task manager and regedit disabled by a virus

June 10, 2011 at 05:39:39
Specs: Windows 7
im so frustrated and dont know what to do anymore, please help. i know as much as there is a virus blocking me from task manager and "critical" errors keep occuring

See More: task manager and regedit disabled by a virus

Report •

#1
June 10, 2011 at 06:21:35
http://prohackingtricks.blogspot.co...

will allow you to enabel everything


Report •

#2
June 10, 2011 at 09:52:20
Hi Collin,

Try following this removal guide: http://realsecurity.web.officelive....

It should help solve your virus problems.


Report •

#3
June 10, 2011 at 11:58:53
Try these free removal tools:
Malwarebytes:
http://www.filehippo.com/download_m...
Run a full scan and fix all it finds

download and run Ccleaner slim:
http://www.piriform.com/ccleaner/do...
Run the program and fix all it finds
Then click on the registry button on the left side of ccleaner, run that and delete the entries it finds.

After that, reset internet explorer:
Click on tools/internet options/advanced and at the bottom of that click on reset
Also put a checkmark in for deleting all personal information.

I just used that fixed a clients PC with the above (same problem as yours) and it worked like a charm.

Let me know how you make out, thanks

Some HELP in posting on Computing.net plus free progs and instructions Cheers


Report •

Related Solutions

#4
June 10, 2011 at 15:55:09
collinw94,

Try the following:

Download Re-Enable:
http://www.softpedia.com/progDownlo...

Select the 'Softpedia Secure Download (US)'

For XP, simply double-click RogueKiller.exe
For Vista/Windows 7, right click the file and select: Run as Administrator

At the program screen, press ‘Check/Uncheck All,’ to clear the entries.
Next, select/tick:
Task Manager
Regedit

Now, press: ‘Re-Enable’

Restart the computer.
After the reboot, if Task Manager and Regedit are disabled again (restriction ), >SuperAntiSpyware< includes a feature that allows you to repair various settings that are often changed by malware infections.

Download/install SuperAntiSpyware Free Edition:
http://www.superantispyware.com/dow...

Save to the Desktop
Double-click on the SUPERAntiSpyware setup file to launch the installer.

When done installing, open SuperAntiSpyware
Click on Preferences
Click: Repairs tab
Scroll down and select Enable Task Manager
Click Perform Repair and follow the prompts.

When done, start SuperAntiSpyware again, select:
Scan your computer > Perform a Complete Scan

Once again, on the main screen, click on the Preferences button.
Click on the Statistics/Logs tab
Double-click on the most current log.

Please provide the SuperAntiSpyware log in your reply.

~~~~
Retired - Doin' Dis, Dat, and slapping malware!


Report •

#5
September 28, 2011 at 09:21:45
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7817

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

9/28/2011 9:20:19 PM
mbam-log-2011-09-28 (21-20-19).txt

Scan type: Full scan (D:\|E:\|F:\|)
Objects scanned: 195330
Time elapsed: 1 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 5
Folders Infected: 0
Files Infected: 17

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AMSINT32 (Virus.Sality) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\amsint32 (Virus.Sality) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (PUM.Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
d:\bdoy.pif (Malware.Packer.Gen) -> Delete on reboot.
e:\wdhheu.exe (Malware.Packer.Gen) -> Delete on reboot.
e:\system volume information\_restore{a55425bf-3f17-4a8c-abca-328b96be6fcf}\RP188\A0256207.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
e:\system volume information\_restore{a55425bf-3f17-4a8c-abca-328b96be6fcf}\RP189\A0256443.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
e:\system volume information\_restore{a55425bf-3f17-4a8c-abca-328b96be6fcf}\RP191\A0256749.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
e:\system volume information\_restore{a55425bf-3f17-4a8c-abca-328b96be6fcf}\RP191\A0256834.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
e:\system volume information\_restore{a55425bf-3f17-4a8c-abca-328b96be6fcf}\RP191\A0257028.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
e:\system volume information\_restore{a55425bf-3f17-4a8c-abca-328b96be6fcf}\RP191\A0257106.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
e:\system volume information\_restore{a55425bf-3f17-4a8c-abca-328b96be6fcf}\RP191\A0257170.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
f:\sbfxm.exe (Malware.Packer.Gen) -> Delete on reboot.
f:\system volume information\_restore{a55425bf-3f17-4a8c-abca-328b96be6fcf}\RP188\A0256257.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
f:\system volume information\_restore{a55425bf-3f17-4a8c-abca-328b96be6fcf}\RP189\A0256322.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
f:\system volume information\_restore{a55425bf-3f17-4a8c-abca-328b96be6fcf}\RP189\A0256481.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
f:\system volume information\_restore{a55425bf-3f17-4a8c-abca-328b96be6fcf}\RP191\A0256794.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
f:\system volume information\_restore{a55425bf-3f17-4a8c-abca-328b96be6fcf}\RP191\A0256877.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
f:\system volume information\_restore{a55425bf-3f17-4a8c-abca-328b96be6fcf}\RP191\A0257056.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
f:\system volume information\_restore{a55425bf-3f17-4a8c-abca-328b96be6fcf}\RP191\A0257203.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

This is the LOG that was generated, I still am facing the same problem, it gets fixed for a small time, but then it gets back to where it was started !! HELLP


Report •

Ask Question