|
| ||
| Big Problem OK Guys I need help with my laptop Its a compaq presario 2500 running SP2 the problem(s) is/are that things have been dissappearing It all starts on startup where it pretends to freeze and when i press ALT+CTRL+DEL it unfreezes but then a message saying "Task Manager Has Been Disabled By Your Administrator" OK so i thought it was a task manager problem, so i researched and found out it can be a registry problem, so i try to access "run' from the start menu and its not there!!! So I found out that that can also be a registry problem. So i go to C/Windows and i find regedit. So I go to the values that should be responsible for these problems and sure enough it was them. So i restore them to what they should be and problem fixed right? WRONG! I was going to turn off the machine at that point when i go back to the start menu and "Shut Down" is not there!!! Log off was there so i logged off and logged on again and bang back from scratch. Freeze, so i ALT+CTRL+DEL it unfreezes but then a message saying "Task Manager Has Been Disabled By Your Administrator" and run is not there again and shit down still isnt there. so thats where im at right now so help heres other things to consider: i looked through the symantec website and i found a similar worm so i followed the instructions on how to get rid of it. The first instruction was to turn off system restore so i cannot restore my computer now (plus the resolution it offered didnt do much!) i AM an administrator Norton Antivirus w/ Latest Defs Doesnt Find Anything in the full scan And Heres The HiJackThis Log File: Logfile of HijackThis v1.99.1 Scan saved at 2:13:42 AM, on 7/8/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\WINDOWS\system32\svchost.exe C:\Documents and Settings\Karen\My Documents\download\sti2fast4u\HijackThis.exe C:\Program Files\Messenger\msmsgs.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com...r/fix_homepage O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Norton AntiVirus.lnk = C:\Program Files\Common Files\Symantec Shared\NMain.exe O4 - Startup: Synaptics.lnk = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn...taller_gmn.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1143874947518 O20 - Winlogon Notify: NavLogon - C:\WINDOWS\ O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe |
| ||
| Re: Big Problem There is only one abnormal entry in your HJT log. Put a check in the box to the left of the entry and then click the "Fix checked" button: O20 - Winlogon Notify: NavLogon - C:\WINDOWS\ There are definitely infections which modify the Registry and create the symptoms you describe, but becuase we have no names or other clues as to the exact identities of your "unwanted guests", we'll have to probe a bit more: You will need to close/quit all web browser programs and disconnect from the Internet for the following, so you should print out these instructions or save them into a text file with Notepad. * Download and install ewido Anti-spyware (30-day trial version) - http://www.ewido.net/en/download/ Install and Configure ewido:
* Reboot your computer in Safe Mode by doing the following :
* Open Ewido
* Empty your Recycle Bin and reboot normally. * Post the log that ewido generated. - |
| ||
| Re: Big Problem DMR I Did What You Told Me Word For Word, And This Is The Log That ewido Generated: --------------------------------------------------------- ewido anti-spyware - Scan Report --------------------------------------------------------- + Created at: 3:58:44 AM 7/9/2006 + Scan result: C:\Program Files\Common Files\Microsoft Shared\MSENV\updmanager.exe -> Adware.Winad : Cleaned. C:\Program Files\Common Files\Microsoft Shared\MSENV\upd_manager.exe -> Proxy.Delf.bd : Cleaned. ::Report end |
| ||
| Re: Big Problem Hi- sorry this fell throught the cracks. ewido obviously cleaned a couple of hiddne nasties, but I'm assuming the missing Run option, Task Manager, etc. are still problems, yes? If so, please tell us the exact name of the worm decribed on the Symantec site. As you've discovered, many such infections make changes to certain areas of the Registry which disable potentially useful tools like Task Manager, Regedit, the Run option, etc. I'm pretty sure that there is a Registry fix file available which resets all of the altered Registry settings that get modified by the infections, but I want to make sure we're applying the right fix for the right infection before I post that Reg file. |
| ||
| Re: Big Problem After Ewido Everthing Is The Same, Still Cant Run, Or Shut Down, However, I Can Access The Task Manager After Fixing It Myself In The Registry On The Symantec Site The Worm I Was Looking Into Was Called "W32.Nopir.A" But I Figured Out That Its Not That Worm Cause No Files Are Getting Deleted (That I Know Of), And The Files That Are Supposed To Be Used B It Arent There, And Im Not Getting The Message That that Worm Gives Out So if the reg file would work, i would really appreciate it! :cheesy: |
| All times are GMT -4. The time now is 2:55 pm. |
Forum system based on vBulletin Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
©2003 - 2009 DaniWeb® LLC