Jump to content

virus/trojan taskbar and start menu not fully working


Recommended Posts

hi all. last night i got hit with some kinda virus worn spyware thing and my AV picked it up right away so i went into safemode and cleaned everything up ran all my cleaning programs and believe the issue to be gone.

the issue was called.

sysmngt.exe

remacc radmin r_server.exe c:/windows/system32

trojan horse instsvc.exe c/windows/sysmngt

edit. just noticed the **** thing also shared the folder that the original problem file was found in a key g e n. i think. so the program made that folder shared on my network and full access to those files i just noticed that deleted it all.

i rebooted into xp like normal and for some reason 3 things ive noticed so far have changed or stopped working.

start menu doesnt do anything now. whether it be clicking it or hitting key on keyboard. it just blinks when clicked.

i use quicklaunch and for some reason the extra programs that dont fit on the line that little >> thingy doesnt work. it doesnt show me my extra programs to use.

and lastly humm think i forgot lastly. maybe only 2 issues. looking for any help.

Edited by nycste
Link to comment
Share on other sites


Mabie if you unlock the taskbar and move it to the side or top then try it. if it works put it back where you want it and lock it again. My idea probably wont work but its worth a try.

yea tried this for the heck of it. didnt work.

Link to comment
Share on other sites

Try following Taurarian's post from 13-2-2005, 12:31AM from this post:

http://www.pcreview.co.uk/forums/thread-522214.php\

Running the iereg.bat will re-register pretty much all shell components, and may fix your issue.

thanks a ton gonna check this out now.

humm that link isnt good. seems that thread is deleted or moved somewhere gonna see if i can find it

Edited by nycste
Link to comment
Share on other sites

But i did find this. on lockergnome

Copy the lines below into a file named 'IEReg.bat' and double click it to

run it. This will reregister some DLLs for IE and the operating system.

Restart for effect.

--------------------------------

regsvr32 comcat.dll /s

regsvr32 shdoc401.dll /s

regsvr32 shdoc401.dll /i /s

regsvr32 asctrls.ocx /s

regsvr32 oleaut32.dll /s

regsvr32 shdocvw.dll /I /s

regsvr32 shdocvw.dll /s

regsvr32 browseui.dll /s

regsvr32 browseui.dll /I /s

regsvr32 msrating.dll /s

regsvr32 mlang.dll /s

regsvr32 hlink.dll /s

regsvr32 mshtmled.dll /s

regsvr32 urlmon.dll /s

regsvr32 plugin.ocx /s

regsvr32 sendmail.dll /s

regsvr32 scrobj.dll /s

regsvr32 mmefxe.ocx /s

regsvr32 corpol.dll /s

regsvr32 jscript.dll /s

regsvr32 msxml.dll /s

regsvr32 imgutil.dll /s

regsvr32 thumbvw.dll /s

regsvr32 cryptext.dll /s

regsvr32 rsabase.dll /s

regsvr32 inseng.dll /s

regsvr32 iesetup.dll /i /s

regsvr32 cryptdlg.dll /s

regsvr32 actxprxy.dll /s

regsvr32 dispex.dll /s

regsvr32 occache.dll /s

regsvr32 occache.dll /i /s

regsvr32 iepeers.dll /s

regsvr32 urlmon.dll /i /s

regsvr32 cdfview.dll /s

regsvr32 webcheck.dll /s

regsvr32 mobsync.dll /s

regsvr32 pngfilt.dll /s

regsvr32 licmgr10.dll /s

regsvr32 icmfilter.dll /s

regsvr32 hhctrl.ocx /s

regsvr32 inetcfg.dll /s

regsvr32 tdc.ocx /s

regsvr32 MSR2C.DLL /s

regsvr32 msident.dll /s

regsvr32 msieftp.dll /s

regsvr32 xmsconf.ocx /s

regsvr32 ils.dll /s

regsvr32 msoeacct.dll /s

regsvr32 inetcomm.dll /s

regsvr32 msdxm.ocx /s

regsvr32 dxmasf.dll /s

regsvr32 l3codecx.ax /s

regsvr32 acelpdec.ax /s

regsvr32 mpg4ds32.ax /s

regsvr32 voxmsdec.ax /s

regsvr32 danim.dll /s

regsvr32 Daxctle.ocx /s

regsvr32 lmrt.dll /s

regsvr32 datime.dll /s

regsvr32 dxtrans.dll /s

regsvr32 dxtmsft.dll /s

regsvr32 WEBPOST.DLL /s

regsvr32 WPWIZDLL.DLL /s

regsvr32 POSTWPP.DLL /s

regsvr32 CRSWPP.DLL /s

regsvr32 FTPWPP.DLL /s

regsvr32 FPWPP.DLL /s

regsvr32 wshom.ocx /s

regsvr32 wshext.dll /s

regsvr32 vbscript.dll /s

regsvr32 scrrun.dll mstinit.exe /setup /s

regsvr32 msnsspc.dll /SspcCreateSspiReg /s

regsvr32 msapsspc.dll /SspcCreateSspiReg /s

exit

--------------------------------

--

Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.

Microsoft Certified Professional

Microsoft MVP [Windows]

http://www.microsoft.com/protect

Edited by nycste
Link to comment
Share on other sites

gahh this didnt work first try. i found another similiar file which i just ran and gonna reboot.

so again summary of my issue.

i had some bugs affect my system and i cleaned them all out. during this process whether the bugs did it or me cleaning out my system with several programs my start button on computer and keyboard does nothing. also the arrow sign thing on my quicktasks on the bottom taskbar.

i click on them they change color thats it. nothing else happens cant seem to find much online either ive been checking

Link to comment
Share on other sites

still no one can offer any help. noticed a third issue.

1. title bars on all folders are missing the words the aka abilty to actually change stuff i think called title bar here is a pick

viruspicturere0.th.jpg

there are 4 things circled in red to show what my known problems ARE.

2. start button wont do anything. when clicked it changes color and does nothing. hitting the windows buttomon keyboard does nothing either

3. that little >> thing at bottom right of screen on taskbar quciklaunch doesnt work either even though there are programs hidden there.

looking for some advice or at least where better to post this question and problem.

-again this happened because i was hit wiht 2 diff types of virus/trojan/things which i believe to be fully removed.

Link to comment
Share on other sites

Originally posted by: mechBgon

1) Give us the precise names of the viruses/trojans/things. Your antivirus logs should say. Paste it in here. If you can pin down the site that the infection might've come from, send me a PM or paste it here in non-clickable form, for example: hXXp://www.mechbgon(DOT)com

2) If you want to go forward with the fight against the malware, follow all the instructions on this page. My advice would also include removing AVG Free Edition and installing a 30-day trial version of Kaspersky AntiVirus 7, then going through all the settings and maxing out everything, including the heuristics, and then updating and doing a full scan, including the rootkit scan.

3) If you want to go backward, then use System Restore to "go back in time" to before the attack.

4) If you want to do what is absolutely guaranteed to work, back up your data safely, then make a DBAN CD-ROM, unplug all drives except your boot drive, DBAN it, then reinstall Windows while taking security precautions (scroll halfway down that page). After finishing, absolutely do not run any infectable filetypes from your old files. DO scan them with a bunch of online virus scanners to try to reduce the chance there's bad things left in them.

just wanted to say thanks for your reply im reading stuff now. i have actually removed the AV program i was using when i got infected.

here is a list of all the programs i use whenever i think i have a problem.

Antivir

AVG

Claimwin

symantec corp av

adaware se (used to use newest one but annoying processes made me go back)

regscrubxp

rogueremover

spyware terminator

wise disk cleaner

wise registry cleaner

a2 anti dialer

a2 free

a2 hijackfree

spybot search and destroy

free window registry repair

crap cleaner

ok thats my list of programs i run weekly. maybe im a clean freak haha.

in response to you.

1. ill try and list everything i can find in any log files. some of them i cant read. as posted in beginning of this thread these are the things i know popped up.

sysmngt.exe

remacc radmin r_server.exe c:/windows/system32

trojan horse instsvc.exe c/windows/sysmngt

msn something.exe in system32 folder i think

2. intersting advice to remove avg run tiral program and scan everything. ill prob try this maybe not tonight though. great idea.

-and reading everything on that site and finding all and more free scanner programs i know there are a few more i ran that i didnt list like cwshredder and avast tool and stuff

3. system restore on my computers are always turned off instantly. is this bad i dont know ive never had a problem. i usually reformat if i really run into a problem.

4. alittle confused on that dban thing ill reread it. i have my harddrives partitioned and only 2 sections might be at risk if at all anymore.

-due to all my cleaning of the computer with all above mentioned programs nothing shows up as infected or issues anymore. but im still left with my 3 broken things.

thanks for respodning ill try and track more stuff down.

Link to comment
Share on other sites

finnally found something usefull going through all my log files on entire computer.

a-squared Free - Version 3.0

Last update: 6/12/2007 7:47:10 PM

Scan settings:

Objects: Memory, Traces, Cookies, C:\WINDOWS\, C:\Program Files

Scan archives: On

Heuristics: On

ADS Scan: On

Scan start: 9/5/2007 4:26:16 AM

c:\windows\system32\syscfg32.exe detected: Trace.File.Sbot

Value: HKEY_CLASSES_ROOT\CLSID\{30349568-DAB5-4FA9-B254-4D3BA77C7952}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Radlight

Value: HKEY_CLASSES_ROOT\CLSID\{68D6728A-D715-492A-A57B-8DDA01F4921F}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Radlight

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30349568-DAB5-4FA9-B254-4D3BA77C7952}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Radlight

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{68D6728A-D715-492A-A57B-8DDA01F4921F}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Radlight

C:\WINDOWS\sysmngt\admin.exe detected: Trojan.Win32.Agent.awz

C:\WINDOWS\sysmngt\install.exe detected: Trojan.Win32.Agent.awz

C:\WINDOWS\sysmngt\nzm.exe detected: Trojan.Win32.Agent.awz

C:\WINDOWS\sysmngt\preinstall.exe detected: Trojan.Win32.Agent.awz

C:\WINDOWS\sysmngt\sysmngt.exe detected: Riskware.Server-FTP.Win32.Serv-U.6105

C:\WINDOWS\system32\syscfg32.exe detected: Trojan.Win32.Agent.awz

C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL detected: Riskware.AdTool.Win32.MyWebSearch.a

Scanned

Files: 32259

Traces: 135708

Cookies: 1

Processes: 15

Found

Files: 7

Traces: 5

Cookies: 0

Processes: 0

Registry keys: 0

Scan end: 9/5/2007 5:02:27 AM

Scan time: 12:36:11 AM

C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL Quarantined Riskware.AdTool.Win32.MyWebSearch.a

C:\WINDOWS\sysmngt\sysmngt.exe Quarantined Riskware.Server-FTP.Win32.Serv-U.6105

C:\WINDOWS\sysmngt\admin.exe Quarantined Trojan.Win32.Agent.awz

C:\WINDOWS\sysmngt\install.exe Quarantined Trojan.Win32.Agent.awz

C:\WINDOWS\sysmngt\nzm.exe Quarantined Trojan.Win32.Agent.awz

C:\WINDOWS\sysmngt\preinstall.exe Quarantined Trojan.Win32.Agent.awz

C:\WINDOWS\system32\syscfg32.exe Quarantined Trojan.Win32.Agent.awz

Value: HKEY_CLASSES_ROOT\CLSID\{30349568-DAB5-4FA9-B254-4D3BA77C7952}\InprocServer32 --> ThreadingModel Quarantined Trace.Registry.Radlight

Value: HKEY_CLASSES_ROOT\CLSID\{68D6728A-D715-492A-A57B-8DDA01F4921F}\InprocServer32 --> ThreadingModel Quarantined Trace.Registry.Radlight

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30349568-DAB5-4FA9-B254-4D3BA77C7952}\InprocServer32 --> ThreadingModel Quarantined Trace.Registry.Radlight

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{68D6728A-D715-492A-A57B-8DDA01F4921F}\InprocServer32 --> ThreadingModel Quarantined Trace.Registry.Radlight

c:\windows\system32\syscfg32.exe Quarantined Trace.File.Sbot

Quarantined

Files: 7

Traces: 5

Cookies: 0

Link to comment
Share on other sites

ok out of the listed programs i use regularly can anyone point me to the file or log im trying to find. i just went through everyfolder i could find unless they are system protected i only found that a2 log posted above which actually a2 found most of my issues i was proud of the free program.

Antivir

AVG

Claimwin

symantec corp av

adaware se (used to use newest one but annoying processes made me go back)

regscrubxp

rogueremover

spyware terminator

wise disk cleaner

wise registry cleaner

a2 anti dialer

a2 free

a2 hijackfree

spybot search and destroy

free window registry repair

crap cleaner

where could i find the files i checked everything in windows, program files, all the user files, admin etc. unless they hidden or something lots of them were dat files or something no idea how to read those.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...