Trying to remove spyware in Vista, but can't run task manager!

steinooo

steinooo

steinooo

Soldato
Joined
31 Dec 2003
Posts
4,768
Location
Stoke on Trent
Hi all,

i'm trying to get rid of what looks to be spyware called "Internet Antivirus 2011" on someone's Vista computer but even though I've manually removed a load of exes and reg entries, even when I boot into safe mode i cant run task manager or Ad aware which I've just installed.

Has anyone got any tips on how I can at least run the Task Manager or Ad Aware programs please?
 
This particular nasty along with a few others can alter Windows Registry values to disable things like Task Manager. Can you run regedit?.
 
Copied and pasted from elsewhere. :cool:

In regedit, browse to the following key:-

HKEY_CURRENT_USER\Software\Microsoft\Windows\
CurrentVersion\Policies\system

In the right pane, look for the value: DisableTaskMgr

Right click DisableTaskMgr and select Delete. (When prompted with "Are you sure you want to delete this value", select Yes.

Now browse to the following key:-

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\policies\system

In the right pane, look for the value: DisableTaskMgr

Right click DisableTaskMgr and select Delete. (When prompted with "Are you sure you want to delete this value", select Yes.

Close the Registry by choosing File | Exit.

You should now be able to access Task Manager. If not, reboot into Safe Mode and repeat the steps outlined above.
 
Draeger said:
Further details HERE
Click to expand...

thanks for that, but there's nothing in that key which disables taskmgr. It must be disabled from somewhere but I cant think where. I'm searching the reg for taskmgr at the moment but am not confident about what might be legit or not.
 
The only mention of taskmgr that I don't particularlly like the look of is HKLM\Software\MS\Windows NT\Current Version\Image File Execution Options but no idea if its a legit entry or not. I don't let computers defeat me but this is really annoying me lol. I thought installing Adaware would mean that I could at least run the damn program but no!
 
james.miller said:
if task manager is disabled, try process explorer instead http://technet.microsoft.com/en-us/sysinternals/bb896653

so far its worked for me every time
Click to expand...

wow great plan, never thought of a sysinternals tool. nice tip.

darael said:
Download Malwarebytes Anti-Malware and the latest defintions, then install and run a quick scan in safe mode. After hopefully getting rid of the worst, run a full scan.

After removing any left overs found from MBAM's full scan, install and update Spybot Search & Destroy and run a scan.
Click to expand...

cheers, Spypot found 170 odd things but couldn't clean the hosts file, so it asked to be rerun which i'm doing now. taking a lonnnnnnnnnng while on startup! Interesting that Spybot ran but Adaware didn't

Draeger said:
I'm guessing you already did but have you tried looking for it in the GP Editor?.
Click to expand...

yep, that wouldn't run either.
 
I abandoned Ad-aware a long time ago, and replaced it with Malwarebytes. MBAM is quicker and has a better detection rate than Ad-aware. Don't get me wrong, Ad-aware used to be good and I used to use it a lot - but it's old skool now. :p
 
Can you create a new user? You'd be shocked, but often this malware doesn't jump too a new one. Malwarebytes + MSE in a new profile have worked the best for me. Almost all spyware I get asked to fix turns out to be some version of this same thing, some are harder than others to get rid of.

When you get it clean and find you can't connect to the net, it will turn out to just be the proxy settings.
 
Malwarebytes should do the trick for this particular nasty. If you can't seem to run it after installation, rename the MBAM executable to "sol.exe" (Solitaire). It should run then.
 
You must log in or register to reply here.
Back
Top Bottom