Task manager, Command Prompt, Registry Editor - All disabled

[Seth]

Hi,
I am using a genuine Windows XP Home edition.
Since last few days, despite using the administrator account, the Task
manager, Command Prompt, Registry Editor have all been automatically disabled.

Just not able to get them back.

When I start the laptop, i get a message "Failed to connect to Internet",
with 2 button "Work Offline" and "Try again"

I was worried if it was due to a virus so I tried installing the latest
Norton Antivirus, but that too is getting stuck up at the activation screen.

So neither I can install/uninstall anything, nor can run the antivirus
program, and cannot even access any admin utilities.

Can someone kindly help how to fix this problem?
Thanks a lot,

Seth

 

[Malke]

Hi,
I am using a genuine Windows XP Home edition.
Since last few days, despite using the administrator account, the Task
manager, Command Prompt, Registry Editor have all been automatically disabled.

Just not able to get them back.

When I start the laptop, i get a message "Failed to connect to Internet",
with 2 button "Work Offline" and "Try again"

I was worried if it was due to a virus so I tried installing the latest
Norton Antivirus, but that too is getting stuck up at the activation screen.

So neither I can install/uninstall anything, nor can run the antivirus
program, and cannot even access any admin utilities.

Usually you can't install an antivirus on an already-infected machine.
And Norton would be one of the worst choices anyway. I don't see from
your post why you think you can't install anything, but it may still be
possible to clean up the machine. Only you know your skill level; if you
don't have pretty good computer skills, see the Standard Caveat at the
end of this post.

Go through these general malware removal steps systematically -
http://www.elephantboycomputers.com/page2.html#Removing_Malware

Include scanning with David Lipman's Multi_AV and follow instructions to
do all scans in Safe Mode.

http://www.elephantboycomputers.com/page2.html#Multi-AV - instructions
http://www.pctipp.ch/downloads/sicherheit/35905/multi_av_scanning_tool.html
- download site

The site is in German but David's tool is in English so don't let that
worry you. Scroll all the way down to almost the bottom of the page and
you'll see a box titled "Infos Zum Download - Multi-AV Scanning Tool".
You'll see "Download von www pctipp.ch" and the live link to download
Multi_AV.

You can also check to see if there are targeted removal steps for your
malware here:
Bleeping Computer removal how-to's -
http://www.bleepingcomputer.com/forums/forum55.html

When all else fails, run HijackThis and post your log in one of the
specialty forums listed at the first link above (not here, please).

Standard caveat: If the procedures look too complex - and there is no
shame in admitting this isn't your cup of tea - take the machine to a
professional computer repair shop (not your local version of
BigComputerStore/GeekSquad). Please be aware that not all local shops
are skilled at removing malware and even if they are, your computer may
be so infested that Windows will need to be clean-installed. Have all
your data backed up before you take the machine into a shop.


Malke

 

[Bruce Chambers]

Hi,
I am using a genuine Windows XP Home edition.
Since last few days, despite using the administrator account, the Task
manager, Command Prompt, Registry Editor have all been automatically disabled.

Just not able to get them back.

When I start the laptop, i get a message "Failed to connect to Internet",
with 2 button "Work Offline" and "Try again"

I was worried if it was due to a virus so I tried installing the latest
Norton Antivirus, but that too is getting stuck up at the activation screen.

So neither I can install/uninstall anything, nor can run the antivirus
program, and cannot even access any admin utilities.

Can someone kindly help how to fix this problem?
Thanks a lot,

Seth

The type of behavior you describe is typical behavior of more than
one virus/worm, the three below being the most common:

W32.Klez
http://securityresponse.symantec.com/avcenter/venc/data/[email protected]

W32.Yaha
http://securityresponse.symantec.com/avcenter/venc/data/[email protected]

W32.Spybot.Worm
http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html

Because many of the newer viruses and worms, such as the Spybot
mentioned above, can disable antivirus applications whose definitions
aren't kept up-to-date, try using one or more of the free on-line
scanners to double-check your system.

Trend Micro - Free online virus Scan
http://housecall.trendmicro.com/

McAfee Security - FreeScan
http://www.mcafee.com/myapps/mfs/default.asp

Symantec Security Check
http://security.symantec.com/ssc/home.asp

Panda ActiveScan - Free online scanner
http://www.pandasoftware.com/activescan/com/activescan_principal.htm

Computer Associates:
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx

DialogueScience:
http://www.antivir.ru/english/www_av/

F-Secure:
http://support.f-secure.com/enu/home/ols.shtml

BitDefender
http://www.bitdefender.com/scan/license.php

Freedom Online scanner
http://www.freedom.net/viruscenter/index.html



--

Bruce Chambers

Help us help you:


They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. ~Benjamin Franklin

Many people would rather die than think; in fact, most do. ~Bertrand Russell

The philosopher has never killed any priests, whereas the priest has
killed a great many philosophers.
~ Denis Diderot

 

[Seth]

Dear Malke,

I am really very thankful to you for your suggested solution.
After 2 days of patience and step-by-step dedicated work, i finally managed
to fix my computer.

Thanks a lot !

However, I am still facing one problem. When I connect to the internet, I
cannot opnen any website in any of the browsers. I am using a simple dial-up
connection without any firewall and tried with 3 different browsers - IE 7,
Firefox and Netscape. All are unable to open any website.

However, when I do a "ping" or "tracert" on site like www.yahoo.com, it
clearly shows me the IP address. The ping and tracert response is always
"Request timed out", but it is able to show me the IP address and the
hostname.

Any suggestions on how to fix this issue?

Thanks,
Seth

 

[Seth]

Dear Bruce,

Thanks a lot for your suggestion. I could not connect to the internet using
my infected laptop, so I tried the solution suggested by Malke - and it fixed
the problem.

However, I am still facing one problem. When I connect to the internet, I
cannot opnen any website in any of the browsers. I am using a simple dial-up
connection without any firewall and tried with 3 different browsers - IE 7,
Firefox and Netscape. All are unable to open any website.

However, when I do a "ping" or "tracert" on site like www.yahoo.com, it
clearly shows me the IP address. The ping and tracert response is always
"Request timed out", but it is able to show me the IP address and the
hostname.

Any suggestions on how to fix this issue?

Thanks a lot for your help.


Regards,
Seth

 

[Malke]

Dear Bruce,

Thanks a lot for your suggestion. I could not connect to the internet using
my infected laptop, so I tried the solution suggested by Malke - and it fixed
the problem.

However, I am still facing one problem. When I connect to the internet, I
cannot opnen any website in any of the browsers. I am using a simple dial-up
connection without any firewall and tried with 3 different browsers - IE 7,
Firefox and Netscape. All are unable to open any website.

However, when I do a "ping" or "tracert" on site like www.yahoo.com, it
clearly shows me the IP address. The ping and tracert response is always
"Request timed out", but it is able to show me the IP address and the
hostname.

As stated in the general malware removal steps at the Elephant Boy link
I gave you, very often malware will damage the TCP/IP stack. Here is the
relevant information from the link:

D. Recap of what you will need to have on-hand before you start the
cleanup process

1. LSPFix or WinSockFix for XP - see links - in case the malware removal
breaks your Internet connectivity. If you have XP SP2, you don't need
either program since you can repair the connection from the commandline:

Start>Run>cmd [enter]
netsh winsock reset catalog [enter]

And here is the link for WinSockFix since you have XP:
http://www.cexx.org/lspfix.htm


Malke