is "http://quicknews.info/' (even
if i delete it from the home page).

I saw a few threads reg the same problem but it doesnt seem to work
for me. I dont know if its because that im in a network. Can somebody
please help me out coz im a pure novice here.

You need to disconnect the machine from the network and clean it up.
Because this machine is part of a network, you will also need to scan
all the other machines on the network. I understand this is a lot of
work but it is necessary. If the machine is infected by a network-aware
worm, the probability that all the other machines are now infected is
very high. Here are general malware removal steps. Since you say you are
a novice, please read the standard caveat below. I think you should
have a professional come on-site, but only you can make that decision.

Go through these general malware removal steps systematically -
http://www.elephantboycomputers.com/page2.html#Removing_Malware

Include scanning with either Sysclean or Multi_AV, plus AVG Anti-Spyware
(formerly Ewido - http://www.ewido.net/en/) and follow instructions to
do all scans in Safe Mode.

When all else fails, run HijackThis and post your log in one of the
specialty forums listed at the link above (not here, please).

Standard caveat: If the procedures look too complex - and there is no
shame in admitting this isn't your cup of tea - take the machine to a
professional computer repair shop (not your local version of
BigStoreUSA). Please be aware that not all local shops are skilled at
removing malware and even if they are, your computer may be so infested
that Windows will need to be clean-installed. Have all your data backed
up before you take the machine into a shop.

Or in your case since this is at a business, have someone reputable come
on-site.


Malke

 

[Mark Dormer]

Hi,

I have a system with windows xp pro sp2 in my office (connected to
LAN). I guess my system is affected my a virus.

1. Run is not showing up
2. Task manager is disabled. On pressing ctrl+shift+esc it says "Task
manager has been disabled by your administrator".
3. Registry is disabled. When i double click regedit.exe, it says
"Registry editing has been disabled by your administrator".
4. Whenever i open IE, the home page is "http://quicknews.info/' (even
if i delete it from the home page).

I saw a few threads reg the same problem but it doesnt seem to work
for me. I dont know if its because that im in a network. Can somebody
please help me out coz im a pure novice here.

You have been infected by W32.Imaut.U

http://www.symantec.com/smb/security_response/writeup.jsp?docid=2007-010615-5630-99&tabid=2

 

[winsleyb4u]

You have been infected by W32.Imaut.U

http://www.symantec.com/smb/security_response/writeup.jsp?docid=2007-...- Hide quoted text -

- Show quoted text -

Thanks Malke & Mark for your help