Windows Task Manager

  • Thread starter Thread starter rick
  • Start date Start date
R

rick

Hi everyone,

Lately I have been unable to use the Windows task manager.
It opens, but imediately closes before I can do anything
with it. I've run a virus check and did a Spybot search
and destroy with no change. My son has been doing a fair
amount of downloading for games and may have inadvertantly
downloaded something nasty. I have the suspician that
something may be running in the background but doesn't
want to be known and may have altered settings to close
the taskmanager imediatley on opening. Does anyonr have
any ideas?

Rick
 
Greetings --

This behavior is a common symptom of more than one virus/worm, the
three below being the most common:

W32.Klez
http://securityresponse.symantec.com/avcenter/venc/data/[email protected]

W32.Yaha
http://securityresponse.symantec.com/avcenter/venc/data/[email protected]

W32.Spybot.Worm
http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html


Bruce Chambers

--
Help us help you:



You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH
 
Thankyou Kelly,

I've been searching buletin boards everywhere, and running
virus scans, but I don't seem to have anything that anyone
else has had, or I'm not recognizing it. The emergency
utilities work great, but I can't recognize any of the
processes that have plagued others. Below is the logfile
from the startup tracker.

many thx

rick

9/6/2003 5:30:00 PM

-- Registry - HKEY_LOCAL_MACHINE RunOnce --
No Items Found

-- Registry - HKEY_LOCAL_MACHINE Run --
NAV Agent C:\PROGRA~1\NORTON~1
\navapw32.exe
QuickTime Task "C:\Program
Files\QuickTime\qttask.exe" -atboottime
TkBellExe C:\Program Files\Common
Files\Real\Update_OB\realsched.exe -osboot
NvCplDaemon RUNDLL32.EXE
C:\WINDOWS\System32\NvCpl.dll,NvStartup
nwiz nwiz.exe /install
IntelliType "C:\Program Files\Microsoft
Hardware\Keyboard\type32.exe"
InstantAccess C:\PROGRA~1\Xerox\CONTRO~1.0
\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
RegisterDropHandler C:\PROGRA~1\Xerox\CONTRO~1.0
\TEXTBR~1.0\Bin\REGIST~1.EXE
XWMSUSBAPI C:\WINDOWS\System32
\Drivers\XWMSAPI.EXE
ControlCentreTray C:\Program
Files\Xerox\ControlCentre 2.0\XWCTray.exe
Winsock2 driver WINCFG.SCR
EssSpkPhone essspk.exe
MSConfig
C:\EmergencyUtils\MSConfig1.exe /auto

-- Registry - HKEY_CURRENT_USER RunOnce --
Winsock2 driver WINCFG.SCR

-- Registry - HKEY_CURRENT_USER Run --
msnmsgr "C:\Program Files\MSN
Messenger\msnmsgr.exe" /background

-- Registry - HKEY_USERS\.DEFAULT Run --
No Items Found

-- Start Menu - Current User --
Microsoft Office.lnk
Pagis Schedule Monitor.lnk
PalNetaware.lnk

-- Start Menu - All Users --
Microsoft Office.lnk
Pagis Schedule Monitor.lnk
PalNetaware.lnk

-- Disabled Items --
CTLauncher

-- Registry - Shell Value -
HKLM\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon --
Explorer.exe

-- Running Processes --
System Idle Process
System
smss.exe \SystemRoot\System32\smss.exe
csrss.exe
winlogon.exe winlogon.exe
services.exe C:\WINDOWS\system32\services.exe
lsass.exe C:\WINDOWS\system32\lsass.exe
svchost.exe C:\WINDOWS\system32\svchost -k rpcss
svchost.exe C:\WINDOWS\System32\svchost.exe -k
netsvcs
svchost.exe
svchost.exe
spoolsv.exe C:\WINDOWS\system32\spoolsv.exe
explorer.exe C:\WINDOWS\Explorer.EXE
NAVAPSVC.EXE "C:\Program Files\Norton
AntiVirus\navapsvc.exe"
nvsvc32.exe C:\WINDOWS\System32\nvsvc32.exe
NAVAPW32.EXE "C:\PROGRA~1\NORTON~1\navapw32.exe"
qttask.exe "C:\Program
Files\QuickTime\qttask.exe" -atboottime
realsched.exe "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
type32.exe "C:\Program Files\Microsoft
Hardware\Keyboard\type32.exe"
INSTAN~1.EXE "C:\PROGRA~1\Xerox\CONTRO~1.0
\TEXTBR~1.0\Bin\INSTAN~1.EXE" /h
xwmsapi.exe "C:\WINDOWS\System32
\Drivers\XWMSAPI.EXE"
XWCTray.exe "C:\Program Files\Xerox\ControlCentre
2.0\XWCTray.exe"
wincfg.scr "C:\WINDOWS\System32\WINCFG.SCR" /S
essspk.exe "C:\WINDOWS\essspk.exe"
msnmsgr.exe "C:\Program Files\MSN
Messenger\msnmsgr.exe" /background
Monitor.exe "C:\Program Files\xerox\ControlCentre
2.0\Pagis\Monitor.exe"
pnetaware.exe "C:\Paltalk\pnetaware.exe"
devldr32.exe C:\WINDOWS\System32\devldr32.exe
iexplore.exe "C:\Program Files\Internet
Explorer\IEXPLORE.EXE"
StartupTracker3.exe "C:\EmergencyUtils\StartupTracker3.exe"

wmiprvse.exe
 
Rick, I'm not Kelly, but.................... your problem is definitely a
virus.

Winsock2 driver WINCFG.SCR

Which is being loaded from

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

and

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Run the copy of Task Manager in the C:\EmergencyUtils folder and locate the
process for WINCFG.SCR Highlight it, then select End Process.

Open Windows Explorer and go to C:\Windows\System32 and locate WINCFG.SCR
and delete it.

Now open Regedit (you should be able to use the normal one now) and go to
the two keys indicated above. Locate the "Winsock2 driver" entries. Right
click them and select Delete.
 
Back
Top