Unable to open task manager
Unable to open task manager
Runnign Windows XP Pro. Evertime I hit ALT CTRL DEL it appears and then disappears. Any ideas why or how Ii can change this.
-
FlyingPenguin
- Flightless Bird
- Posts: 32784
- Joined: Wed Nov 22, 2000 11:13 am
- Location: Central Florida
- Contact:
There's one specific virus that does this. BEWARE! This is a nasty one. I THINK it's bugbear but not sure. I do know that if you do a Vscan and clean the virus, you will make it worse and it will force you to do a complete wipe and re-install.
These viruses, like Bugbear, require the use of a free removal tool (available on Symantec's or an AV's site). Changes to the registry must be repaired before trying to remove the virus or you only make it worse.
The virus is trying to keep you from stopping the process.
In order to see it running you need to boot into safemode and make a copy of your TASKMGR.EXE file (located in the Windows\System32 folder) and call it TASKMGR.COM. Then run TASKMGR.COM and you'll be able to bring up the task manager and see what processes are running.
You probably can't run REGEDIT either. The virsus inserted a hook into the .EXE association and intercepts any attempts to run an EXE file and closes anything that can be used to stop the process or remove the virus.
Any AV on your system will be compromised and require a re-install later. You can run the free online virus scanner here to see what virus you have BUT DO NOT SELECT THE CLEAN OPTION!!!!! You do NOT want the AV app to remove the virus, just identify it, then you should download the appropriate removal tool.
Good luck!
These viruses, like Bugbear, require the use of a free removal tool (available on Symantec's or an AV's site). Changes to the registry must be repaired before trying to remove the virus or you only make it worse.
The virus is trying to keep you from stopping the process.
In order to see it running you need to boot into safemode and make a copy of your TASKMGR.EXE file (located in the Windows\System32 folder) and call it TASKMGR.COM. Then run TASKMGR.COM and you'll be able to bring up the task manager and see what processes are running.
You probably can't run REGEDIT either. The virsus inserted a hook into the .EXE association and intercepts any attempts to run an EXE file and closes anything that can be used to stop the process or remove the virus.
Any AV on your system will be compromised and require a re-install later. You can run the free online virus scanner here to see what virus you have BUT DO NOT SELECT THE CLEAN OPTION!!!!! You do NOT want the AV app to remove the virus, just identify it, then you should download the appropriate removal tool.
Good luck!
Christians warn us about the anti-christ for 2,000 years, and when he shows up, they buy a bible from him.
Have a look at the section entitled "Task Manager - Control/Alt/Delete - Doesn't Work" on the following page:
http://www.kellys-korner-xp.com/xp_t.htm
Then, have a look at the following three pages:
http://securityresponse.symantec.com/av ... .worm.html
http://securityresponse.symantec.com/av ... en@mm.html
http://securityresponse.symantec.com/av ... .e@mm.html
All three viruses can be caught and killed by AVG, provided AVG is running with current definitions before the viruses infect your system. AVG doesn't work very well if you install it after your computer has become infected.
I've configured AVG to automatically check for updates every day at 3:00 a.m. and download them if any are available, then run a scan at 5:00 a.m. I've also enabled the Outlook Express plugin to scan incoming and outgoing e-mail. I run Ad Aware every couple of days as well, and allow only those websites that I specify to install cookies on my system through IE. I check Windows Update every couple of days as well, and download any available security updates.
I have never had a virus on my system.
http://www.kellys-korner-xp.com/xp_t.htm
Then, have a look at the following three pages:
http://securityresponse.symantec.com/av ... .worm.html
http://securityresponse.symantec.com/av ... en@mm.html
http://securityresponse.symantec.com/av ... .e@mm.html
All three viruses can be caught and killed by AVG, provided AVG is running with current definitions before the viruses infect your system. AVG doesn't work very well if you install it after your computer has become infected.
I've configured AVG to automatically check for updates every day at 3:00 a.m. and download them if any are available, then run a scan at 5:00 a.m. I've also enabled the Outlook Express plugin to scan incoming and outgoing e-mail. I run Ad Aware every couple of days as well, and allow only those websites that I specify to install cookies on my system through IE. I check Windows Update every couple of days as well, and download any available security updates.
I have never had a virus on my system.
NAV found it and removed it. It was w32.Spybot.worm I just had to run in safe mode. I will always get viruses whenever my firewall is disabled. Got cable interent. Does anyone else get swamped with viruses without the firewall enabled.
On a side note i probally run adaware once a month. and also keep spyware blaster updated.
On a side note i probally run adaware once a month. and also keep spyware blaster updated.
-
FlyingPenguin
- Flightless Bird
- Posts: 32784
- Joined: Wed Nov 22, 2000 11:13 am
- Location: Central Florida
- Contact:
You don't catch viruses just because you're on broadband without a firewall. Only exception is the MSBlast virus and it's variants, but you should install the critical update that patches that hole.
All other viruses you get via either an email attachment, a deformed website exploit (again, latest critical update patches that hole), an infected download from a P2P site, or downloading infected software.
All other viruses you get via either an email attachment, a deformed website exploit (again, latest critical update patches that hole), an infected download from a P2P site, or downloading infected software.
Christians warn us about the anti-christ for 2,000 years, and when he shows up, they buy a bible from him.
These are the latest viruses that I got, these were while running overnet. And all poped up while connected to overnet. I probally haven't got all the latest security updates, I should probally do that. If I enable the firewall I will never get virusesand haven't for months. You can see in the screen shot where I disable the firewall and all the activity that happened
-
FlyingPenguin
- Flightless Bird
- Posts: 32784
- Joined: Wed Nov 22, 2000 11:13 am
- Location: Central Florida
- Contact:
These are NETWORK based viruses. They spread through network shares. You're getting it from another computer on a local network OR another computer on your P2P file sharing network. Pretty crummy P2P client if it allows NETBIOS commands through it I'd say. I'd try something else.
The hazards of viruses spreading via P2P are well documented. I don't use ANY P2P network client on my main computer - I run it (KaZaa or whatever) on an isolated system. Any old POS Pentium1 system will do.
WHENEVER you find a virus you should IMMEDIATELY research it on a security site's database - BEFORE cleaning it. Some viruses CANNOT be cleaned without a special tool that also repairs the registry, and cleaning it with your AV program without repairing the registry will only make it worse.
A quick search on Google will tell you how the virus works and how to defend against it. Your system is obviously vulnerable. Best to be informed rather than ignorant. See links below.
BTW: Gator is not a virus, it's Spyware. Yeah, some of use would LIKE it considered a virus, but it's not. It's not malicious, just annoying and intrusive.
Hope this helps...
http://securityresponse.symantec.com/av ... w.hai.html
The hazards of viruses spreading via P2P are well documented. I don't use ANY P2P network client on my main computer - I run it (KaZaa or whatever) on an isolated system. Any old POS Pentium1 system will do.
WHENEVER you find a virus you should IMMEDIATELY research it on a security site's database - BEFORE cleaning it. Some viruses CANNOT be cleaned without a special tool that also repairs the registry, and cleaning it with your AV program without repairing the registry will only make it worse.
A quick search on Google will tell you how the virus works and how to defend against it. Your system is obviously vulnerable. Best to be informed rather than ignorant. See links below.
BTW: Gator is not a virus, it's Spyware. Yeah, some of use would LIKE it considered a virus, but it's not. It's not malicious, just annoying and intrusive.
Hope this helps...
http://securityresponse.symantec.com/av ... w.hai.html
http://securityresponse.symantec.com/av ... x.gen.htmlW32.HLLW.Hai is a worm written in C. This worm spreads its infection in a manner that is very similar to worms such as W32.HLLW.Bymer and W32.HLLW.Qaz. It spreads by finding computers that share the \Windows folder with full access set to "Everyone." If such a share is found, the worm copies itself to the share and modifies the Win.ini file so that the worm is executed when the computer is restarted. This worm cannot spread to computers that do not have the NetBIOS protocol installed.
http://securityresponse.symantec.com/av ... pinfi.html* Spreading through network shares
* Attacking randomly generated IP addresses
* Using default credentials or weak username/password pairs to connect to a remote target system
* Opening backdoor ports
* Opening connections to predetermined IRC servers and waiting for commands from an attacker
* Performing Denial of Service (DoS) attacks
W32.Pinfi is a memory-resident polymorphic virus that will infect the .EXE and .SCR files. This virus can also spread via mapped drives and network shares.
Christians warn us about the anti-christ for 2,000 years, and when he shows up, they buy a bible from him.