MajorGeeks Support Forums

Go Back   MajorGeeks Support Forums > ----------= PC, Desktop and Laptop Support =---------- > Malware Removal
Register FAQ Members List Calendar Casino Mark Forums Read

Malware Removal Malware removal forum. Please see the READ ME FIRST thread before you post. Forum is staffed by a small number of volunteers, please be patient.


Closed Thread
 
Thread Tools Display Modes
  #1  
Old 07-04-09, 09:59
HiJack HiJack is offline
Private E-2
 
Join Date: Jul 2009
Posts: 4
Thanks: 3
Thanked 0 Times in 0 Posts
Default Hijack.regedit -taskmanager!

Hi!

I am very new here, and want first of all, thank you for this great site, and even apologize for my bad english, but Ill do my best

My comp. is a bit "sick", and it has been like this a while now. Ive reinstalled my comp. many times, but the same problem finds its way in to the system again I dont know how or why. Ive tried many spyware, firewalls and anti-virus software(s), but without any good results.
The thing is that every little dirty "spayware" virus disappears after a scan, but hijack.regedit and hijack.taskmanager (hijack.tskmgr) is still in the system. I even found out that these two make many things crash, and that is true. Many applications dont work anymore, and I cant even delete them from my PC. Been in many forums, but no one could out, so Ill try your help. Plz help!

Now Ive reinstalled the system ones more. Just so I can follow "READ & RUN ME FIRST. Malware Removal Guide". Ive done everything there, and here are the logs.
Attached Files
File Type: txt ComboFixlog.txt (18.9 KB, 2 views)
File Type: txt MBAMlog.txt (1.2 KB, 2 views)
File Type: txt RootRepeallog.txt (38.5 KB, 3 views)
File Type: txt SASlog.txt (568 Bytes, 5 views)
Sponsored links
  #2  
Old 07-04-09, 10:01
HiJack HiJack is offline
Private E-2
 
Join Date: Jul 2009
Posts: 4
Thanks: 3
Thanked 0 Times in 0 Posts
Default Re: Hijack.regedit -taskmanager!

And heres the last Log.

Everything is fine with my computer, apart from these two "infections". Plz, what do I have to do, to get rid of them?

Again, am sorry for my english, and hope ull understand what am asking for...

Thanx a lot...
Attached Files
File Type: zip MGlogs.zip (80.7 KB, 3 views)
  #3  
Old 07-05-09, 22:26
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,764
Thanks: 62
Thanked 7,830 Times in 4,252 Posts
Default Re: Hijack.regedit -taskmanager!

Welcome to Major Geeks!

Why are you running your PC with no protection software installed?


Now we need to use ComboFix
  • Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
    • If it is not on your Desktop, the below will not work.
  • Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
  • If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
  • Open Notepad and copy/paste the text in the below quote box into it:
Quote:
KILLALL::

File::
C:\DOCUME~1\YUNYII~1\LOKALA~1\Temp\windwwpch.exe
C:\DOCUMENTS AND SETTINGS\YUNYIISAAHENN\LOKALA INSTäLLNINGAR\TEMP\WINKYTFL.EXE
C:\DOCUME~1\YUNYII~1\LOKALA~1\Temp\winsohvd.exe

Registry::
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=-
"DisableRegistryTools"=-
  • Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
  • At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
  • You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
  • Now use your mouse to drag CFscript.txt on top of ComboFix.exe
  • Follow the prompts.
  • When it finishes, a log will be produced named c:\combofix.txt
  • I will ask for this log below
Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.


After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment
Now run Ccleaner. Only use the Run Cleaner button. Do not run anything else on any other forms.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).


Then attach the below logs:
  • C:\ComboFix.txt
  • C:\MGlogs.zip
Make sure you tell me how things are working now!
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter

Last edited by chaslang; 07-08-09 at 00:48.. Reason: Added winsohvd.exe
  #4  
Old 07-06-09, 15:35
HiJack HiJack is offline
Private E-2
 
Join Date: Jul 2009
Posts: 4
Thanks: 3
Thanked 0 Times in 0 Posts
Default Re: Hijack.regedit -taskmanager!

Hi, and thx!

Who told u that I dont use any protection software m8?
Like I told u before... Many protection softwares, just stopped, and why, I dont know, but I guess it has something with the hijack.- files to do?!
I have SuperAS and MBAM in my system right now, but like u know by now, they just stopped working after the first reboot. (Many other suffers the same)

Now Ive done exactly like uve told me. Did everything, but when I ran CCleaner, a "regedit inactive by admin" or something wondow pops up (sorry for my english). When I start the CC it pops up immediately and then... the CCleaner is gone... At last I was a bit faster and pressed the "Run Cleaner"...
When it scanned and was finished, it showed me "100%" of the sanning process, and without finding anything. A secund later the the CCleaner was gone, like the first 5 times.

Then I started with the "C:\MGtools\GetLogs.bat" -step. The CMD appairs and everything seems to be fine, but then the same "regedit inactive by admin" pops up. But this time, it didnt close the CMD window, so the CMD "scan" goes on. I followed some things the CMD showed, and many times it didnt find some files, in the C:\MGtools\- directory.
At last the CMD tells me, to press any key to end it. And so I did, and here is the logs...

Thx for ur help, and time... and again, Sorry for my english!
Attached Files
File Type: txt ComboFix.txt (23.5 KB, 2 views)
File Type: zip MGlogs.zip (93.0 KB, 3 views)

Last edited by HiJack; 07-06-09 at 15:43..
  #5  
Old 07-08-09, 00:42
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,764
Thanks: 62
Thanked 7,830 Times in 4,252 Posts
Default Re: Hijack.regedit -taskmanager!

Quote:
Originally Posted by HiJack View Post
Who told u that I dont use any protection software m8?
Your logs clearly show it. You have no antivirus, no realtime antispyware, and are relying on the less then adequate Windows firewall. The free versions of SAS and MBAM that you have do not provide protection. Thus as I stated, you have no protection installed.

You did not create the CFScript.txt file properly. I can see that from your ComboFix log which shows it did not attempt to fix what we wanted to fix. Please try the fix again and make sure you create the CFScript.txt file properly. Make sure you recreate the file since I also added one more file to it (winsohvd.exe) that is new.

Then attach the new ComboFix log and also run the GetLogs.bat program again and attach the new MGlogs.zip file too.

What is the below startup program for?
c:\documents and settings\All Users\Start-meny\Program\Autostart\
BankID s„kerhetsprogram.lnk - c:\program\Personal\bin\Personal.exe [2009-7-5 939536]
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter

Last edited by chaslang; 07-08-09 at 00:54..
Sponsored links
  #6  
Old 07-08-09, 09:52
HiJack HiJack is offline
Private E-2
 
Join Date: Jul 2009
Posts: 4
Thanks: 3
Thanked 0 Times in 0 Posts
Default Re: Hijack.regedit -taskmanager!

Hi again.

Like Ive told u before m8, the hijack.-things makes every software stopp working. My logs maybe show u that am not using any protecion at all, but becuz every firewall, spayware- and other protection software, just stopp working after maybe, one or two reboots. Ive even used software, with was more then "free versions".

I did create a new notepad, and named it CFScript (.txt) on the desktop. I copied the text that started from: "KILLALL::" to ""DisableRegistryTools"=-" and pasted it in the CFScript, and saved it. With the mouse I moved the CFScript.txt, and dropped it on the ComboFix.exe file, on the desktop. A small loeading window pops up over the ComboFix icon, and then its moves on. I guess Ive done the right things?!

Here are the ComboFix- and the MG-logs. There is also a third log, procdll.txt, whitch is created every time i run ComboFix. Dont know what it is, but u maybe want to take a look in it?!

Thx for ur help!
Attached Files
File Type: zip MGlogs.zip (93.5 KB, 3 views)
File Type: txt ComboFix.txt (24.3 KB, 4 views)
File Type: txt procdll.txt (57.7 KB, 1 views)
Closed Thread

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Windows cannot find Taskmanager or regedit.. punxgr8 Malware Removal 1 05-10-09 15:09
Please Help Remove Hijack.Regedit Hijack.Taskmanager and Hijack.Desktop sullyyy Malware Removal 1 04-02-09 13:02
Taskmanager, regedit, msconfig won't stay open salvo1 Malware Removal 2 11-20-07 01:22
Antivirus/Regedit/Taskmanager/e-mail/ will not run quintesscence Malware Removal 15 02-18-05 00:27
Disappearing TaskManager, Regedit, MsConfig topcatoz Malware Removal 6 01-08-05 01:29


All times are GMT -5. The time now is 23:00.

MajorGeeks.Com Menu

MajorGeeks.Com \ All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ NEW! PC Games \ System Tools \ Macintosh \ Demonews.Com \ Top Downloads

MajorGeeks.Com \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds


All content Copyright © MajorGeeks.com source code Powered by vBulletin® Version 3.8.4
Copyright © 2009 vBulletin Solutions, Inc. All rights reserved.
Ad Management by RedTyger