Yeah, so I got the virus (http://answers.yahoo.com/question/index?qid=20090211160243AAM5qug), the one in which I get a pop up saying 'thank you for installing XP Police' and ever since I am locked out of my task manager.

Now I was able to go into safe mode, delete the files, ran Malwarebytes, and deleted every thing it found. Now the program doesn't pop up, but I'm still locked out of my task manager. HELP!

This any good to you?

http://www.pcthreat.com/parasitebyid-7641en.html

http://forums.majorgeeks.com/showthread.php?t=35407

Well Spy Hunter managed to find the program, but it won't delete unless I spend money on it.

PM sent to you.

Malwarebytes. That's what we use at work to get rid of it. Free and really good.

Malwarebytes. That's what we use at work to get rid of it. Free and really good.

i ran it. still locked out.

source (http://www.lavasoft.com/company/blog/?p=499)

XP Police Antivirus is a new rogue anti-spyware application. It will give exaggerated threat reports on the compromised computer then ask the user to purchase a registered version to remove threats which don’t exist.

XPPoliceAntivirus installs the following files, folders and registry entries:

FileHashEntries

xp-policy.exe

xppolice.exe

Additional Files

%Desktop%XP Police Antivirus.lnk

%StartMenu%XP Police Antivirus.lnk

FolderEntries

%ProgramFiles%XPPoliceAntivirus

RegistryEntries

Key: HKEY_CURRENT_USER\Software\XP Police Antivirus
Value:
Data:

Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run
Value: PoliceAV
Data: C:\Program Files\XPPoliceAntivirus\xppolice.exe

My system did a scan and found this, but gave me no option to delete it or instruction on how to find and get rid of it. I know I don't want it on here, so what do I do to rid myself of it?

My system did a scan and found this, but gave me no option to delete it or instruction on how to find and get rid of it. I know I don't want it on here, so what do I do to rid myself of it?


What the hell are you talking about?

It says that it is a Trojan, Possible_DLDER is how it comes up on my list, but my scan gives me no method of getting rid of it ...

Okay I didn't post this in the right spot did I?

Can you maybe kindly move this?

It says that it is a Trojan, Possible_DLDER is how it comes up on my list, but my scan gives me no method of getting rid of it ...

Okay I didn't post this in the right spot did I?

Can you maybe kindly move this?


Yeah I'll move it. Having here sort of insinuated that there was a virus floating around in the code for the board or some shit. I know this IS NOT the case, so I just wanted to clarify. Anyways, moving thread...

I went ahead and merged all the Virus/Spyware/Malware threads into this bitch for the sake of organization.

Yeah, so I got the virus, the one in which I get a pop up saying 'thank you for installing XP Police' and ever since I am locked out of my task manager.

Now I was able to go into safe mode, delete the files, ran Malwarebytes, and deleted every thing it found. Now the program doesn't pop up, but I'm still locked out of my task manager. HELP!

Check this key

Hive: HKEY_CURRENT_USER
Key: Software\Microsoft\Windows\CurrentVersion\Policies \System
Name: DisableTaskMgr
Type: REG_DWORD
Value: 1=Enablethis key, that is DISABLE TaskManager
Value: 0=Disablethis key, that is Don't Disable, Enable TaskManager

Check this key

Hive: HKEY_CURRENT_USER
Key: Software\Microsoft\Windows\CurrentVersion\Policies \System
Name: DisableTaskMgr
Type: REG_DWORD
Value: 1=Enablethis key, that is DISABLE TaskManager
Value: 0=Disablethis key, that is Don't Disable, Enable TaskManager


okay... how do i do this?

start, run, regedit. follow that strand.

okay, so my DisableTaskMgr isn't a REG_DWORD it's a REG_SZ. What should I do?


http://s5.tinypic.com/29lnuyu.jpg

To me that looks like your taskmanager is not disabled. (0=No)

Try this

Click on Start
Click on Run
Enter GPEdit.msc then OK. This starts the Group Policy Editor.

Once in the Group Policy Editor, expand each of the following branches:

*User Configuration
*Administrative Templates
*System
*Ctrl+Alt+Del Options

Search for Remove Task Manager. The state should be Not Configured. If it is anything else, change it to Not Configured.

Exit out. Assuming you do not have anything auto starting in the registry or services to change things back you should be able to get to taskmanager.

Reboot.

To me that looks like your taskmanager is not disabled. (0=No)

Try this

Click on Start
Click on Run
Enter GPEdit.msc then OK. This starts the Group Policy Editor.

Once in the Group Policy Editor, expand each of the following branches:

*User Configuration
*Administrative Templates
*System
*Ctrl+Alt+Del Options

Search for Remove Task Manager. The state should be Not Configured. If it is anything else, change it to Not Configured.

Exit out. Assuming you do not have anything auto starting in the registry or services to change things back you should be able to get to taskmanager.

Reboot.

they all say 'not configured'. still locked out.

Fiend I honestly don't know what else it could be. My only recommendation would be to download Process Explorer (http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx) which is made by Microsoft or some other 3rd party program like this Extended Task Manager (http://www.extensoft.com/?p=free_task_manager) to replace the use of your regular task manager.

they all say 'not configured'. still locked out.

What error message(s) are you getting when you say locked out?

I keep running spyware doctor everyday and it finds a thing called trojanpws (marked as high risk), the program deals with it. But the next day its back.

Its also seriously hindering my download speeds, after i run the scanner I get good speeds, then the next day my speeds are down around 10k/s and wont go higher, until I remove it again.

Anyone know a good anti virus or program to get rid of this? I dont really want to pay, so freeware or pirated stuff would be better.

Any help would be appreciated, its driving me nutso.

malwarebytes.

malwarebytes.

Seriously, use this every time, if you want the all time protection, you can find a key online.