-
March 18th, 2005, 09:57 AM
#1
msconfig, regedit, task manager close immediately
any thoughts?
all 3 will either open & then close with a second or two or not open
all 3 work fine in safe mode
the system is clean of klez & yaha
HJT is clean
clean of viruses
clean of spyware
should i re-extract from cabs?
as always thanks in advance
-
March 18th, 2005, 10:37 AM
#2
Registered User
have you seen this?
there is a useful tool at the bottom of that link to create usable copies of those files
-
March 18th, 2005, 10:39 AM
#3
Registered User
Well maybe to start what windows system
-
March 18th, 2005, 02:32 PM
#4
-
March 18th, 2005, 02:39 PM
#5
Registered User
If you have not already verified that the system has no viruses
using an online
scan I think thats where to start
www.pandasoftware.com/activescan
www.trendmicro.com
-
March 18th, 2005, 02:42 PM
#6
yup did that
safe mode network ran housecall found ZERO
ran NAV w/current defs in safe mode, system restore off....found ZERO
-
March 18th, 2005, 02:48 PM
#7
Registered User
OK now then go to Start Run type in sfc /scannow and hit enter
-
March 18th, 2005, 03:07 PM
#8
Registered User
It can't be a corrupt windows system file that would be fixed by sfc..or it would not work in safe mode. The same windows system files are accessed either way. Did you check processes for NETSTATT.EXE? Failing that, did you try the utility to make msconfig1.exe, etc and check to see if they would work? (after you make those files using the utility, you go to start/run and type in msconfig1.exe and hit enter)
-
March 18th, 2005, 04:08 PM
#9
Googled your issue and came up with the following:
"Sounds like you have installed yourself a variant of the HacDef Trojan.
See if you can find a file named hxdefdrv.sys in the Windows directory. Also,
try running REGEDIT, or MSCONFIG from the desktop 'run'. If it's HacDef, then
the application should start, and then abort. "
Here's a link with more information and removal instructions for HacDef (assuming that's what it is).
http://www3.ca.com/securityadvisor/v....aspx?ID=38058
Good luck!
-
March 18th, 2005, 06:04 PM
#10
I FINALLY GOT IT!!!!!
tahnks for all the helop ladies & gents
it was winrar32
i missed it on 1st glance
i used process exploresr from sysinternals to finally find it
again thanks for all the help
you all rock
-
March 18th, 2005, 07:54 PM
#11
Why would winrar cause this?
-
March 18th, 2005, 11:03 PM
#12
Registered User
WinRAR shows up as WinRAR.exe in the process view of the task manager. I think a malicious app was trying to hide itself by using a variation of the name of a common program.
I'm a rage-aholic! I just can't live without rage-ahol! -Homer Simpson
Similar Threads
-
By Daniel_C in forum Tech Lounge & Tales
Replies: 3
Last Post: August 19th, 2004, 04:51 PM
-
By gheidenr in forum Windows NT/2000
Replies: 4
Last Post: April 9th, 2004, 07:48 PM
-
By Taz Devil in forum CD-ROM/CDR(-W)/DVD Drivers
Replies: 5
Last Post: February 23rd, 2004, 02:23 PM
-
By TheCardMan in forum Windows XP
Replies: 7
Last Post: March 23rd, 2003, 03:20 PM
-
By Web Master in forum Windows NT/2000
Replies: 3
Last Post: May 29th, 2002, 08:41 AM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Bookmarks