Richhs

Scanning the machine typically will cover detection of malware in every folder on the drive, but the registry entries for each profile are independent of each other so you'll have to scan each profile if you want to do a through job.

You're welcome... I'm glad this was of some help to you. It was driving me crazy as well... thanks for the reply.

Never mind... I found the cause. It seems that a site called funnyracoonshow.com created about 30 instances of scheduled tasks to run every day of the week. I deleted all of the tasks that were show up as AT1...AT2...AT3...etc... in the scheduled tasks area and that seems to have done the trick. I'll post back later to confirm this was the issue.

I'm sure some of the brilliant tech minds here have come across this issue, so I'm seeking some knowledge on what piece of malware causes this and how do I resolve it. I'm working on a DELL system with Windows XP Home and IE 8 that has an issue where multiple mshta.exe files open in background when accessing the http protocol. I can access the Task Manager and end the multiple processes (which build up to a dozen or more instances of the mshta.exe running) in the background, but as soon as I access the internet through IE they start repopulating. Any ideas on this one people ?

Yeah, I no longer recommend AVG to others. I've noticed that in some machines it's a resource hog... that's not consistently the case but I've seen it on several occasions. I also prefer Avast, and that's what I've been recommending lately. I got the machine back to working order, but I never found the location in the registry where the setting was to remove the "Some settings are managed by your system administrator" warning. It was an XP Home machine, so there wasn't the ability to check things with the group policy editor. Other than that, all appeared to be just fine.

The scans have all finished, and the only scan that found anything was the Superantispyware app. I haven't removed any of them yet, because they look like false positives. I'm researching them now. Some of the detections are in the system restore files, but they may be the same false positives that I'm suspecting. Even though I haven't removed any of the items detected, I am now able to browse the internet with IE 8.

Sounds like a rootkit. Try Hitman Pro 3, I've had success with repairing windows update using this app. Here's the link : http://www.surfright.nl/en

I made a little head way ! I wrote a couple of tools to reinstall the WMI and repair the winsock, rebooted, went into the recovery console and ran chkdsk /P which returned "chkdsk found errors"... then I ran chkdsk /R and rebooted. I've got internet connectivity now and I updated the anti-malware apps, along with installing Microsoft Security Essentials. I'm running all of the scans now... I'll update the thread as I progress.

I've been working on a Dell desktop system with Windows XP Home SP 3 for several days now, and it's infected with some sort of malware that has set restrictive policies on and damaged IE 8... along with corrupting the TCP/IP stack, so no connection to the internet can be established. When accessing "Internet Options" for Internet Explorer 8, the "Advanced" tab has been hijacked by some sort of malware that inserts some restrictive policies on the Advanced Tab which is highlighed in gold that reads : "Some settings are managed by your system administrator" (same message at the bottom, but on the Advanced tab in my case) I've cleaned-up most of the malware, because the machine already had an anti-virus app & multiple anti-malware apps installed. AVG 2011 was installed, but was out of date on it's definitions and version. Spybot, Malwarebytes, Superantispyware, Windows Defender, Rootkit Buster, & Hitman Pro (which will not run without a successful internet connection) were installed also. I couldn't update the applications, but most of them were updated about a week ago before the problem existed. I ran all of the apps, but not much was found in terms of malware because the machine was "worked on" before I started working on the problem. I removed and replaced the winsock keys in the registry, ran winsockfix, and looked for but couldn't find the restrictive policies reg keys for the Advanced tab in the IE 8 as well. I re-registered the DLLs for IE 8 and reset the default options several times, but the message highlighted in gold at the bottom won't go away and I still can't establish an internet connection. I was also going to unistall IE 8 and re-install it... but IE 8 must have been installed prior to the install of SP3, which apparently removes the button in "Add/Remove Programs" to uninstall IE 8 if IE 8 was installed before the SP3 update. Oh, and the Windows Firewall will not and can not be turned on... I've tried many of the suggestions that are availabe to restart the service, but none of them are successful. Any suggestions on what I'm missing here, or what else I might be able to try ? I guess the priorties are : 1) Remove the "Some settings are managed by your system administrator" issue. 2) Re-establish an internet connection. 3) Re-enable the Windows Firewall.

I've read that this is typically caused by an aggressive power saving mode which causes the HDD to park. Try reducing the power saving settings.

I know what you mean. Although some of them are geared toward IT. Like my favorite so far is an ethernet cable wrapping around a globe. There is also a couple with a stickman working on a laptop. I'm actually very happy with some of the logos. Yes, I agree with the order that you have them ranked for what is available. Those are no doubt some very nice design concepts. : Client Rank: 1st #29 by PonetzGraphics comments: 13 Client Rank: 2nd #43 by viar comments: 2 Client Rank: 3rd #44 by viar comments: 2 The stickman logo is nice but I think the graphic might need to be a bit larger so it's intent is more obvious... I had to take a second look to actually see the "stick laptop", but now that you pointed that out I can see it.

That's more than likely your problem... the Hitman detection of that rootkit should remove it after the scan completes. You just have to follow through after the scan finishes and click next to remove the items detected.

Try this one : Sophos Anti-Rootkit http://www.sophos.com/products/free-tools/sophos-anti-rootkit.html

Some excellent designs, but the graphics that have been utilized don't really say anything to me about technology nor convey the meaning of a virtual technician. I wish I could help with the design, but I have zero skills in that area.

Sounds like a self-replicating malware. Try installing Emsisoft Anti-malware & Hitman Pro 3... both apps have a 30 day trial. Emsisoft Anti-malware - http://www.emsisoft.com/en/software/download/ Hitman Pro 3 - http://www.surfright.nl/en/hitmanpro It might be a rootkit in the MBR, so if the 2 apps I mentioned above don't do the trick try RootkitBuster by TrendMicro : http://free.antivirus.com/rootkit-buster/ I have used all of these as well as the apps that you mentioned above and I find them all to be quite useful & effective. Install all of them in normal mode of Windows and update them all, then reboot into safe mode to run them.

Ted Nugent Ted Nugent - Stranglehold http://www.youtube.com/watch?v=BOsiacNF__U Ted Nugent - Hibernation

I've been working on a machine for a couple of days that was so badly infected with malware that it wouldn't even boot. This machine was infected with over a thousand parasites, and my tried & trusted usual anti-malware removal apps got most of them... but they failed to detect a MFT infection by a rootkit. This rootkit disabled the update functionality of Windows Defender and the ability to access the Windows update site, along with most other Microsoft websites. In addition to that, it was hijacking the IE browser, redirecting you to another search engine which I can't recall right now as well as displaying porn pop-ups even though the IE & Google pop-up blockers were active. I started searching and found several other individuals with the same issue, the error generated by Windows Defender was : Error : 0x80072efe The application that did the trick was called Hitman Pro 3, which has a 30 day free trial. Here's the link where to find this application : http://www.surfright.nl/en Hope this helps those of you with the same problem.

Puddle Of Mudd - Blurry

12 Stones - Broken

Breaking Benjamin - Breath

I just became a member of the site yesterday, so I just became aware of the Anti-Malware Toolkit. I have yet to see a system that I've worked on that is malware / spyware free, so I use all of the above and my professional tech mind.

It would be nice. Also you could "merge" in it some of the info here: http://www.freeremovalofspyware.org/remove-antivirus-8 http://www.2-viruses.com/remove-antivirus-8 (at first sight they appear to list more files/keys to delete/fix ) jaclaz OK... done :

I recently worked on a computer infected with the rogue anti-virus application Antivirus 8 that corrupted several operating system files and disabled the task manager. The machine wouldn't boot into normal mode of Windows and was hanging while booting into safe mode as well. See this thread : posts number 8 & 9. After I got into safe mode, I navigated to the C:\Program Files\AV8\ directory and renamed the file av8.exe to av8.RID. The process was still running in the memory so the bogus pop-ups kept occurring, but it's easy to work around that. I then deleted the registry values : HKEY_CURRENT_USER\Software\A88547 (or something similar might be listed) HKEY_CURRENT_USER\Software\WinAE (or something similar might be listed) HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "AV8" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "WinNT-A8I 23.09.2010" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe "Debugger" = "C:\Program Files\AV8\av8.exe -d" Then I deleted directories : C:\Program Files\AV8\ C:\Documents and Settings\All Users\Start Menu\AV8\ Then I took care of the task manager problem : After that I rebooted into the normal mode of windows and everything started as normal. More than likely, the system will be infected with other parasites as well... so the next step is to install and run several anti-malware apps to finish the job. Malwarebytes, Spybot Search & Destroy, and Emsisoft Anti-malware are a few of the anti-malware apps that I like to use. Hope this helps some of you out of this mess.

Hello all. My name is Rich, I've been a computer technician for over 20 years and make a living repairing computers, setting-up small networks & maintaining them. Most of the work that I do is related to the damage that spyware & malware cause to PCs and the havoc they cause end users. I came here thru a Google search while looking for the answer as to why a client's machine was hanging-up on the KDCOM.DLL file while booting into safe mode. I guess I'll be checking in from time to time when I'm not too busy.

OK, It was the rogue anti-virus application Antivirus 8 that corrupted the files mentioned above and disabled the task manager. After I got into safe mode, I navigated to the C:\Program Files\AV8\ directory and renamed the file av8.exe to av8.RID. The process was still running in the memory so the bogus pop-ups kept occurring, but it's easy to work around that. I then deleted the registry values : HKEY_CURRENT_USER\Software\A88547 (or something similar might be listed) HKEY_CURRENT_USER\Software\WinAE (or something similar might be listed) HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "AV8" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "WinNT-A8I 23.09.2010" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe "Debugger" = "C:\Program Files\AV8\av8.exe -d" Then I deleted directories : C:\Program Files\AV8\ C:\Documents and Settings\All Users\Start Menu\AV8\ Then I took care of the task manager problem : After that I rebooted into the normal mode of windows and everything started as normal. Now to install anti-malware apps and finish the job. I'm new here, and I'm not sure if I should copy this post and make a new thread entitled : Remove Antivirus 8 Just let me know, and I'll be happy to take care of that.