Need help repairing damage caused by a trojan

My friend had a nasty trojan he picked up by surfing "adult" sites. Thankfully ewido detected and removed the trojan but he still has some problems. The virus/trojan disabled things like task manager (ctrl+alt+del doesn't bring it up), right clicks, etc.. How would he go about restoring those options?

 

See line 51 - right column to enable taskmanager at the link below.

Then you could peruse the page for other fixes.

http://www.kellys-korner-xp.com/xp_tweaks.htm

 

Hello zopzop,

The Infiltration Recovery Tool which can be found at the bottom of the page via the following link may be what you are looking for. Hope this helps.

http://www.excessive-software.eu.tt/


Peace & Love,

CogitoErgoSum

 

awesome! thank you both

 

me again. i tried both of those sites (i bookmarked them in fact) but they didn't help my friend's pc. everytime we tried to add the registry entries from the windows xp tweak site it would give us an error like "this action has been forbidden by the administrator." after almost pulling out my hair in frustration, i tried "dial-a-fix". and it worked! the right clicks, regedit, taskmanager, internet options, cmd, run, msconfig, windows chat bubbles were enabled again.

but there's still one more problem. under control panel, the "users" option will not work! i click the icon and nothing happens (the original "users" icon is gone and in it's place is the generic windows icon). is there anyway to repair this? he can't create new users.

can anyone help? this is the only thing that's remaining to be fixed.

 

Have you tried using the repair console of XP?

 

zopzop,

I believe Lucas is referring to replacement of nusrmgr.cpl and possibly mshta.exe (correct me if I'm mistaken Lucas). If your friend isn't running this, it may be as simple as restoring the HTA association. Short of the latter, replacing file's would depend on the installation. If xpsp2, the method (disk, no disk - sp2 included, or updated).

Tell us, does it open when typing nusrmgr.cpl into a runbox? Are the above mentioned file's present in system32?


GF

 

@lucas1985

i wouldn't know where to even begin using recovery console to repair the problem, i've never used it

@GlobalForce

i know for sure he's not using HTAStop. the only thing he does with his windows is update his norton antivirus signatures and update his windows xp media edition 2005 with MS patches.

i won't be at his house again till Tuesday cause of the New Year's holiday. i'll check then and report back here. Again thanks for the help all.

 

User Accounts option in Control Panel gone
Recovery Console
How to Perform a Windows XP Repair Install

 

zopzop,

With any luck, it appears that the link lucas1985 provided to "User Accounts option in Control Panel gone" will do the trick.


Peace & Love,

CogitoErgoSum

 

Luck meaning .... sp2 was included on the install cd. Otherwise (in the instance sp2 was through update), expect a window's file protection error to be generated because of version differences. Either way, user's choice. We should be able to help you deal with any shortcoming's as they become apparent.

GF

 

@GlobalForce

i really dont' think his cd included sp2 he has a legit version of windows xp media center edition fully patched and updated to sp2 and i have a legit version of windows xp home edition fully patched and updated to sp2. what would happen if i used a copy of my nusrmgr.cpl and (if needed) mshta.exe and copied it to his machine?

is it a) legal and b) would it work?

 

zopzop,

It's Tuesday. Three detail's please .... fill us in on whether or not those file's presently exist in system32 and/or system32\dllcache including version number's, your proficiency within a command shell, and the drive letter your friend's system is installed on. We'll take it from there.


GF

 

well to get task manager back you can use the superantispyware repairs section .
www.superantispyware.com
lodore

 

thanks for all the suggestions guys. i just came back from my friends house. both nusrmgr.cpl and mshta.exe were present on his computer but nusrmgr.cpl was corrupt. we replaced the nusrmgr.cpl file from his windows media center edition of winxp using the method that lucas1985 linked to. the user accounts icon is back, when you click the icon the user accounts settings come up, etc.. bascially everything is working fine now.


THANK YOU ALL for your help! wilders rocks.

@lodore

thanks for the info. i've been using superantispyware for 6+ months and i never even saw that feature