1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Taskmgr.exe not found; all programs give an "open with" dialog box

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by jay7, Dec 22, 2011.

  1. jay7

    jay7 Private E-2

    I just got a virus on my Windows Vista PC, I'm using another PC now. I recognized the behavior immediately within seconds of getting it, basically first some slowdown, then I ran taskmgr, saw that explorer.exe was using about 50% of my resources, instead of the normal number of total used resources being under 5%, and saw a "cfd.exe" that I didn't recognize. I immediately ended that, and it kept popping back up. I ended it each time but it kept coming back. The Task Manager column listed it as some kind of script process, I can't remember exactly what the two words were but the first word was script.

    Anyway, what happened after a few minutes was that no programs would open. Any program would show a "open with" dialog. While task manager was still working, I closed the explorer.exe process and tried to restart it by clicking "new task..", but when I typed explorer.exe, it said the file/application was not found. So the current behavior is that all programs (windows explorer, notepad, any browser, etc) all pop up an "open with.." dialog, and that when I right click on the taskbar and choose to run Task Manager, it says the file taskmgr.exe is not found.

    While Windows Explorer was still working and I had it open, in the first few seconds of the time I got the virus, I did what I normally would do in these situations and look through my Temp folder to see what new files, especially new .exe files, have popped up with a recent date modified time. Sure enough, I saw the cfd.exe file and a couple other temp files listed with a created/modified time of 2 minutes earlier, so that file was definitely involved. While my browser was still working I did a search on the cfd exe file and found that it was related to BroadJump Client Foundation, however I can assure you that was not what it was in my case, since I've never had any program like that on my computer and the one I had showed a date and time of just 2 minutes earlier in my Temp folder, so there's no chance it was any kind of legitimate file.

    I also did some searches on the "open with" problem and found info on some Windows Security 2012 virus, but I really don't think that's what happened, because in the descriptions of that virus, you get something posing as anti-virus software that pops up, and that never happened to me. This all happened in a matter of just a couple minutes.

    I went into Safe Mode and all the same problems occured, all programs show an "open with" dialog box, and it says taskmgr.exe is not found. So there's really nothing I can do within Windows. I'm not too sure how to fix this.. any ideas?

    Thanks a lot in advance for any info or help, or any suggestions on where to start.
  2. thisisu

    thisisu Malware Consultant

    Hi and welcome to Major Geeks, jay7!

    [​IMG] Download Windows Repair by Tweaking.com and unzip the contents into a newly created folder on your desktop on the PC with the infection.

    Open up this newly created folder and then open the "files" folder (...\windows repair v1.5.6\files)
    From here, locate the fix_exe_hijack.inf file and then Right-mouse click it one time, then choose "Install".
    Once you have done this, you should now be able to open applications again.
    Let me know the results or if you need additional help.
  3. jay7

    jay7 Private E-2

    First of all, thank you for the reply.

    Actually, that worked, even though I was positive it wouldn't. I had tried everything to access a Windows Explorer window or any way to browse/open files but had no luck. But I copied the files you mentioned to a USB stick, inserted it to the other PC, got the popup that asked if I wanted to browse the USB drive in an Explorer window, and it actually worked. I thought I would get the "explorer.exe not found" again. So I installed the .inf file and programs appear to be working now.

    However I know I must still be infected with the virus in some way so what next? What do I do now? Should I just run some programs like malware bytes or any other software and see what it finds, and then go from there?

    Two things I noticed while quickly browsing around. For one, I checked my Temp folder again, and saw that a ton of new subfolders got created, apparently using all of the zip files on my hard drive. In other words, if I had a "filename.zip" somewhere on my computer, in my Temp folder I saw a folder with the name "Temp1_filename.zip", and inside the folder were the contents of that zip file. Because I have a lot of zip files on my computer, there were a ton of these folders. None of these folders were there when I checked the Temp folder last night when I first got the virus. I also went browsing around to my other folders, to the locations where some of those actual zip files are, and the original zip files were still where they should be. So I don't know exactly what went on but suffice to say I'm sure it would be a good idea to not touch any of those folders or the original zip files again or I'll probably risk reinfection.
    And the second thing I noticed is that when I checked Task Manager, the number of open processes was only about 5 or 6, while the normal number is probably 20-25. I imagine that may or may not be fixed with a restart, but I'm not sure if it's a good idea to risk that yet or if I should be running some kind of anti-malware scanner first to try to remove any more infected files. I know sometimes a restart can actually reinfect a system when the virus has yet to be fully removed.

    I've got a bunch of other questions as well. If you do want me to start running some other tools/software and post some logs back here, how should I post the logs? For example, is it really safe/recommended for me to put my computer back online and actually open a browser at this point, or am I going to risk reinfection? I know from past experience that when a virus is still lingering, you can re-infect yourself sometimes just by opening a browser again or any other application. Also, should I be keeping that computer left on in the meantime? I had previously kept it off, but right now it's still on, and I'm wondering if that's just giving more time for the virus to continue changing files in my system. I know in the past I had one virus where by the minute, my hard drive space kept shrinking, pretty significantly, so the longer I left my PC running, the more damage it was doing and the more it was working in the background, and it was continuous. Should I instead try to copy logs from that computer onto a USB stick and then open/post them here on this computer, but if so, would that risk infecting this computer too? I really can't afford to have two PC's compromised because then I'd really be stuck. What kind of files have the risk of carrying an infection? Obviously .exe files, because in the past I've made the mistake of doing a complete reformat/reinstall of Windows, and then installing a basic program like Firefox or something similar from a saved install exe file I had kept on the previous hard drive, instead of redownloading it from the internet, and then I instantly got reinfected. So I'm wondering what other files have that risk, and I'm wondering how safe it is for me to even continue using that computer or all the files that I have on it. I've even heard it's possible for text or mp3 files to carry a virus attached to them via some kind of hidden file extension. Sorry for all the questions but any info would be much appreciated.

    Thanks again very much for the help so far.
  4. thisisu

    thisisu Malware Consultant

    Here is what you do next: READ & RUN ME FIRST Malware Removal Guide

Share This Page

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds