whats going on here?

[Peter F]

Hi All,

I have just had my mates PC to repair quite a few malware and viruses that
they have. However, after successfully installing Malware and Spybot I
attempt to run the apps but nothing happens. After clicking on Task Manager i
had a message which said "Task Manager has been disabled by your
administrator".

I tried running gpedit.msc but there is not such file on the computer. I
have run mmc to try to install the application but it does not exist in the
drop down list. I have also tried to run Regedit but this also comes up with
a message "Registry editing has been disabled by your administrator".

Please can someone help me with this problem.

Cheers

 

[Malke]

Hi All,

I have just had my mates PC to repair quite a few malware and viruses that
they have. However, after successfully installing Malware and Spybot I
attempt to run the apps but nothing happens. After clicking on Task
Manager i had a message which said "Task Manager has been disabled by your
administrator".

I tried running gpedit.msc but there is not such file on the computer. I
have run mmc to try to install the application but it does not exist in
the drop down list. I have also tried to run Regedit but this also comes
up with a message "Registry editing has been disabled by your
administrator".

The computer is seriously infected. You can either:

1. Follow the instructions below;
2. Back up your mate's data and clean install Windows;
3. Have your mate take the machine to a competent local computer shop (not a
BigComputerStore/GeekSquad type of place).

It's your (and your mate's) choice of course.

Go through these general malware removal steps systematically -
http://www.elephantboycomputers.com/page2.html#Removing_Malware

Include scanning with David Lipman's Multi_AV and follow instructions to do
all scans in Safe Mode. Please see the special Notes regarding using
Multi_AV in Vista.

http://www.elephantboycomputers.com/page2.html#Multi-AV - instructions
http://tinyurl.com/yoeru3 - download link and more instructions

You can also check to see if there are targeted removal steps for your
malware here:
Bleeping Computer removal how-to's -
http://www.bleepingcomputer.com/forums/forum55.html
Or here: Malwarebytes malware removal guides - http://tinyurl.com/5xrpft

When all else fails, get guided help. Choose one of the specialty forums
listed at the first link. Register and read its posting FAQ. PLEASE DO NOT
POST LOGS IN THE MS NEWSGROUPS.

Malke

 

[PA Bear [MS MVP]]

NB: If your mate had no anti-virus application installed or the subscription
had expired *when the machine first got infected* and/or the subscription
has since expired and/or the machine's not been kept fully-patched at
Windows Update, don't waste your time with any of the below: Format &
reinstall Windows. A Repair Install will NOT help!

1. See if you can download/run the MSRT manually:
http://www.microsoft.com/security/malwareremove/default.mspx

NB: Run the FULL scan, not the QUICK scan! You may need to download the
MSRT on a non-infected machine, then transfer MRT.EXE to the infected
machine and rename it to SCAN.EXE before running it.

2. [WinXP ONLY!! =>] Run the Windows Live Safety Center's 'Protection' scan
(only!) in Safe Mode with Networking, if need be:
http://onecare.live.com/site/en-us/center/howsafe.htm

3. Run a /thorough/ check for hijackware, including posting the requested
logs in an appropriate forum, not here.

Checking for/Help with Hijackware
http://aumha.net/viewtopic.php?f=30&t=4075
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://www.elephantboycomputers.com/page2.html#Removing_Malware

**Seek expert assistance in
http://spywarehammer.com/simplemachinesforum/index.php?board=10.0,
http://forums.spybot.info/forumdisplay.php?f=22,
http://www.dslreports.com/forum/cleanup, http://aumha.net/viewforum.php?f=30
or other appropriate forums.**

If these procedures look too complex - and there is no shame in admitting
this isn't your cup of tea - take the machine to a local, reputable and
independent (i.e., not BigBoxStoreUSA) computer repair shop.

 

[Gerry]

Flinty

Rename mbam.exe to flinty.exe and try malwarebytes again.

"Some malicious software will not let processes run just by their name
you see in Task Manager - mbam.exe, regedit.ext, cmd.exe, rstrui.exe,
etc. They think they know all the tricks. That is why renaming
sometimes will work enough to get you going. Try copying to something
besides test.exe. Maybe they already thought about test.exe."
Source: Jose


--


Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

 

[raman]

no the only thing you can do is just format the drive and reinstall
windows and make sure you have the driver backup also most probably
you were infected with worms BRONTOK.DC and Tanatos.m these worms
generally come through the email and most probably at that time you
did not have an antivirus software installed.

 

[Peter F]

Hi Malke, PA Bear, Gerry, raman,

Thanks very much for you replies it is very much appreciated.

I tried several of your sugestions but none seemed to work. I came to the
conclusion that the best course of action would be a complete rebuild of the
machine. I have now rebuilt and installed AV and a number of free malware,
spybot applications.

Hopefully this will be enough to keep out the unwanted intruders.

Once again thanx every so much for your suggestions.

 

[Gerry]

Raman

Rarely is a solution the only solution. Don't make statements you cannot
substantiate. I am not the one needing your advice. Next time please
address your response to the one needing your advice or perhaps they do
not need your advice!

--


Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

 

[PA Bear [MS MVP]]

Excellent idea!

Backup your personal data, then do a format & clean install of Windows.
Please note that a Repair Install (AKA in-place upgrade) will NOT fix this!

After the clean install, you'll have the equivalent of a "new computer" so
take care of everything on the following page before otherwise connecting
the machine to the internet or a network and before using a USB key that
isn't brand-new or hasn't been freshly formatted:

5 steps to help protect your new computer before you go online
http://www.microsoft.com/protect/computer/advanced/xppc.mspx

Also see:

Steps To Help Prevent Spyware
http://www.microsoft.com/protect/computer/spyware/prevent.mspx

Rogue Security Software - Microsoft Security:
http://www.microsoft.com/protect/computer/viruses/rogue.mspx

 

[C.Joseph Drayton]

Hi All,

I have just had my mates PC to repair quite a few malware and viruses that
they have. However, after successfully installing Malware and Spybot I
attempt to run the apps but nothing happens. After clicking on Task Manager i
had a message which said "Task Manager has been disabled by your
administrator".

I tried running gpedit.msc but there is not such file on the computer. I
have run mmc to try to install the application but it does not exist in the
drop down list. I have also tried to run Regedit but this also comes up with
a message "Registry editing has been disabled by your administrator".

Please can someone help me with this problem.

Cheers

Hi Flinty,

It is probably a mal-ware infestation, and the only way to
really clean it is to use a boot disk like UBCD4Win. Run
ClamWin or some similar anti-virus. I would also run Spybot
from under UBCD4Win. At that point, you can then uninstall
whatever firewall and anti-virus is on the machine. Then run
the ant-virus one more time from the boot CD.

Once the system is relatively clean, you can then
re-install you firewall and anti-virus. Make sure that the
anti-virus is installed before you connect to the internet
to install your anti-virus and updates.

Sincerely,
C.Joseph Drayton, Ph.D. AS&T

CSD Computer Services

Web site: http://csdcs.site90.net/
E-mail: (e-mail address removed)90.net