Jump to content

hijack.taskmanager


Recommended Posts

Guys I cannot believe I am posting this I am totally befuddled by this. It appears that I have some sort of virus/trojan on my computer called hijack.taskmanager. I am unable to access my task manager nor my registry. In addition I am unable to access the trend micro housecall scan or panda scan. The good news is my computer is basically clean right now with no programs installed on it yet so I would like to get this fixed asap. Will post logs below.

Link to post
Share on other sites

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:41:26 AM, on 11/2/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

Scan type: Quick Scan

Objects scanned: 38392

Time elapsed: 1 minute(s), 13 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

sorry i have no been able to post the log I have been very busy. Some updated details. I am just about positive that I have Win32 sality or one of its variants. The virus has infected my flash drives, I know this because when i plugged in the flash drive into this computer the virus infected this computer. Fortunately I immediately did a system restore point on this computer and unplugged the flush drive and now this computer is clean. This really sucks because I also have an external hard drive with all my important data on it and I fear that it too is probably infected. I will try to post the logs tonight if I can.

Link to post
Share on other sites

That doesn't make sense. If you did a restore point and cleaned it. Then your not infected. You don't say why you "know" this. And your not cooperating very well. The longer you put off doing as asked if you are infected the greater chance it is much harder to fix. You have the time to post it takes about 5 minutes to run the scans.

Link to post
Share on other sites

Computer appears to be working correctly. Below are my complete HJT and MBAM logs. I reformatted my hard drive and did a reinstall of windows.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:34:47 PM, on 11/4/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

--

End of file - 1129 bytes

Malwarebytes' Anti-Malware 1.30

Database version: 1366

Windows 5.1.2600 Service Pack 2

11/4/2008 10:24:39 PM

mbam-log-2008-11-04 (22-24-39).txt

Scan type: Full Scan (C:\|)

Objects scanned: 43154

Time elapsed: 3 minute(s), 11 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Both my flash drives, along with my external hard drive are infected with the virus. I have a lot of important data on external drive that I would like to be able to use. I was able to do a online scan using ESET and it said I had a Win32 Sality variance. I did some research on this virus

http://www.ca.com/us/securityadvisor/virus...s.aspx?id=52797

My computer exhibits all of those behaviors. I would like to remove the virus from my external drive if possible, it appears that all PE Executable files on the external drive have been infected. I am hesitant to even try to remove the files as every time i plug in my external drive or flash drives my computer is reinfected and I have to load a restore point for it to fix the problem. Any help on how to clean my external and flash drives would be appreciated.

Link to post
Share on other sites

I use Avira for AV it's very good and low resource.

For what ever your reasons, your editing your HJT log. That is not a full log. Nothing you have said makes any sense for what it going on. If you reformatted that alone should have cleaned the system. You have no windows services running at all? Impossible to run without them. Your not playing this game any more. As per site policy this issue is over.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.