Unable to open TASK MANAGER...

[eggman]

I hope and think that this is a very common problem.
*img403.imageshack.us/img403/5740/90761780lw8.jpg

Sometimes , however it does come ENABLED but when I click it it says :TASK MANAGER HAS BEEN DISABLED BY YOUR ADMINISTRATOR.
I myself am the admin, however ..


What could be the problem?????

 

[Vishal Gupta]

^^ Open regedit and goto following keys:

HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Policies\Explorer
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Current Version\Policies\Explorer
HKEY_USERS\.default\Software\Microsoft\Windows\Current Version\Policies\Explorer

In right-side pane, look for a DWORD value "DisableTaskMgr". If you find it, delete it.

PS: If regedit is also disabled, then use following method to enable it first:

How to Enable Registry Editor in Windows

 

[eggman]

[edit]
Problem Not Solved

 

[Vishal Gupta]

^^ Welcome.

 

[eggman]

Well it's not gone!!
I scanned my system using TROZAN REMOVER 6 and it detected the trozan and removed it. Just after that, my problem was solved and I wrote the above post!!
But now again my system became slow and when I checked The TASK MANAGER was disabled!! This time TROZAN REMOVER did not help. SO I used SPYWARE DOCTOR 6 and it detected and fixed the trozan. Instantly TASK MANAGER was enabled and my system became faster!!
But I experienced slow system speed after 30mins, and when checked TASK MANAGER was disaled again!!!This time SD didn't detect anything nor did Trozan Remover!!
Then I went for spybot and exactle same story here too-it detected and fixed some trozan, but again it came back and this time none of the three s/w detected anything!!!
What to do, the damn thing isn't going!!!
Is this the culprit:
*img208.imageshack.us/img208/2926/17882446wz6.jpg

P.S. I hate French!!


I have attached the log file

 

[eggman]

Every time I remove them, they caome back within 10 mins
*img254.imageshack.us/img254/9742/14151329pl8.jpg

What to do???

 

[Cool Joe]

I think the trojan is starting up along with Windows and is stubborn to leave the main memory. Everytime you stop it, it loads itself back into the memory. You can try installing Avast! Home and scheduling a boot time scan. Restart your PC, before Windows loads, Avast! will scan the PC.

 

[eggman]

^^I like the sound of it, lemme try!!

 

[Cool Joe]

When you've got malware on your PC, you shouldn't be so casual!!

Any lemme know if it works. I'm not completely sure that it'll work, but I'll be optimistic about it anyway.

 

[eggman]

^^ I dled Avast and updated the definition and then ran the boot scanner!!
During the scan it was detecting virus at every .exe file and unable to fix it, the only other option I had to delete them!! But I stopped after a few deletion or all my programs .exe s would've been deleted!!
Now after booting, when i am clicking on the Avast Icon, it is not starting up!!

what do do??

Win32:Sality-gen

My sys has been infected

 

[afonofa]

That is really bad news. I think you are heading towards a fresh install of windows. Download Eset Nod32 Antivirus trial, SuperAntiSpyware and Malwarebytes' Antimalware update and scan in safe mode. But since Avast got corrupted, so maybe installing Kaspersky Antivirus trial would be a better option. As far as possible keep the internet disconnected on this comp.

Fix these entries in the HJT scan

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:9666

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

O1 - Hosts: ::1 localhost

O2 - BHO: (no name) - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O13 - Gopher Prefix:

O23 - Service: [COLOR="Red"]SpyHunter3[/COLOR] Service - Enigma Software Group, Inc. - C:\Program Files\Enigma Software Group\SpyHunter\SHService.exe

I don't remember what it is, but that bonjour process is legit. SpyHunter 3 on the other hand is a rogue software. SuperAntiSpyware will probably get rid of it.

 

[Vishal Gupta]

@eggman
Fix following:

R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

 

[red_devil]

this is exactly where Kaspersky Internet Security rocks !!

install and update kaspersky and scan pc..i'm sure every one of those effing things will be removed from your PC

 

[eggman]

this is exactly where Kaspersky Internet Security rocks !!

install and update kaspersky and scan pc..i'm sure every one of those effing things will be removed from your PC

Bang On target , the virus is GonE/disinfected!!!


But... my original problem of TASK MANAGER and REGEDIT is still there!!

That is really bad news. I think you are heading towards a fresh install of windows. Download Eset Nod32 Antivirus trial, SuperAntiSpyware and Malwarebytes' Antimalware update and scan in safe mode. But since Avast got corrupted, so maybe installing Kaspersky Antivirus trial would be a better option. As far as possible keep the internet disconnected on this comp.

Fix these entries in the HJT scan

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:9666

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

O1 - Hosts: ::1 localhost

O2 - BHO: (no name) - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O13 - Gopher Prefix:

O23 - Service: [COLOR="Red"]SpyHunter3[/COLOR] Service - Enigma Software Group, Inc. - C:\Program Files\Enigma Software Group\SpyHunter\SHService.exe

I don't remember what it is, but that bonjour process is legit. SpyHunter 3 on the other hand is a rogue software. SuperAntiSpyware will probably get rid of it.

.

@eggman
Fix following:

R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

I really appreciate the your effort and time you spent in helping me, but I've fixed the items in safe mode, but it didn't help!!

It's getting frustrating now!!

Seems like I gotta Fresh Install the windows in my system!!!

 

[gopi_vbboy]

Try this

*support.microsoft.com/kb/307545

 

[afonofa]

Scan with Spybot S&D and fix those entries from the screenshot that you had posted earlier. I don't know if/how the reg command works with vista, if it does you can use it to delete/modify the below value, access the registry and enable task manager manually.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, [B]DisableRegedit[/B]

But a scan with Spybot S&D will most likely fix both the task manager and regedit problem. If the virus is completely gone then the task manager will not get disabled again. Do scan with SuperAntiSpyware and/or Malwarebytes' Antimalware as KIS is not able to detect/remove every type of malware.

 

[Sukhdeep Singh]

See if this patch helps
*www.mediafire.com/?z4c0m0t4nsj

 

[Vishal Gupta]

@eggman
Since the virus has been removed from your system, now you can re-enable Task Manager using the registry method mentioned in the 2nd post.

 

[red_devil]

^^ exactly. Anti virus / any other similar programs only help in removing the virus... its effect on PC is something that you should take care of... and please dont even attempt to re-install your OS...

try out whatever Vishal and other members have said and then think about re-installation of your OS.

 

[eggman]

Thanks a lot afonofa,VG and n6300.......seems like my problem has finally gone!! Thanks a lot for helping me out!! You guys are awesome!!