Printable Version of Topic

Click here to view this topic in its original format

914World.com _ 914World Garage _ Need Some Computer Help Badly

Posted by: jd74914 Jan 23 2006, 04:58 PM

My computer was hit with a trojan horse I believe. When I hit Control-Alt-Delete it says that the task manager has been disabled by the system admin. dry.gif I am the system admin. All of the virus scans I have won't get rid of it. headbang.gif Does anyone have any advice?

Thanks alot in advance

Posted by: bd1308 Jan 23 2006, 05:02 PM

other people will chime in with ideas...I personally believe at this point it would be better to redo the system.

I can backup the data, reinstall the OS of your choice and put the data back in for cheaper than any store near you.

b

Posted by: Dr. Roger Jan 23 2006, 05:07 PM

did u try booting into safe mode? then scanning for the trojan?

Posted by: KaptKaos Jan 23 2006, 05:09 PM

Unless you are a geek yourself, you are looking at some pain here. My brother-in-law keeps getting the same things on his PC. I have cleaned and reformatted three times this year for him because it is just easier and faster then trying to fix it.

However, if you can run the system restore utility, you might be able to roll back your configuration to a period prior to infection. Good luck with that.

Posted by: jd74914 Jan 23 2006, 05:09 PM

i scanned for the trojan, and found a few that i got today somehow and deleted them.

Britt: you mean totally reformating the computer?


Posted by: jd74914 Jan 23 2006, 05:10 PM

what goes on in the system32 folder?

Posted by: yeahmag Jan 23 2006, 05:11 PM

Odds are the machine has had back doors and the like installed on it warranting a full reinstall. You can try a Windows Rescue Disk to get at the data:

http://www.nu2.nu/pebuilder/

I'd strongly suggest backing up the important data and doing a full reinstall. Were you running up to date anti-virus software?

-Aaron

Posted by: bd1308 Jan 23 2006, 05:13 PM

sometimes that works, but now these trojans are getting so bad that they infect system files and change group policy settings, usually reserved for use to lock-down functions system admins dont want thier users to mess with...

with that being said, most of the old stuff could be fixed by going to safe mode and then scanning with a updated and recent copy of your favorite spyware/adware scanning utility.

what I *would* do is do this yourslef. At $30-50 per hour (the nomial fee for local computer shops, except mine) it gets expensive real fast.



b

Posted by: jd74914 Jan 23 2006, 05:14 PM

the software was currently up to date

it found stuff and i got rid of it but i still can't get into the task manager, does anyone know how to get into the task manager to reenable all of the user's acesses to it

Posted by: yeahmag Jan 23 2006, 05:17 PM

OK. You need to try and do a scan in 'Safe Mode' now.... Odds are it's modified your registry. I'd still STRONGLY recommend a rebuild. Do you remember what virus it was.

BTW - I do this for a living, hence the paranoia.

-Aaron

Posted by: bd1308 Jan 23 2006, 05:18 PM

QUOTE (jd74914 @ Jan 23 2006, 05:14 PM)
the software was currently up to date

it found stuff and i got rid of it but i still can't get into the task manager, does anyone know how to get into the task manager to reenable all of the user's acesses to it

what operating system do you have?

XP, 98, Me(oh god please no), 98SE, NT, 2000, 95, 3.1, 3.11, 3.0, 2.0, 1.0? Linux, Unix, Minux, FreeBSD, OS/2?

b

Posted by: jd74914 Jan 23 2006, 05:20 PM

XP

Posted by: jd74914 Jan 23 2006, 05:22 PM

how do you restart an XP computer in safe mode?

Posted by: efeinsmith Jan 23 2006, 05:35 PM

I believe the F8 key when you boot will get you into Safe Mode (you may have to hit it multiple times when you get the starting WIndows msg).

As an aside, no single program will catch all bugs, especially spyware. As someone said earlier, some malicious programs will change system settings, so even if you get rid of the actual program, the changes are still there. I currently have three different spyware programs on my system.

Eric

Posted by: Tettster Jan 23 2006, 05:40 PM

To start in safe mode, turn off your computer. When it turns on, tap the F8 key continuously while it's loading. Keep hitting the F8 key rapidly until you come up with a black and white, MSDOS-looking menu. Choose Safe Mode from there.

So I was googling your problem, and I came up with some attempts at helping you:

QUOTE
This error is caused by restrictions placed in Registry. DisableTaskMgr value is set to 1. To enable Task Manager, try any of these methods:

QUOTE
Method One:
Click Start, Run and type this command exactly as given below: (better - Copy and paste)

QUOTE
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f


QUOTE
Method 2

Download and run this http://windowsxp.mvps.org/reg/EnableTM.reg

Britt's just trying to steal your money...! happy11.gif poke.gif happy11.gif

- Ted

Posted by: bd1308 Jan 23 2006, 05:56 PM

actually Ted, I fixed Jim's computer AND did upgrades on it for free, on my end.

it probably cost some money to ship it halfway across the US....but ya know.

some trojans actually disable regedit, so you're stuck in that case.

b

Posted by: jd74914 Jan 23 2006, 05:58 PM

ok i was just in safe mode, and did my few scans. they found nothing because i had already deleted all of virus stuff i saw and had "healed" the registry files. so thats good i guess.

now, how do i change it so i can get into the task manager? Its still saying : "Task Manager has been disabled by your administrator."

how do i get into admin to change this setting? I now know how to get into safe mode but how do i change the admin settings from there?

Posted by: yeahmag Jan 23 2006, 06:00 PM

Use one of Ted's fixes above...

-Aaron

Posted by: jd74914 Jan 23 2006, 06:02 PM

ok in method 4 it says :
---------------------------
Windows cannot find 'gpedit.msc'. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click Search.


Posted by: jd74914 Jan 23 2006, 06:06 PM

THANKS FOR ALL OF YOUR HELP GUYS biggrin.gif smilie_pokal.gif biggrin.gif smilie_pokal.gif

I can't believe I actually fixed it.

Thanks again smilie_pokal.gif

Posted by: jasons Jan 23 2006, 09:23 PM

Maybe you should make a copy of your "good" registrey. Next time shit hits the fan, you could always trying rolling back to your "known good" registrey.

You know, my computer got F'd by a McAfee product I paid money for, and I never pay money for SW. It totally wasted my machine. I rebuilt it with 3 OS's Win 98 for emergency access to my file system, Win 2K for my main windows OS, and Suse Linux with KDE windows. Since I installed the linux 2 months ago, I have booted windows once. I am really impressed.

Posted by: mharrison Jan 23 2006, 10:03 PM

For future reference...

I have found a few occasions when regedit.exe would not run. (Or actually it would run, but immediately closed.) I was able to fix the registry with regedt32.exe.

I am a big fan of Spybot (www.safer-networking.org) and Ad-Aware (www.lavasoft.de). They are both free, awesome, and catch different things.

If it is hosed enough, you may have to burn a CD of the latest downloads of both of these (downloaded and burned on another PC) and install them to clean it.

Posted by: bd1308 Jan 23 2006, 10:25 PM

QUOTE (jasons @ Jan 23 2006, 09:23 PM)
Since I installed the linux 2 months ago, I have booted windows once. I am really impressed.

I started with RedHat 6.0 a *LONG TIME AGO*

then I "fell in love" with Suse Linux.

now i'm on Debian, and it's very good. Except on my apple.

b

Powered by Invision Power Board (http://www.invisionboard.com)
© Invision Power Services (http://www.invisionpower.com)