task manager registry key

Discussion in 'other software & services' started by datadata, Nov 4, 2008.

Thread Status:
Not open for further replies.
  1. datadata

    datadata Registered Member

    Joined:
    Oct 14, 2007
    Posts:
    14
    hi all

    I can't use alt crtl delete and I found out it was disabled in gpedit and i set it to unconfigured but didnt work.

    I also used spyware dr and it gave me a tojan generic (meduim) , and the registry line was pointing to :

    HKEY_USERS\S-1-5-21-3433162778-2826650621-2974146706-500\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr


    I opened regedit and only found :

    HKEY_USERS\S-1-5-21-3433162778-2826650621-2974146706-1004\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ >>> NoDriveTypeAutoRun

    I couldnt find Policies\"system" , and also searching current user & local mashine I didnt find that key.

    So:
    Where did spyware Doctor find it ?

    Why is ctrl manager hidden ? ( I used norton online scan and the computer is clean) , how to fix it ?

    PS. Spyware doctor found one file item called XPbutton.ocx which he thinks its related to spy anytime keylogger, but its trial and can't use clean .

    thanks o_O
     
  2. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    try downloading superantispyware link in my sig. free version
    install,update,scan and remore what it finds.
    then go to settings,repair tab and find the restore task manager.
    there are other repairs as well if you need them.
    you can then also run scans with drweb cure it and f-secure easy clean.
     
  3. emperordarius

    emperordarius Registered Member

    Joined:
    Apr 27, 2008
    Posts:
    1,218
    Location:
    Who cares
    Perhaps one of Spyware Doctor's "Legendary" false positives?:rolleyes:
    PS:Follow Lodore's advice
     
  4. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,189
    Location:
    USA
    A .ocx is an IE addon much like flash player. You can delete it in IE from the internet options.

    As Emperor Darius said it could be a false positive, but its unlikely. SD isnt know for false positives. Its the best anti-spyware app on the market at this point. I highly doubt it got to that position by giving false positives.
     
  5. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    have you ever tryed the free version of spyware doctor?
    its full of fp's to trick users in to buying it.
    search the net and you will find alot about it..
    i wouldnt touch it with a barge poll
    definatly not the best on the market.
     
  6. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,189
    Location:
    USA
    Then tell that to the people who have reviewed it at the numerous sites its been rated as the top Anti-Spyware app. Clearly they have missed something you caught on to.

    They arent false positives. They are legit. The program just has a unique marketing scheme in the sense that the trial doesnt do anything other than let you know what it detects. You can manually remove what it detects, but to have SD do it you need to pay.
     
  7. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    there have been enough people who have had stuff detected by the free version and then paid and nothing was detected..
    you should be able to remove malware in the free trial just like counterspy does..
     
  8. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,189
    Location:
    USA
  9. emperordarius

    emperordarius Registered Member

    Joined:
    Apr 27, 2008
    Posts:
    1,218
    Location:
    Who cares
    I don't think it's "the best". It may be good, but that doesn't change the fact that it makes a lot of false positives. Thing that other Antispywares, which include some free ones, don't do and detect pretty much the same amount of spyware.
    BTW: the second like is a joke and shouldn't even be considered.
     
    Last edited: Nov 5, 2008
  10. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,189
    Location:
    USA
    Like I said. Any malware type of program doesnt make the best of its class by giving false positives. False positives lower the rating. Either way SAS is a good one, Spybot is good only for its Immunize feature and the ability to edit Host files, and AdAware is also good.
     
  11. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    :blink: :)

    How to open Task Manager
    Ctrl/Alt/Del
    Ctrl/Shift/Esc
    or right click on the notification area and select TM.

    No point installing another app for this, try this site first...

    kellys-korner click on T, about 1/4 way down that page.
     
    Last edited: Nov 5, 2008
  12. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,189
    Location:
    USA
    That site only explained what the bytes in TM mean. The computer is infected.
     
  13. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    Edited my post
     
  14. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,189
    Location:
    USA
    Regardless of if it works or not. The most likely reason it was disabled is due to spyware in which case the computer will need to be scanned and cleaned before he does it. If the removal works there is no need for that website. If he doesnt scan it first it will happen on the next reboot because he didnt clean it in the first place.
     
  15. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    Personally I would kinda like a task manager working to aid in any removal of infection, although I do use process explorer.
     
  16. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,189
    Location:
    USA
    TM plays no role in deleting spyware or registry keys put in place by spyware so it doesnt matter if it works or not.
     
  17. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    Using tm or process explorer will aid you in reviewing suspicious processes, that's unless malware hooks the call to ntdll.dll and prevents malware processes being returned to tm or modifying the list with system call hooking.
     
  18. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,189
    Location:
    USA
    There is no suspicious process that makes TM unusable. Its a registry edit.
     
  19. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    Didn't say there was, I don't think you understood my post, I was saying why I would like to have a process explorer if infected as you seemed to dismiss it out of hand.
    exactly, as it seems here, but there are other ways.
     
  20. emperordarius

    emperordarius Registered Member

    Joined:
    Apr 27, 2008
    Posts:
    1,218
    Location:
    Who cares
    You forgot MBAM;)
     
  21. datadata

    datadata Registered Member

    Joined:
    Oct 14, 2007
    Posts:
    14
    Sorry all for taking time to answer I was still testing things
    thanks all for helping :)

    despite that many companies like counterspy claim that their software use port 80 , most tools can't update using my limited connection !

    counterspy: update error
    superantispyware: update error (no proxy settings)
    spysweeper: update error
    spyware doctor : updated successfully :thumb:

    but it doesn't fix in trial mode but that's the start only !
    It never gave me the same result again :blink: The second and third full scan never gave the same number of results , it came down to 4 results , there were 6 at least, if spyware doctor doesn't fix in trial mode, why I am not seeing them again then :doubt:

    Searching my PC using Symantec online scan doesn't find keyloggers spyware like XPbutton.OCX or anything :cautious:

    strange results !
    using keyborad test I found many keys don't work including delete :argh:
    but again I can still use shift & delete sometimes o_O

    I want to move to Vista and still don't know how to get the taskmanager
    I will test the other methods and see if it comes out or not ?

    Guys, can I bother you with another issue with Task Manager in different computer ??

    another computer with admin rights is getting errors like snap in for this task has been used to disable this task ,,, or something like that

    I went through all the system32 tools like computer management and computer policy security policy and none were used, the account is an admin, but for example system restore is still hidden ?

    is isasser.exe involved :ninja:

    How to clean computer if I can't access system restore even in Administrator account o_O kaspersky scan tool only found isasser.exe in each drive and deleted them but nothing more ?
     
Loading...
Thread Status:
Not open for further replies.