The symptoms of the virus are as follows:
1). "Task manager has been disabled by administrator". When ever I change its settings in "gpedit.msc" it changes back to the same after some time.
2). "Registry editor has been disabled by administrator". It is also the same as the task manager thing.
3). Folder options- When I check "Show Hidden" files options in folder options; it changes to "DO NOT show hidden files" Again when i click OK
4). When I insert a removable media it copies some hidden system files and some cmd files shortcut.(I saw it in some other computer). The file is psxury.exe, it either has a notepad icon or minesweeper icon.
Some of the processes running which i suspect are notepad.exe and the minesweper executable and more over there are some files which open with different name every time for eg w98846.exe it changes its name every time.
I cant boot into safe mode i tried it.
Using RRT tool is no use it changes back to the same after some time. Folder options is there we can choose show hidden files but when we click OK it changes back to same.
It does not allow to install AVG it deletes some certificates.
There are some files in system32 folder like tskkill.exe, taskmankill, taskkill.exe....etc.
NOTE- This virus has spread over my whole network. Even though i have a small one. I has affected 10 desktops and 2 laptops
If you happen to know the viruses name please tell that also if you dont just tell me the solution
I have tried all sorts of stuffs.
I would appreciate, If you tell me NOT to format. Beacuse if it was to format I would not post a question here.
i happened to kill some processes unluckily and this is the hijack this log file