unable to open taskmanager and regedit

[miken]

Helping a friend - his xp-home was infected with:

1- backdoor.sdbot.gen
2- trojan.horse
3- aol.pwsteal.trojan
4- download.trojan

And there were @12 different adware\malware programs
running. His machine was highjacked.

I got most things cleared using Norton 2005, SpyBot S+D,
the freeware from LvaSoft and manually deleting stuff.

One problem remains, two toolbars launch when I start IE.
One startsup on the the bottom of the screen and seems to
run on the desktop, it remains if I close IE. The second
is glued up top and has links to a site lop.com

Problem-1: when I cntrl-alt-del to start taskmanager it
opens for a fraction then closes. I'm trying to see what
programs are running the toolbars, I'll go after them in
the registry.

Problem-2: same response when I try to open regedit.

Regedit works OK in safe-mode - taskmanager dosn't.
Taskmanager dosn't work in any mode. And, the admin
acccount is not visible in cntrl panel->user accounts but
it is in safe-mode.

Can someone help me through this.

Regards, Mike

 

[David H. Lipman]

1) Download the following three items...

Trend Sysclean Package
http://www.trendmicro.com/download/dcs.asp

Latest Trend signature files.
http://www.trendmicro.com/download/pattern.asp

Adaware SE
http://www.lavasoftusa.com/

Create a directory.
On drive "C:\"
(e.g., "c:\New Folder")
or the desktop
(e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")

Download sysclean.com and place it in that directory.
Dowload the signature files (pattern files) by obtaining the ZIP file.
For example; lpt186.zip

Extract the contents of the ZIP file and place the contents in the same directory as
sysclean.com.

2) If you are using WinME or WinXP, disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
3) Reboot your PC into Safe Mode
4) Using both the Trend Sysclean utility and Adaware, perform a Full Scan of your
platform and clean/delete any infectors/parasites found.
5) Restart your PC and perform a "final" Full Scan of your platform using both the
Trend Sysclean utility and Adaware
6) If you are using WinME or WinXP,Re-enable System Restore and re-apply any
System Restore preferences, (e.g. HD space to use suggested 400 ~ 600MB),
7) Reboot your PC.
8) If you are using WinME or WinXP, create a new Restore point
9) Please report back your results

Dave





| Helping a friend - his xp-home was infected with:
|
| 1- backdoor.sdbot.gen
| 2- trojan.horse
| 3- aol.pwsteal.trojan
| 4- download.trojan
|
| And there were @12 different adware\malware programs
| running. His machine was highjacked.
|
| I got most things cleared using Norton 2005, SpyBot S+D,
| the freeware from LvaSoft and manually deleting stuff.
|
| One problem remains, two toolbars launch when I start IE.
| One startsup on the the bottom of the screen and seems to
| run on the desktop, it remains if I close IE. The second
| is glued up top and has links to a site lop.com
|
| Problem-1: when I cntrl-alt-del to start taskmanager it
| opens for a fraction then closes. I'm trying to see what
| programs are running the toolbars, I'll go after them in
| the registry.
|
| Problem-2: same response when I try to open regedit.
|
| Regedit works OK in safe-mode - taskmanager dosn't.
| Taskmanager dosn't work in any mode. And, the admin
| acccount is not visible in cntrl panel->user accounts but
| it is in safe-mode.
|
| Can someone help me through this.
|
| Regards, Mike