gwinn23
asked on
Can't open task manager or run msconfig / regedit from start menu. System slowed to almost nothing.
I'm logged in as admin, system is clean according to updated Norton Antivirus 2003, all updates for XP and IE installed.
I have a large AVI file which I am trying to delete: it says it's in use by another program. Right clicking on the file is VERY slow, when I click on preferences nothing happens.
When I try to run Task Manager it just opens for a second (or not at all). Same problem with msconfig or regedit from the start menu.
Also, my system has bogged down to almost nothing. Is this a virus that Norton won't detect, or something else ? I did have MSBlast and an unidentified trojan, but they both now show as cleaned.
Desperately need help !
Running XP pro on a compaq P4 1800mhz, 512 RAM: was clean install on primary HDD although there was an old version on 98 on the slave drive (now removed)
I have a large AVI file which I am trying to delete: it says it's in use by another program. Right clicking on the file is VERY slow, when I click on preferences nothing happens.
When I try to run Task Manager it just opens for a second (or not at all). Same problem with msconfig or regedit from the start menu.
Also, my system has bogged down to almost nothing. Is this a virus that Norton won't detect, or something else ? I did have MSBlast and an unidentified trojan, but they both now show as cleaned.
Desperately need help !
Running XP pro on a compaq P4 1800mhz, 512 RAM: was clean install on primary HDD although there was an old version on 98 on the slave drive (now removed)
The other issue sounds like the YAHA worm or possibley the KLEZ
McAffee has utility that is aimed at removing the virus and fixing the registry
Stinger
BackDoor-AQJ, Bat/Mumu.worm, Exploit-DcomRpc, IPCScan, IRC/Flood.ap, IRC/Flood.bi, IRC/Flood.cd, NTServiceLoader, PWS-Sincom, W32/Bugbear@MM, W32/Deborm.worm.gen, W32/Dumaru@MM, W32/Elkern.cav, W32/Fizzer.gen@MM, W32/FunLove, W32/Klez, W32/Lirva, W32/Lovgate, W32/Lovsan.worm, W32/Mimail@MM, W32/MoFei.worm, W32/Mumu.b.worm, W32/Nachi.worm, W32/Nimda, W32/Sdbot.worm.gen, W32/SirCam@MM, W32/Sobig, W32/SQLSlammer.worm, W32/Yaha@MM
http://vil.nai.com/vil/stinger/
Also Symantec
Here is a link on how to remove it. This is pretty detailed so pay close attention and do it the way it is outlined.
http://securityresponse.symantec.com/avcenter/venc/data/w32.yaha@mm.html
http://www.symantec.com/avcenter/venc/data/w32.yaha.h@mm.html
or
http://www.symantec.com/avcenter/venc/data/w32.yaha.k@mm.html
McAffee has utility that is aimed at removing the virus and fixing the registry
Stinger
BackDoor-AQJ, Bat/Mumu.worm, Exploit-DcomRpc, IPCScan, IRC/Flood.ap, IRC/Flood.bi, IRC/Flood.cd, NTServiceLoader, PWS-Sincom, W32/Bugbear@MM, W32/Deborm.worm.gen, W32/Dumaru@MM, W32/Elkern.cav, W32/Fizzer.gen@MM, W32/FunLove, W32/Klez, W32/Lirva, W32/Lovgate, W32/Lovsan.worm, W32/Mimail@MM, W32/MoFei.worm, W32/Mumu.b.worm, W32/Nachi.worm, W32/Nimda, W32/Sdbot.worm.gen, W32/SirCam@MM, W32/Sobig, W32/SQLSlammer.worm, W32/Yaha@MM
http://vil.nai.com/vil/stinger/
Also Symantec
Here is a link on how to remove it. This is pretty detailed so pay close attention and do it the way it is outlined.
http://securityresponse.symantec.com/avcenter/venc/data/w32.yaha@mm.html
http://www.symantec.com/avcenter/venc/data/w32.yaha.h@mm.html
or
http://www.symantec.com/avcenter/venc/data/w32.yaha.k@mm.html
Oh and run your viruses tools and scanner in safe mode for now.
ASKER
great, that worked...but why can't I access task manager or run msconfig ?
MUCH thanks :)
MUCH thanks :)
ASKER
sorry, too quick on my comments there :)
Are there any errors in the event logs GW?
This answer looks the same as.....
https://www.experts-exchange.com/questions/20731339/avi-file-not-deleting.html
https://www.experts-exchange.com/questions/20731339/avi-file-not-deleting.html
CO, spot-on.
Emergency Msconfig, Regedit, Task Manager (Line 261)
http://www.kellys-korner-xp.com/xp_tweaks.htm
Troubleshooting the Task Manager
http://www.kellys-korner-xp.com/xp_t.htm#tm
Emergency Msconfig, Regedit, Task Manager (Line 261)
http://www.kellys-korner-xp.com/xp_tweaks.htm
Troubleshooting the Task Manager
http://www.kellys-korner-xp.com/xp_t.htm#tm
How else do you think a millionaire earns his points? He sticks to what works.
ASKER
Ok...
CrazyOne: Stinger came up clean. YAHA and Klez variants are all included in my virus def's., ran an update and full system scan today, nothing detected in my files that would indicate either one with a manual search either.
Dennis: (nice to see ya :)
I have the following errors from today:
Application:
Perflib: The timeout waiting for the performance data collection function "RemoteAccess" in the "C:\WINDOWS\System32\rasct rs.dll" Library to finish has expired. There may be a problem with this extensible counter or the service it is collecting data from or the system may have been very busy when this call was attempted. (2x)
Usernv:Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.
System:
Dhcp:Your computer has automatically configured the IP address for the Network Card with network address 0030842D4B4F. The IP address being used is 169.254.226.223. (3x)
DCOM:Access denied attempting to launch a DCOM Server using DefaultLaunchPermssion. The server is:
{00020906-0000-0000-C000-0 0000000004 6}
The user is Unavailable/Unavailable, SID=Unavailable.
FreekHendriks: yes, but it was a bit different and didn't address the lost access to msconfig / task manager, which is my primary problem.
CrazyOne: Stinger came up clean. YAHA and Klez variants are all included in my virus def's., ran an update and full system scan today, nothing detected in my files that would indicate either one with a manual search either.
Dennis: (nice to see ya :)
I have the following errors from today:
Application:
Perflib: The timeout waiting for the performance data collection function "RemoteAccess" in the "C:\WINDOWS\System32\rasct
Usernv:Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.
System:
Dhcp:Your computer has automatically configured the IP address for the Network Card with network address 0030842D4B4F. The IP address being used is 169.254.226.223. (3x)
DCOM:Access denied attempting to launch a DCOM Server using DefaultLaunchPermssion. The server is:
{00020906-0000-0000-C000-0
The user is Unavailable/Unavailable, SID=Unavailable.
FreekHendriks: yes, but it was a bit different and didn't address the lost access to msconfig / task manager, which is my primary problem.
None of those will affect how items open from the Start - Run GW.
Let's back up a bit. Has this been an ongoing issue or has it just begun happening. If it has just begun, then what has occurred or changed on the system recently?
Let's back up a bit. Has this been an ongoing issue or has it just begun happening. If it has just begun, then what has occurred or changed on the system recently?
00020906-0000-0000-C000-00 0000000046 has to do with MS Word. It is unlilely the cause of the current problem but in Windows unrelated things can and do bind themselves at times to other issues. Are you noticing any problems with MS Word?
Try this
Start > Run chkdsk /r
reboot and defrag
next do this
start > run sfc /scannow
Start > Run chkdsk /r
reboot and defrag
next do this
start > run sfc /scannow
ASKER
good question. I did the install 6 days ago, and I know that regedit was working as recently as last Thursday (09/18) when I used it to resolve the mouse driver problem. I don't recall using it (or taskmanager/msconfig) again until today.
I've reinstalled several programs, mostly my graphics stuff (Photoshop, Illustrator, Flash, .etc) but nothing that would cause the problem as far as I know. They are all running fine on the other workstation.
Taskmgr.exe is present in the system32 directory.
Sramesh2K: Not sure I trust the advice from that site since a) the first recommendation in restoring the taskmanager would actually disable it completely, and b) they want me to replace my registry file with something they wrote.
I've reinstalled several programs, mostly my graphics stuff (Photoshop, Illustrator, Flash, .etc) but nothing that would cause the problem as far as I know. They are all running fine on the other workstation.
Taskmgr.exe is present in the system32 directory.
Sramesh2K: Not sure I trust the advice from that site since a) the first recommendation in restoring the taskmanager would actually disable it completely, and b) they want me to replace my registry file with something they wrote.
GW, boot the system into safemode and try and open regedit and msconfig.
ASKER
they open fine in safe mode.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Just FYI, and not particularly related but by default Paintshop Pro v7 and Creative Labs Poser have some apparently conflicting file extensions with XP. In particular, .msc and .mat. If those programs are loaded the default file settings have to be edited.
ASKER
Crazyone: No, that worked normally: i.e., disabling from msconfig in safe mode also disabled in regular startup.
ASKER
Why in the world am I having so many problems with this OS ? Nobody else seems to have them: first I can't load mouse drivers, then I can't configure an ICS, now this. This is a commercial copy of XP pro and licensed for multiple computers, my company paid big $$ for it. It runs fine on the other computers at the home office. ????
Something just ain't right. :(
Something just ain't right. :(
ASKER
My computer is a Compaq 7500 that originally came loaded with XP home edition in German. I removed that and installed win 98SE in english, because it was the only english OS I had access to.
The HDD crashed, so I bought a NEW HDD and got a copy of the XP CD from the main office in the US shipped over, and ran a fresh install. There shouldn't be any record of the old OS here unless it's in BIOS ? I can't get the original CD because they're on another continent.
The HDD crashed, so I bought a NEW HDD and got a copy of the XP CD from the main office in the US shipped over, and ran a fresh install. There shouldn't be any record of the old OS here unless it's in BIOS ? I can't get the original CD because they're on another continent.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
thanks, I'll start looking through those.
Well part of the question the part about the AVI was answered in my first comment. The other part of the question seems to be unresolved but prior gwinn23 last comment several comments made by Experts, primarily dew_associates, have possiblity of working. I would suggest if gwinn23 doesn't return that the points be split.
gwinn, can you tell us what worked?
Don't use Explorer in fact close all explorer widows now
Instead do this
Start > Run cmd
DEL C:\TheFolder\TheFile
or
remove the following registry key
HKEY_LOCAL_MACHINE\SOFTWAR
or
if the file is not broken just delete it from within Widows Media Player when you go to open it