Skip to main content

Task Manager, CMD, Regedit Virus

Once every 6 months or so, I do get a virus. I came across this one from Limewire.

Symptoms: regedit, cmd & task manager lost! "in use by another program"

After using Ad-Aware and Microsoft Defender, my system was reported as clean; only clearing out some cookies.

Several sites report the problem: Cannot open task manager; task manager fails, regedit and cmd same issue.

The virus takes hold of these application pointers, fortunately I use an application as a replacement for command prompt so I was able to source the issue.

Resolution:
Two files need to renamed/deleted:
b.exe (in Windows root folder) and svchost.exe located in Startup. The virus uses a trusted name (svchost.exe) but puts the file in the Startup folder.


Background:
I don't use any memory resident virus prevention software. I rarely come across malware, however when looking for a software crack, questionable software, or the like. In this case, I downloaded something from Limewire. Many of the listings on Limewire these days are viruses and such, so you do need to be careful. I believe the software operates as a Limewire distributor for the virus itself. I cannot find anything it does beyond redistribution of itself.

Comments

Post a Comment

Popular posts from this blog

VB.Net code to control mouse movement and click

VB.Net code to perform mouse movements and clicks. Include references at the top of the class code file to Windows interface libraries: Public Declare Auto Function SetCursorPos Lib "User32.dll" (ByVal X As Integer, ByVal Y As Integer) As Integer Public Declare Auto Function GetCursorPos Lib "User32.dll" (ByRef lpPoint As Point) As Integer Public Declare Sub mouse_event Lib "user32" Alias "mouse_event" (ByVal dwFlags As Integer, ByVal dx As Integer, ByVal dy As Integer, ByVal cButtons As Integer, ByVal dwExtraInfo As Integer) Some fixed constant values will be needed, so include these as basic names: Public Const MOUSEEVENTF_LEFTDOWN = &H2 Public Const MOUSEEVENTF_LEFTUP = &H4 Public Const MOUSEEVENTF_MIDDLEDOWN = &H20 Public Const MOUSEEVENTF_MIDDLEUP = &H40 Public Const MOUSEEVENTF_RIGHTDOWN = &H8 Public Const MOUSEEVENTF_RIGHTUP = &H10 Public Const MOUSEEVENTF_MOVE = &H1 This ...
47 comments
Read more

Google's Automated Search Query Capture

It's known that Google takes preventative measures to reduce automated use of their search engine. In fact, Googles terms of service restrict the use of automated queries. Normally human users with real browsers will not be suspect of such use and thereby should not trigger firewall rules that detect queries that appear to be automated. However I found myself in just that position. After running several varied queries, I came back to running the repeating a past query (through the browser drop down query history) and received the following : HTML Source Interesting to note is that the page response header is a 503 error code . I suspect this was triggered by my complex query, retrieving multiple pages or results, and repeated usage in a short period. Google knowledge base on this topic suggests that users that have this problem may also have a virus or other spyware on their computer or another in the network.
70 comments
Read more

svchost.exe Hangs and Automatic Update hangs

Here is a Windows problem which had me spun for a few hours on two occasions. Symptoms Overview: The system is slow and svchost.exe is taking 50%+ CPU (or 100% CPU on a non-HT machine). Windows update (http://windowsupdate.microsoft.com/) hangs . See below for detailed diagnoses . Cause: A previous Windows Update was prematurely terminated. Windows Update is attempting to failing to recover the session and the partial downloads. It is stuck in a loop in the recovery and determining where to continue the downloads. Solution: Stop and terminate the Automatic Updates (svchost.exe) process . Delete all files and folders in C:\Windows\SoftwareDistribution). Windows Update will automatically obtain all the files it needs later. Start the "Automatic Update" service. Retrieve the latest Windows Updates from Microsoft. You should no longer have the CPU usage problem with svchost.exe. Detailed diagnoses - Confirming the symptoms 1) Turn off Automatic Updates and BITS. Do this from...
31 comments
Read more