1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Task manager / desktop disabled

Discussion in 'Virus & Other Malware Removal' started by nikkavy, Oct 6, 2008.

Thread Status:
Not open for further replies.
Advertisement
  1. nikkavy

    nikkavy Thread Starter

    Joined:
    Oct 6, 2008
    Messages:
    17
    Hello,
    I think I've been infected with something and hoping someone on this site might be able to help. I'm running win XP sp3 on a pretty standard PC.

    My computer was running very slow and when I restart, I now find my taskbar / start menu is missing, along with all my desktop items. When I use ctrl-alt-del I get an error message "Task Manager has been disabled by your administrator"

    I cannot run anything except from the command line window and I don't have hijackthis installed.

    I started in safe mode, ran REGEDIT to remove the "disable taskbar" section but each time I exit registry editor it resets so that when I re enter to check, the entry has returned and set back to 1.

    Any help would be appreciated!
    thank you.
    cassy
     
  2. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,800
    Please download Malwarebytes' Anti-Malware to your desktop
    from http://thespykiller.co.uk/downloads/mbam-setup.exe or http://www.malwarebytes.org/affiliates/thespykiller/mbam-setup.exe

    Double-click mbam-setup.exe and follow the prompts to install the program. At the end, be sure a checkmark is placed next to the following:

    Update Malwarebytes' Anti-Malware. Launch Malwarebytes' Anti-Malware. Then click Finish.

    If an update is found, it will download and install the latest version. Press Update to make sure the latest database is loaded.
    Once the program has loaded, select Perform quick scan, then click Scan.
    When the scan is complete, click OK, then Show Results to view the results.
    Be sure that everything is checked, and click Remove Selected.
    When completed, a log will open in Notepad.
    Please include this log in your next reply.
     
  3. nikkavy

    nikkavy Thread Starter

    Joined:
    Oct 6, 2008
    Messages:
    17
    Hi, thank you so much for your speedy response!

    I can't figure out a way to load the software you suggested onto my computer as it will pretty much only do 2 things:

    1)load in safe mode with command prompt - I can use cmd to run regedit, etc but I have no desktop / icons / system tray / taskbar or start menu key functions (screen background is just black with "safe mode" in 4 corners and a cmd window in center).

    2) load normally which just gives me the "desktop background" image with no icons / system ray / taskbar or start menu key functions

    Since this doesn't allow me to navigate anything, or install anything. I had an idea to download the program to my laptop, which works fine, burn a cd and open it somehow thru the cmd window on the malfunctioning laptop but I'm not sure of the commands and whether I can access any kind of autorun from the command window.

    Any thoughts on this?
    thanks!
    cassy
     
  4. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,800
    if it that bad, I would suggest the safest solution is to format & reinstall
     
  5. nikkavy

    nikkavy Thread Starter

    Joined:
    Oct 6, 2008
    Messages:
    17
    Actually last night I discovered that I can get into Explorer although I still have no task manager / start button.
    I was able to install spybot SD and Hijack this although the program you were suggesting gave an error message on attempt to install (I can do it again and post the error message if that helps).
    I am able to run both, would it help to post my HJT log or list the malware found by spybot SD?
    thanks!
    cassy
     
  6. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,800
    if you can get into explore then post a hjt log & we can see from that and decide on next step

    post the error message MBAM gave
     
  7. nikkavy

    nikkavy Thread Starter

    Joined:
    Oct 6, 2008
    Messages:
    17
    Hi Derek,

    Sorry for replying to this so late - I thought my post went thru last week but today I realized it didn't :( So I'm reposting it, also my logs were too big for the site so I am adding them as attachments.



    I actually tried a couple of other things (before I read your post) and it seems to be getting better.

    I ran spybot, let it remove the items it found. But each time I restarted it found the same things so I removed spybot, installed Mbam, let it remove the items it found (it found a lot more and took a lot longer to scan).

    After running mbam in safe mode and restarting in safe mode I got ctrl-alt-del functionality back!
    Regedit no longer shows "tskmgr disable".
    I removed mbam, reinstalled spybot, ran it again, it found "hitbox" and removed it.

    Now both mbam and spybot claim they don't find any items.
    When I run in safe mode, I have a taskbar / start menu and can see all my desktop items. I can use the start menu to navigate and start programs. However I have no network access.

    When I start in normal mode I get only a desktop picture with no icons or start menu/taskbar. I still have ctrl-alt-del and can start the "explorer.exe" process to navigate my hard disk but have no internet access. I have to use ctrl-alt-del and explorer window to navigate everything - it shows everything on my desktop, etc. but the items don't actually appear on the desktop. Also everything runs extremely slow and explorer "hangs" for a while before opening a window. One time when I tried to shut down it said it could not shut down a process called "proxydesktop" but it doesn't show that message every time.

    Thanks so much for your help, I'm posting my HJT and spybot logs from a scan I did this morning. Sorry they are so long but hopefully they are what you're expecting to see. I looked at your website and figured out you're in the UK so now I know when to look for your posts. BTW, the hedgehogs are adorable! Too bad I live in an apartment in Seattle, WA - wish I could adopt one or a few!
    cassy
     

    Attached Files:

  8. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,800
    Please disable SpybotSD TeaTimer, as it may hinder the removal of the infection. You can enable it after you're clean.
    To disable SpybotSD TeaTimer:

    Open Spybot and click on Mode and check Advanced Mode
    Check yes to next window.
    Click on Tools in bottom left hand corner.
    Click on System Startup icon.
    Uncheck Teatimer box.
    Click Allow Change box.

    You can follow this link if you need help: http://russelltexas.com/malware/teatimer.htm

    Please visit Combofix Guide & Instructions for instructions for downloading and running ComboFix: especially follow the advice about installing the recovery console

    Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply
     
  9. nikkavy

    nikkavy Thread Starter

    Joined:
    Oct 6, 2008
    Messages:
    17
    hi derek

    I went over the instructions for recovery console and started the install but as zoo. As I ran the first command I got an error message saying windows could not start setup because the version of windows on my computer is newer than the one on the cd. I think this is because I'm running g SP3.

    Any suggestions on getting the recovery console running? The Internet connection is not working on my computer but I can use another one and burn a cd to get data I to my desktop if needed.
    Thanks!
    Cassy
     
  10. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,800
    forget recovery console for now & just run combofix
     
  11. nikkavy

    nikkavy Thread Starter

    Joined:
    Oct 6, 2008
    Messages:
    17
    Hi Derek,

    When I restarted after attempting to do the recovery console my desktop reappeared briefly, but I still don't have internet connectivity.

    I downloaded combofix on my other computer and copied it to the desktop.
    When I run combofix (in safe mode) it opens a windows dialog that says "select a group to convert" (it looks similar to when you tell MS word you want to insert something from a file, where it shows the contents of a directory for you to pick the file from). The directory that it defaults to is "Windows" then that window closes. It's asking for a *.grp file.

    I never saw any of the things bleepingcomputer said would come up when combofix was run.

    I wanted to make sure there wasnt' a problem with the combofix file so I downloaded, copied, installed it again but had the same result.

    Also when I try to start it in regular mode I get the same thing.
     
  12. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,800
    lets see if this will get internet back

    Download LSPfix here: http://www.cexx.org/lspfix.htm
    run the application. Just run it, you will see a list of files in the left hand pane and possibly some in the right hand pane. Do not change any of them, just tick the"I know what i'm doing" box & press finish and the program will do anything necessary
     
  13. nikkavy

    nikkavy Thread Starter

    Joined:
    Oct 6, 2008
    Messages:
    17
    Hi Derek,
    I ran lspfix, it says there are no problems. I tried running it anyway but it said it found nothing to fix.

    Just to be clear, when I start in normal mode I am still missing taskbar and desktop. Sometimes when I try to shut down it says it's trying to close a program called proxydesktop. I am not sure what that is, could it be part of the problem?
    cassy
     
  14. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,800
    I have never seen that error with combofix

    I think that whatever has happened is going to be almost impossible to fix on a forum and it might be better to consider a format & reinstall

    do you have your windows disc
     
  15. nikkavy

    nikkavy Thread Starter

    Joined:
    Oct 6, 2008
    Messages:
    17
    i do have my windows disk and disks for all my software but i really dont want to lose all my data and while i have some backups they're not terribly recent.
    If I do a format & reinstall, can i back up my data to my second (physically separate disk but it is an internal drive) disk so that I can get my data back?

    For example, my Outlook backup is too big to save to a cd or dvd so the only place I have to back it up is on my second disk, unless I buy an external drive which I could do but would really prefer not to.


    Will the reinstall delete the data from my second disk?

    Any more ideas why things seem to work almost normally when I run in safe mode but everything is hidden when I run in regular mode?
    thanks!
    cassy
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/756696