Need Some Computer Help Badly Options

[jd74914]

My computer was hit with a trojan horse I believe. When I hit Control-Alt-Delete it says that the task manager has been disabled by the system admin. (IMG:http://www.914world.com/bbs2/html/emoticons/dry.gif) I am the system admin. All of the virus scans I have won't get rid of it. (IMG:http://www.914world.com/bbs2/html/emoticons/headbang.gif) Does anyone have any advice?

Thanks alot in advance

[bd1308]

other people will chime in with ideas...I personally believe at this point it would be better to redo the system.

I can backup the data, reinstall the OS of your choice and put the data back in for cheaper than any store near you.

b

[Dr. Roger]

did u try booting into safe mode? then scanning for the trojan?

[KaptKaos]

Unless you are a geek yourself, you are looking at some pain here. My brother-in-law keeps getting the same things on his PC. I have cleaned and reformatted three times this year for him because it is just easier and faster then trying to fix it.

However, if you can run the system restore utility, you might be able to roll back your configuration to a period prior to infection. Good luck with that.

[jd74914]

i scanned for the trojan, and found a few that i got today somehow and deleted them.

Britt: you mean totally reformating the computer?

[jd74914]

what goes on in the system32 folder?

[yeahmag]

Odds are the machine has had back doors and the like installed on it warranting a full reinstall. You can try a Windows Rescue Disk to get at the data:

http://www.nu2.nu/pebuilder/

I'd strongly suggest backing up the important data and doing a full reinstall. Were you running up to date anti-virus software?

-Aaron

[bd1308]

sometimes that works, but now these trojans are getting so bad that they infect system files and change group policy settings, usually reserved for use to lock-down functions system admins dont want thier users to mess with...

with that being said, most of the old stuff could be fixed by going to safe mode and then scanning with a updated and recent copy of your favorite spyware/adware scanning utility.

what I *would* do is do this yourslef. At $30-50 per hour (the nomial fee for local computer shops, except mine) it gets expensive real fast.



b

[jd74914]

the software was currently up to date

it found stuff and i got rid of it but i still can't get into the task manager, does anyone know how to get into the task manager to reenable all of the user's acesses to it

[yeahmag]

OK. You need to try and do a scan in 'Safe Mode' now.... Odds are it's modified your registry. I'd still STRONGLY recommend a rebuild. Do you remember what virus it was.

BTW - I do this for a living, hence the paranoia.

-Aaron

[bd1308]

QUOTE (jd74914 @ Jan 23 2006, 05:14 PM)

the software was currently up to date it found stuff and i got rid of it but i still can't get into the task manager, does anyone know how to get into the task manager to reenable all of the user's acesses to it

what operating system do you have?

XP, 98, Me(oh god please no), 98SE, NT, 2000, 95, 3.1, 3.11, 3.0, 2.0, 1.0? Linux, Unix, Minux, FreeBSD, OS/2?

b

[jd74914]

XP

[jd74914]

how do you restart an XP computer in safe mode?

[efeinsmith]

I believe the F8 key when you boot will get you into Safe Mode (you may have to hit it multiple times when you get the starting WIndows msg).

As an aside, no single program will catch all bugs, especially spyware. As someone said earlier, some malicious programs will change system settings, so even if you get rid of the actual program, the changes are still there. I currently have three different spyware programs on my system.

Eric

[Tettster]

To start in safe mode, turn off your computer. When it turns on, tap the F8 key continuously while it's loading. Keep hitting the F8 key rapidly until you come up with a black and white, MSDOS-looking menu. Choose Safe Mode from there.

So I was googling your problem, and I came up with some attempts at helping you:

QUOTE

This error is caused by restrictions placed in Registry. DisableTaskMgr value is set to 1. To enable Task Manager, try any of these methods: QUOTE Method One: Click Start, Run and type this command exactly as given below: (better - Copy and paste) QUOTE REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f QUOTE Method 2 Download and run this REGedit fix and double-click it. QUOTE Method 3    * Open Registry Editor (Regedit.exe) and navigate to:    HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies\ System    * In the right-pane, double-click DisableTaskMgr and set it's data to 0 QUOTE Method 4:  Using Group Policy Editor - for Windows XP Professional    * Click Start, Run, type gpedit.msc and click OK.    * Navigate to this path    User Configuration    => Administrative Templates    ==> System    ===> Ctrl+Alt+Delete Options    ====> Remove Task Manager    * Double-click the Remove Task Manager option.    * Set the policy to Not Configured.

All of these methods are from the website http://windowsxp.mvps.org/Taskmanager_error.htm

Britt's just trying to steal your money...! (IMG:http://www.914world.com/bbs2/html/emoticons/happy11.gif) (IMG:http://www.914world.com/bbs2/html/emoticons/poke.gif) (IMG:http://www.914world.com/bbs2/html/emoticons/happy11.gif)

- Ted

[bd1308]

actually Ted, I fixed Jim's computer AND did upgrades on it for free, on my end.

it probably cost some money to ship it halfway across the US....but ya know.

some trojans actually disable regedit, so you're stuck in that case.

b

[jd74914]

ok i was just in safe mode, and did my few scans. they found nothing because i had already deleted all of virus stuff i saw and had "healed" the registry files. so thats good i guess.

now, how do i change it so i can get into the task manager? Its still saying : "Task Manager has been disabled by your administrator."

how do i get into admin to change this setting? I now know how to get into safe mode but how do i change the admin settings from there?

[yeahmag]

Use one of Ted's fixes above...

-Aaron

[jd74914]

ok in method 4 it says :
---------------------------
Windows cannot find 'gpedit.msc'. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click Search.

[jd74914]

THANKS FOR ALL OF YOUR HELP GUYS (IMG:http://www.914world.com/bbs2/html/emoticons/biggrin.gif) (IMG:http://www.914world.com/bbs2/html/emoticons/smilie_pokal.gif) (IMG:http://www.914world.com/bbs2/html/emoticons/biggrin.gif) (IMG:http://www.914world.com/bbs2/html/emoticons/smilie_pokal.gif)

I can't believe I actually fixed it.

Thanks again (IMG:http://www.914world.com/bbs2/html/emoticons/smilie_pokal.gif)