Avatar of tss-nm
tss-nm asked on

Disabled taskmgr, regedit, IE, spybotsd, malware

Have an XP Pro SP3 with malware.  It has disabled taskmgr, regedit, IE, spybotsd at least.  Malwarebytes removed four items (trojans and downloaders).  GPedit will run, but changes to Ctrl-alt-del; and disable regedit will not stick.  Common tricks to run Reg delete as a vbs script or in CLI mode to del related keys will run, but does not help.  Seems I can not start in Safe Mode either.  The hosts file was not hit.

1) Any ideas what this malware is and 2) how to clear it from this system?
System UtilitiesInternet ProtocolsMicrosoft Legacy OS

Avatar of undefined
Last Comment
c7c4c7

8/22/2022 - Mon
JoWickerman

Hi tss-nm,

Try to download and install Avast! antivirus. You can download the updated signatures as well. Install and scan.

Let me know.

Cheers
Orion88

Do you still have the names of the 4 items removed by malwarebytes?
If not, try this.  Since you can not get into safe mode, the easiest way to delete the files is to boot to a live windows cd and delete the files from your hard drive then reboot and if you get them all you will be back to normal.  To find the virus files boot to the live cd, Open c:\windows\system32, (it may be a different drive letter than C on some live cds so you will have to look and see which letter it mounts your primary windows drive to) choose detail view and sort by date.  Look at the newest files shown, any of the names you see with the current date or newer than the day you started having the problem, they are very likely the virus/trojan, specifically .exe and .dll files that have random number and/or letter combinations for the file name.   Rename the .exe or .dll part of the suspected files temporarily to test.  Use something like .ex3 or .d11 that you will recognize and be able to change back later if the file you rename is not a virus.  After renaming reboot and see if you have affected or fixed the problem.  If that gets you to where regedit will work again check the run entries in the registry and delete any entries that load the files you renamed and look for any others listed in the registry that you may not have found previously so you can remove them from the hard drive.  Sometimes the process has to be repeated a few times to get everything, using task manager once you get it working helps to identify any left running that you may have missed on a previous attempt.   If none of this works, it is easiest to remove the hard drive from the affected computer and scan it with another computer that is not infected, usb adapters work great for this purpose.  This answer is fairly technical because you sounded technical in your question.  Let me know if there is any clarification needed.
ASKER
tss-nm

I will tomorrow, too late tonight, thanks for the idea.  Got to download elsewhere and transfer since IE was also disabled.  Safe Mode runs and dies after line: MUP.sys.
Your help has saved me hundreds of hours of internet surfing.
fblack61
JoWickerman

Have a look at this:

http://www.aitechsolutions.net/mup-sys-resolved.html

Might help you to get past the mup.sys safe mode boot...

tailgate2

ComboFix.exe from BleepingComputers.com fixes 90% of my malware issues.
EvilKnievel

Can you try system restore? This is the most easy and fastest way to resolve these malware issues. If you cannot run system restore, you can boot from a live windows cd, and do a manual system restore by copying and renaming files from the system restore folder. Let me know if you want to try this.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
ASKER CERTIFIED SOLUTION
rionroc

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
inspector_mills

Norton 360 fixed that prob for me. See if you can get a trial (they usually have one) and try a full system scan.

Just curious, what happens to your pc when you try to boot it on safe mode?
Itai_sharim

Try downloading SpyWareDoctor starter edition and norton security scan.
Those are included in the google pack and are free of charge.
It can be downloaded from http://pack.google.com/intl/en/pack_installer.html
 
c7c4c7

Try running Malwarebytes again, use the quick scan option and see if it finds anything more to clean up or if the items you deleted got reintroduced somehow.

To reinstate the lost items go here http://www.kellys-korner-xp.com/xp_tweaks.htm.  It contains scripts that will reintroduce the items you are missing.
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck