Registry and Taskmgr inaccessible

[timnugent]

Help! One of our users opened a virus laden email and now that machine can't open either the registry or the taskmanager! I'm running Ad Aware and CWShredder but am otherwise in the dark. Also, Symantec Antivirus Corporate has been disabled and I can't visit the Symantec web site.

How do I get out of this?

Any help appreciated!

tim nugent

[timnugent]

Whoops, forgot to mention my system type. It's Windows XP Professional with Service Pack 2 installed.

Tim Nugent

[Raptor]

Questions:

1. Have you been able to remove what Adaware and CWShredder have found?
2. Have you removed the virus?
3. What is the name of the virus that has infected your system?

Suggestion:

1. Use the Trend Micro - Free online virus scanner to scan for viruses.
-- Disable system restore whilst scanning.

[Tim Nugent]

No my virus software doesn't detect anything and the TrendMicro link didn't work. I get this error message:

"Trend ActiveUpdate did not update successfully. It may result from busy server or bad network traffic.
Error Code: 7
Error String: ActiveUpdate did not receive a return code from the patch process. The update process may have terminated abnormally. The product needs to retry the patch update.

Do you want to retry?"

But when I retry, it just does the exact same message above again.

SpyBot and Ad aware and CW Shredder seemed to find problems and I quarantined or erased the identified files, but it doesn't change my inability to access regedit or task manager.

Could this simply be a new as-yet-unidentified virus?

I'm stuck.

Thanks,

TN

[dl65]

timnugent ......Try this ....go to   http://vil.nai.com/vil/stinger/   ........ using another pc .....D/L stinger to a floppy disk and then run it on the infected pc .........
P.S. .........boot the infected pc into safe mode and shutdown system restore before running stinger ........
Then when its finished try to enable Norton again and do a full system scan

let us know

dl65  

[merlin_2]

re-boot pc into safe mode< holdd down the f8 key on boot>.......disable net connections and scan for bugs........

[bliss]

The only real sure way to get rid of it is to reformat. Send all of your documents and images to an online email account with lots of storage (gmail's a good one) and let their virus scan weed out bad files. Whatever you do, DO NOT back up all of your documents to disk or CD, reformat, and put them back on your hard drive, as some of those files might be infected.

[pcdoc4christ]

Nugent:

Try booting to Safe Mode and logging on as the default administrator, search for the HOSTS file, and rename it something like OLDHOSTS, but don't delete it. (The virus may have made changes to this file to prevent your system from connecting to the most popular anti-virus support Web sites.)  Then reboot to Safe Mode with networking and see if you are able to reach one of the Web sites that offer free on-line scanning:

http://www.google.com/search?hl=en&q=free+on-line+virus+scan&btnG=Google+Search

If that doesn't work, use the Avert Stinger tool that was mentioned while your system is in Safe Mode.  

If that doesn't work, see if you are able to access the Registry Editor while logged on as the default administrator in Safe Mode.  If you are, let us know.  One of us will tell you the location of the most popular keys in the registry where viruses are often located.  If you find the name of one of the files the virus uses in one of the registry keys, that will help us determine what virus has infected your system and how to eradicate it.

If you are still unable to access the registry editor, then Bliss' idea seems the best course of action, although you may be able to save some of your data and access the registry once more by doing a repair installation instead:

http://support.microsoft.com/kb/315341

The virus may still be infecting your system after such a repair and you will have to take further action to remove it.

Regards,
Doc

[Fed]

Try opening regedit with the full command
regedit.exe
If it works you have probably got the alcan worm.

[pcdoc4christ]

Nugent:

And i trust you have already isolated the computer by disconnecting it from your LAN/WAN? You don't want the virus/worm to spread throughout your network, of course.