Link to home
Create AccountLog in
Avatar of tss-nm

asked on

Disabled taskmgr, regedit, IE, spybotsd, malware

Have an XP Pro SP3 with malware.  It has disabled taskmgr, regedit, IE, spybotsd at least.  Malwarebytes removed four items (trojans and downloaders).  GPedit will run, but changes to Ctrl-alt-del; and disable regedit will not stick.  Common tricks to run Reg delete as a vbs script or in CLI mode to del related keys will run, but does not help.  Seems I can not start in Safe Mode either.  The hosts file was not hit.

1) Any ideas what this malware is and 2) how to clear it from this system?
Avatar of JoWickerman
Flag of South Africa image

Hi tss-nm,

Try to download and install Avast! antivirus. You can download the updated signatures as well. Install and scan.

Let me know.

Avatar of Orion88

Do you still have the names of the 4 items removed by malwarebytes?
If not, try this.  Since you can not get into safe mode, the easiest way to delete the files is to boot to a live windows cd and delete the files from your hard drive then reboot and if you get them all you will be back to normal.  To find the virus files boot to the live cd, Open c:\windows\system32, (it may be a different drive letter than C on some live cds so you will have to look and see which letter it mounts your primary windows drive to) choose detail view and sort by date.  Look at the newest files shown, any of the names you see with the current date or newer than the day you started having the problem, they are very likely the virus/trojan, specifically .exe and .dll files that have random number and/or letter combinations for the file name.   Rename the .exe or .dll part of the suspected files temporarily to test.  Use something like .ex3 or .d11 that you will recognize and be able to change back later if the file you rename is not a virus.  After renaming reboot and see if you have affected or fixed the problem.  If that gets you to where regedit will work again check the run entries in the registry and delete any entries that load the files you renamed and look for any others listed in the registry that you may not have found previously so you can remove them from the hard drive.  Sometimes the process has to be repeated a few times to get everything, using task manager once you get it working helps to identify any left running that you may have missed on a previous attempt.   If none of this works, it is easiest to remove the hard drive from the affected computer and scan it with another computer that is not infected, usb adapters work great for this purpose.  This answer is fairly technical because you sounded technical in your question.  Let me know if there is any clarification needed.
Avatar of tss-nm


I will tomorrow, too late tonight, thanks for the idea.  Got to download elsewhere and transfer since IE was also disabled.  Safe Mode runs and dies after line: MUP.sys.
Have a look at this:

Might help you to get past the mup.sys safe mode boot...

ComboFix.exe from fixes 90% of my malware issues.
Can you try system restore? This is the most easy and fastest way to resolve these malware issues. If you cannot run system restore, you can boot from a live windows cd, and do a manual system restore by copying and renaming files from the system restore folder. Let me know if you want to try this.
Avatar of rionroc
Flag of United States of America image

Link to home
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Norton 360 fixed that prob for me. See if you can get a trial (they usually have one) and try a full system scan.

Just curious, what happens to your pc when you try to boot it on safe mode?
Try downloading SpyWareDoctor starter edition and norton security scan.
Those are included in the google pack and are free of charge.
It can be downloaded from
Try running Malwarebytes again, use the quick scan option and see if it finds anything more to clean up or if the items you deleted got reintroduced somehow.

To reinstate the lost items go here  It contains scripts that will reintroduce the items you are missing.