Virus that disables everything

Justin M January 27, 2009 at 10:38:47
Specs: Windows XP
I have some type of virus/trojan/malware that completely locks down my computer. It started out as just slowing down my computer, but every time I tried something to remove it, it just got worse and worse. Programs that I would normally be able to use would stop working, such as iTunes, World of Warcraft, Ventrilo, etc. I keep getting the message, "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item." Here's a list of other things that seem to be wrong:
- Task Manager is disabled, and no matter what I do, I can't get it to work again. The message "Task Manager has been disabled by your administrator" keeps popping up.
- I can't access anything that has to do with my registries. A message like "Registry Editing has been disabled" or something like that keeps popping up.
- NO anti-virus software seems to work. Either some type of error occurs and they can't be installed, they can be installed but immediately close when I try to open them, or they can open but don't detect anything when I run scans. Lavasoft Ad-Aware doesn't detect anything, AVG and STOPzilla do not work at all and won't even install, and Spybot keeps closing whenever I try to open it. I was able to somehow open Spybot once and when I ran a scan it had things like "Task Manager Disable," "Registry Edit Disable," "Windows Firewall Disable," and "Windows Firewall Override" all listed. I selected to have the problems fixed and closed Spybot, but the problem wasn't fixed and I haven't been able to open Spybot since then.
- I cannot uninstall anything. Error messages keep popping up when I try to uninstall programs.
- I cannot put my system in safe mode. An error message keeps popping up and I can only start my system in regular mode.
I'm afraid I have some type of keylogger and don't want to buy anything over the internet, and I lost the discs for my system reformatting. I have NO idea what to do, as nothing seems to work. Any help will be greatly appreciated. Thank you!

See More: Virus that disables everything

Report •

January 27, 2009 at 17:21:46
Do you know if you are running xp sp1, sp2, or sp3 update. If we know this we can make a .reg file that may repair the registry so that we can get safe mode operational again. If you can, go to start> control panel> system and you should be able to see what update version you have.

You may be able to download the following tools to a cd or jump drive and run them on the infected computer.

Please download Malwarebytes' Anti-Malware from one of these sites:



Rename the setup file, mbam-setup.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename mbam-setup.exe to tool.exe> click save.

1. Double Click tool.exe to install the application.
2. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
3. If an update is found, it will download and install the latest version.
4. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient.
5. When the scan is complete, click OK, then Show Results to view the results.
6. Make sure that everything found is checked, and click Remove Selected.
7. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
8. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
9. Copy&Paste the entire report in your next reply.

If Malwarebytes installed but will not run navigate to this folder:

C:\Programs Files\Malwarebytes' AntiMalware

Rename all the .exe files in the MAlwarebytes' Anti-Malware folder and try to run it again.

Please download and install the latest version of HijackThis v2.0.2:

Download the "HijackThis" Installer from this link:
Hijack This

Rename the setup file, HJTInstall.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename HJTInstall.exe to tools.exe> click save.
1. Save " tools.exe" to your desktop.
2. Double click on tools.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
8. Paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

Report •

January 27, 2009 at 18:19:17
I have the exact same virus that Justin M was describing, down to a T. I am going to follow your advice jabuck, and I'll post my results tomorrow. I'm very eager to get rid of this- none of my programs are working.

Another thing is that I have no internet access. I'm using a campus pc to help matters.

Report •

January 27, 2009 at 18:50:42
compreto, please start a new thread and don't post any logs until ask to do so, just state the problem you have and what you have done to resolve it so far.

Report •

Related Solutions

January 28, 2009 at 08:20:02
i have also similar to above problems so (1.) i run kaspersky internet security latest n updated version along with Malwarebytes' AntiMalware (2.)started windows(xp 2) in safe mode and restore it to a back date

Report •

January 28, 2009 at 09:46:20
Ok, so before I used the MalwareBytes program, I checked to see what my operating system was and it's Windows XP SP2. I downloaded MalwareBytes (I was able to successfully install and run it from the infected computer) and ran a quick scan. Three items showed up... one was related to registry editing, one was related to the use of task manager, and the last one I can't really remember. I selected to have these problems fixed, and they were supposedly fixed without a problem. I was asked to restart my computer, which I did, but now all that appears is a black screen every time I start up my computer. It's just blackness with my mouse pointer that I am able to move around. I am able to press F8 at the beginning to get the Safe Mode menu to pop up, but when I try to reboot in safe mode, an error occurs and it asks me to restart in normal mode, which just results in the black screen.

Report •

January 29, 2009 at 14:37:41
The virus/malware may have corrupted the winlogon.exe or userinit.exe file. Do you have a windows installation cd?

Report •

April 7, 2009 at 12:16:06
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:43:11 AM, on 4/8/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
D:\Program Files\Windows7\RunMe\RunMe.exe
D:\Program Files\Windows7\TrueTransparency\TrueTransparency.exe
D:\Program Files\Windows7\Windows 7 Pie Dock\Windows 7 Pie Dock.exe
F:\ Mozilla\firefox.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favorites
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - D:\Program Files\Kaspersky

Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O4 - HKLM\..\Run: [KRun] D:\Program Files\Windows7\RunMe\RunMe.exe
O4 - HKLM\..\Run: [Viena Explorer] "C:\Program Files\Windows7\Vienna Explorer\Vienna

O4 - HKLM\..\Run: [Visual Task Tips] "C:\Program Files\Windows7

O4 - HKLM\..\Run: [Pie Dock] "C:\Program Files\Windows7\Windows 7 Pie Dock\Windows 7 Pie

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AVP] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [AnalogClock] C:\Program Files\Windows7\Analog Clock\AnalogClock.exe
O4 - HKCU\..\Run: [TopDesk] C:\Program Files\Windows7\TopDesk\topdesk.exe
O4 - HKCU\..\Run: [TransBar] C:\Program Files\Windows7\TransBar\TransBar.exe /s
O4 - HKCU\..\Run: [UberIcon] "C:\Program Files\Windows7\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TrueTransparency] "D:\Program Files\Windows7

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx

nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: Windows Seven Dock.lnk = D:\Program Files\Windows7\Windows 7 Pie Dock\Windows 7

Pie Dock.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}

- D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

D:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{B23E599F-570B-4B34-B299-77F55AC232B6}: NameServer =
O20 - AppInit_DLLs: D:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,D:\PROGRA~1\KASPER~1\KASPER~1

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -


End of file - 5057 bytes

Report •

Ask Question