1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

regedit, taskmanager and folder option disabled

Discussion in 'Virus & Other Malware Removal' started by acronym, Feb 17, 2007.

Thread Status:
Not open for further replies.
  1. acronym

    acronym Thread Starter

    Joined:
    Feb 17, 2007
    Messages:
    10
    iv got a folder in my usb and accidently i double click it. afterwards my registry, taskmanager and folder options are disabled. when i execute regedit a dialoge apears "rigistry is disabled by administrator" .
    folder version is 3.2.0.1 and its size is 262 kb. iv mcafee 8.0i which cannot detect it as virus. further more i v tried a lot of anti spyware but nothing happen. my computer is too much slow now.

    i v piii 500 with windows 2000 professional. i am posting hijack this log below

    Logfile of HijackThis v1.99.1
    Scan saved at 1:12:39 PM, on 2/17/2007
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\Explorer.exe
    C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
    C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
    C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
    C:\WINNT\system32\RVHOST.exe
    C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
    C:\WINNT\system32\RVHOST.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://vags/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.10.1.2:8080
    F2 - REG:system.ini: Shell=Explorer.exe RVHOST.exe
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
    O4 - HKCU\..\Run: [Yahoo Messengger] C:\WINNT\system32\RVHOST.exe
    O4 - Global Startup: Firewall Client Connectivity Monitor.LNK = C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\Officexp\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
    O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1169871599918
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = fariya.local
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = fariya.local
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = fariya.local
    O20 - Winlogon Notify: NavLogon - C:\WINNT\
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
    O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe


    thanks in advance for replying
     
  2. sjpritch25

    sjpritch25

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    1. Download the file UnHookExec.inf and save it to your Windows desktop.

      Note: The tool has a .inf file extension.
    2. Locate the download file, either on the Windows desktop or the floppy disk.
    3. Right-click the UnHookExec.inf file and click install. (This is a small file. It does not display any notice or boxes when you run it.)


    ==========================================

    Run HijackThis, and press "Do a System Scan Only".
    1. When the scan is complete place a check mark next to the following entries:

    F2 - REG:system.ini: Shell=Explorer.exe RVHOST.exe
    O4 - HKCU\..\Run: [Yahoo Messengger] C:\WINNT\system32\RVHOST.exe

    2. After checking these items CLOSE ALL open windows EXCEPT HijackThis and click "Fix Checked." Then, reboot your computer...


    ==========================================

    Download FileASSASSIN.zip and save to your desktop (this tool is compatible with Win 2000/NT/XP only).
    • Create a new folder on C:\ called FileASSASSIN and extract (unzip) it to that folder. (Click here for information on how to do this if not sure. Win 9x/2000 users click here.)
    • Open the folder and double-click on FileASSASSIN.exe.
    • Select the following file(s) to delete by dragging it onto the text area or select it using the (...) browse button.
      • C:\WINNT\system32\RVHOST.exe
    • Select a removal method. Start with "Attempt FileASSASSIN's method of file removal."
    • Click delete and the removal process will begin.
    • If that did not work then, start the program again and this time check "Use delete on reboot function from windows.".
    Note: If you cannot find the file, you may have to Reconfigure Windows XP to show hidden files, folders. (We are doing this so we can look for and delete hidden files if necessary but don't delete anything other than what I ask you to delete. After your system is clean, follow the same procedure to hide these files and folders again to protect them from accidental deletion).

    =======================================

    Panda Activescan
    http://www.pandasoftware.com/products/activescan.htm
    1. Once you are on the Panda site click the Scan your PC button
    2. A new window will open...click the Check Now button
    3. Enter your Country
    4. Enter your State/Province
    5. Enter your e-mail address and click send
    6. Select either Home User or Company
    7. Click the big Scan Now button
    8. If it wants to install an ActiveX component allow it
    9. It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
    10. When download is complete, click on Local Disks to start the scan
    11. When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.


    In your next reply, please include a fresh Hijackthis log and Panda Activescan log. Thanks.
     
  3. sjpritch25

    sjpritch25

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    Forgot to say Welcome to TSG !!!! :)
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/544759

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice